Medicare and State Health Care Programs: Fraud and Abuse; Revisions to Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary Penalty Rules Regarding Beneficiary Inducements, 77684-77895 [2020-26072]
Download as PDF
<![CDATA[
77684
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office of Inspector General
42 CFR Parts 1001 and 1003
RIN 0936–AA10
Medicare and State Health Care
Programs: Fraud and Abuse;
Revisions to Safe Harbors Under the
Anti-Kickback Statute, and Civil
Monetary Penalty Rules Regarding
Beneficiary Inducements
Office of Inspector General
(OIG), Department of Health and Human
Services (HHS).
ACTION: Final rule.
AGENCY:
This final rule amends the
safe harbors to the Federal anti-kickback
statute by adding new safe harbors and
modifying existing safe harbors that
protect certain payment practices and
business arrangements from sanctions
under the anti-kickback statute. This
rule is issued in conjunction with the
Department of Health and Human
Services’ (HHS’s) Regulatory Sprint to
Coordinated Care and focuses on care
coordination and value-based care. This
rule also amends the civil monetary
penalty (CMP) rules by codifying a
revision to the definition of
‘‘remuneration’’ added by the Bipartisan
Budget Act of 2018 (Budget Act of
2018).
SUMMARY:
These regulations are effective
January 19, 2021.
FOR FURTHER INFORMATION CONTACT:
Stewart Kameen or Samantha Flanzer,
Office of Counsel to the Inspector
General, (202) 619–0335.
SUPPLEMENTARY INFORMATION:
DATES:
Social Security Act
citation
United States Code
citation
1128B, 1128D, 1102,
1128A.
42 U.S.C. 1320a–7b,
42 U.S.C. 1320a–
7d, 42 U.S.C.
1302, 42 U.S.C.
1320a–7a.
I. Executive Summary
A. Purpose of the Regulatory Action
The Secretary of HHS (the Secretary)
has identified transforming the U.S.
health care system to one that pays for
value as a top priority. Unlike the
traditional fee-for-service (FFS) payment
system, which rewards providers for the
volume of care delivered, a value-driven
health care system is one that pays for
health and outcomes. Delivering better
value from the health care system will
require the transformation of established
VerDate Sep<11>2014
19:11 Dec 01, 2020
Jkt 253001
practices and enhanced collaboration
among providers and other individuals
and entities. The purpose of this
rulemaking is to finalize modifications
to existing safe harbors to the Federal
anti-kickback statute and finalize the
addition of new safe harbors and a new
exception to the civil monetary penalty
provision prohibiting inducements to
beneficiaries, ‘‘Beneficiary Inducements
CMP,’’ to remove potential barriers to
more effective coordination and
management of patient care and
delivery of value-based care.
The Department launched the
Regulatory Sprint with the express
purpose of removing potential
regulatory barriers to care coordination
and value-based care created by certain
key health care laws and associated
regulations, including the Federal antikickback statute and Beneficiary
Inducements CMP.1 Through the
Regulatory Sprint, HHS aims to
encourage and improve patients’
experience of care, providers’
coordination of care, and information
sharing to facilitate efficient care and
preserve and protect patients’ access to
data.
The Federal anti-kickback statute is
an intent-based, criminal statute that
prohibits intentional payments, whether
monetary or in-kind, in exchange for
referrals or other Federal health care
program business. Safe harbor
regulations describe various payment
and business practices that, although
they potentially implicate the Federal
anti-kickback statute, are not treated as
offenses under the statute. Compliance
with a safe harbor is voluntary. The
Beneficiary Inducements CMP is a civil,
administrative statute that prohibits
knowingly offering something of value
to a Medicare or State health care
program beneficiary to induce them to
select a particular provider, practitioner,
or supplier.
Stakeholders have raised concerns
that these statutes have chilling effect
on innovation and value-based care
because arrangements in which
providers and others coordinate the care
of patients with other providers, share
resources among themselves to facilitate
better care coordination, share in the
benefits of more efficient care delivery,
and engage and support patients can
implicate these statutes.
1 The
Federal anti-kickback statute is codified at
42 U.S.C. 1320a–7b(b); the Beneficiary Inducements
CMP is codified at 42 U.S.C. 1320a–7a(a)(5).
Additionally, the Regulatory Sprint includes the
physician self-referral law, 42 U.S.C. 1395nn, 42
CFR part 2, and provisions of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA).
PO 00000
Frm 00002
Fmt 4701
Sfmt 4700
B. The Proposed Rule
On October 17, 2019, OIG published
a notice of proposed rulemaking 2 (OIG
Proposed Rule) to add or amend various
regulatory protections under the Federal
anti-kickback statute and Beneficiary
Inducements CMP with the goal of
proposing protections for certain valuebased arrangements that would improve
quality, outcomes, and efficiency. The
proposals focused on arrangements to
advance the coordination and
management of patient care, with an
aim to support innovative methods and
novel arrangements, including the use
of digital health technology such as
remote patient monitoring and
telehealth. We proposed safe harbors for
value-based arrangements where the
parties assume full financial risk,
substantial downside financial risk, and
no or lower risk. The proposed safe
harbors offered more flexibility for
arrangements where the parties assumed
more financial risk. Consistent with
OIG’s law enforcement mission and
section 1128D(a)(2)(I) of the Act, the
proposals included safeguards tailored
to protect Federal health care programs
and beneficiaries from the risks of fraud
and abuse associated with kickbacks,
such as overutilization and
inappropriate patient steering, as well as
risks associated with risk-based
payment mechanisms, such as stinting
on care.
The OIG Proposed Rule proposed new
terminology to define the universe of
value-based arrangements that could
qualify for the new safe harbors,
proposing to require that providers,
suppliers, practitioners, and others
would form value-based enterprises
(VBEs) to collaborate to achieve valuebased purposes, such as coordinating
and managing a target patient
population, improving quality of care
for a target patient population, and
reducing costs. VBEs could be large or
small. VBEs could be formal corporate
structures or looser affiliations. Under
the proposed definition, VBEs would be
required to have an accountable body
and transparent governance. We
proposed that some types of entities
would not be eligible to use the valuebased safe harbors because of
heightened fraud risk and because the
entities did not play a central, frontline
role in coordinating and managing
patient care.
2 84 FR 55694 (Oct. 17, 2019). In connection with
the Regulatory Sprint, and to help develop the
proposals in the OIG Proposed Rule, OIG published
a Request for Information (OIG RFI) seeking input
on new or modified safe harbors to promote care
coordination and value-based care and protect
patients and taxpayer dollars from harms cause by
fraud and abuse. 83 FR 43607 (Aug. 27, 2018).
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
The OIG Proposed Rule proposed to
modify existing safe harbors that
advance coordinated care for patients,
including information sharing. OIG
proposed modifications to existing safe
harbors for local transportation,
electronic health records arrangements,
and personal services and management
contracts. Further, the OIG Proposed
Rule proposed new protections for
outcomes-based payments,
cybersecurity technology and services
arrangements, remuneration in
connection with CMS-sponsored models
(largely supplanting the need for
separate OIG fraud and abuse waivers
for these models), telehealth
technologies for in-home dialysis
patients (statutory), and Medicare
Shared Savings Program ACO
beneficiary incentives (statutory). For
each new safe harbor or exception, OIG
proposed a set of conditions designed to
ensure that the safe harbor or exception
protected beneficial arrangements and
reduced risks of fraud and abuse.
Taken as a whole, the OIG Proposed
Rule proposed significant new
flexibilities for value-based
arrangements and modernization of the
safe harbor regulations to account for
the ongoing evolution of the health care
delivery system. OIG developed its
proposals in coordination with the
Centers for Medicare & Medicaid
Services (CMS), which concurrently
issued proposed regulations in
connection with the Regulatory Sprint
(CMS NPRM).3 OIG solicited comments
on the wide range of issues raised by the
proposals. We received 337 timely
comments, 327 of which were unique,
from a broad range of stakeholders.
C. The Final Rule
We are finalizing the proposed new
and modified anti-kickback statute safe
harbors and exception to the Beneficiary
Inducements CMP, with modifications
and clarifications explained in the
preamble to this rule. Stakeholder
reaction was largely positive, although
many commenters raised concerns and
expressed preferences about specific
provisions. Some commenters raised
concerns about potential risks of fraud
and impacts on competition.
In this final rule, we sought to strike
the right balance between flexibility for
beneficial innovation and better
coordinated patient care with necessary
safeguards to protect patients and
Federal health care programs. Many
beneficial arrangements do not
implicate the anti-kickback statute and
do not need protection. For example,
the parties may be exchanging nothing
3 84
FR 55766 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
of value between them or the
arrangements might involve no Federal
health care program patients or
business. Other beneficial arrangements
might implicate the statute (for example,
the arrangement might involve parties
that are exchanging something of value
and are in a position to refer Federal
health care program business between
them) but will not fit in these or other
available safe harbors. Arrangements are
not necessarily unlawful because they
do not fit in a safe harbor. Arrangements
that do not fit in a safe harbor are
analyzed for compliance with the
Federal anti-kickback statute based on
the totality of their facts and
circumstances, including the intent of
the parties. Some care coordination and
value-based arrangements can be
structured to fit in existing safe harbors.
Flexibilities to engage in new
business, care delivery, and digital
health technology arrangements with
lowered compliance risk may assist
industry stakeholders in their response
to and recovery from the current public
health emergency resulting from the
novel coronavirus disease 2019
(COVID–19) pandemic. The final rule
may also help providers and others
develop sustainable value-based care
delivery models for the future.
1. Final Anti-Kickback Statute Safe
Harbors
We are finalizing the following
regulations, as explained in section III of
this preamble.
Terminology and Framework. We are
finalizing, with modifications, the
proposed terminology that describes
VBEs and VBE participants eligible to
use the value-based safe harbors and the
tiered framework of three value-based
safe harbors that vary based on the level
of risk assumed by the parties, with
more flexibility associated with
assumption of more risk. See section
III.2.1–2 for further discussion.
Safe Harbors for Value-Based
Arrangements. We are finalizing, with
modifications, three new safe harbors
for remuneration exchanged between or
among participants in a value-based
arrangement (as further defined) that
fosters better coordinated and managed
patient care:
(i) Care coordination arrangements to
improve quality, health outcomes, and
efficiency (paragraph 1001.952(ee))
without requiring the parties to assume
risk;
(ii) value-based arrangements with
substantial downside financial risk
(paragraph 1001.952(ff)); and,
(iii) value-based arrangements with
full financial risk (paragraph
1001.952(gg)).
PO 00000
Frm 00003
Fmt 4701
Sfmt 4700
77685
These safe harbors address a broad
range of potential value-based
arrangements for care coordination
activities, including use of digital health
technology. We discuss each safe harbor
in more detail in section III.B.3–5. The
value-based safe harbors vary, among
other ways, by the types of
remuneration protected (in-kind or inkind and monetary), the types of entities
eligible to rely on the safe harbors, the
level of financial risk assumed by the
parties, and the types of safeguards
included as safe harbor conditions. By
design, these safe harbors offer
flexibility for innovation and
customization of value-based
arrangements to the size, resources,
needs, and goals of the parties to them.
The safe harbors allow for emerging
arrangements that reflect up-to-date
understandings in medicine, science,
and technology.
These three new safe harbors are not
the exclusive, available safe harbors for
care coordination or value-based
arrangements. All three value-based safe
harbors offer protection for in-kind
remuneration, such as technology or
services. However, only the safe harbors
for value-based arrangements with
substantial assumption of risk
(paragraphs 1001.952(ff) and (gg))
protect monetary remuneration. The
care coordination arrangements safe
harbor at paragraph 1001.952(ee), which
requires little or no assumption of risk,
does not. However, parties to
arrangements involving monetary
remuneration, such as shared savings or
performance bonus payments, may be
eligible for the new protection for
outcomes-based payments at paragraph
1001.952(d)(2). Parties to arrangements
under CMS-sponsored models may
prefer to look to the new safe harbor
specifically for those models at
paragraph 1001.952(ii).
As explained at section III.B.2.e
below, entities ineligible to use the
value-based safe harbors are:
Pharmaceutical manufacturers,
distributors, and wholesalers; pharmacy
benefit managers (PBMs); laboratory
companies; pharmacies that primarily
compound drugs or primarily dispense
compounded drugs; manufacturers of
devices or medical supplies; entities or
individuals that sell or rent durable
medical equipment, prosthetics,
orthotics and supplies (DMEPOS) (other
than a pharmacy or a physician,
provider, or other entity that primarily
furnishes services); and medical device
distributors and wholesalers. However,
the care coordination arrangements safe
harbor includes a separate pathway,
with specific conditions, that protects
digital technology arrangements (as
E:\FR\FM\02DER3.SGM
02DER3
77686
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
defined at paragraph 1001.952(ee)(14))
involving manufacturers of devices or
medical supplies and DMEPOS.
Patient Engagement and Support Safe
Harbor. We are finalizing, with
modifications, a new safe harbor
(paragraph 1001.952(hh)) for patient
engagement tools and supports
furnished by a participant in a valuebased enterprise to a patient in a target
patient population (discussed in section
III.B.6). This safe harbor uses the same
ineligible entities list as the value-based
safe harbors, above, but includes a
pathway for manufacturers of devices or
medical supplies to provide digital
health technology.
CMS-Sponsored Models Safe Harbor.
We are finalizing, with modifications, a
new safe harbor (paragraph 1001.952(ii))
for CMS-sponsored model arrangements
and CMS-sponsored model patient
incentives that would require OIG fraud
and abuse waivers. This safe harbor
(discussed at section III.B.7) is intended
to provide greater predictability model
participants and uniformity across
models. It will reduce the need for
separate OIG fraud and abuse waivers
for new CMS-sponsored models.
Cybersecurity Technology and
Services Safe Harbor. We are finalizing,
with modifications, a new safe harbor
(paragraph 1001.952(jj)) for
remuneration in the form of
cybersecurity technology and services
(discussed at section III.B.8). This safe
harbor will facilitate improved
cybersecurity in health care and is
available to all types of individuals and
entities.
Electronic Health Records Safe
Harbor. We are finalizing our proposal
to modify the existing safe harbor for
electronic health records items and
services (paragraph 1001.952(y)). We are
finalizing, with modifications, changes
to update and remove provisions
regarding interoperability, remove the
sunset provision and prohibition on
donation of equivalent technology, and
clarify protections for cybersecurity
technology and services included in an
electronic health records arrangement
(discussed at section III.B.9).
Personal Services and Management
Contracts and Outcomes-Based
Payments. We are finalizing our
proposal to modify the existing safe
harbor for personal services and
management contracts (paragraph
1001.952(d)(1)). We are finalizing,
without modification, changes to
increase flexibility for part-time or
sporadic arrangements and
arrangements for which aggregate
compensation is not known in advance.
We are also a finalizing, with
modifications, new protection for
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
outcomes-based payments (paragraph
1001.952(d)(2)). These changes are
discussed at section III.B.10. The new
safe harbor for outcomes-based
payments protects payments tied to
achieving measurable outcomes that
improve patient or population health or
appropriately reduce payor costs. It
makes ineligible the same entities that
are ineligible for the value-based safe
harbors.
Warranties. We are finalizing our
proposal to modify the existing safe
harbor for warranties (paragraph
1001.952(g)). We are finalizing, without
modification, revisions to the definition
of ‘‘warranty’’ and to provide protection
for warranties for one or more items and
related services (discussed at section
III.B.11). This safe harbor is available to
any type of entity.
Local Transportation. We are
finalizing our proposal to modify the
existing safe harbor for local
transportation furnished to beneficiaries
(paragraph 1001.952(bb)). We are
finalizing, with modifications, changes
to expand mileage limits for rural areas
(up to 75 miles) and eliminate mileage
limits for transportation to convey
patients discharged from the hospital to
their place of residence (discussed at
section III.B.12). We also clarify that the
safe harbor is available for
transportation provided through
rideshare arrangements.
ACO Beneficiary Incentives. We are
codifying, without modification to our
proposal, the statutory exception to the
definition of ‘‘remuneration’’ at section
1128B(b)(3)(K) of the Act related to ACO
Beneficiary Incentive Programs for the
Medicare Shared Savings Program
(paragraph 1001.952(kk)) (discussed at
section III.B.13).
2. Beneficiary Inducements CMP
The final rule amends the Beneficiary
Inducements CMP regulations at 42 CFR
1003 as follows:
Telehealth Technologies for In-Home
Dialysis Patients. We are codifying the
statutory exception for ‘‘telehealth
technologies’’ furnished to certain inhome dialysis patients, pursuant to
section 50302(c) of the Budget Act of
2018 (discussed at section III.C.1). We
are finalizing our proposal with
modifications.
By operation of law, arrangements
that fit in the new and modified Federal
anti-kickback statute safe harbors for
patient engagement and support,
paragraph 1001.952(hh), and local
transportation, paragraph 1001.952(bb),
are also protected under the Beneficiary
Inducements CMP.
PO 00000
Frm 00004
Fmt 4701
Sfmt 4700
II. Background
A. Purpose and Need for Regulatory
Action
HHS’s Regulatory Sprint aims to
remove potential regulatory barriers to
care coordination and value-based care
created by four key health care laws and
associated regulations: (i) The physician
self-referral law, (ii) the Federal antikickback statute, (iii) the Health
Insurance Portability and
Accountability Act of 1996 (HIPAA),4
and (iv) rules under 42 CFR part 2
related to substance use disorder
treatment.
Through the Regulatory Sprint, HHS
aims to encourage and improve:
• A patient’s ability to understand
treatment plans and make empowered
decisions;
• providers’ alignment on end-to-end
treatment (i.e., coordination among
providers along the patient’s full care
journey);
• incentives for providers to
coordinate, collaborate, and provide
patients tools and supports to be more
involved in their own care; and
• information sharing among
providers, facilities, and other
stakeholders in a manner that facilitates
efficient care while preserving and
protecting patient access to data.
Since the enactment in 1972 of the
Federal anti-kickback statute, there have
been significant changes in the delivery
of, and payment for, health care items
and services both within the Medicare
and Medicaid programs and also for
non-Federal payors and patients. Such
changes include modifications to
traditional FFS Medicare (i.e., Medicare
Parts A and B), Medicare Advantage,
and States’ Medicaid programs. The
Department has a longstanding
commitment to aligning Medicare
payment with quality of care delivered
to Federal health care program
beneficiaries.
The Department identified the broad
reach of the Federal anti-kickback
statute 5 and the CMP law provision
prohibiting inducements to
beneficiaries, the ‘‘Beneficiary
Inducements CMP’’ 6 as potentially
inhibiting beneficial arrangements that
would advance the transition to valuebased care and improve the
coordination of patient care among
providers and across care settings in
both the Federal health care programs
and commercial sectors.
4 Public
Law 104–191, 110 Stat. 1936.
U.S.C. 1320a–7b(b).
6 42 U.S.C. 1320a–7a(a)(5).
5 42
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
B. Federal Anti-Kickback Statute and
Safe Harbors
Section 1128B(b) of the Act, (42
U.S.C. 1320a–7b(b), the anti-kickback
statute), provides for criminal penalties
for whoever knowingly and willfully
offers, pays, solicits, or receives
remuneration to induce or reward the
referral of business reimbursable under
any of the Federal health care programs,
as defined in section 1128B(f) of the Act
(42 U.S.C. 1320a–7b(f)). The offense is
classified as a felony and is punishable
by fines of up to $100,000 and
imprisonment for up to 10 years.
Violations of the Federal anti-kickback
statute also may result in the imposition
of CMPs under section 1128A(a)(7) of
the Act (42 U.S.C. 1320a–7a(a)(7)),
program exclusion under section
1128(b)(7) of the Act (42 U.S.C. 1320a–
7(b)(7)), and liability under the False
Claims Act (31 U.S.C. 3729–33).
The types of remuneration covered
specifically include, without limitation,
kickbacks, bribes, and rebates, whether
made directly or indirectly, overtly or
covertly, in cash or in kind. In addition,
prohibited conduct includes not only
the payment of remuneration intended
to induce or reward referrals of patients
but also the payment of remuneration
intended to induce or reward the
purchasing, leasing, or ordering of, or
arranging for or recommending the
purchasing, leasing, or ordering of, any
good, facility, service, or item
reimbursable by any Federal health care
program.
Because of the broad reach of the
statute and concerns that some
relatively innocuous business
arrangements were covered by the
statute and therefore potentially subject
to criminal prosecution, Congress
enacted section 14 of the Medicare and
Medicaid Patient and Program
Protection Act of 1987, Public Law 100–
93 (note to section 1128B of the Act; 42
U.S.C. 1320a–7b). This provision
specifically requires the development
and promulgation of regulations, the socalled safe harbor provisions, that
would specify various payment and
business practices that would not be
subject to sanctions under the antikickback statute, even though they
potentially may be capable of inducing
referrals of business for which payment
may be made under a Federal health
care program.
Section 205 of HIPAA established
section 1128D of the Act (42 U.S.C.
1320a–7d), which includes criteria for
modifying and establishing safe harbors.
Specifically, section 1128D(a)(2) of the
Act provides that, in modifying and
establishing safe harbors, the Secretary
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
may consider whether a specified
payment practice may result in:
• An increase or decrease in access to
health care services;
• an increase or decrease in the
quality of health care services;
• an increase or decrease in patient
freedom of choice among health care
providers;
• an increase or decrease in
competition among health care
providers;
• an increase or decrease in the
ability of health care facilities to provide
services in medically underserved areas
or to medically underserved
populations;
• an increase or decrease in costs to
Federal health care programs;
• an increase or decrease in the
potential overutilization of health care
services;
• the existence or nonexistence of any
potential financial benefit to a health
care professional or provider, which
benefit may vary depending on whether
the health care professional or provider
decides to order a health care item or
service or arranges for a referral of
health care items or services to a
particular practitioner or provider; or
• any other factors the Secretary
deems appropriate in the interest of
preventing fraud and abuse in Federal
health care programs.
In giving the Department the authority
to protect certain arrangements and
payment practices under the antikickback statute, Congress intended the
safe harbor regulations to be updated
periodically to reflect changing business
practices and technologies in the health
care industry.7 Since July 29, 1991,
there have been a series of final
regulations published in the Federal
Register establishing safe harbors in
various areas.8 These safe harbor
7 H.R.
Rep. No. 100–85, Pt. 2, at 27 (1987).
and State Health Care Programs: Fraud
and Abuse; OIG Anti-Kickback Provisions, 56 FR
35952 (July 29, 1991); Medicare and State Health
Care Programs: Fraud and Abuse; Safe Harbors for
Protecting Health Plans, 61 FR 2122 (Jan. 25, 1996);
Federal Health Care Programs: Fraud and Abuse;
Statutory Exception to the Anti-Kickback Statute for
Shared Risk Arrangements, 64 FR 63504 (Nov. 19,
1999); Medicare and State Health Care Programs:
Fraud and Abuse; Clarification of the Initial OIG
Safe Harbor Provisions and Establishment of
Additional Safe Harbor Provisions Under the AntiKickback Statute, 64 FR 63518 (Nov. 19, 1999); 64
FR 63504 (Nov. 19, 1999); Medicare and State
Health Care Programs: Fraud and Abuse;
Ambulance Replenishing Safe Harbor Under the
Anti-Kickback Statute, 66 FR 62979 (Dec. 4, 2001);
Medicare and State Health Care Programs: Fraud
and Abuse; Safe Harbors for Certain Electronic
Prescribing and Electronic Health Records
Arrangements Under the Anti-Kickback Statute, 71
FR 45109 (Aug. 8, 2006); Medicare and State Health
Care Programs: Fraud and Abuse; Safe Harbor for
Federally Qualified Health Centers Arrangements
8 Medicare
PO 00000
Frm 00005
Fmt 4701
Sfmt 4700
77687
provisions have been developed to limit
the reach of the statute somewhat by
permitting certain non-abusive
arrangements, while encouraging
beneficial or innocuous arrangements.9
Health care providers and others may
voluntarily seek to comply with final
safe harbors so that they have the
assurance that their business practices
would not be subject to any antikickback enforcement action.
Compliance with an applicable safe
harbor insulates an individual or entity
from liability under the Federal antikickback statute and the Beneficiary
Inducements CMP only; individuals and
entities remain responsible for
complying with all other laws,
regulations, and guidance that apply to
their businesses.
C. Civil Monetary Penalty Authorities
1. Overview of OIG Civil Monetary
Penalty Authorities
In 1981, Congress enacted the CMP
law, section 1128A of the Act, 42 U.S.C.
1320a–7a, as one of several
administrative remedies to combat fraud
and abuse in Medicare and Medicaid.
The law authorized the Secretary to
impose penalties and assessments on
persons who defrauded Medicare or
Medicaid or engaged in certain other
wrongful conduct. The CMP law also
authorized the Secretary to exclude
persons from Federal health care
programs (as defined in section 1128B(f)
of the Act, 42 U.S.C. 1320a–7b(f)) and to
direct the appropriate State agency to
exclude the person from participating in
any State health care programs (as
defined in section 1128(h) of the Act, 42
U.S.C. 1320a–7(h)). Congress later
expanded the CMP law and the scope of
exclusion to apply to all Federal health
care programs, but the CMP applicable
to beneficiary inducements remains
limited to Medicare and State health
care program beneficiaries. Since 1981,
Congress has created various other CMP
authorities covering numerous types of
fraud and abuse.
2. The Definition of ‘‘Remuneration’’
Section 1128A(a)(5) of the Act, 42
U.S.C. 1320a–7a(a)(5), the ‘‘Beneficiary
Inducements CMP,’’ provides for the
Under the Anti-Kickback Statute, 72 FR 56632 (Oct.
4, 2007); Medicare and State Health Care Programs:
Fraud and Abuse; Electronic Health Records Safe
Harbor Under the Anti-Kickback Statute, 78 FR
79202 (Dec. 27, 2013); and Medicare and State
Health Care Programs: Fraud and Abuse; Revisions
to the Safe Harbors Under the Anti-Kickback Statute
and Civil Monetary Penalty Rules Regarding
Beneficiary Inducements, 81 FR 88368 (Dec. 7,
2016).
9 Medicare and State Health Care Programs: Fraud
and Abuse; OIG Anti-Kickback Provisions, 56 FR at
35958 (July 21, 1991).
E:\FR\FM\02DER3.SGM
02DER3
77688
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
imposition of civil monetary penalties
against any person who offers or
transfers remuneration to a Medicare or
State health care program (including
Medicaid) beneficiary that the
benefactor knows or should know is
likely to influence the beneficiary’s
selection of a particular provider,
practitioner, or supplier of any item or
service for which payment may be
made, in whole or in part, by Medicare
or a State health care program
(including Medicaid). Section
1128A(i)(6) of the Act, 42 U.S.C. 1320a–
7a(i)(6), defines ‘‘remuneration’’ for
purposes of the Beneficiary
Inducements CMP as including transfers
of items or services for free or for other
than fair market value. Section
1128A(i)(6) of the Act also includes a
number of exceptions to the definition
of ‘‘remuneration.’’
Pursuant to section 1128A(i)(6)(B) of
the Act, any practice permissible under
the anti-kickback statute, whether
through statutory exception or safe
harbor regulations issued by the
Secretary, is also excepted from the
definition of ‘‘remuneration’’ for
purposes of the Beneficiary
Inducements CMP. However, no parallel
exception exists in the anti-kickback
statute. Thus, the exceptions in section
1128A(i)(6) of the Act apply only to the
definition of ‘‘remuneration’’ applicable
to section 1128A.
Relevant to this rulemaking, the
Budget Act of 2018 created a new
exception to the definition of
‘‘remuneration’’ for purposes of the
Beneficiary Inducements CMP. This
statutory exception applies to
‘‘telehealth technologies’’ provided on
or after January 1, 2019, by a provider
of services or a renal dialysis facility to
an individual with end stage renal
disease (ESRD) who is receiving home
dialysis for which payment is being
made under Medicare Part B.
D. Summary of the OIG Proposed Rule
On October 17, 2019, OIG published
a proposed rule in the Federal Register
(84 FR 55694) setting forth certain
proposed amendments to the safe
harbors under the anti-kickback statute
and a proposed amendment to the
Beneficiary Inducements CMP
exceptions (the OIG Proposed Rule).
With respect to the anti-kickback
statute, we proposed seven new safe
harbors and modifications to four
existing safe harbors. Specifically, we
proposed new protection for:
• A safe harbor for care coordination
arrangements to improve quality, health
outcomes, and efficiency (1001.952(ee));
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
• A safe harbor for value-based
arrangements with substantial downside
financial risk (1001.952(ff));
• A safe harbor for value-based
arrangements with full financial risk
(1001.952(gg));
• A safe harbor for arrangements for
patient engagement and support to
improve quality, health outcomes, and
efficiency (1001.952(hh));
• A safe harbor for CMS-sponsored
model arrangements and CMSsponsored model patient incentives
(1001.952(ii));
• A safe harbor for cybersecurity
technology and related services
(1001.952(jj)); and
• A safe harbor that would codify the
statutory exception to the definition of
‘‘remuneration’’ at section
1128B(b)(3)(K) of the Act related to ACO
Beneficiary Incentive Programs for the
Medicare Shared Savings Program
(1001.952(kk)).
• An exception to the Beneficiary
Inducements CMP for telehealth
technologies for in-home dialysis
patients (1003.110).
We proposed to modify:
• The safe harbor for personal
services and management contracts and
outcomes-based payment arrangements
(1001.952(d));
• The safe harbor for warranties
(1001.952(g));
• The safe harbor for electronic health
records items and services
(1001.952(y)); and
• The safe harbor for local
transportation (1001.952(bb)).
An overarching goal of our proposals
was to develop final rules that protect
low-risk, beneficial arrangements
without opening the door to fraudulent
or abusive conduct that increases
Federal health care program costs or
compromises quality of care for patients
or patient choice. We solicited
comments on our proposed policies to
obtain the benefit of public input from
affected stakeholders.
Our proposals are summarized in
greater detail in section III of this
preamble, organized by topic, along
with summaries of the final decisions,
and summaries of the related comments
and our responses.
E. Summary of the Final Rulemaking
In this final rule, we modify existing
as well as add new safe harbors
pursuant to our authority under section
14 of the Medicare and Medicaid Patient
and Program Protection Act of 1987 by
specifying certain payment practices
that will not be subject to prosecution
under the anti-kickback statute. We
intend to protect practices that pose a
low risk to Federal health care programs
PO 00000
Frm 00006
Fmt 4701
Sfmt 4700
and beneficiaries, as long as specified
conditions are met. In doing so, we
considered the factors cited by Congress
in granting statutory authority to the
Secretary under Section 1128D(a)(2) of
the Social Security Act.10 Specifically,
the new and modified safe harbors are
designed to further the goals of access,
quality, patient choice, appropriate
utilization, and competition, while
protecting against increased costs,
inappropriate steering of patients, and
harms associated with inappropriate
incentives tied to referrals. We also
codify into our regulations a statutory
safe harbor for patient incentives offered
by accountable care organizations
(ACOs) to assigned beneficiaries under
ACO Beneficiary Incentive Programs
and an exception to the definition of
‘‘remuneration’’ in 42 CFR 1003.110 for
certain telehealth technologies for inhome dialysis.
To facilitate review of the new and
modified safe harbors and exception in
context, we summarize the proposals
and final regulations by topic in section
III.B below. The following are the safe
harbors and the exception that we are
finalizing, together with the citation to
where they appear in our regulations
and a reference to the preamble section
of this final rule where they are
discussed in greater detail:
• Modifications to the existing safe
harbor for personal services and
management contracts, including
outcomes-based payments, at paragraph
1001.952(d) (preamble section III.B.10);
• modifications to the existing safe
harbor for warranties at paragraph
1001.952(g) (preamble section III.B.11);
• modifications to the existing safe
harbor for electronic health records
items and services at paragraph
1001.952(y) (preamble section III.B.9);
• modifications to the existing safe
harbor for local transportation at
paragraph 1001.952(bb) (preamble
section III.B.12)
• a new safe harbor for care
coordination arrangements to improve
quality, health outcomes, and efficiency
at paragraph 1001.952(ee) (preamble
sections III.B.1, III.B.2, and III.B.3);
• a new safe harbor for value-based
arrangements with substantial downside
financial risk at paragraph 1001.952(ff)
(preamble sections III.B.1, III.B.2, and
III.B.4);
• a new safe harbor for value-based
arrangements with full financial risk at
paragraph 1001.952(gg) (preamble
sections III.B.1, III.B.2, and III.B.5);
• a new safe harbor for arrangements
for patient engagement and support to
improve quality, health outcomes, and
10 42
E:\FR\FM\02DER3.SGM
U.S.C. 1320a–7d(a)(2).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
efficiency at paragraph 1001.952(hh)
(preamble section III.B.6);
• a new safe harbor for CMSsponsored model arrangements and
CMS-sponsored model patient
incentives at paragraph 1001.952(ii)
(preamble section III.B.7);
• a new safe harbor for cybersecurity
technology and related services at
paragraph 1001.952(jj) (preamble
section III.B.8);
• a new safe harbor for accountable
care organization (ACO) beneficiary
incentive program at paragraph
1001.952(kk) (preamble section III.B.13);
and
• an exception for telehealth
technologies for in-home dialysis at
paragraph 1003.110 (preamble section
III.C.1)
III. Summary of Final Provisions,
Public Comments, and OIG Responses
A. General
OIG received 337 comments, 327 of
which were unique, in response to the
OIG Proposed Rule. A range of
individuals and entities submitted these
comments, including: Physicians and
other types of clinicians, hospitals and
health systems, other health care
providers (e.g., post-acute providers,
laboratories, durable medical equipment
suppliers, and dialysis providers),
accountable care organizations,
pharmaceutical and medical device
manufacturers, health technology
entities, pharmacies, third-party payors,
trade associations, law firms, and
consumer and patient advocacy groups.
As a general matter, most commenters
strongly supported the proposed safe
harbors and the need for regulatory
reform to the safe harbors and
exceptions to the definition of
‘‘remuneration’’ under the Beneficiary
Inducements CMP. While the majority
of commenters recommended various
revisions to the proposed safe harbors to
increase regulatory flexibility, some
commenters acknowledged that
increased regulatory flexibility could
increase the risk of harms associated
with fraud and abuse and recommended
revisions to add or strengthen
safeguards in the safe harbor proposals.
A few did not support the proposed safe
harbor protections for value-based
arrangements as proposed in paragraphs
1001.952(ee), (ff), (gg), primarily citing
fraud and abuse risks. We have
considered these comments carefully in
developing the final rule, as described
in more detail in responses to
comments.
1. Alignment With CMS
Several of the final safe harbors
intersect with the physician self-referral
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
law exceptions that CMS is finalizing as
part of the Regulatory Sprint: The three
new safe harbors for value-based
arrangements at paragraphs
1001.952(ee), (ff), and (gg), the new
cybersecurity safe harbor at paragraph
1001.952(jj), and the modifications to
the electronic records safe harbor at
paragraph 1001.952(y).
Comment: We received comments
asking OIG and CMS to align our final
rules in connection with the Regulatory
Sprint to the greatest extent possible.
Some commenters believed that the
CMS and OIG proposals would
perpetuate a dual regulatory
environment (where, e.g., an
arrangement could potentially violate
one law but meet the requirements for
protection under the other) and that a
lack of consistency would make it more
challenging for entities to navigate an
already-complex regulatory framework.
Some commenters suggested that the
OIG Proposed Rule was too narrow
compared to the CMS NPRM and
requested that OIG protect what they
described as a broader universe of
arrangements that would be protected
under the CMS proposals. Another
commenter asked that OIG clarify in the
final rule that compliance with the
physician self-referral law would rebut
any implication of intent under Federal
anti-kickback statute.
Response: We are mindful of reducing
burden on providers and other industry
stakeholders, and we have sought to
align value-based terminology and safe
harbor conditions with those being
adopted by CMS in its physician selfreferral regulations as part of the
Regulatory Sprint wherever possible
(CMS Final Rule).11 However, complete
alignment is not feasible because of
fundamental differences in statutory
structures and sanctions across the two
laws. As aforementioned, the Federal
anti-kickback statute is an intent-based,
criminal statute that covers all referrals
of Federal health care program business
(including, but not limited to, physician
referrals). In contrast, the physician selfreferral law is a civil, strict-liability
statute that prohibits payment by CMS
for a more limited set of services
referred by physicians who have certain
financial relationships with the entity
furnishing the services. As a result, the
value-based exceptions adopted by CMS
do not need to contemplate the broad
range of conduct that implicates the
Federal anti-kickback statute.
Federal anti-kickback statute safe
harbors and physician self-referral law
exceptions also operate differently.
11 The CMS Final Rule is being published
elsewhere in this version of the Federal Register.
PO 00000
Frm 00007
Fmt 4701
Sfmt 4700
77689
Because the physician self-referral law
is a strict-liability statute, when an
arrangement implicates the law,
compliance with an exception is the
only option to avoid overpayment
liability. In other words, the exceptions
define the full universe of acceptable
arrangements that implicate the
physician self-referral law. Even minor
or erroneous deviations from the
specific terms of a physician self-referral
law exception can result in noncompliance and, because of the statute’s
strict liability, overpayments. In
contrast, compliance with an antikickback statute safe harbor is
voluntary, and there are many
arrangements that do not fit in a safe
harbor that are lawful under the antikickback statute. Deviating from a safe
harbor does not mean that an
arrangement violates the anti-kickback
statute. For arrangements that do not fit
in a safe harbor, liability is determined
based on the totality of facts and
circumstances, including the intent of
the parties.
Because the Federal anti-kickback
statute is not a strict liability law, the
value-based safe harbors we are
adopting need not capture the full
universe of value-based arrangements
that are legal under the Federal antikickback statute in order to accomplish
the goals of removing barriers to more
effective coordination and management
of patient care. Thus, in designing our
safe harbors, rather than mirror CMS’s
exceptions, we have included safe
harbor conditions designed to ensure
that protected arrangements are not
disguised kickback schemes. We
recognize that, for purposes of those
arrangements that implicate both the
physician self-referral law and the
Federal anti-kickback statute, the valuebased safe harbors may therefore protect
a narrower universe of such
arrangements than CMS’s exceptions.
To protect Federal health care
programs and beneficiaries, we believe
that it is important for the Federal antikickback statute to serve as ‘‘backstop’’
protection against abusive arrangements
that involve the exchange of
remuneration intended to induce or
reward referrals and that might be
protected by the physician self-referral
law exceptions. In this way, the OIG and
CMS rules, operating together, create
pathways for parties entering into valuebased arrangements that are subject to
both laws to develop and implement
value-based arrangements that avoid
strict liability for technical
noncompliance, while ensuring that the
Federal Government can pursue those
parties engaging in arrangements that
are intentional kickback schemes.
E:\FR\FM\02DER3.SGM
02DER3
77690
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Further, many requirements of the
final safe harbors and exceptions are
consistent, particularly in the
cybersecurity and electronic health
records areas. In addition, the valuebased terminology that describes the
value-based enterprises and value-based
arrangements that are eligible for
protection under a value-based safe
harbor under the anti-kickback statute
or a value-based exception under the
physician self-referral law are aligned in
nearly all respects, except with respect
to the definition of ‘‘value-based
activities’’ and where slightly different
language was required to integrate the
new rules into the existing regulatory
structures (points of difference are
discussed later in this preamble). As a
practical matter, this means that the
same value-based enterprise or valuebased arrangement can seek protection
under both regulatory schemes,
provided the relevant conditions of a
safe harbor and an exception are
satisfied.
In sum, because of statutory
distinctions, compliance with a valuebased safe harbor may require
satisfaction of conditions additional to,
or different from, those in a
corresponding physician self-referral
law exception. This is by design. We
have endeavored to ensure that an
arrangement that fits in a value-based
safe harbor has a viable pathway for
protection under a physician selfreferral law exception. However, an
arrangement that fits under a physician
self-referral law exception might not fit
in an anti-kickback statute safe harbor or
might not fit unless additional features
are added to the arrangement. That said,
it is the Department’s belief that
compliance with one regulatory
structure should not preclude
compliance with the other.
We disagree that compliance with the
physician self-referral law rebuts any
implication of intent under the Federal
anti-kickback statute. Indeed, it is
possible, depending on the facts and
circumstances, that an arrangement may
comply with an exception to the
physician self-referral law but violate
the Federal anti-kickback statute. The
fact that a party complies with the
requirements of the physician selfreferral law is not evidence that the
party does or does not have the intent
to induce or reward referrals for
purposes of the Federal anti-kickback
statute. Parties may achieve compliance
with an applicable exception to the
physician self-referral law regardless of
the intent of the parties. In addition,
other differences between the physician
self-referral law and Federal antikickback statute could lead to
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
compliance with the physician selfreferral law but not with the Federal
anti-kickback statute. For example,
parties may conclude that there are no
‘‘referrals,’’ as that term is defined for
purposes of the physician self-referral
law, but such assessment is
inconclusive with respect to whether
there are referrals, or the requisite intent
to induce or reward referrals, for
purposes of the Federal anti-kickback
statute.
2. Comments Outside the Scope of the
Rulemaking
We received some comments that
were outside the scope of this
rulemaking. In some cases, comments
(e.g., a request to update the physician
self-referral law’s in-office ancillary
services exception) were outside the
scope of our authority. Other comments
and suggestions were outside the scope
of this rulemaking but could be
considered for future guidance or
rulemaking. For example, some
commenters urged OIG to modify
existing safe harbors or develop entirely
new safe harbors that were not related
to the safe harbors and modifications
proposed in the OIG Proposed Rule
(e.g., an amendment to the referral
services safe harbor, new safe harbors
specific to Indian health care providers,
and a new safe harbor specific to valuebased contracting with manufacturers
for the purchase of pharmaceutical
products). Others requested subregulatory guidance outside the rule,
such as a Frequently Asked Question
feature to respond to specific questions
or common scenarios from stakeholders.
These or other topics that are outside
the scope of this particular rulemaking
are not summarized or discussed in
detail in this final rule.
In the next sections of this preamble,
we summarize each proposal from the
OIG Proposed Rule (full detail of the
proposals can be found at 84 FR 55694);
summarize the final rule, including
significant changes from the proposals;
and respond to public comments.
B. Federal Anti-Kickback Statute Safe
Harbors
1. Value-Based Framework for ValueBased Arrangements
Summary of OIG Proposed Rule: We
proposed a set of value-based
terminology, detailed in the next
section, to describe the universe of
value-based arrangements that would, as
a threshold matter, be eligible to seek
safe harbor protection under three safe
harbors specific to value-based
arrangements between VBEs and one or
more of their VBE participants or
PO 00000
Frm 00008
Fmt 4701
Sfmt 4700
between or among VBE participants: (i)
The care coordination arrangements to
improve quality, health outcomes, and
efficiency safe harbor at 42 CFR
1001.952(ee), (ii) the value-based
arrangements with substantial downside
financial risk safe harbor at 42 CFR
1001.952(ff), (iii) and the full financial
risk safe harbor at 42 CFR 1001.952(gg)
(collectively referred to as the ‘‘valuebased safe harbors’’). The value-based
safe harbors would offer greater
flexibilities to parties as they assume
more downside financial risk.
We proposed this tiered structure to
support the transformation of industry
payment systems and in recognition that
arrangements involving higher levels of
downside financial risk for those in a
position to make referrals or order
products or services could curb, at least
to some degree, FFS incentives to order
medically unnecessary or overly costly
items and services.
Summary of Final Rule: We are
finalizing the tiered value-based
framework of three safe harbors that
vary based on risk assumption of the
parties. Modifications to specific valuebased terminology are discussed in the
next section.
Comment: Many commenters
expressed support for our value-based
framework. For example, a commenter
stated that OIG had achieved a proper
balance between flexibility for
beneficial innovation and safeguards to
protect patients and Federal health care
programs against fraud and abuse risks.
Others commended OIG for embracing
the transition from no risk to downside
financial risk as a central component of
the value-based framework. In
particular, commenters supported OIG’s
proposal under the care coordination
arrangements safe harbor to afford
protection to value-based arrangements
in which parties had yet to take on
downside financial risk.
Response: We have finalized the
value-based framework of three safe
harbors, as proposed. We have made
modifications to some of the valuebased terminology as discussed in
Section III.B.2 below. We explain the
specific reasons for the modifications to
the value-based terminology in
responses to comments in section
III.B.2.
Comment: Several commenters
expressed general support for the
proposed value-based safe harbors,
while also recommending that OIG
proceed with caution. For example, a
payor urged us to maintain in the final
rule the level of rigor reflected in the
proposed value-based safe harbor and
not increase the leniency provided
under the proposed regulations.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Similarly, a trade association suggested
that OIG take a limited ‘‘phased-in’’
approach to the safe harbors to facilitate
identification of appropriate patient
protection and program integrity
guardrails. Another commenter
recommended that, at least once every
3 years, OIG assess and report on the
effects of the value-based safe harbors,
e.g., review clinical benefits, analyze
cost savings, and solicit stakeholder
input. A commenter also cautioned that
giving more flexible safe harbor
protection to value-based arrangements
that include greater risk may push
providers into assuming risk before they
are ready to do so.
Response: With this final rule, we
have sought to find the appropriate
balance between the policy goals of the
Regulatory Sprint and the need to
protect both patients and Federal health
care programs. We decline to adopt the
commenters’ specific recommendations
related to a potential phased-in
approach or the regular publication of
related reports, but we note that we may
undertake future reviews of value-based
arrangements in Federal health care
programs as part of our oversight
mission. We have included robust
safeguards in the value-based safe
harbors to address the commenters’
concerns. We note that we are affording
greater flexibilities under the substantial
downside and full financial risk safe
harbors in recognition of parties’
assumption of the requisite level of
downside financial risk. Others who
may not be ready or willing to assume
risk, or who are only ready or willing to
assume risk at a level below that
required by the substantial downside
financial risk or full financial risk safe
harbors, may look to the care
coordination arrangements safe harbor,
which does not require the assumption
of risk, structure arrangements to fit in
another safe harbor that might apply, or
enter into arrangements that are not
protected by a safe harbor, given that
structuring an arrangement to satisfy a
safe harbor is voluntary.
Comment: Other commenters
expressed concerns about potential
fraud and abuse, with several asserting
that the value-based safe harbors would
foster an environment vulnerable to
fraud and anticompetitive effects.
Commenters had varying rationales for
their position, including, for example,
that existing safe harbors would be
sufficient to advance value-based
models; evaluation was warranted
before finalizing these safe harbors; and
the care coordination focus of the valuebased safe harbors would lead to further
industry consolidation. A state health
department broadly asserted that the
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
proposals lacked sufficient detail and, if
finalized, would pose enforcement
challenges. That commenter requested
that we add more detail in our
rulemaking, rather than through subregulatory guidance, to assist the state
with developing comprehensive policies
to support the rule.
Several radiology trade associations
expressed concern that the safe harbors
omitted the guiding principle of fair
market value and the restriction on
determining the amount or nature of the
remuneration based on the volume or
value of referrals, and consequently, the
value-based arrangements could be
abused or used as a means for referring
providers to pay less for radiology or
imaging services. Generally, these
commenters supported the creation of
value-based safe harbors only to the
extent parties to a value-based
arrangement had assumed significant
downside financial risk. They
recommended that each value-based
safe harbor include provisions
prohibiting referring VBE participants
from underpaying for radiology and
imaging services within a VBE or
otherwise leveraging their ability to
direct referrals.
Response: The commenters raise
important concerns about potential
harms resulting from fraud and abuse;
we considered these harms carefully in
developing the final rule. In response to
comments, throughout this final rule we
have clarified regulatory text to
minimize confusion; offered additional
explanations in preamble to expound
upon OIG’s interpretation of provisions
in the value-based safe harbors; and
provided illustrative examples for the
value-based terminology, which we
believe will aid in both enforcement and
compliance. Parties also may request an
advisory opinion from OIG to determine
whether an arrangement meets the
conditions of a safe harbor or is
otherwise sufficiently low risk under
the Federal anti-kickback statute to
receive prospective immunity from
administrative sanctions by OIG.
This final rule aims to protect valuebased arrangements that enhance
patient care and deliver value, and we
have included safeguards designed to
preclude from protection arrangements
that lead to medically unnecessary care,
might involve coercive marketing, or
limit clinical decision-making. These
safeguards are described in greater
detail below and throughout this
preamble. In addition, certain entities
that present heightened program
integrity risk and are less likely to be at
the front lines of care coordination are
not eligible to rely on the value-based
safe harbors or subject to additional
PO 00000
Frm 00009
Fmt 4701
Sfmt 4700
77691
safeguards. We believe the potential
benefits of the final value-based safe
harbors (e.g., facilitating the transition
to value-based care and encouraging
greater care coordination) outweigh the
potential risks related to fraud and
competition.
The value-based safe harbors, as
finalized, do not include the traditional
fraud and abuse safeguards of fair
market value or a broad prohibition on
taking into account the volume or value
of any referrals. However, we have
included other safeguards in each of the
value-based safe harbors that are
intended to address potential fraud and
abuse risks, e.g., a prohibition on taking
into account the volume or value of
referrals outside the target patient
population, limits on directed referrals,
and others described elsewhere in this
preamble. The risk sharing required by
the substantial downside financial risk
and full financial risk safe harbors
reduces some fraud and abuse concerns
associated with a traditional fee-forservice payment system. We also
included safeguards specific to the care
coordination arrangements safe harbor,
e.g., a contribution requirement for
recipients, in recognition, in part, of the
fact that this value-based safe harbor
does not require parties to assume
financial risk or meet certain traditional
safeguards, such as a fair market value
requirement. The care coordination
arrangements safe harbor does not
protect monetary payments, including
payments for services such as radiology
or imaging. Nothing in the risk-based
safe harbors prevents parties from
negotiating fair market value
arrangements for services or from using
the personal services and management
contracts and outcomes-based payments
safe harbor at paragraph 1001.952(d),
which includes fair market value
requirements.
While existing safe harbors could
protect many care coordination
arrangements, comments we received in
response to the OIG RFI reflected that
existing safe harbors are insufficient to
protect the range of care coordination
arrangements envisioned by the
Regulatory Sprint. For example, apart
from employment, there is no existing
safe harbor protection for the sharing of
personnel or infrastructure at belowmarket-value rates. Thus, the valuebased safe harbors will provide
protection to a broader range of care
coordination arrangements than is
presently available under existing safe
harbors. With respect to the commenter
that suggested evaluation was warranted
prior to implementing the value-based
safe harbors, we solicited feedback on
the anticipated approach for rulemaking
E:\FR\FM\02DER3.SGM
02DER3
77692
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
in the RFI and solicited comments on
specific safe harbors, an exception, and
relevant considerations in the OIG
Proposed Rule. We do not believe
further evaluation is needed to inform
the issuance of this final rule; indeed,
further formal evaluation could delay
regulatory flexibilities designed to
facilitate innovative value-based care
and care coordination arrangements.
With respect to concerns regarding
industry consolidation, it is not the
intent of this final rule to foster industry
consolidation. The rule aims to increase
options for parties to create a range of
care coordination and value-based
arrangements eligible for safe harbor
protection, whether through
employment, ownership, or contracts
among otherwise unaffiliated,
independent entities that wish to
coordinate care. As explained
elsewhere, the definition of a ‘‘valuebased enterprise’’ is flexible, allowing
for a broad range of participation and
business structures. In addition, ‘‘valuebased arrangements’’ are defined such
that they can be among many
participants or as few as two. The safe
harbors are available to large and small
systems and to rural and urban
providers. We intend for this flexibility
to ensure that smaller providers still
have the opportunity to develop and
enter into care coordination
arrangements.
Comment: Several commenters
highlighted the potential harms the
proposed value-based safe harbors could
pose to patients, e.g., cherry-picking,
provision of medically unnecessary
care, or stinting on care. Commenters
also expressed concern that the safe
harbors could negatively impact patient
freedom of choice or impinge on the
patient-physician relationship. To
address these concerns, commenters
had varying suggestions. For example,
some commenters urged OIG to insert
patient transparency requirements in
the value-based safe harbor that would
mirror similar requirements in the
Medicare Shared Savings Program. One
such commenter stated transparency is
necessary to ensure public confidence
that the benefits of a value-based
arrangement would not be exclusive to
those party to the agreement.
Response: We share the commenters’
interests in protecting patients against
cherry-picking, the provision of
medically unnecessary care, stinting on
care, patient steering, and any
inappropriate infringement on the
patient-doctor relationship.
Accordingly, we have finalized
safeguards in each of the three valuebased safe harbors related to these
issues. We did not propose patient
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
transparency or notice requirements in
the OIG Proposed Rule for the valuebased safe harbors because we believed
it potentially would impose undue
administrative burden on providers, and
we are not including any such condition
in this final rule.
Comment: We received a number of
comments stating that our approach to
the value-based safe harbors was not
bold enough and would act as a barrier
to advancing the coordination and
management of care. For example, a
commenter stated that the proposals, as
drafted, would not advance care
coordination and better quality
outcomes because the OIG sets too many
limits and boundaries within the valuebased safe harbors. In addition, several
commenters asserted that our
definitions of certain key terms, such as
value-based enterprise and VBE
participant, were overly prescriptive.
Other commenters asserted that our
view of financial risk was too narrow
and failed to recognize, among other
things, that providers are already at
substantial financial risk under existing
financial incentives and penalties
created by payment structures.
Response: We disagree with those
commenters who stated that our
definitions are too narrow or
prescriptive and that the proposed
value-based safe harbors are not bold
enough because they would impose
limits on the types of arrangements that
are protected.
As discussed in section III.B.2, we
have defined the value-based
terminology to allow for a wide range of
individuals and entities to participate in
value-based arrangements. The valuebased safe harbors do not attempt to
cover the entire universe of potentially
beneficial arrangements, nor the entire
universe of what may constitute risk.
Indeed, we acknowledged in the OIG
Proposed Rule, and confirm here, that
we understood that participants in
value-based arrangements might assume
certain types of risk other than
downside financial risk for items and
services furnished to a target patient
population (e.g., upside risk, clinical
risk, operational risk, contractual risk,
or investment risk).12 We continue to
believe our focus on downside financial
risk is warranted because the
assumption of downside financial risk
incentivizes those making the referral
and ordering decisions to control costs
and deliver efficient care in a way the
other types of risk may not.
Further, the care coordination
arrangements safe harbor requires no
assumption of downside risk by parties
12 84
PO 00000
FR 55699 (Oct. 17, 2019).
Frm 00010
Fmt 4701
Sfmt 4700
to a value-based arrangement.
Accordingly, parties that do not meet
the definition of taking on ‘‘substantial
downside financial risk’’ or ‘‘full
financial risk’’ may seek protection for
certain value-based arrangements under
the care coordination arrangements safe
harbor. They may also look to the new
safe harbor protection for outcomesbased payments at paragraph
1001.952(d)(2).
We have included parameters in the
value-based safe harbors to protect
against risks of fraud and abuse, such as
overutilization, inappropriate patient
steering, or stinting on care. Nothing in
the rulemaking changes the premise of
safe harbors themselves: They offer
protection to certain arrangements that
meet safe harbor conditions, but they do
not purport to define all lawful
arrangements. Parties with arrangements
that do not fit in a value-based safe
harbor may look to other safe harbors or
the language of the statute itself. Parties
also may request an advisory opinion
from OIG to determine whether an
arrangement meets the conditions of a
safe harbor or is otherwise sufficiently
low risk under the Federal anti-kickback
statute to receive prospective immunity
from administrative sanctions by OIG.
Comment: Multiple commenters
recommended that, in lieu of a tiered
approach to the value-based framework
(i.e., three value-based safe harbors,
based upon the level of risk assumed by
parties), OIG should create a single
value-based arrangements safe harbor.
The commenters asserted that such an
approach would reduce the complexity
of the value-based safe harbors.
Response: We appreciate the
commenters’ suggestion regarding ways
to reduce complexity; however, we
disagree with the commenters’
recommendations to develop a single
value-based arrangements safe harbor.
The tiered approach we are finalizing in
this rule supports the policy goals of the
Regulatory Sprint regarding the
transformation to value and offers
parties flexibility to undertake
arrangements that suit their needs. We
do not believe that a one-size-fits-all
approach would be feasible or effective
to promote the transformation to value
because we recognize there are many
dimensions of value in health care that
may look different for various
stakeholders. To support the
transformation to value, reflect that
program integrity vulnerabilities change
as parties assume more risk, and prevent
unscrupulous behavior, we have
adopted a tiered approach where the
safeguards included in each of the
value-based safe harbors are tailored
according to, among other things, the
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
degree of downside financial risk
assumed by the parties.
Comment: In response to our
solicitation of comments on whether to
define the term ‘‘value,’’ we received
varying comments. Some commenters
supported our proposal to use the term
in a non-technical way, with one
asserting the term ‘‘value’’ is not a onesize-fits-all term of art. Others suggested
that we reference—in the final
definitions or otherwise—financial
arrangements under advanced
alternative payment models (APMs) to
make clear that value-based
arrangements in CMS-sponsored
programs would receive protection
under the value-based safe harbors.
Response: We agree with those
commenters that noted that ‘‘value’’ is
not a one-size-fits all term. We decline
to use or define the term ‘‘value’’ for the
purposes of these safe harbors because
we believe industry stakeholders and
those participating in value-based
arrangements potentially protected by
these safe harbors are best-positioned to
determine value. Notably, however, we
define other terms critical to the valuebased safe harbors, including ‘‘valuebased purpose,’’ ‘‘value-based activity,’’
and ‘‘value-based arrangement.’’ These
defined terms adequately capture the
concept of value without prescriptively
defining ‘‘value,’’ which could inhibit
flexibility and innovation. We also are
not adopting the commenters’
suggestion to define any term by
referencing financial arrangements
under advanced APMs. Financial
arrangements under CMS-sponsored
APMs may satisfy the definition of
‘‘value-based arrangement’’ and may
serve as one of many sources for
considering value in the delivery of
care. In addition, organizations already
participating in CMS-sponsored models
may wish to look to the new safe harbor
for those models at paragraph
1001.952(ii).
Comment: Several commenters
requested that we offer additional
clarity on key terms and concepts used
throughout the value-based framework.
For example, some commenters
encouraged OIG to issue sub-regulatory
guidance with respect to the valuebased safe harbors, while others
requested specific examples of the types
of value-based arrangements that could
be protected. Another commenter
suggested that, in order to avoid
confusion, OIG more closely align its
value-based safe harbors with the
requirements in the Medicare Shared
Savings Program fraud and abuse
waivers (e.g., governing body approval
of protected arrangements). Collectively,
these commenters expressed concern
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
that without further guidance from OIG,
individuals and entities would remain
too risk-averse to leverage the new safe
harbors for value-based arrangements or
would incur significant time and
expense in creating a value-based
enterprise that might not meet the
required standards.
Response: Based on these comments,
throughout this final rule, we have
endeavored to provide additional clarity
and examples of key terms and
concepts. Parties also may use OIG’s
advisory opinion process to obtain a
legal opinion on the application of
OIG’s fraud and abuse authorities to a
particular arrangement. Regarding the
request for greater alignment with the
Medicare Shared Savings Program, we
note that we drew from our experience
with the waivers issued for the
Medicare Shared Savings Program in
drafting the value-based safe harbors,
but we do not believe alignment with
the waiver conditions would be
appropriate for a number of reasons.
First, CMS provides programmatic
oversight of the Medicare Shared
Savings Program that it would not
provide to all value-based enterprises
under this final rule. In addition, the
waivers apply to certain remuneration
related to one type of alternative
payment model, whereas the safe
harbors finalized in this final rule apply
to a broader range of arrangements
focused on value-based care. Finally, as
discussed in more detail below, all
individuals and entities can be VBE
participants, whereas participation in
the Medicare Shared Savings Program is
more limited. Parties participating in
CMS-sponsored models may wish to
look at the new safe harbor for those
models at paragraph 1001.952(ii), which
is closely aligned with model
requirements and takes into account
CMS’s oversight of those models and the
Medicare Shared Savings Program.
Comment: Multiple commenters
requested that OIG speak to the
intersection of the proposed value-based
safe-harbors with existing: (i) Financial
arrangements that may not meet the four
corners of the value-based safe harbors,
despite otherwise being similar in
concept; (ii) safe harbors; and (iii) state
law and corporate practice of medicine
requirements.
Response: By promulgating valuebased safe harbors, we are not opining,
directly or indirectly, on the legality of
existing financial arrangements that may
be similar in concept to value-based
arrangements that may be protected
under the new value-based safe harbors.
Arrangements that do not meet all
conditions of an applicable safe harbor
are not protected by that safe harbor.
PO 00000
Frm 00011
Fmt 4701
Sfmt 4700
77693
Whether such an arrangement violates
the Federal anti-kickback statute is a
fact-specific inquiry. In addition, and as
stated in the OIG Proposed Rule, parties
to value-based arrangements may
choose whether to protect such
arrangements under existing safe
harbors or under the new value-based
safe harbors finalized in this final rule.
We have attempted to create
significant flexibility under the Federal
anti-kickback statute while recognizing
that parties still must comply with
applicable State laws. Nothing in these
safe harbors preempts any applicable
State law (unless such State law
incorporates the Federal law by
reference).
Comment: We received several
comments that touched upon the
applicability of the value-based safe
harbors to commercial arrangements.
For example, at least two commenters
expressed support for extending the
value-based safe harbor protections to
participants in arrangements involving
only commercial payor patients.
Another commenter strongly
recommended that OIG clarify in the
final rule that the Federal anti-kickback
statute is not implicated if a financial
arrangement is strictly limited to
commercial payor patients.
Response: Generally speaking, the
Federal anti-kickback statute is not
implicated for financial arrangements
limited solely to patients who are not
Federal health care program
beneficiaries. However, to the extent the
offer of remuneration pursuant to an
arrangement involving only non-Federal
health care program beneficiaries is
intended to pull through referrals of
Federal health care program
beneficiaries or business, the Federal
anti-kickback statute would be
implicated and potentially violated.
While nothing in the value-based safe
harbors precludes financial
arrangements limited solely to patients
who are not Federal health care program
beneficiaries, the parties would need to
meet all requirements of the applicable
value-based safe harbor, and a pullthrough arrangement would not meet
the requirement, in each value-based
safe harbor found at (ee), (ff), and (gg),
that the offeror of remuneration does not
take into account the volume or value
of, or condition the remuneration of
referrals of, patients who are not part of
the target patient population, or
business not covered under the valuebased arrangement.
Comment: A commenter
recommended that OIG apply the valuebased safe harbors retrospectively.
Response: As stated in the OIG
Proposed Rule, the value-based safe
E:\FR\FM\02DER3.SGM
02DER3
77694
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
harbors will be prospective only and
will be effective as of 60 days from the
date this rule is published in the
Federal Register. It is neither feasible
nor desirable to confer safe harbor
protection retrospectively under a
criminal statute. Conduct is evaluated
under the statute and regulations in
place at the time of the conduct.
Comment: A commenter supported
OIG addressing value-based contracting
and outcomes-based contracting for the
purchase of pharmaceutical products in
future rulemaking, including rules
around medication adherence. Another
commenter urged OIG to promulgate a
safe harbor in this final rule specific to
value-based arrangements with
manufacturers for the purchase of
pharmaceutical products (as well as
medical devices and related services).
Response: We did not propose, and
thus are not finalizing, a safe harbor
specifically for value-based
arrangements with manufacturers for
the purchase of their products. We may
consider this topic, along with valuebased contracting and outcomes-based
contracting, for future rulemaking.
Comment: Separate and apart from
outcomes-based contracting, a handful
of commenters requested that we create
new safe harbors or issue certain
guidance. For example, a hospital
association urged us to create a safe
harbor to facilitate non-CMS advanced
payment models. Another commenter
suggested we issue guidance affording
parties additional regulatory flexibility
to the extent their financial
arrangements are consistent with the
goals of the value-based safe harbors but
do not otherwise satisfy all conditions.
Response: We did not propose and are
not finalizing a safe harbor specific to
non-CMS advanced payment models.
However, we refer the commenter to our
substantial downside financial risk safe
harbor at paragraph 1001.952(ff), as
remuneration exchanged by the parties
to the advanced payment model
arrangement may be eligible for
protection under that safe harbor.
We likewise are not issuing guidance
to provide parties with additional
regulatory flexibility to protect financial
arrangements that are consistent with
the goals of, but do not meet the
requirements of, a value-based safe
harbor. An arrangement must meet all
conditions of the applicable value-based
safe harbor for remuneration exchanged
pursuant to the arrangement to receive
protection.
Comment: A commenter asserted that
the value-based safe harbors do not
satisfy the requirements set forth in
section 1128D of the Act for the
promulgation of new safe harbors.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Specifically, the commenter asserted
that the value-based safe harbors do not
specify payment practices that are
protected under the Federal antikickback statute, as required by section
1128D, because they only outline a set
of general principles.
Response: We disagree with the
commenter. Section 1128D of the Act
requires the Secretary to publish a
notice soliciting proposals for, among
other things, additional safe harbors
specifying payment practices that shall
not be treated as a criminal offense
under section 1128B(b) and shall not
serve as the basis for an exclusion under
section 1128(b)(7) and to publish
proposed additional safe harbors, if
appropriate, after considering such
proposals. Consistent with that
authority, the value-based safe harbors
specify payment practices that will be
protected if they meet a series of
specific, enumerated requirements.
Although a value-based safe harbor may
protect remuneration exchanged
pursuant to a diverse universe of valuebased arrangements, all value-based
arrangements within that universe share
the features required by the applicable
safe harbor.
For example, the payment practice
specified in the care coordination
arrangements safe harbor is the
exchange of in-kind remuneration
pursuant to value-based arrangement,
where, among several other
requirements, the parties establish
legitimate outcome measures to advance
the coordination and management of
care for the target patient population;
the arrangement is commercially
reasonable; and the recipient
contributes at least 15 percent of either
the offeror’s cost or the fair market value
of the remuneration. If an arrangement
fails to meet any one of the safe harbor’s
requirements, it cannot receive
protection under the safe harbor. This
approach is consistent with the
approach taken in other safe harbors
that are not specific as to the type of
arrangement. For example, the personal
services and management contracts safe
harbor protects any payments from a
principal to an agent, as long as a series
of standards are met.
Comment: Numerous commenters
requested that OIG and CMS seek
greater alignment across their respective
value-based rules. According to some of
these commenters, further alignment
would reduce administrative burden,
confusion, and regulatory uncertainty.
Commenters were generally in favor of
OIG revising its proposed value-based
safe harbors to more closely parallel
CMS’s proposed value-based exceptions
to the physician self-referral law.
PO 00000
Frm 00012
Fmt 4701
Sfmt 4700
Commenters suggested that CMS’s
proposed value-based exceptions would
protect a broader universe of beneficial
innovative arrangements, without
greater fraud and abuse risk.
Accordingly, commenters urged OIG to
create a safe harbor for any value-based
arrangement that otherwise met a
physician self-referral law exception or,
alternatively, state that compliance with
the physician self-referral law would
rebut any implication of intent under
the Federal anti-kickback statute.
Commenters also advocated that OIG
adopt certain CMS proposed definitions,
e.g., CMS’s ‘‘volume or value’’
definition.
Response: As explained in more detail
in section III.A.1 of this preamble, we
are mindful of reducing burden on
providers and other industry
stakeholders, and we have sought to
align value-based terminology and safe
harbor conditions with those being
adopted by CMS as part of the
Regulatory Sprint wherever possible.
However, complete alignment is not
feasible because of fundamental
differences in statutory structures and
penalties across the two laws, as well as
differences in how anti-kickback statute
safe harbors and physician self-referral
law exceptions operate. For example,
the physician self-referral law applies to
referrals by physicians for specified
designated health services, whereas the
anti-kickback statute applies to referrals
by anyone of any Federal health care
program business. Fitting in an
exception to the physician self-referral
law is mandatory, whereas using safe
harbors is voluntary. In designing our
safe harbors, we have included
conditions designed to ensure that
protected arrangements are not
disguised kickback schemes, and we
recognize that, for purposes of those
arrangements that implicate both the
physician self-referral law and the
Federal anti-kickback statute, the valuebased safe harbors may therefore protect
a narrower universe of arrangements
than CMS’s exceptions.
We do not agree as a matter of law
that compliance with the physician selfreferral law would rebut any
implication of intent under the Federal
anti-kickback statute. We did not
propose to, and do not, adopt CMS’s
proposed interpretation of the term
‘‘takes into account the volume or value
of referrals or other business generated.’’
We have aligned terminology used in
the value-based framework and set forth
at paragraph 1001.952(ee) in our rule, as
described below.
2. Value-Based Terminology (42 CFR
1001.952(ee))
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
We proposed to define at paragraph
1001.952(ee)(12) the following terms:
‘‘value-based enterprise’’ (‘‘VBE’’),
‘‘value-based arrangement,’’ ‘‘target
patient population,’’ ‘‘value-based
activity,’’ ‘‘VBE participant,’’ ‘‘valuebased purpose,’’ and ‘‘coordination and
management of patient care.’’ We
summarize the proposal for each of
these definitions and the final rule in
turn below. These definitions are now
located at paragraph 1001.952(ee)(14) of
the final rule and cross-referenced in the
safe harbors at paragraphs 1001.952(ff),
(gg), and (hh). In this final rule, we have
added definitions at paragraph
1001.952(ee)(14) for the following terms
that are used in connection with
determining eligibility of certain types
of entities to use the safe harbors at
paragraphs 1001.952(d)(2), (ee), (ff), (gg),
and (hh): ‘‘limited technology
participant,’’ ‘‘digital health
technology,’’ and ‘‘manufacturer of a
device or medical supply.’’ These
definitions are discussed in section
III.B.2.e.
a. Value-Based Enterprise (VBE)
Summary of OIG Proposed Rule: We
proposed to define the term ‘‘valuebased enterprise’’ or ‘‘VBE’’ as two or
more VBE participants: (i) Collaborating
to achieve at least one value-based
purpose; (ii) each of which is a party to
a value-based arrangement with the
other or at least one other VBE
participant in the value-based
enterprise; (iii) that have an accountable
body or person responsible for financial
and operational oversight of the valuebased enterprise; and (iv) that have a
governing document that describes the
value-based enterprise and how the VBE
participants intend to achieve its valuebased purpose(s).
Summary of Final Rule: We are
finalizing, with modification, the
definition of ‘‘value-based enterprise.’’
i. General
Comment: Multiple commenters
supported the definition of ‘‘value-based
enterprise,’’ as proposed, and the
flexibility the definition offers. A
commenter appeared to ask OIG to
revise the definitions of ‘‘value-based
enterprise,’’ ‘‘value-based arrangement,’’
and ‘‘value-based activity’’ so that they
do not incorporate and rely on other
defined terms. Another commenter
suggested a broader definition of ‘‘VBE’’
that would allow affiliates of a VBE to
participate within the VBE without
becoming VBE participants.
Response: The definition of ‘‘valuebased enterprise’’ is intended to be
broad and flexible to encompass a wide
range of VBEs, from smaller VBEs
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
comprised of only two or three parties
to large VBEs, such as entities that
function similar to ACOs. We decline to
expand the definition further to allow
affiliates of VBE participants to
participate in a VBE without becoming
VBE participants. We designed the
value-based framework, including the
requirement for parties to be either a
VBE or a VBE participant, to ensure the
remuneration that the safe harbors
protect is exchanged pursuant to a
value-based arrangement where all
parties are striving to achieve valuebased purposes. VBE participants can
continue to enter into arrangements
with affiliates and other non-VBE
participants and may look to other
available safe harbors for potential
protection for those arrangements.
We also decline to revise the
definitions of ‘‘value-based enterprise,’’
‘‘value-based arrangement,’’ and ‘‘valuebased activity’’ to omit references to
other defined terms. The value-based
terminology we are finalizing works in
concert to explain the universe of valuebased arrangements under which the
exchange of remuneration may receive
safe harbor protection. For example,
because the terms ‘‘VBE participant,’’
‘‘value-based purpose,’’ and ‘‘valuebased arrangement’’ are fundamental to
the definition of ‘‘value-based
enterprise,’’ we are finalizing a
definition of ‘‘value-based enterprise’’
that references those terms.
Comment: A commenter asked
whether parties could prove
collaboration to achieve one or more
value-based purposes by measuring the
amount of time a VBE participant has
been taking part in a value-based
activity.
Response: To accommodate a broad
range of VBEs, from small to large, this
final rule does not prescribe how VBE
participants prove that they are
collaborating to achieve at least one
value-based purpose, as required by the
definition of ‘‘value-based enterprise’’; it
is incumbent on the VBE participants to
demonstrate that they are meeting this
requirement. For example, time spent
on value-based activities, records of
collaboration between parties, and
participation in applicable meetings,
could all be relevant factors, depending
on the unique nature and circumstance
of the VBE and the arrangements among
the VBE participants.
Comment: A commenter expressed
concern that the costs of forming a VBE
could be prohibitive for small and rural
providers and providers serving
underserved populations, and it
appeared to ask OIG to create an online
portal that parties could use to create
VBEs. Another commenter asked OIG to
PO 00000
Frm 00013
Fmt 4701
Sfmt 4700
77695
state expressly that a VBE may add
individual physicians and other
clinicians as VBE participants on an
ongoing basis and still meet the
definition of ‘‘VBE.’’
Response: The definition of ‘‘VBE’’ is
intended to be both broad and flexible
to accommodate providers, suppliers,
and other entities of varying sizes and
financial means seeking to participate in
value-based arrangements. The
definition, as finalized, will allow small
and rural providers and providers
serving underserved populations to
form VBEs that correspond in scope and
design with the VBE participants’
resources. For example, we anticipate
that parties could form a VBE with a
single value-based arrangement, and a
VBE could be comprised of only two
VBE participants. We did not propose to
create an online portal for the creation
of VBEs, and we are therefore not
establishing an online portal in this
final rule. We also confirm that VBE
participants may join and leave a VBE
throughout the existence of the VBE, but
we note that a VBE always must have
two or more VBE participants to meet
the definition of ‘‘value-based
enterprise.’’
Comment: A commenter
recommended that we require a valuebased enterprise to utilize electronic
health records so that each entity
participating in the value-based
enterprise has a strong data platform to
track and evaluate the VBE’s inputs and
outcomes. According to the commenter,
data from the EHR systems is critical to
care delivery and care coordination.
Response: We agree that EHR systems
can help individuals and entities within
the VBE facilitate the coordination and
management of care but did not propose
to require, and thus are not requiring,
VBEs or VBE participants to use them.
Moreover, we intend for entities of
varying sizes and with different levels of
funding and access to technology to be
able to utilize the value-based safe
harbors. While we continue to support
the Department’s goal of continued
adoption and use of interoperable EHR
technology that benefits patient care, we
are concerned that requiring utilization
of EHR may unduly limit the ability of
some entities to form a VBE. Donations
of EHR by VBEs to VBE participants can
be protected by the value-based safe
harbors if all conditions are met.
Alternatively, VBE and VBE participants
may use the EHR safe harbor that this
final rule makes permanent.
Comment: Commenters asked how the
definition of ‘‘value-based enterprise’’
would apply to integrated delivery
systems, with a commenter specifically
inquiring as to how entities within a
E:\FR\FM\02DER3.SGM
02DER3
77696
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
larger integrated delivery system that
enter into arrangements with a payor for
shared savings and losses could
subsequently share such savings or
losses with downstream contracted or
employed physicians. The commenter
asked whether each party offering or
receiving remuneration would be
required to be a party to an agreement
with the payor or if separate agreements
between the downstream entities would
suffice. Another commenter asked OIG
to confirm whether an already existing
integrated delivery system, ACO, or
similar entity could meet the
requirements of a VBE or whether that
entity must establish a new value-based
enterprise to use the value-based safe
harbors. A commenter asserted that the
value-based definitions and safe harbors
should include integrated delivery
systems, accountable care, team-based
care, coordinated care (including for
dual eligible beneficiaries), bundled
payments, payments linked to quality or
outcomes, Medicaid waiver programs,
and Medicare managed care, valuebased, or delivery system reform
directed payments. A commenter
recommended that the final rule deem
an existing ACO to be compliant with
the requirements of an applicable safe
harbor to help retain ACOs as a central
organizational structure, reduce
regulatory burden, reduce risk of
whistleblower or regulatory challenges,
and minimize the need for creation of
arrangements outside the ACOs. For
each value-based safe harbor the
commenter made specific suggestions:
That OIG deem ACO outcome measures
to meet the outcome measures
requirement for care coordination
arrangements; and for the substantial
downside financial risk and full
financial risk safe harbors, that all safe
harbor conditions would be deemed met
if the requisite level of downside
financial risk were present.
Response: The final rule, including
the value-based terminology, valuebased safe harbors, and other safe
harbors we are finalizing, offers several
potential pathways for protection for the
types of arrangements noted by the
commenters, provided all applicable
definitions and safe harbor conditions
are satisfied. An existing integrated
delivery system, ACO, or comparable
entity could potentially qualify as a
‘‘value-based enterprise’’ and meet all of
the requirements of the definition to use
the value-based safe harbors we are
finalizing. Arrangements for shared
savings or losses and certain bundled
payments could be protected under the
substantial downside and full financial
risk safe harbors, which protect in-kind
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
and monetary remuneration exchanged
between a VBE and a VBE participant.
Under these safe harbors, a hospital that
is a VBE participant could enter into a
value-based arrangement with a VBE,
pursuant to which the VBE shares
savings or losses with the hospital VBE
participant. However, this arrangement
could not be protected under the care
coordination arrangements safe harbor,
which does not protect the exchange of
monetary remuneration. Monetary
remuneration, including payments
linked to outcomes, could qualify for
protection under the safe harbor for
personal services and management
contracts and outcomes-based payments
at paragraph 1001.952(d)(2). Neither the
substantial downside financial risk safe
harbor nor the full financial risk safe
harbor protects the exchange of
remuneration between entities
downstream of the VBE (i.e., between
VBE participants, a VBE participant and
a downstream contractor, or
downstream contractors). Apart from
the value-based safe harbors, some
managed care arrangements could be
structured to fit in the existing managed
care safe harbors at paragraphs
1001.952(t) and 1001.952(u). ACOs and
others in CMS-sponsored models could
use the new safe harbor at paragraph
1001.952(ii).
We did not propose and are not
adopting a deeming provision for ACOs,
as recommended by the commenter.
Under the final value-based safe
harbors, ACOs would need to meet all
applicable safe harbor conditions. We
have designed the value-based
terminology and safe harbors to be
flexible to accommodate a range of VBE
types, structures, and arrangements,
including ACOs. Moreover, when
participating in a CMS-sponsored
model, an ACO might rely on an
existing fraud and abuse waiver or the
new safe harbor for CMS-sponsored
models at paragraph 1001.952(ii), rather
than a value-based safe harbor.
To the commenter’s question
regarding separate agreements, although
the substantial downside financial risk
and full financial risk safe harbors
would not protect any shared savings or
losses (or other remuneration) between
the hospital VBE participant and its
downstream employed or contracted
physicians, the VBE could enter into
value-based arrangements directly with
physicians who are VBE participants in
order to share savings or losses with the
physicians. We note, however, that,
consistent with all other safe harbors,
compliance with the value-based safe
harbors is not compulsory. Parties may
enter into lawful arrangements for
value-based care that do not meet a safe
PO 00000
Frm 00014
Fmt 4701
Sfmt 4700
harbor. Other safe harbors may be
relevant to protect remuneration
exchanged in a value-based
arrangement, such as the personal
services and management contracts safe
harbor or a managed care safe harbor,
depending on the circumstances. The
OIG advisory opinion process also
remains available.
Comment: A commenter asked
whether VBEs must undergo a formal
process to receive protection under the
new safe harbors.
Response: All safe harbors to the
Federal anti-kickback statute, including
the new safe harbors we are finalizing
in this final rule, are voluntary, and
parties do not need to undergo any
process or receive any affirmation from
the Federal Government in order to
receive protection. We note that
qualifying as a value-based enterprise is
not sufficient to obtain protection under
the value-based safe harbors. To be
protected, the remuneration exchanged
between or among parties to the VBE
must squarely meet all conditions of an
available safe harbor. Parties that wish
for OIG to opine on whether an
arrangement satisfies the criteria of a
safe harbor may submit an advisory
opinion request.
Comment: A commenter stated that an
entity that qualifies as a VBE should be
deemed to meet the Federal Trade
Commission (FTC) and Department of
Justice (DOJ) requirements for clinical
integration.
Response: Whether a value-based
enterprise meets the FTC and DOJ
requirements for clinical integration is
outside the scope of this rulemaking and
thus the issue raised by the commenter
is not addressed in this rule.
Comment: Several commenters asked
OIG to include references to free clinics,
charitable clinics, and charitable
pharmacies in the definition of ‘‘valuebased enterprise,’’ stating that hospitals
otherwise will remain risk averse to
establishing or continuing partnerships
with such entities. Another commenter
asked OIG to confirm that the terms
‘‘value-based enterprise,’’ ‘‘value-based
arrangement,’’ and ‘‘value-based
activity’’ apply exclusively to the new
safe harbors and not in other contexts,
such as state Medicaid programs, to
ensure the new value-based terminology
does not disrupt the administration of
existing value-based arrangements.
Response: We do not believe it is
necessary to include references to any
specific entities in the definition of
‘‘value-based enterprise.’’ While the
commenter requested that we reference
these entities in the definition of ‘‘VBE,’’
we note that under this final rule all
individuals and entities are eligible to
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
be VBE participants (other than a
patient acting in their capacity as a
patient). The definitions we are
finalizing for the value-based
terminology, including the terms
‘‘value-based enterprise,’’ ‘‘value-based
arrangement,’’ and ‘‘value-based
activity,’’ do not apply outside of the
safe harbors being finalized in this rule.
Given OIG’s limited authority in the
context of this rulemaking, we do not
purport to define these terms for other
purposes, including for State Medicaid
programs; however, the safe harbors
could protect remuneration resulting
from value-based arrangements
involving Medicaid beneficiaries (to the
extent that all applicable safe harbor
conditions are satisfied). CMS is using
the same terminology for its new valuebased exceptions under the physician
self-referral law.
Comment: A commenter asserted that
the proposed definitions of ‘‘valuebased enterprise,’’ ‘‘value-based
arrangement,’’ ‘‘value-based activity,’’
and ‘‘VBE participant’’ apply only to the
care coordination arrangements safe
harbor and not to the substantial
downside financial risk safe harbor or
the full financial risk safe harbor.
Response: The commenter’s apparent
confusion arises from the language in
proposed paragraph 1001.952(ee) that
states, ‘‘[f]or purposes of this paragraph
(ee), the following definitions apply.’’
Notwithstanding this language, the
substantial downside financial risk safe
harbor and the full financial risk safe
harbor expressly incorporate the
definitions of ‘‘value-based enterprise,’’
‘‘value-based arrangement,’’ ‘‘valuebased activity,’’ and ‘‘VBE participant’’
set forth in paragraph 1001.952(ee).
Comment: While supporting the
proposed definition of ‘‘value-based
enterprise,’’ several commenters
requested that OIG and CMS align any
modifications to the final definition of
‘‘VBE.’’ According to the commenter,
identical definitions would allow
stakeholders to place more focus on the
delivery of value-based care because
they would not need to navigate
different legal frameworks under the
Federal anti-kickback statute and the
physician self-referral law.
Response: We are finalizing a
definition of ‘‘value-based enterprise’’
that remains aligned with the definition
finalized by CMS.
Comment: Some commenters asserted
that Indian health programs should be
deemed to meet the definition of ‘‘valuebased enterprise’’ even if they do not
meet each requirement of the definition
because Tribes, as sovereign
governments, do not enter into
agreements in which another entity has
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
governing authority or control over any
part of the Tribe. In addition, they
explained that Indian health programs
have several features of the proposed
definition (e.g., Indian health programs
are held accountable by the governing
body of the Tribe or the United States
Congress, in the case of IHS-run
programs). Such commenters asserted
that requiring Indian health programs to
meet any additional requirements
would exclude or unnecessarily burden
those programs.
Similarly, several commenters
requested that OIG address whether
Indian health programs could be a VBE
participant and recommended that the
definition expressly state that Indian
health programs may be VBE
participants. Another commenter
expressed concern that Indian health
programs may not meet the proposed
definition of VBE participant because
Tribes are sovereign nations that will
not enter into agreements with another
entity with authority over the Tribe.
Response: Indian health programs, as
well as other individuals and entities,
may themselves constitute VBEs or may
form VBEs if they meet all requirements
in the definition of such term. We are
not promulgating any exceptions to the
requirement that parties form a VBE in
order to use one of the value-based safe
harbors or the patient engagement and
support safe harbor because we believe
the definition of ‘‘value-based
enterprise’’ is sufficiently broad and
flexible to allow Indian health programs
to qualify as or form VBEs.
In addition, under our revised
definition of a ‘‘VBE participant,’’ all
types of entities can be VBE
participants, including Indian health
programs and Indian health care
providers that engage in at least one
value-based activity as part of a VBE.
ii. Accountable Body
Comment: Multiple commenters
supported the proposed requirement
that a VBE have an accountable body
that is responsible for financial and
operational oversight of the VBE, while
some expressed concerns regarding the
requirement. For example, some
commenters asserted that parties would
incur significant legal expenses to create
an accountable body, which could
discourage participation in VBEs, and
questioned whether small or rural
practices have the resources necessary
to implement an accountable body. A
commenter suggested OIG exempt
smaller VBEs from the requirement to
have an accountable body, particularly
where the VBE is comprised only of
individuals or small physician
practices. Another noted that the
PO 00000
Frm 00015
Fmt 4701
Sfmt 4700
77697
requirement to have an accountable
body could create tension between VBE
participants when determining who will
assume such role.
Response: We do not believe the
requirement for a VBE to have an
accountable body or responsible person
places an undue financial or
administrative burden on VBEs or VBE
participants, particularly because the
definition of ‘‘value-based enterprise’’
affords parties the flexibility to create
VBEs and accountable bodies that range
in scope and complexity. We are not
exempting small or other VBEs from the
requirement to have an accountable
body or responsible person. We do not
expect that small VBEs would have the
same resources as larger VBEs for this
function or would structure the function
in the same way. A VBE should have an
accountable body or responsible person
that is appropriate for its size and
resource and is capable of carrying out
the associated responsibilities. Any
potential for conflict among VBE
participants is a matter for the parties to
address in their private contractual or
other arrangements and does not
warrant an exception to the accountable
body requirement, which serves an
important oversight and accountability
function in the VBE.
Comment: Commenters generally
supported the flexibility for parties to
tailor the accountable body to the
complexity and sophistication of the
VBE. Multiple commenters requested
additional clarification on the nature
and composition of the accountable
body, including how and by whom the
accountable body would be organized
and whether the accountable body must
be comprised of at least one
representative from each VBE
participant.
A commenter asked OIG to clarify
whether ACOs that already have
governing bodies in place need to
establish an additional accountable
body or responsible person to meet the
definition of ‘‘VBE.’’ Another
commenter asked whether the safe
harbor conditions applicable to
accountable bodies are at least as
rigorous as the conditions applicable to
governing bodies in the fraud and abuse
waivers issued for purposes of the
Medicare Shared Savings Program.
Response: We are not prescribing how
VBE participants or VBEs form or
otherwise designate an accountable
body or responsible person in order to
give parties flexibility to do so in a
manner conducive to the scope and
objectives of the VBE and its resources.
For instance, a representative from each
VBE participant in a VBE could, but is
not required to, be part of the VBE’s
E:\FR\FM\02DER3.SGM
02DER3
77698
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
accountable body. Where parties already
have a governing body that constitutes
an accountable body or responsible
person, such parties are not required to
form a new accountable body or
designate a responsible person for
purposes of creating a VBE. While the
requirements for the accountable body
or responsible person are not as
stringent as the requirements for an
ACO’s governing body in the fraud and
abuse waivers issued for purposes of the
Medicare Shared Savings Program, we
have concluded that the safe harbor
requirements for the accountable body
strike the right balance between
allowing for needed flexibility for
parties wanting to form and operate
VBEs and providing for appropriate VBE
oversight and accountability.
Comment: Multiple commenters
supported a range of additional
requirements for VBE participants
related to the accountable body,
including requirements to: (i) Recognize
the oversight role of the accountable
body affirmatively; (ii) agree in writing
to cooperate with the accountable
body’s oversight efforts; and (iii) report
data to the accountable body to enable
it to access and verify VBE participant
data related to performance under
value-based arrangements. Another
commenter opposed additional
requirements on VBE participants,
stating that they would be unnecessary
formalities that would constrain use of
the value-based safe harbors for existing
arrangements that might otherwise meet
a value-based safe harbor’s terms. Other
commenters also asked what, if any,
oversight OIG would expect from VBE
participants, themselves, in addition to
the oversight conducted by the
accountable body.
Response: It is important for the
parties to a value-based arrangement to
support and cooperate with the
accountable body or responsible person.
However, we are not finalizing
requirements for VBE participants to
recognize affirmatively the oversight
role of the accountable body, agree in
writing to cooperate with its oversight
efforts, or report data. On balance, such
requirements would introduce a level of
unnecessary administrative detail and
impose unnecessary administrative
burden on many VBEs, particularly
small or rural entities. Parties can
themselves establish mechanisms to
ensure the ability of the accountable
body or responsible person to fulfill its
obligations through, by way of example
only, a term in arrangements between
the VBE and its VBE participants that
requires VBE participants to cooperate
with the accountable body or
responsible person’s oversight efforts.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Whether VBE participants must
conduct additional oversight depends
on the applicable safe harbor. Parties
relying on safe harbor protection may
want to ensure all applicable safe harbor
requirements, including those related to
oversight, are met because failure to
satisfy these requirements would result
in the loss of safe harbor protection for
the remuneration at issue.
Notwithstanding this fact, where a VBE
participant or VBE has done everything
that it reasonably could to comply with
the safe harbor requirements applicable
to that party but the remuneration
exchanged loses safe harbor protection
as a result of another party’s
noncompliance, the compliant party’s
efforts to take all reasonable steps would
be relevant in a determination of
whether such party had the requisite
intent to violate the Federal antikickback statute.
Comment: We received support for,
and opposition to, a requirement for the
accountable body to have more specific
responsibilities for overseeing certain
aspects of the VBE, including utilization
of items and services; cost; quality of
care; patient experience; adoption of
technology; and quality, integrity,
privacy, and accuracy of data related to
each value-based arrangement.
However, several commenters cautioned
against overly prescriptive oversight
obligations, with many commenters
noting that the appropriate scope,
methodology, and risk areas for
monitoring and oversight will vary
significantly based on the activities an
entity is undertaking. According to
several commenters, the program
integrity benefits of any additional
requirements on the accountable body
would be outweighed by increased
administrative burden.
Response: We are not requiring more
specific oversight responsibilities for the
accountable body. The type of data the
accountable body should monitor and
assess could vary by VBE and by valuebased arrangement, and therefore we are
not imposing more prescriptive
requirements on the accountable body
with respect to its oversight
responsibilities. However, in the full
financial risk safe harbor, we are
finalizing a requirement that the VBE
provide or arrange for a quality
assurance program for services
furnished to the target patient
population that protects against
underutilization and assesses the
quality of care furnished to the target
patient population.
Comment: Multiple commenters
supported a requirement for VBEs to
institute a compliance program to
facilitate the accountable body’s or
PO 00000
Frm 00016
Fmt 4701
Sfmt 4700
responsible person’s obligation to
identify program integrity issues, with
some also favoring requirements for
periodic review of patient medical
records to ensure compliance with
clinical standards or for the designation
of a compliance officer to oversee the
VBE and its value-based arrangements.
One commenter recommended that VBE
participants agree to a code of ethics
related to compliance oversight.
In contrast, multiple commenters
opposed a requirement for the VBE to
have a compliance program. Some
asserted it would create an additional
burden on VBEs without substantially
reducing the risk of fraud and abuse.
Commenters expressed concern that a
compliance program requirement could
result in inconsistent policies or
duplicative administrative obligations if
VBE participants already have
compliance programs in place. Another
commenter stated that such a
requirement is unnecessary because
VBEs are independently at risk for safe
harbor compliance. A commenter
recommended that, if OIG requires a
VBE to have a compliance program, OIG
should permit the VBE to meet such a
requirement by: (i) Developing a
compliance program specific to the VBE
and its VBE participants, (ii) adopting
an existing compliance program held by
one of the VBE participants, or (iii)
requiring an attestation from each VBE
participant that it has a compliance
program and conducts annual
compliance reviews. Another
commenter recommended that OIG
provide model compliance provisions
that could be included in agreements
between parties in a VBE.
Response: For purposes of these safe
harbors, we are not requiring the VBE or
its accountable body or responsible
person to have a compliance program or
to review patient medical records
periodically. We also are not requiring
an attestation or other agreements from
each VBE participant that it has a
compliance program and conducts
annual compliance reviews. Compliance
programs are an important tool for,
among other things, monitoring
arrangements, identifying fraud and
abuse risks, and, where necessary,
implementing corrective action plans.
While it is our view that robust
compliance programs are a best practice
for all VBEs and VBE participants, we
are not including specific compliance
program requirements or providing
model compliance provisions because
VBEs of varying sizes and scopes may
have and need different types of
compliance programs. We anticipate
many VBE participants already have
compliance programs and may want to
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
consider updating these programs to
reflect any new arrangements entered
into as part of the VBE.
A compliance program requirement
for VBEs would necessitate that we
articulate specific compliance program
criteria, which we do not believe would
be feasible or desirable, particularly in
light of the expected variation of VBEs.
We also are not requiring the VBE to
designate an individual to serve as a
compliance officer. For purposes of this
rule, the accountable body or
responsible person acts as an oversight
body that performs a compliance
function. In this respect, and as we
stated in the OIG Proposed Rule, we
believe the accountable body or
responsible person would be wellpositioned to identify program integrity
issues and to initiate action to address
them, as necessary and appropriate.
VBEs may elect to have designated
compliance officers if they so wish.
Comment: A commenter asked
whether the accountable body and VBE
participants should expect a higher
degree of auditing and oversight from
OIG than entities not involved in a
value-based enterprise.
Response: OIG provides independent
and objective oversight of the programs
and operations of the Department. We
anticipate that individuals and entities
that are part of a value-based enterprise
will be subject to OIG’s program
integrity and oversight activities to the
same extent as other individuals and
entities that receive Federal health care
program funds or treat Federal health
care program beneficiaries.
Comment: Some commenters
supported a requirement for the
accountable body or responsible person
to have a duty of loyalty to the VBE,
particularly for accountable bodies
serving larger VBEs. The commenters
asserted that a duty of loyalty would be
appropriate given the lack of
programmatic oversight as compared to
CMS-sponsored models and would help
reduce certain risks (e.g., stinting on
care or providing medically unnecessary
care). Other commenters suggested that
the accountable body should have a
duty of loyalty to the patients within the
VBE.
Multiple commenters opposed
requiring the accountable body or
responsible person to have a duty of
loyalty to the VBE, stating that it would
create conflicts of interest for
accountable body members that are, or
are employed by, a VBE participant.
Some commenters asserted that a duty
of loyalty would necessitate the use of
a third-party entity to serve as the
accountable body, which could be cost
prohibitive for small and rural
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
providers, while others noted that large
VBE participants may be unwilling to
cede oversight responsibilities to an
independent third party. A commenter
proposed an alternative requirement for
the accountable body or responsible
person to act in furtherance of the VBE’s
value-based purpose(s).
Response: We are not requiring the
accountable body or responsible person
to have a duty of loyalty to the VBE
because we agree with commenters that
a duty of loyalty often could create
conflicts of interest for VBE participants
and employees of VBE participants who
otherwise would serve as members of
the accountable body. We also agree that
a duty of loyalty requirement could
necessitate the use of independent third
parties to serve as the accountable body,
which could be cost prohibitive for
smaller VBEs. While we are not
implementing a requirement for the
accountable body or responsible person
to have a duty of loyalty or to act in
furtherance of the VBE’s value-based
purpose(s), we believe the accountable
body or responsible person necessarily
must act in furtherance of the VBE’s
value-based purpose(s) to fulfill its
oversight responsibilities. Parties are
free to include this duty in their
contractual arrangements.
Comment: A commenter asked OIG to
require the accountable body to submit
data to the Department to demonstrate
continued compliance with the
applicable safe harbor and progress in
improving outcomes and reducing costs.
A commenter also asserted that OIG
should require the accountable body or
responsible person to implement a
process for patients to express concerns
and for the VBE to resolve such
concerns, and others recommended that
OIG ensure that VBE participants secure
informed consent for each patient
treated within a VBE.
Response: We are not requiring
accountable bodies or responsible
persons to submit data to the
Department for purposes of safe harbor
compliance because we do not think the
program integrity benefits of requiring
data submission for safe harbor
compliance would outweigh the
administrative burden on both the
government and the individuals and
entities serving as accountable bodies or
responsible persons. Notwithstanding
the foregoing, we remind readers that
OIG provides independent, objective
oversight of HHS programs. Nothing in
this rule changes OIG’s authorities to
request data for its oversight purposes.
In addition, and as explained further
below in section III.3.n.v, OIG will
continue to evaluate whether to modify
the care coordination arrangements safe
PO 00000
Frm 00017
Fmt 4701
Sfmt 4700
77699
harbor in the future to include a
requirement that the VBE affirmatively
submit certain data or information.
Due to administrative burden
concerns, we are not requiring the
accountable body or responsible person
to implement a process for patients to
express concerns or ensure that VBE
participants secure informed consent for
each patient treated within a VBE. Such
requirements may be useful processes
for VBEs to consider in ensuring safe
harbor compliance.
iii. Governing Document
Comment: Commenters expressed
general support for a governing
document requirement. Some
commenters asked whether the written
document forming the value-based
arrangement could also constitute the
governing document, and another
commenter questioned whether an
existing payor contract could serve as a
governing document. Another
commenter requested that OIG permit a
collection of documents to constitute a
governing document.
Response: A single document could
constitute both the VBE’s governing
document and the writing required for
a value-based arrangement so long as it
includes all of the requisite
requirements for each writing. In
addition, an existing payor contract
could qualify as a governing document
so long as it describes the value-based
enterprise and how the VBE participants
intend to achieve the VBE’s value-based
purpose(s). However, we decline to
permit a governing document for a VBE
to be set forth in multiple writings. We
permit the writing requirement in each
new value-based safe harbor to be
satisfied by a collection of writings
because each party to a value-based
arrangement must sign the writing; in
contrast, the governing document of the
VBE does not require any signatures.
Creation of one governing document,
that may be amended over time as the
value-based activities, VBE participants,
or other features of the VBE evolve, will
help ensure that there is a clearly
identifiable governance structure for the
VBE.
Comment: Some commenters
expressed concern that the requirement
for a VBE to have a governing document
could be burdensome, particularly for
small and rural practices and practices
serving underserved areas. Another
commenter requested a checklist or
model terms for a governing document,
and another commenter asked for
clarification of requirements for the
document.
Response: We appreciate commenters’
concerns regarding the burden that
E:\FR\FM\02DER3.SGM
02DER3
77700
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
developing a governing document may
place on certain individuals or entities.
We are finalizing the proposed
definition of ‘‘value-based enterprise,’’
which does not prescribe a specific
format or content for the governing
document, other than it must describe
the VBE and how the VBE participants
intend to achieve its value-based
purpose(s). This definition is designed
to be flexible so that small and rural
practices and practices serving
underserved areas wishing to establish
VBEs can craft governing documents
appropriate to their size and the nature
of their VBE. We anticipate that VBEs of
different sizes and purposes will have
different types of governing documents
with different terms. The core
requirement is that the governing
document must describe the valuebased enterprise and how the VBE
participants intend to achieve the VBE’s
value-based purpose(s), regardless of the
format of the document. This definition
offers parties significant flexibility to
craft a value-based enterprise and a
governing document commensurate
with the scope and sophistication of the
VBE.
As we stated in the preamble to the
OIG Proposed Rule, the governing
document requirement provides
transparency regarding the structure of
the VBE, the VBE’s value-based
purpose(s), and the VBE participants’
roadmap for achieving the purpose(s).
We do not believe a checklist for
creating a governing document is
necessary because the requirements for
the governing document are set forth in
the definition of ‘‘value-based
enterprise,’’ itself. In addition, we
decline to provide model terms because
they could inhibit parties from
developing terms that appropriately
reflect the unique nature and
circumstances of their value-based
enterprises.
b. Value-Based Arrangement
Summary of OIG Proposed Rule: We
proposed to define the term ‘‘valuebased arrangement’’ to mean an
arrangement for the provision of at least
one value-based activity for a target
patient population between or among:
(i) The value-based enterprise and one
or more of its VBE participants; or (ii)
VBE participants in the same valuebased enterprise. This proposed
definition reflected our intent to ensure
that each value-based arrangement is
aligned with the VBE’s value-based
purpose(s) and is subject to its financial
and operational oversight. It further
reflected our intent for the value-based
arrangement’s value-based activities to
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
be undertaken with respect to a target
patient population.
We noted in the OIG Proposed Rule
that we were considering whether to
address a concern about potentially
abusive practices that could be
characterized as the coordination and
management of care by precluding some
or all protection under the proposed
value-based safe harbors for
arrangements between entities that have
common ownership, either through
refinements to the definition of ‘‘valuebased arrangement’’ or by adding
restrictions on common ownership to
one or more of the proposed safe
harbors at paragraphs 1001.952(ee), (ff),
or (hh).
Summary of Final Rule: We are
finalizing, with modification, the
definition of ‘‘value-based
arrangement.’’ We are modifying the
regulatory text to clarify that only the
value-based enterprise and one or more
of its VBE participants, or VBE
participants in the same value-based
enterprise, may be parties to a valuebased arrangement. We are not
precluding protection for arrangements
between entities that have common
ownership in the definition of ‘‘valuebased arrangement,’’ nor in the
individual safe harbors.
Comment: Many commenters
supported the proposed definition of
‘‘value-based arrangement’’ and, in
particular, appreciated the flexibility
afforded by the definition, which the
commenters posited will allow parties
to design a range of arrangements that
may qualify for protection under the
value-based safe harbors, including
arrangements between two providers
that include only a single value-based
activity. Commenters also supported our
proposal in the OIG Proposed Rule that
the definition covers commercial and
private insurer arrangements.
Response: We reiterate in this final
rule that the definition of ‘‘value-based
arrangement’’ is broad enough to
capture commercial and private insurer
arrangements. The definition is
intended to afford parties significant
flexibility. In addition, in response to
comments, we are modifying the
definition text to clarify our intent that
‘‘value-based arrangement’’ capture
arrangements for care coordination and
certain other value-based activities
among VBE participants within the
same VBE, as indicated in the OIG
Proposed Rule,13 by revising the
definition so that the value-based
arrangement may only be between: (i)
The value-based enterprise and one or
more of its VBE participants; or (ii) VBE
13 84
PO 00000
FR 55702 (Oct. 17, 2019).
Frm 00018
Fmt 4701
Sfmt 4700
participants in the same value-based
enterprise.
We emphasize that qualification as a
value-based arrangement is necessary,
but not sufficient, to protect
remuneration exchanged pursuant to
that arrangement; all conditions of an
applicable safe harbor must be met.
Comment: A commenter opposed the
definition of ‘‘value-based
arrangement,’’ expressing concern that it
is too broad and vague and could be
used as a mechanism to force the
exclusive use of a particular product or
particular provider. In addition, the
commenter believed the definition
could allow health care entities to
engage in abusive practices by using a
value-based safe harbor to funnel
remuneration under the guise of a valuebased arrangement.
Response: We have addressed the
commenter’s concern with respect to
exclusive use through a condition in the
care coordination arrangements safe
harbor at paragraph 1001.952(ee). We
acknowledge and agree with the
commenter’s concern that parties might
engage in abusive practices under the
guise of a value-based arrangement; to
that end, we have included robust
safeguards in each value-based safe
harbor to mitigate these concerns.
Comment: A commenter requested
clarification as to whether current
arrangements would be affected and
would need to be restructured to meet
the definition of a ‘‘value-based
arrangement.’’
Response: There is nothing in this
final rule that requires parties to an
existing arrangement to restructure that
arrangement to meet the new definition
of a ‘‘value-based arrangement.’’ Parties
to an existing arrangement that wish to
rely on the protection of one of the
value-based safe harbors may want to
review their arrangement to assess
whether it fully meets the definition of
a ‘‘value-based arrangement’’ and, thus,
could be eligible for protection under a
value-based safe harbor if all safe harbor
conditions are met.
Comment: Several commenters
requested clarification regarding the
statement in the OIG Proposed Rule that
the definition of ‘‘value-based
arrangement’’ is intended to capture
arrangements for care coordination and
certain other value-based activities
among VBE participants within the
same VBE.14 Specifically, commenters
requested clarification regarding how
this statement corresponds with the
requirement in each proposed valuebased safe harbor that the value-based
arrangement have as a value-based
14 84
E:\FR\FM\02DER3.SGM
FR 55702 (Oct. 17, 2019).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
purpose the coordination and
management of care.
Response: The definition of ‘‘valuebased arrangement’’ and the
requirements for protection under the
value-based safe harbors are consistent
when read together. The term ‘‘valuebased arrangement’’ means an
arrangement for the provision of at least
one ‘‘value-based activity’’ for a target
patient population. The definition does
not specify which value-based
purpose(s) the value-based activity (or
activities) must be designed to achieve.
In this respect, the definition of ‘‘valuebased arrangement’’ is broader than the
requirements of some of the value-based
safe harbors.
Value-based arrangements are not de
facto safe harbor protected. Rather, an
arrangement that meets the definition of
a ‘‘value-based arrangement’’ is eligible
to seek protection in a value-based safe
harbor. For safe harbor protection, it
must squarely satisfy all safe harbor
conditions. For reasons explained
elsewhere in this preamble, the care
coordination arrangements safe harbor
requires a direct connection to the first
value-based purpose, the coordination
and management of patient care, which
is a central focus of this rulemaking.
The substantial downside financial risk
arrangements safe harbor requires a
direct connection to any one of the first
three value-based purposes, and the full
financial risk arrangements safe harbor
requires a connection to any one of the
four value-based purposes, in
recognition of the parties’ assumption of
risk and the lower risk of traditional feefor-service fraud. The substantial
downside financial risk safe harbor and
the full financial risk safe harbor, as
finalized, do not require a direct
connection to the coordination and
management of care for the target
patient population.
In addition, the definition of ‘‘valuebased arrangement’’ is consistent with
the definition used in CMS’s final rule.
We anticipate this alignment may ease
compliance burden for parties.
Comment: A commenter asserted that
neither VBEs nor VBE participants
should be prohibited from entering into
non-disclosure agreements with parties
to a value-based arrangement because
otherwise parties could use information
learned in an arrangement against
another party in an anticompetitive
manner.
Response: Neither the definition of
‘‘value-based arrangement’’ nor other
safe harbor provisions in this final rule
preclude parties to a value-based
arrangement from entering into nondisclosure agreements.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Comment: Most commenters opposed
our proposal to preclude entities under
common ownership from protecting
remuneration that they exchange under
the value-based safe harbors, whether
through a change to the definition of
‘‘value-based arrangement’’ or by adding
restrictions to one or more of the valuebased safe harbors. Commenters
asserted that entities under common
ownership (e.g., through an integrated
delivery system) are often best
positioned to improve health outcomes
and lower costs through coordinated
care. Several commenters also asserted
that such a requirement may preclude
protection for entities participating in
large value-based models, like clinically
integrated networks or accountable care
organizations. Some commenters also
explained that rural and Indian health
care providers are frequently operated
through common ownership models.
Others noted that hospitals in states that
restrict direct physician employment
often have arrangements with medical
groups under common ownership, and
another commenter raised concerns
about the impact on physician-owned
hospitals.
Response: We appreciate commenters’
responses. To address commenters’
concerns, we are not limiting protection
for entities under common ownership in
this final rule. We continue to be
concerned that there is potential for
entities under common ownership to
use value-based arrangements to
effectuate payment-for-referral schemes,
but we also believe that the
combinations of safeguards we are
adopting in the safe harbors should
mitigate these risks. For example, the
requirement in the care coordination
arrangements safe harbor that the valuebased arrangement is commercially
reasonable, considering both the
arrangement itself and all value-based
arrangements within the VBE, helps to
ensure that the arrangements, taken as a
whole, are calibrated to achieve the
parties’ legitimate business purposes.
Comment: A commenter raised
concerns about the timing of VBE
participants entering into value-based
arrangements and recommended that
VBE participants not be prevented from
providing value-based care to patients
before a formal value-based arrangement
has been executed. The same
commenter recommended that we adopt
a 90-day grace period for situations of
technical non-compliance related to the
timing of VBE participants entering into
value-based arrangements.
Response: First, we remind readers
that failure to comply with a safe harbor
provision (or any attendant, defined
term) does not mean that an
PO 00000
Frm 00019
Fmt 4701
Sfmt 4700
77701
arrangement is per se illegal.
Consequently, the value-based safe
harbors do not prevent a physician,
clinician, or other VBE participant from
providing value-based care to patients
prior to entering into a value-based
arrangement, or at any other time. In
addition, the Federal anti-kickback
statute, which focuses on the knowing
and willful offer, solicitation, payment,
or receipt of remuneration in exchange
for Federal health care program
business, likely would not be implicated
by the provision of only clinical care to
patients. OIG appreciates that many
physicians and others currently furnish
value-based care to patients, and
nothing in this rule changes their ability
to do so. Stakeholders should assess
whether arrangements that do not
satisfy the definition of ‘‘value-based
arrangement,’’ as defined in paragraph
1001.952(ee), implicate the statute. Any
arrangements that are not value-based
arrangements, as defined, would not
qualify for protection under the valuebased safe harbors, but could qualify
under other safe harbors, depending on
the facts and circumstances, or they
might not need safe harbor protection.
As finalized in this rule, a provider or
other individual or entity furnishing
value-based care may also become a
VBE participant, but the value-based
arrangements in which it participates
might not need safe harbor protection if
they do not implicate the statute.
We are not adopting a 90-day grace
period to execute value-based
arrangements because it is our belief
that it is not necessary. When a VBE
participant must execute a value-based
arrangement to receive safe harbor
protection is based on the writing
requirements of each safe harbor. For
example, in the care coordination
arrangements safe harbor as finalized at
paragraph 1001.952(ee), the writing that
documents the value-based arrangement
must be set forth in advance of, or
contemporaneous with, the
commencement of the value-based
arrangement and any material change to
the value-based arrangement.
Additionally, the writing may be a
collection of documents. These
flexibilities allow VBE participants to
document their participation in a valuebased arrangement with minimal
burden. A VBE can add a new VBE
participant to an existing arrangement
in a separate document that becomes
part of the collection of documents for
that value-based arrangement.
c. Target Patient Population
Summary of OIG Proposed Rule: We
proposed to define ‘‘target patient
population’’ as an identified patient
E:\FR\FM\02DER3.SGM
02DER3
77702
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
population selected by the VBE or its
VBE participants using legitimate and
verifiable criteria that: (i) Are set out in
writing in advance of the
commencement of the value-based
arrangement; and (ii) further the valuebased enterprise’s value-based
purpose(s). The proposal would protect
only those value-based arrangements
that serve an identifiable patient
population for whom the value-based
activities likely would improve health
outcomes or lower costs (or both). In the
OIG Proposed Rule, we noted that the
definition was not limited to Federal
health care program beneficiaries but
could encompass, for example, all
patients with a particular disease state.
Summary of Final Rule: We are
finalizing, without modification, the
definition of ‘‘target patient
population.’’
Comment: Many commenters
supported our proposed definition of
‘‘target patient population,’’ including
our requirement that the identified
patient population be selected by the
VBE or its VBE participants using
‘‘legitimate and verifiable criteria.’’
However, we received numerous
comments about the use of the term
‘‘legitimate’’ to describe the criteria used
to identify the target patient population
in the proposed regulatory text, as well
as the alternative proposal in the
preamble to use the term ‘‘evidencebased.’’ Some commenters expressed
support for the legitimate criteria
standard and stated, for example, that it
facilitated a holistic focus on patients’
health. This category of commenters
generally expressed opposition to the
alternative evidence-based standard,
arguing that it is too restrictive and
would chill innovative value-based
arrangements.
Other commenters opposed the use of
the term ‘‘legitimate,’’ stating that the
term is ambiguous. Another commenter
suggested that OIG enumerate the types
of specific behavior that it wishes to
preclude in lieu of using the term
‘‘legitimate’’; as an example, the
commenter recommended that we state
expressly in the definition of ‘‘target
patient population’’ that it would
preclude selection criteria designed to
avoid costly or non-compliant patients.
Multiple commenters requested that
OIG provide additional clarification on
the scope and application of the term,
such as whether it could encompass
criteria based on social determinants of
health.
Response: We are finalizing the
definition of ‘‘target patient
population,’’ as proposed, including the
‘‘legitimate and verifiable criteria’’
standard. As stated in the OIG Proposed
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Rule, we used this standard, and in
particular, the term ‘‘legitimate,’’ to
ensure the target patient population
selection process is based upon bona
fide criteria that further a value-based
arrangement’s value-based purpose(s),
and we confirm that, depending on the
facts and circumstances, legitimate
criteria could be based on social
determinants of health, such as safe
housing or transportation needs. We are
not including an exhaustive list of
legitimate or non-legitimate selection
criteria because there are various types
of criteria that parties could use to select
a target patient population; moreover,
some criteria may be legitimate for some
value-based arrangements but not for
others. For example, as we stated in the
OIG Proposed Rule, VBE participants
seeking to enhance access to, and usage
of, primary care services for patients
concentrated in a certain geographic
region might base the target patient
population on ZIP Code or county of
residence. In contrast, a value-based
arrangement focused on enhancing care
coordination for patients with a
particular chronic disease might
identify the target patient population
based on patients who have been
diagnosed with that disease. Other VBE
participants, such as a social service
organization working in conjunction
with a pediatric practice, may identify
their target patient population using
income and age criteria, e.g., pediatric
patients who have a household income
below 200 percent of the Federal
poverty level and who are below the age
of 18, in an effort to boost pediatric
vaccination rates in a given community.
We are adopting the proposed
‘‘legitimate and verifiable’’ standard in
lieu of the alternative we proposed,
which would have required the use of
‘‘evidence based’’ criteria, because we
believe requiring ‘‘legitimate and
verifiable’’ criteria will afford parties
comparatively greater flexibility in
determining the target patient
population and aligns with CMS’s
definition of the same term.
Comment: We received at least two
comments requesting that we expressly
state in regulatory text that establishing
criteria in a manner that leads to cherrypicking or lemon-dropping would not
constitute ‘‘legitimate and verifiable’’
selection criteria. These commenters
expressed concern that the mere
promise by VBE participants not to
engage in such behavior would be
sufficient to meet the definition of
‘‘target patient population’’ and receive
safe harbor protection. Another
commenter urged that OIG clarify the
regulatory language to directly address
concerns about cherry-picking or lemon-
PO 00000
Frm 00020
Fmt 4701
Sfmt 4700
dropping certain patient populations, in
order to avoid unnecessary litigation
and legal expense.
Response: In response to the
commenters’ concerns, we confirm that
if VBE participants establish criteria to
target particularly lucrative patients
(‘‘cherry-picking’’) or avoid high-cost or
unprofitable patients (‘‘lemondropping’’), such criteria would not be
legitimate for purposes of the target
patient population definition. As we
stated in the OIG Proposed Rule, if VBE
participants selectively include patients
in a target patient population for
purposes inconsistent with the
objectives of a properly structured
value-based arrangement, we would not
consider such a selection process to be
based on legitimate and verifiable
criteria that further the VBE’s valuebased purposes, as required by the
definition.15 We are not adopting
further modifications to the proposed
definition because the definition’s
requirement that the criteria be
legitimate and verifiable is clear and
would not include VBE participants that
establish criteria to cherry-pick or
lemon-drop patients.
Comment: The vast majority of
commenters on this topic opposed our
statement in the OIG Proposed Rule that
we were considering narrowing the
definition of ‘‘target patient population’’
to patients with a chronic condition,
patients with a shared disease state, or
both. Commenters stated that such an
approach would restrict the ability of
value-based arrangements to adapt to
different communities and patient needs
and would ignore the importance of
preventive care interventions. For
example, a commenter highlighted the
fact that many underserved and at-risk
patient populations are defined not by
chronic conditions or shared disease
states but instead are identified by
socio-economic, geographic, and other
demographic parameters that are
synonymous with need, poor outcomes,
or increased cost.
Response: We are retaining our
proposed definition of ‘‘target patient
population’’ and are not narrowing the
definition to include only individuals
with chronic conditions or shared
disease states. We agree with
commenters that were we to narrow the
definition, we might exclude
underserved and at-risk patient
populations who would likely benefit
from care coordination and management
activities. We also recognize and
acknowledge that finalizing our
proposed definition will allow for
15 See
E:\FR\FM\02DER3.SGM
84 FR 55702 (Oct. 17, 2019).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
value-based arrangements that focus on
important preventive care interventions.
Comment: We received a variety of
comments on the role of payors in
identifying or selecting a target patient
population. While some commenters
supported requiring payors to select the
target patient population, the majority of
commenters urged OIG to make their
involvement optional. For example, a
commenter expressed concern that if
OIG were to make payor involvement a
requirement, it would impede
collaboration between payors and
providers. Others expressed uncertainty
as to how a requirement that payors
select or approve the target patient
population would be implemented for
Medicare fee-for-service patients and
questioned whether CMS would need to
affirmatively approve each VBE’s or
value-based arrangement’s target patient
population selection criteria.
Response: We are persuaded by
commenters that it would not be
operationally feasible to require payor
involvement in the target patient
population selection process. Not all
value-based enterprises will include a
payor as a VBE participant.
Accordingly, while we encourage payor
involvement in the target patient
population selection process, it is not a
requirement in this final rule. It is a
requirement that the target patient
population be selected by a VBE or its
VBE participant.
Comment: We received comments
requesting wholesale changes to our
proposed definition. For example, a
commenter recommended that ‘‘target
patient population’’ be defined as any
set or subset of patients in which the
accountable party of a VBE takes
significant or full downside risk and is
focusing efforts to improve their health
and well-being. Another suggested that
we eliminate the ‘‘target patient
population’’ definition altogether and
make the value-based safe harbors
provider-, not patient-population-,
specific.
Response: We are not adopting the
commenter’s alternative definition of
‘‘target patient population,’’ which we
did not propose and which would be
too narrow to address the use of the
term across all of our value-based safe
harbors, one of which does not require
the VBE participants to take on, or
meaningfully share in, any risk. We are
also not eliminating the ‘‘target patient
population’’ definition in favor of
making the value-based safe harbors
provider-, not patient-population-,
specific because orienting the valuebased safe harbors around patients is
consistent with the goals of value-based
care.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Comment: At least two commenters
requested that the definition of ‘‘target
patient population’’ afford parties the
flexibility to modify the target patient
population over time. Another
commenter sought clarification that the
definition could include patients
retroactively attributed to the target
patient population. Another commenter
urged OIG to adopt a flexible definition
but suggested that if OIG narrows its
definition, the term should include
underserved patients, such as uninsured
and low-income patients; patients with
social risk factors; and those with
limited English proficiency.
Response: The definition of ‘‘target
patient population’’ requires, among
other criteria, that parties identify a
patient population using legitimate and
verifiable criteria in advance of the
commencement of the value-based
arrangement. The selection criteria—not
the individual patients—must be
identified in advance. Whereas parties
seeking to modify their selection criteria
may only make such modifications
prospectively (and upon amending their
existing value-based arrangement), no
amendment would be required to
attribute patients retroactively to the
target patient population, provided such
patients meet the selection criteria
established prior to the commencement
of the value-based arrangement.
Comment: Several commenters sought
clarification as to whether a VBE
participant’s entire patient population
could meet the definition of ‘‘target
patient population.’’
Response: Nothing in the definition
precludes the parties to a value-based
arrangement from identifying the target
patient population as the entire patient
population that a VBE participant
serves. We recognize that, in limited
cases, such broad selection criteria may
be appropriate. For example, a VBE may
identify all patients in a ZIP Code in
order to address an identified
population health need specific to that
ZIP Code, and it may be that a practice
also draws most or all patients from that
ZIP Code. Certain specialists, such as
geriatricians, might also identify all or
most of their patients as needing
improved care coordination and
management due to their multiple
comorbidities and complex care needs.
In circumstances where a VBE has
assumed full financial risk, as defined
in paragraph 1001.952(gg), a VBE might
select an even broader target patient
population comprised of all patients
served by its VBE participants in an
effort to more meaningfully control
payor costs.
However, we caution that, depending
on the value-based arrangement,
PO 00000
Frm 00021
Fmt 4701
Sfmt 4700
77703
selecting a target patient population by
selecting the parties’ entire patient
population would need to be closely
scrutinized for compliance with the
definition to ensure that such broad
selection criteria is ‘‘legitimate’’ and
necessary to achieve the arrangement’s
value-based purpose.
Comment: Multiple commenters
requested that OIG address whether
specific categories of patients would be
covered by the definition of ‘‘target
patient population’’ or provide
examples of permissible target patient
populations. For example, commenters
requested confirmation that a target
patient population could include all
patients covered by a certain payor,
such as Medicare. Another commenter
expressed concern that transient patient
populations who may have different
providers in different geographic
locations would not be covered by the
definition.
Response: As described above, a target
patient population based on patients
who have been diagnosed with a
particular disease could, based on the
specific selection criteria, be a
permissible target patient population.
Whether a particular patient population,
including transient patient populations
with different providers in different
geographic locations, meets the
definition of ‘‘target patient population’’
is a fact-specific determination that
turns on whether the VBE participants
used legitimate and verifiable selection
criteria and met the other requirements
set forth in the definition. While there
may be circumstances, e.g., the
assumption of full financial risk (as
defined in paragraph 1001.952(gg)),
where a VBE identifies all of the
patients of a particular payor as the
target patient population, we caution
that relying on this criterion, without
sufficient justification for such a broad
approach, could raise questions
regarding whether it is legitimate or,
instead, is a way to capture referrals of,
for example, Medicare business.
d. Value-Based Activity
Summary of OIG Proposed Rule: We
proposed to define ‘‘value-based
activity’’ as any of the following
activities, provided that the activity is
reasonably designed to achieve at least
one value-based purpose of the valuebased enterprise: (i) The provision of an
item or service; (ii) the taking of an
action; or (iii) the refraining from taking
an action. We further proposed that the
making of a referral is not a value-based
activity.
Summary of Final Rule: We are
finalizing, without modification, the
definition of ‘‘value-based activity.’’
E:\FR\FM\02DER3.SGM
02DER3
77704
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
OIG’s final definition of ‘‘value-based
activity’’ differs from the definition in
the CMS Final Rule because CMS does
not specify that the making of a referral
is not a value-based activity. As
explained in CMS’s final rule, CMS has
not included a comparable restriction
because of the physician self-referral
law’s separate definition of referral.
Comment: Many commenters
supported the definition of ‘‘value-based
activity,’’ as proposed. Several
commenters asked OIG to clarify the
definition of ‘‘value-based activity’’
further by specifying what activities
would or would not qualify as valuebased; how VBEs would demonstrate
that the activities they select are
reasonably designed to achieve a valuebased purpose; and what it means to
refrain from taking an action. A few
commenters asked whether providing
services to patients constitutes a valuebased activity.
Response: The term ‘‘value-based
activity’’ is intended to be broad and to
include the actions parties take or
refrain from taking pursuant to a valuebased arrangement and in furtherance of
a value-based purpose. By way of
example, where a VBE participant
offeror provides a type of health
technology under a value-based
arrangement for the recipient to use to
track patient data in order to spot trends
in health care needs and to improve
patient care planning, the provision of
the health technology by the offeror
would constitute a value-based activity,
and the use of the health technology by
the recipient to track patient data would
constitute a value-based activity. If the
remuneration a VBE participant offeror
provides is care coordination services, a
value-based activity might be the
recipient working with a care
coordinator provided by the offeror to
help transition certain patients between
care settings. Giving something of value
to patients, such as a fitness tracker, also
may constitute a value-based activity if
doing so is reasonably designed to
achieve a value-based purpose.
However, we note that, where VBE
participants exchange remuneration that
the recipient VBE participant then
transfers to its patients (for example,
where one VBE participant provides
fitness trackers to another VBE
participant, who in turn furnishes the
fitness tracker to the patient), the care
coordination arrangements safe harbor
would be available only to protect the
remuneration exchanged between the
VBE participants. The parties may look
to the patient engagement and support
safe harbor to protect the remuneration
from the VBE participant to the patient.
An inaction that constitutes a value-
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
based activity might be refraining from
ordering certain items or services in
accordance with a medically
appropriate care protocol that reduces
the number of required steps in a given
procedure. This final rule does not
prescribe how parties prove that a
particular action or inaction constitutes
a value-based activity. Similarly, it is
incumbent on the parties to demonstrate
that they selected value-based activities
that are reasonably designed to achieve
a value-based purpose. Both of these
analyses would be fact-specific
determinations.
Comment: A commenter asked
whether this definition could be
combined with the definition of ‘‘valuebased purpose’’ to reduce administrative
complexity. Another commenter
asserted that the definition of ‘‘valuebased activity’’ should recognize the
importance of maintaining patient care
and outcomes at an acceptable level.
Response: We are finalizing the
definition of ‘‘value-based activity,’’ as
proposed, and are not combining it with
the definition of value-based purpose. In
our view, separate definitions do not
increase administrative complexity, and
we have coordinated terminology with
CMS to reduce complexity. We are not
changing the definition of ‘‘value-based
activity’’ to include the maintenance of
patient care and outcomes at an
acceptable level because the definition
of ‘‘value-based activity’’ is tied to the
definition of ‘‘value-based purpose,’’
which sets forth four purposes toward
which parties may be striving pursuant
to value-based arrangements. While
maintaining patient care and outcomes
at an acceptable level is clearly
desirable, we note that doing so,
without more, is not one of the four
value-based purposes needed to
establish a VBE for this rulemaking.
Comment: Many commenters
supported the alternate proposal to
expressly exclude any activity that
results in information blocking from the
definition of ‘‘value-based activity.’’ A
commenter recommended that, if OIG
expressly excludes information blocking
from the definition of ‘‘value-based
activity,’’ OIG should do so by
referencing only statutory definitions
and requirements in the Cures Act and
not those set forth in ONC’s proposed
rule, whereas another commenter noted
that, as an alternative to expressly
excluding information blocking
activities in the definition of ‘‘valuebased activity,’’ OIG could assume that
information blocking will no longer be
tolerated and leave the enforcement of
information blocking restrictions to the
regulation finalized in 45 CFR part 171.
PO 00000
Frm 00022
Fmt 4701
Sfmt 4700
Response: The final rule does not
include the proposed language
regarding information blocking.
Regardless of whether parties seek safe
harbor protection, if parties to valuebased arrangement are subject to the
regulations prohibiting information
blocking, they must comply with those
regulations. This final rule does not
change the individuals and entities
subject to the information blocking
prohibition in 45 CFR part 171.
Comment: A commenter expressed
concern that the definition of ‘‘valuebased activity’’ is too broad and vague
and that VBE participants will
characterize abusive remuneration-forreferral arrangements as value-based
activities. The commenter suggested
requiring that an activity achieve a
value-based purpose, as opposed to
requiring that an activity be reasonably
designed to achieve a value-based
purpose.
Comments varied regarding how to
interpret whether an activity is
‘‘reasonably designed’’ to achieve a
value-based purpose. While a
commenter supported interpreting
‘‘reasonably designed’’ to mean that the
value-based activities are expected to
further one or more value-based
purposes, another commenter suggested
that such a determination be based on
all relevant facts and circumstances.
Other commenters recommended
establishing a rebuttable presumption
that value-based activities are
reasonably designed to meet their stated
value-based purpose. Another
commenter urged OIG to require that
value-based activities be directly
connected to and directly further the
coordination and management of care;
not interfere with the professional
judgment of health care providers; not
induce stinting on care; and not
incentivize cherry-picking lucrative or
adherent patients or lemon-dropping
costly or noncompliant patients.
Lastly, while at least one commenter
supported a requirement for parties to
use an evidence-based process to design
value-based activities, several
commenters opposed this requirement,
stating that such a standard would be
too rigorous and would restrict
innovative activities.
Response: We are finalizing our
definition as proposed. We intentionally
crafted a broad definition of ‘‘valuebased activity’’ to encourage parties to
innovate when developing these
activities. For that reason, we are not
requiring that an activity achieve a
value-based purpose but rather are
requiring that a value-based activity be
reasonably designed to achieve a valuebased purpose. By ‘‘reasonably
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
designed,’’ we mean that parties should
fully expect the value-based activities
they develop to further one or more
value-based purposes. Because any such
determination would be fact specific,
we do not believe it is appropriate to
establish a rebuttable presumption that
value-based activities are reasonably
designed to meet their stated valuebased purpose, as suggested by a
commenter.
We note that, while this definition
offers parties significant flexibility, it is
not intended to facilitate parties’
attempts to mask fraudulent referral
schemes presented under the guise of a
value-based activity. We highlight that
the definition provides that merely
making a referral, without more, is not
a value-based activity for purposes of
this rule.
Lastly, we do not intend for the valuebased safe harbors to protect activities
that inappropriately influence clinical
decision-making, induce stinting on
care, or lead to targeting particularly
lucrative patients or avoiding high-cost
or unprofitable patients. We have
incorporated a range of safeguards in the
safe harbors that are designed to guard
against these abusive practices. In light
of these safeguards, we do not believe
that revisions to the definition of
‘‘value-based activity’’ are necessary.
Comment: Several commenters asked
OIG to clarify what differentiates care
coordination services from
inappropriate referrals and to modify
the definition to make clear that a
referral could be one part of a broader
value-based activity. Some commenters
expressed concern that the definition of
‘‘value-based activity’’ prohibits safe
harbor protection for value-based
arrangements in which payments or
other remuneration depend, in part, on
referrals made within a preferred
provider network. A commenter asked
whether documenting that a referral was
made and the reason for the referral
would constitute a ‘‘value-based
activity.’’
Response: Making referrals, or
documenting reasons for referrals,
would not constitute value-based
activities. Parties to a value-based
arrangement may make referrals and
document the reasons for the referrals as
part of a value-based arrangement
without losing safe harbor protection
under an applicable safe harbor, but the
parties also must be performing one or
more value-based activities. Thus,
making referrals or documenting
reasons for referrals, without also
engaging in a value-based activity,
would not be sufficient to meet the
requirements of the definition because
making referrals is not itself a value-
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
based activity. Absent at least one valuebased activity, parties would not have a
viable value-based arrangement and
would thus not be eligible for any of the
value-based safe harbors.
The provision excluding referrals
from the scope of value-based activities
is not intended to interfere with
preferred provider networks; rather, we
intend to require parties to engage in
activities other than making referrals,
such as coordinating care plans across
providers for a target patient population,
to be eligible for safe harbor protection.
e. VBE Participant
Summary of OIG Proposed Rule: We
proposed to define ‘‘value-based
enterprise participant’’ or ‘‘VBE
participant’’ as an individual or entity
that engages in at least one value-based
activity as part of a value-based
enterprise. Based on historical concerns
regarding fraud and abuse risk and our
understanding that certain types of
entities were less critical to coordinated
care, we proposed that the term ‘‘VBE
participant’’ would not include a
pharmaceutical manufacturer; a
manufacturer, distributor, or supplier of
durable medical equipment, prosthetics,
orthotics, or supplies; or a laboratory.
We stated that we were considering and
thus seeking comments as to whether
other types of entities should also be
ineligible, including pharmacies
(including compounding pharmacies),
PBMs, wholesalers, distributors, and
medical device manufacturers. As a
result of this proposed definition, these
entities would not be able to participate
in VBEs or seek protection under the
value-based safe harbors or the patient
engagement and support safe harbor.
We stated our intent to offer safe
harbor protection for remuneration
exchanged by companies that offer
digital technologies to physicians,
hospitals, patients, and others for the
coordination and management of
patients and their health care. We
recognized that companies providing
these technologies may be new entrants
to the health care marketplace or may be
existing companies such as medical
device manufacturers. We explained
that we would consider for the final rule
several ways to effectuate our desire to
ensure safe harbor protection for
remuneration exchanged by health
technology companies, including
through modifications to the valuebased terminology; distinctions drawn
among entities based on product-types
or other characteristics; or modifications
to the safe harbors themselves.
In the OIG Proposed Rule, we
considered and solicited comments on
potential additional safeguards to
PO 00000
Frm 00023
Fmt 4701
Sfmt 4700
77705
incorporate into the value-based safe
harbors to mitigate risks of abuse that
might be presented should a broader
range of entities be eligible to enter into
value-based arrangements, including
restrictions on the parties’ use of
exclusivity and minimum purchase
requirements.
For additional background and
rationale for our proposals, we refer
readers to the discussion of the
definition of ‘‘VBE participant’’ in the
OIG Proposed Rule.16
Summary of Final Rule: We are
finalizing, with modifications, the
definition of ‘‘VBE participant.’’ We are
finalizing our proposed policy that a
‘‘VBE participant’’ is an individual or
entity that engages in at least one valuebased activity as part of a value-based
enterprise. We are not finalizing our
proposed regulatory text to make certain
entity types ineligible under the
definition of ‘‘VBE participant.’’
However, we are finalizing our
proposed policy to make certain entities
ineligible for safe harbor protection
under the value-based safe harbors and
the patient engagement and support safe
harbor (see section III.B.e.ii for details).
We are also finalizing our proposed
policy to protect some arrangements
involving digital health technologies
provided by certain entities that would
otherwise be ineligible for safe harbor
protection (see section III.B.e.iii).
To effectuate these objectives, we are
finalizing a different approach to the
definition of ‘‘VBE participant’’ in the
following four respects.
First, we are revising the definition of
‘‘VBE participant’’ to allow all types of
individuals (other than patients) and
entities to be VBE participants. This
revision makes our definition more
similar to CMS’s corresponding
definition and removes a potential
impediment to existing organizations
that wish to qualify as VBEs but may
include types of entities we proposed to
disallow as VBE participants. We now
define the term ‘‘VBE participant’’ to
mean an individual or entity that
engages in at least one value-based
activity as part of a value-based
enterprise, other than a patient when
acting in their capacity as a patient. This
does not, however, mean that every VBE
participant will receive protection
under the applicable safe harbors; it is
intended to avoid a barrier to the
formation and operation of the VBE
itself. The new definition also makes
clear that patients cannot be VBE
participants, consistent with our intent
in the OIG Proposed Rule. Entities
seeking safe harbor protection for
16 84
E:\FR\FM\02DER3.SGM
FR 55703–06 (Oct. 17, 2019).
02DER3
77706
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
remuneration provided to patients
should look to the patient engagement
and support safe harbor for protection,
not to the value-based safe harbors.
Second, rather than making certain
entities ineligible under the definition
of ‘‘VBE participant,’’ as described in
the OIG Proposed Rule, the final rule
takes a different approach to achieve the
proposed policy to make some entities
ineligible for safe harbor protections. In
the final rule, within each value-based
safe harbor (and the patient engagement
and support safe harbor, as discussed
further at section III.B.6), we identify
entities that are not eligible to rely on
the safe harbor to protect remuneration
exchanged with a VBE or other VBE
participants. Specifically, the valuebased safe harbors each include an
ineligible entity list. Remuneration
exchanged by entities on the list in each
safe harbor is not eligible for protection
under the safe harbor.
The following entities are included on
the ineligible entity lists in all of the
value-based safe harbors: (i)
Pharmaceutical manufacturers,
distributors, and wholesalers (referred
to generally throughout this preamble as
‘‘pharmaceutical companies’’); (ii)
PBMs; (iii) laboratory companies; (iv)
pharmacies that primarily compound
drugs or primarily dispense
compounded drugs (sometimes referred
to generally in this rule as
‘‘compounding pharmacies’’); (v)
manufacturers of devices or medical
supplies; (vi) entities or individuals that
sell or rent DMEPOS, other than a
pharmacy or a physician, provider, or
other entity that primarily furnishes
services, all of which remain eligible
(referred to generally throughout this
preamble as ‘‘DMEPOS companies’’);
and (vii) medical device distributors or
wholesalers that are not otherwise
manufacturers of devices or medical
supplies (for example, some physicianowned distributors).
Third, we proposed to address safe
harbor protection for technology
companies by considering how and
whether they could fit in the definition
of a VBE participant. In the final rule,
we instead focus on safe harbor
protection for the remuneration
exchanged with or by them.
Specifically, the care coordination
arrangements safe harbor at paragraph
1001.952(ee) permits protected
remuneration in the form of digital
health technology (or other
technologies) exchanged between VBE
participants eligible to use the safe
harbor. To address protection under this
safe harbor for arrangements with
manufacturers of devices and medical
supplies and DMEPOS companies that
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
involve digital health technology, we
have taken a tailored, risk-based
approach. Manufacturers of devices and
medical supplies and DMEPOS
companies that are otherwise ineligible
for the value-based safe harbors are
nonetheless eligible to rely on the care
coordination arrangements safe harbor
for digital health technology
arrangements that meet all safe harbor
conditions, including an additional one.
Under this pathway, we define ‘‘limited
technology participant’’ to include, as
further discussed below, a manufacturer
of a device or medical supply or a
DMEPOS company that is a VBE
participant that exchanges digital health
technology with another VBE
participant or a VBE.
Our revised approach effectively
divides the universe of VBE participants
into three categories: (i) VBE
participants that are eligible to rely on
the value-based safe harbors for all types
of arrangements that meet safe harbor
conditions; (ii) limited technology
participants that are only eligible to rely
on the care coordination arrangements
safe harbor for arrangements involving
digital health technology; and (iii) VBE
participants that are ineligible to rely on
any of the value-based safe harbors for
any types of arrangements. The first
category is the default category,
capturing all entities and individuals
who are not expressly included in the
second and third categories. For a
discussion of ineligible entities and the
treatment of digital health technology
under the patient engagement and
support safe harbor, see the discussion
in section III.B.6.b and f. For a
discussion of ineligible entities under
the personal services and management
contracts and outcomes-based payments
safe harbor, see sections III.B.10.c and d.
Fourth, to address heightened risk of
fraud and abuse and to help ensure that
protected remuneration meets the policy
goals of this rulemaking, we require that
the exchange of digital health
technology by a limited technology
participant is not conditioned on any
recipient’s exclusive use of, or
minimum purchase of, any item or
service manufactured, distributed, or
sold by the limited technology
participant. Rather than finalizing this
condition in the definition of a VBE
participant as contemplated in the OIG
Proposed Rule, this is now a separate
condition at paragraph 1001.952(ee)(8).
i. Approach To Defining ‘‘VBE
Participant’’
Comment: While we received some
support for our proposed definition of
‘‘VBE participant,’’ many commenters
expressed concerns regarding the
PO 00000
Frm 00024
Fmt 4701
Sfmt 4700
proposed categorical exclusion of
certain entities. Several commenters
asserted that no entities should be
precluded from participating in valuebased arrangements, and many
encouraged us to adopt an alternative
approach based on product type,
company structure, fraud risk, the
legitimacy of the party’s objectives and
deliverables, or other features.
Commenters also noted that many
existing value-based arrangements
include entities that we were
considering making ineligible to be a
VBE participant. Another commenter
asserted that allowing entities to
participate as VBE participants will
incentivize them to understand and
expand cost mitigation strategies, which
will help lower the cost of care. Others
emphasized that the health care
industry is highly dynamic, with
frequent corporate transactions. They
expressed concern that an entire valuebased arrangement may inadvertently
fall out of compliance with a safe harbor
because one VBE participant acquires an
entity that is not eligible to be a VBE
participant. Other commenters
supported placing exclusions directly in
the safe harbor, rather than in the
definition, to create greater flexibility. A
commenter recommended that OIG
create a new defined term, ‘‘VBE
partner,’’ to designate individuals and
entities that provide social determinants
of health support and services at the
direction of a VBE or VBE participant
but are not themselves part of the VBE.
According to the commenter, this would
allow many services providers, such as
rideshare companies, social service
organizations, and foodbanks that
already have direct partnerships with a
VBE participant to participate in
protected arrangements without having
to become full participants in a VBE.
Response: We recognize that there
may be benefits to allowing all entities
to participate as VBE participants, and
we also appreciate the concerns raised
by these commenters. In response to
comments, our revised approach, in
which any individual (other than a
patient) or entity is eligible to be a VBE
participant, will alleviate many of them.
In the OIG Proposed Rule, we
described several approaches we were
considering for determining entities that
could be VBE participants in the final
rule and, as such, able to rely on the
value-based safe harbors. We are
adopting the approach of making
entities ineligible under the value-based
safe harbors rather than through the
definition of ‘‘VBE participant.’’ This
approach allows for closer alignment
with CMS’s terminology, addresses
concerns about unintended impacts of
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
otherwise ineligible VBE participants on
the makeup of a VBE, and does not
impede VBEs from engaging in a wide
range of value-based payment and
delivery arrangements, regardless of
whether those arrangements qualify for
safe harbor protection. By addressing
eligibility in specific safe harbors rather
than through the VBE participant
definition, the final rule creates
flexibility for all health care
stakeholders to be part of a VBE and
reduces any need for parties to form
VBEs structured solely for purposes of
using the new safe harbors. This
approach also facilities our final policy
on providing safe harbor protection for
digital health technology arrangements
with limited technology participants
(described in more detail later).
While all entities are eligible to be
VBE participants, each value-based safe
harbor and the patient engagement and
support safe harbor incorporates a list of
entities that are ineligible for safe harbor
protection. As discussed in greater
detail below, we determined which
entities should be ineligible based on
multiple factors, including the extent to
which the entities are involved in front
line care coordination and program
integrity concerns.
Under this final rule, a VBE will not
cease to meet the definition of a ‘‘VBE’’
solely because a VBE participant merges
with or acquires a different type of
entity or develops a new business line.
Nor would a VBE participant
necessarily cease to be eligible to use a
value-based safe harbor solely because it
acquires an entity that is not eligible. To
the extent a transaction causes a VBE
participant to become an ineligible
entity, the safe harbor would no longer
be available to protect any remuneration
exchanged by that entity under a valuebased arrangement.
Consistent with the OIG Proposed
Rule discussion of alternatives for
determining which entities are eligible
and ineligible for safe harbor protection,
we have adopted a risk-based, policyfocused approach to determine the
scope and applicability of the final safe
harbors. With respect to the ineligible
entities in the value-based safe harbors,
those entities are identified based on a
number of attributes, including the
products and services they offer, how
they structure their business, and the
extent to which they are on the front
line of care coordination and treatment
decisions. In the care coordination
arrangements safe harbor, we further
distinguish among entities in part on the
basis of product or arrangement type.
These considerations are directly related
to the goals of the Regulatory Sprint and
the design of the conditions in each safe
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
harbor to protect against fraud and
abuse.
With respect to the recommendation
that we create a new category of ‘‘VBE
partners,’’ we are not adopting this
suggestion. The proposed and final
value-based safe harbors were and are
designed for value-based arrangements
between VBEs and one or more of their
VBE participants or between or among
VBE participants in the same VBE. The
ability to determine with specificity
which individuals and entities are in a
VBE and which are not enhances
transparency, certainty, and
accountability for arrangements seeking
safe harbor protection. Social services
agencies, rideshare companies,
foodbanks, and others are eligible to be
VBE participants if they wish for their
arrangements to be eligible for
protection under the value-based safe
harbors. If for any reason they do not
wish to be VBE participants or cannot
become VBE participants, nothing in
this rule would prevent them from
engaging in care coordination or other
arrangements that do not fit in these
new safe harbors. In some cases, the
arrangements might fit in other safe
harbors, such as the local transportation
safe harbor (e.g., for rideshare
arrangements). For other arrangements,
the parties would need to review the
specific facts of the arrangement,
including the intent of the parties, to
ensure compliance with the Federal
anti-kickback statute.
Notably, if there is nothing of value
given by a social services agency or
foodbank, for example, to an individual
or entity in exchange for or to induce or
reward referrals of items or services for
which payment may be made under a
Federal health care program, the statute
would not be implicated. We would
expect this to be the case for many
social services agencies, foodbanks, and
other entities that provide social
services, food, or other supports to
patients and (1) do not bill Federal
health care programs and (2) do not
refer Federal health care patients to
health care providers for reimbursable
services or otherwise recommend or
arrange for such services.
Comment: Several commenters
requested that we either confirm in the
preamble, or revise the definition of
‘‘VBE participant’’ to state expressly,
that certain types of entities or
providers, such as retail health clinics,
charitable clinics and pharmacies,
federally qualified health centers,
credentialed orthotists and prosthetists,
payors, physician shareholders and
employees of medical groups, and nontraditional health care entities, among
others, qualify as VBE participants.
PO 00000
Frm 00025
Fmt 4701
Sfmt 4700
77707
Response: Under our revised
definition of a ‘‘VBE participant,’’ all
types of entities can be VBE
participants. Entities would need to
refer to the specific safe harbors to
determine whether they are eligible to
rely on the safe harbor.
Comment: Some commenters noted
that CMS’s proposed value-based
terminology does not make any entities
ineligible to be a VBE participant.
Response: Our final definition of
‘‘VBE participant’’ is aligned with
CMS’s definition, with the exception of
a detail around the use of the term
‘‘individual’’ in our rule and ‘‘person’’
in CMS’s rule and our policy that
patients may not be VBE participants.
The ‘‘individual’’ versus ‘‘person’’
verbiage relates to the difference in
language used elsewhere in the two
regulatory schemes and promotes
overall consistency across safe harbors
for OIG and exceptions for CMS.
For clarity, we have included an
express statement in regulatory text, not
included in CMS’s definition, carving
patients out of the definition of ‘‘VBE
participant.’’ This carve out would
extend to the patient’s family members
or others acting on the patient’s behalf,
consistent with the approach we take
elsewhere in this final rule with respect
to the coordination and management of
care with patients. The context and
framework of the value-based provisions
in the OIG Proposed Rule made clear
that we did not intend patients to be
VBE participants who could engage in
value-based arrangements under the
value-based safe harbors. In the
proposed regulations, we described VBE
participants as engaging in at least one
value-based activity as part of a VBE
and being part of at least one valuebased arrangement to provide at least
one value-based activity for a target
patient population. The role of VBE
participants in health care business
activities of VBEs is not a role assumed
by patients and families, who play a
critical role in patient care in other
ways. Our modification in the final rule
clarifies this point.
Under our proposed rule and this
final rule, VBE participants providing
remuneration to patients would look to
the patient engagement and support safe
harbor for protection, not to the valuebased safe harbors. Our reference to
‘‘individuals’’ in the proposed
definition was meant to capture
physicians, nurses, and other
practitioners, providers, and suppliers
in the health care ecosystem involved in
caring for patients. Our revised
regulatory text recognizes that all
individuals will likely be a patient at
one point or another and that our carve-
E:\FR\FM\02DER3.SGM
02DER3
77708
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
out of patients is limited to patients
when acting in their capacity as
patients. In other words, a physician
remains eligible to be a VBE participant
even if he or she is also sometimes a
patient.
Comment: Several commenters
encouraged us to consider requiring
additional safeguards within each safe
harbor to address concerns regarding
particular types of entities, rather than
categorical exclusions from the
definition of ‘‘VBE participant.’’ Others
opposed applying additional safeguards,
believing the existing safeguards in the
OIG Proposed Rule were sufficient for
all types of entities.
Response: For reasons noted above,
including input from comments, we are
not adopting categorical exclusions from
the definition of ‘‘VBE participant.’’
Instead, relying on factors such as fraud
and abuse risk and level of participation
in front line care of patients, we identify
certain entities as ineligible for
protection in specified safe harbors, and
include a tailored additional condition
for certain high-risk entities engaged in
arrangements involving digital health
technology. The entities that are
ineligible for protection and the
rationale for carving them out are
addressed in greater detail below in
response to comments specific to these
entities. We also provide greater detail
below regarding the entity-specific
safeguard we are adopting in the care
coordination arrangements safe harbor
for arrangements involving digital
health technology.
Comment: Several commenters
challenged OIG’s assertion that its
history of law enforcement activities
involving certain types of entities
should form the basis for whether
entities are entitled to protection under
the value-based safe harbors. Some of
these commenters noted that many
other types of parties, including
hospitals and physicians, have likewise
been the subject of enforcement actions.
Others asserted that the past bad acts of
a few should not dictate the future
compliance risks of the many,
particularly where many of the historic
enforcement actions resulted in
settlements without admission of guilt,
rather than actual convictions.
Response: We agree with the
commenters that the bad acts of the few
should not dictate the compliance risks
of the many. We proposed and are
finalizing new safe harbors intended to
aid the majority of stakeholders that are
honest and trying to do the right thing
for patients and the health care system.
The fact that an entity type is
categorically ineligible for safe harbor
protection does not mean that all
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
entities in the category are bad actors. In
crafting the value-based safe harbors, we
have balanced new flexibility under a
criminal statute with protections where
we identified elevated risk of fraud and
abuse. Our experience investigating
fraud and enforcing the anti-kickback
statute necessarily informs our approach
to establishing safe harbors for specific
payment practices consistent with the
criteria set forth at section 1128D(a)(2)
of the Act (safe harbor authority under
the Federal anti-kickback statute). Our
enforcement and oversight work offer
insights into common fraud schemes,
trends, and methods used by bad actors
to circumvent rules. In bringing this
experience to bear, we considered
multiple types of entities and
arrangements that have been the subject
of our work. The risk of fraud and abuse
is one factor in determining the types of
entities eligible for protection under the
safe harbors. Others include, for
example, the degree of participation of
the entity type in the care coordination
arrangements that are central to this
rulemaking and the level of need for the
entity type to have safe harbor
protection to effectuate the policy goals
of the Regulatory Sprint. We
acknowledged in the OIG Proposed Rule
and reiterate here that the new safe
harbors do not address all beneficial
value-based arrangements.
Comment: A commenter requested
confirmation that the definition of ‘‘VBE
participant’’ would not bar an integrated
delivery system from creating a valuebased arrangement within its own
system.
Response: There is nothing in the
definition of ‘‘VBE participant’’ that
would preclude an integrated delivery
system from creating a value-based
arrangement within its own system.
Comment: A commenter requested
that OIG make clear that the safe harbors
do not preclude entities that are
ineligible to be VBE participants from
contributing to value-based activities or
contracting with VBEs.
Response: We believe our revised
approach, where all entities are eligible
to be a VBE participant, addresses the
commenter’s concern. We wish to
clarify further that the value-based safe
harbors do not prohibit the VBE from
entering into contractual arrangements
with any type of entity, including an
entity that is not a VBE participant.
However, an entity that is not a VBE
participant will not be eligible for safe
harbor protection. Remuneration
exchanged by certain types of entities,
including non-VBE participants and
VBE participants on the carve-out list,
will not be protected by a value-based
safe harbor, and parties would need to
PO 00000
Frm 00026
Fmt 4701
Sfmt 4700
look to other safe harbors to the extent
they want to protect it.
Comment: A commenter supported
the fact that the proposed definition of
‘‘VBE participant’’ did not require VBE
participants to be equity owners of the
VBE.
Response: We did not propose
requirements related to equity
ownership of VBEs. However, we note
that the value-based safe harbors do not
protect remuneration in the form of
ownership interests or returns on those
interests.
Comment: A commenter
recommended that, if OIG finalizes the
definition of ‘‘VBE participant’’ as
proposed, it also modify the advisory
opinion process so that opinions may be
relied upon by parties other than just
the requesting party.
Response: Modifying the OIG
advisory opinion process is beyond the
scope of this rulemaking.
ii. Entities Ineligible for Safe Harbor
Protection
The value-based safe harbors deem
certain entities ineligible for safe harbor
protection. Those entities are:
Pharmaceutical companies; PBMs;
laboratory companies; compounding
pharmacies; manufacturers of devices or
medical supplies; DMEPOS companies;
and medical device distributors and
wholesalers. Notwithstanding, under
the care coordination arrangements safe
harbor (paragraph 1001.952(ee)),
manufacturers of devices and medical
supplies and DMEPOS companies are
eligible as limited technology
participants to protect certain digital
health technology arrangements to allow
them to participate in such
arrangements, along with other types of
eligible VBE participants. As explained
in more detail below, these distinctions
are rooted in a functional approach
focusing on the items, services, and
products furnished by the different
entity types and their roles in care
coordination, along with assessment of
program integrity risk based on
enforcement experience. We aim to
balance flexibility to achieve the
Regulatory Sprint goals with protection
against fraud and abuse.
This preamble section responds to
comments about each of these entity
types in turn. The outcomes-based
payments safe harbor at paragraph (d)(2)
and the patient engagement and support
safe harbor at paragraph 1001.952(hh)
reference these same entities and rely on
the same definitions when doing so.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
(a) Pharmaceutical Manufacturers,
Wholesalers, and Distributors
Comment: Many commenters agreed
with our proposal not to include
pharmaceutical manufacturers in the
definition of ‘‘VBE participant.’’ These
commenters articulated a variety of
supporting rationales, including that
manufacturers are less involved in care
coordination and present an increased
risk of abusive arrangements. Many
other commenters encouraged OIG to
allow pharmaceutical manufacturers to
participate as VBE participants, arguing,
among other things, that manufacturers
are well-positioned to contribute to
value-based arrangements and that their
participation is essential given the role
of medications in improving care. For
example, commenters noted that
manufacturers can leverage data
analytics and technology to improve
both outcomes measurement and care
management. Several commenters also
emphasized that manufacturers can
provide a variety of services relating to
medication adherence, which may play
a central role in value-based
arrangements by managing care and
reducing costs. Commenters also
emphasized that manufacturers often
know their product best and are thus in
an ideal position to bring value through
continued involvement.
Response: Under the revised
framework we are adopting in this final
rule, pharmaceutical companies can be
VBE participants, and existing VBEs
that include pharmaceutical companies
do not need to be restructured for
purposes of this rulemaking. However,
we are effectuating our intent that
pharmaceutical companies would not be
eligible to use the value-based safe
harbors by including pharmaceutical
companies on the ineligible entity list in
each safe harbor. We agree with the
commenters that pharmaceutical
manufacturers are not as likely as other
entities to be involved with front line
care coordination, and we remain
concerned, as noted in the OIG
Proposed Rule, about the potential for
pharmaceutical manufacturers to use
the value-based safe harbors to protect
arrangements that are intended to
market their products or inappropriately
tether clinicians to the use of a
particular product rather than as a
means to create value by improving the
coordination and management of patient
care. As a result, protection under the
value-based safe harbors does not
extend to remuneration that
pharmaceutical manufacturers exchange
with other VBE participants.
We recognize that pharmaceutical
manufacturers can play important roles
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
in delivering efficient, high quality care
to patients, including, for example,
through medication adherence programs
and data sharing. However, like any
arrangement that does not qualify for a
safe harbor, such arrangements would
need to be analyzed for compliance with
the anti-kickback statute based on their
specific facts, including the intent of the
parties. They are not eligible for
protection under these new safe harbors.
As noted in the OIG Proposed Rule,
we continue to consider the role of
pharmaceutical manufacturers in
coordinating and managing care as well
as how to address value-based
contracting and outcomes-based
contracting for pharmaceutical products
and medical devices, including devices
that do not meet the definition of
‘‘digital health technology’’ under this
rule.
Comment: Many commenters
encouraged OIG to allow
pharmaceutical manufacturers to
participate in value-based contracting
arrangements where they take on
financial risk. Several of these
commenters specifically supported
arrangements where payment for
prescription drugs is tied to clinical
endpoints or patient outcomes, such as
where a manufacturer agrees to provide
a full or partial refund on a product if
a course of treatment fails to achieve the
desired outcome. Other commenters
expressed skepticism about value-based
contracting and encouraged OIG to
adopt safeguards to protect against
potentially abusive arrangements.
Another commenter suggested that OIG
adopt manufacturer-specific safe
harbors with a sliding scale of risk.
Among commenters who supported
protecting value-based contracting,
many raised concerns that existing best
price requirements in the Medicaid
Drug Rebate Program operate as an
actual or perceived impediment to these
types of arrangements and encouraged
OIG to work with CMS to resolve these
issues.
Response: We did not propose either
a value-based contracting safe harbor or
pharmaceutical manufacturer-specific
safe harbors with a sliding scale of risk
in this rulemaking. With respect to
commenters’ concerns regarding the
potential impact of value-based
contracting on Medicaid best price
reporting obligations, those issues are
outside the scope of this rulemaking.
Comment: A trade association
representing pharmaceutical
manufacturers requested that OIG
clarify that any exclusion of
pharmaceutical manufacturers from the
value-based safe harbors is not intended
to discourage manufacturers from
PO 00000
Frm 00027
Fmt 4701
Sfmt 4700
77709
participating in arrangements for valuebased care. Another commenter asserted
that pharmaceutical manufacturers’
participation in care coordination may
be necessary with the advancement of
therapies like personalized cell
therapies, which use a modified version
of the patient’s own cells to treat
disease. A commenter recommended
that a nonprofit generic drug company
that addresses drug shortages in the
marketplace be permitted to participate
as a VBE participant, even if
pharmaceutical manufacturers are not
eligible.
Response: Nothing in this final rule is
intended to discourage pharmaceutical
manufacturers from participating in
arrangements for value-based care.
Under this rule as finalized, a
pharmaceutical company can be a VBE
participant collaborating with others in
a VBE. Nothing prevents a
pharmaceutical company (or any other
type of entity) from participating in care
coordination arrangements, but
remuneration exchanged by the
pharmaceutical company under those
arrangements would not qualify for
protection under the value-based safe
harbors. For example, we appreciate
that pharmaceutical companies can
work to address shortages in the
marketplace and could enter into
arrangements with a VBE and VBE
participants to address those issues.
Those arrangements would need to be
analyzed based on their specific facts for
compliance with the anti-kickback
statute. The failure to fit in a safe harbor
does not mean an arrangement is
unlawful under the anti-kickback
statute. Moreover, safe harbor protection
is irrelevant to the extent that an
arrangement does not implicate the antikickback statute. We reiterate that
parties may structure arrangements to
meet other safe harbors, such as the safe
harbor for personal services
arrangements or the warranties safe
harbor and may also use OIG’s advisory
opinion process to the extent they want
prospective protection for arrangements
they wish to undertake.
Comment: Commenters were divided
on whether pharmaceutical wholesalers
and distributors should be eligible to be
VBE participants. Some stated that these
entities present the same types of risks
and concerns that manufacturers
present (e.g., inappropriately increased
costs to Federal health care programs)
and should be ineligible for the same
reasons. Many commenters who
supported allowing manufacturers to be
VBE participants also supported
allowing wholesalers and distributors to
be VBE participants.
E:\FR\FM\02DER3.SGM
02DER3
77710
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Response: All entities are permitted to
be VBE participants under this final
rule. However, remuneration exchanged
by pharmaceutical companies,
including distributors and wholesalers,
is not protected by the value-based safe
harbors, consistent with our proposal to
make them ineligible. We adopt this
policy for reasons comparable to those
for making manufacturers ineligible,
including that wholesalers and
distributors are less likely to have a
direct role in front line patient care
coordination. We are not persuaded that
pharmaceutical distributors’ and
wholesalers’ indirect role in support of
coordinating care warrants protection
under the value-based safe harbors.
(b) Pharmacy Benefit Managers
Comment: In response to our
consideration in the OIG Proposed Rule
related to PBMs, several commenters
urged us to make PBMs ineligible to be
VBE participants. A few of these
commenters supported making PBMs
ineligible based on concerns about
potentially abusive PBM practices that
they believe affect drug prices and limit
treatment options for patients. Other
reasons that commenters provided
include that PBMs are not front-line
health providers and protecting
arrangements involving PBMs in the
value-based safe harbors may
inappropriately affect treatment
decisions by health care practitioners. A
commenter also suggested we require
VBEs that establish relationships with
PBMs to include information regarding
such relationships in relevant VBE
documents and reports.
Conversely, many commenters urged
us to allow PBMs to be eligible to be
VBE participants. Commenters asserted
that PBMs are engaged in a number of
activities that relate to care coordination
and the value-based purposes we
proposed, including, for example,
developing formularies to select drugs
based on relative value, leveraging
health information technology to assist
in coordinating care and managing
benefits, and operating a variety of care
coordination programs, such as
medication adherence, medication
therapy management, and chronic
condition education. Commenters
emphasized the role that PBMs play
with respect to controlling
pharmaceutical costs and promoting
quality by ensuring clinical efficacy.
Several commenters sought to
distinguish PBMs from pharmaceutical
manufacturers, noting that pharmacy
benefit managers have no connection to
any particular drug product and do not
rely on prescriptions or referrals for any
particular product. Another commenter
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
asserted that PBMs are well-suited to
enter into risk bearing arrangements
because their business model already
involves helping their clients manage
insurance risk.
Response: As described above, all
types of entities are eligible to be VBE
participants under this final rule.
However, we are finalizing our proposal
for PBMs to be ineligible to rely on the
value-based safe harbors to protect
remuneration.
PBMs are less likely to be on the front
line of care coordination and treatment
decisions in the same way as other types
of VBE participants eligible to use the
value-based safe harbors. We recognize
and appreciate the information that
commenters provided on the role that
PBMs serve in supporting value-based
care and coordinating care, for example,
by designing formularies based on
relative value, using their expertise to
improve medication adherence, and
managing insurance risk. However, we
are not persuaded that PBM’s indirect
role in support of coordinating care or
managing risk warrants protection
under the value-based safe harbors,
which focus significantly on the
coordination and management of patient
care. PBMs play a unique role in
establishing benefit networks and
associated management services
connected to payors, pharmaceutical
manufacturers, and pharmacies. As a
result, PBM arrangements raise different
program integrity issues from the types
of value-based arrangements
contemplated by this rulemaking and
would likely require different
safeguards.
Under the final rule, PBMs, as with all
individuals (except for patients) and
entities, are eligible to be VBE
Participants. This will allow PBMs to
continue supporting value-based care,
even though they are not eligible to rely
on the value-based care safe harbors. We
note that some PBMs’ value-based
activities may not implicate the Federal
anti-kickback statute, depending on the
specific facts and circumstances of each
arrangement. Parties may also use OIG’s
advisory opinion process to the extent
they want prospective protection for
arrangements involving the exchange of
remuneration with PBMs.
In response to the suggestion that
VBEs that have relationships with PBMs
be required to document and disclose
such relationships, the value-based
definitions have relevant documentation
and oversight conditions, including a
requirement that the VBE governing
documentation describe how the VBE
participants intend to achieve the VBE’s
value-based purpose(s).
PO 00000
Frm 00028
Fmt 4701
Sfmt 4700
We recognize that many PBMs are
owned, affiliated with, or under
common ownership structures with
other entities, particularly payors and
health benefit plans. Considering the
role that payors have in the substantial
downside risk and full financial risk
safe harbors, it is important to note that
payors would be eligible for safe harbor
protection even if they own, are
affiliated with, or are under common
ownership with a PBM. Additionally, a
payor would be eligible for safe harbor
protection if it does not contract out its
pharmacy benefit management services
and instead performs those functions as
part of its administration of a health
benefit plan more broadly. We would
consider the PBM functions, in that
context, to be ancillary to the payor’s
predominant or core business, which is
administering a health benefit plan.
Thus, such a payor would not be
considered to be a PBM for purposes of
eligibility for protection under the
value-based safe harbors,
notwithstanding the fact that it performs
some PBM activities. See the discussion
at section III.B.2.e.5, below regarding
entities with multiple lines of business
for further details regarding the
predominant or core business standard.
(c) Laboratory Companies
Comment: While some commenters
supported our proposal to make clinical
laboratories ineligible to be VBE
participants or suggested that we only
allow them to be VBE participants if we
included additional safeguards, many
commenters urged OIG to include
clinical laboratories as VBE participants.
Several commenters noted that
laboratories are increasingly providing
precision diagnostic services and
posited that this type of personalized
medicine is the future of both
preventive medicine and modern
oncology care. Commenters expressed
concern that making laboratories
ineligible to be VBE participants may
inhibit integration of these types of
diagnostic services into practice. Others
asserted that existing safeguards are
sufficient to protect against any risk of
fraud and abuse.
Commenters provided various
examples of value-based arrangements
involving laboratories. A commenter
provided one example of a laboratory
that entered into an arrangement with a
payor under which it reviewed
historical test results for a patient
population to identify those likely to
have a condition such as diabetes or
chronic kidney disease so as to facilitate
patients’ enrollment in a disease
management program.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Response: Under this final rule,
laboratory companies may be VBE
participants in a VBE and collaborate
with other VBE participants without
affecting the ability of other VBE
participants to be eligible for safe harbor
protection. However, laboratory
companies are included on the list of
carved out entities for which protection
is not available under value-based safe
harbors. As a result, any remuneration
exchanged by a laboratory company will
not be protected by a value-based safe
harbor. We expressed our intent in the
OIG Proposed Rule to make clinical
laboratories ineligible for safe harbor
protection because of heightened risk of
fraud and abuse based on historical
enforcement experience and because
they are, like pharmaceutical companies
and DMEPOS companies, heavily
dependent on practitioner prescriptions
and referrals. We were, and remain,
concerned that these entities might
misuse the value-based safe harbors as
a means of offering remuneration
primarily to market their products
rather than as a means to create value
for patients, providers, and payors by
improving the coordination and
management of patient care, reducing
inefficiencies, or lowering costs. We
also continue to believe that offering
protection for remuneration exchanged
by a laboratory company under the
value-based safe harbors is unnecessary
to effectuate the goals of the Regulatory
Sprint because, as compared to other
types of entities such as hospitals,
physicians, and remote patient
monitoring companies, laboratory
companies are not on the front lines of
care coordination.
We appreciate the input from
commenters who pointed out various
ways in which laboratories may be
participating in care coordination. We
are not persuaded that these examples
warrant revisiting our policy. However,
we want to be clear that nothing in this
rulemaking is intended to discourage or
prevent a laboratory from participating
in care coordination arrangements such
as those described by the commenters so
long as the arrangements comply with
the anti-kickback statute. A laboratory
may look to other safe harbors, such as
the personal services and management
contracts safe harbor, as modified in this
rule, to protect remuneration, and the
advisory opinion process also remains
available.
Comment: Several commenters
requested that OIG clarify how clinical
laboratories that are owned and
operated by entities with other
regulatory classifications, including
hospitals, physician group, and medical
device manufacturers, would be treated.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Response: We do not intend for the
ineligibility of laboratory companies to
extend to clinical laboratories that are
owned and operated through other types
of entities, such as hospitals and
physician practices. Other types of
entities, such as hospitals and physician
practices, that operate clinical
laboratories that are not the entity’s
predominant or core line of business are
eligible to use the value-based safe
harbors. This approach ensures that
hospitals, physicians, and other entities
with core care coordination roles are not
precluded from using the safe harbors
because they happen to provide some
laboratory services, which we
understand to be common in the
industry. We also believe that this
approach would preclude any
suggestion that entities which have a
predominant or core line of business
other than a clinical laboratory (or other
ineligible entity), such as a hospital,
need to restructure their operations or
corporate structure or otherwise need to
modify the manner in which these
entities operate.
In this final rule, we use the term
‘‘laboratory companies’’ to describe the
intended category of ineligible entities,
rather than the term ‘‘clinical
laboratory’’ that was proposed, because
the term ‘‘laboratory company’’ better
describes the types of entities we intend
to make ineligible to rely on the valuebased safe harbors. We have long used
the same terminology in the electronic
health records safe harbor at paragraph
1001.952(y), and we intend for the term
to have the same meaning here.
Specifically, it describes independent
companies that operate clinical
laboratories and bill for the laboratory
services they furnish through their own
billing numbers. Thus, for example, if a
hospital furnishes laboratory services
through a laboratory that is a
department of the hospital for Medicare
purposes (including cost reporting) and
the laboratory services are billed
through the hospital’s provider number,
then the hospital would not be
considered a laboratory company for
purposes of determining eligibility to
rely on a value-based safe harbor. In
contrast, a hospital affiliated or hospitalowned laboratory company with its own
supplier number that furnishes
laboratory services that are billed using
a billing number assigned to the
company and not the hospital would
not be eligible for safe harbor protection.
This approach is consistent with the
approach we describe in the discussion
on entities with multiple business lines,
below, in that it focuses on both the
PO 00000
Frm 00029
Fmt 4701
Sfmt 4700
77711
corporate structure and the predominant
or core business function of an entity.
(d) Medical Device Manufacturers,
Distributors, and Wholesalers
Comment: Many commenters
encouraged OIG to allow medical device
manufacturers, distributors, and
wholesalers to be VBE participants,
emphasizing, among other things, the
role that these entities play in
collecting, aggregating, analyzing, and
sharing data to assist clinicians with
care coordination and management.
Others disagreed with our
characterization of medical device
manufacturers as not being on the front
line of care coordination.
Another commenter asserted that our
concerns that manufacturers may use
value-based arrangements to tether
clinicians or patients to a particular
product are misplaced and disregard the
improved cost and clinical outcomes
that derive from standardizing the use of
a superior product. Similarly, a
commenter objected to the suggestion
that manufacturers’ participation in
value-based arrangements is driven by
marketing objectives. An integrated
delivery system described existing
value-based partnerships with medical
device companies that it believes foster
value by optimizing care pathways,
improving patient experience, and
sharing accountability for the results;
according to this commenter, the
medical device companies have been
responsible, effective, and essential in
providing high quality care at a low
cost.
Response: We appreciate commenters’
perspectives, and we recognize that
manufacturers of devices and medical
supplies may play an important role in
some value-based arrangements,
including by offering digital health
technologies that can improve
coordination and management of care.
However, we continue to believe, as a
general matter, that they are not as
directly engaged in care coordination as
other entities, such as providers and
clinicians. We continue to have
concerns, as described in the OIG
Proposed Rule, based on our historical
law enforcement experience, that
manufacturers of devices and medical
supplies could misuse the flexibilities
afforded by the value-based safe harbors
to offer kickbacks under the guise of
care coordination activities or to tether
a clinician to a particular product.
Further, we believe there is a risk that
these arrangements could result in
providers selecting products that may
not be clinically appropriate for, or in
the best interest of, a patient. Based on
our enforcement experience, these
E:\FR\FM\02DER3.SGM
02DER3
77712
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
concerns are heightened with respect to
implantable devices used in a hospital
or ambulatory surgical care setting, for
which there is an elevated risk for
patients undergoing implant surgery if
devices are selected because of financial
incentives rather than patients’ best
interests.
As discussed at section III.B.2.e.iii, we
are adopting a pathway to protect the
exchange of digital health technologies
by manufacturers of devices and
medical supplies under the care
coordination arrangements safe harbor,
which addresses some of the
commenters’ concerns. This pathway,
which imposes an additional safeguard
that applies only to manufacturers of
devices and medical supplies and
DMEPOS companies, balances our
program integrity concerns with our
interest in facilitating the deployment of
health technologies for care
coordination.
Comment: Many commenters
encouraged OIG not to include device
manufacturers, distributors, and
wholesalers as VBE participants. Several
of these commenters asserted that
medical device manufacturers are not
on the front line of care coordination.
Another commenter asserted that, while
larger companies may be wellpositioned to engage in data-driven care
coordination activities, most device
manufacturers do not offer these types
of services. The commenter was
concerned that allowing medical device
manufacturers to engage as VBE
participants would unfairly advantage
large manufacturers over smaller
manufacturers, with larger companies
using their size and scale to leverage
their care coordination capabilities in a
manner that disincentivizes purchasers
from considering competing products.
The commenter expressed concern that
this dynamic may suppress medical
innovation by smaller companies and
encouraged OIG to consider a pilot
program to assess potential impacts on
smaller manufacturers.
Response: We appreciate the concerns
raised by commenters, and, as we have
explained, we share some of them.
However, we also believe that digital
health technologies hold great promise
for improving coordination and
management of care and achieving the
goals of the Regulatory Sprint, and we
believe that many of these promising
technologies are either currently being
developed, or will in the future be
developed, by manufacturers of devices
and medical supplies. We also believe
that there will be instances where these
digital health technologies are
inextricably linked to a medical device.
To that end, we are affording safe harbor
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
protection to the exchange of digital
health technologies by manufacturers of
medical devices under the care
coordination arrangements safe harbor.
With respect to the commenter’s
concerns about potential
anticompetitive effects from allowing
manufacturers of devices and medical
supplies to participate, we are adopting
a safeguard in the care coordination
arrangements safe harbor that applies to
manufacturers of devices and medical
supplies, as limited technology
participants, that prohibits exclusivity
provisions and minimum purchase
requirements. We designed this
condition to prevent limited technology
participants from locking-in use of their
digital health technology, which may
have beneficial effects for competition.
For example, VBE participants may
have increased opportunities to use
multiple of types of digital health
technology that best fits their needs.
In response to the commenter’s
concern about competition between
large manufacturers and small
manufacturers, nothing in this safe
harbor is intended to favor large entities
over small entities. We recognize that
large manufacturers are likely to have
additional resources to assess
arrangements and determine whether
they meet this safe harbor. We have
strived to limit potential administrative
burden as much as possible, while also
including necessary safeguards against
fraud and abuse. We believe that this
safe harbor and the limited technology
participant pathway will not require
significant resources to ensure an
arrangement meets all applicable
conditions. Furthermore, use of these
safe harbors and associated compliance
is only one factor that may affect
competition and innovation. There are
several other factors that impact
competition and innovation, but are not
subject to the Federal anti-kickback
statute and thus are outside the scope of
this rulemaking.
Comment: With respect to adopting a
definition for purposes of identifying
the category of entities not eligible to be
VBE participants, several commenters
cautioned that it would be virtually
impossible to define device
manufacturers in a manner that would
not preclude the types of digital health
technologies that we stated we wished
to include. Some commenters
recommended that any definition that
OIG adopts be limited to devices that
are separately reimbursed by Medicare
and not include companies that
incorporate medical devices as part of
their service offerings.
Many commenters encouraged us not
to adopt a new definition, but instead to
PO 00000
Frm 00030
Fmt 4701
Sfmt 4700
rely on existing definitions adopted by
other divisions within the Department
of Health and Human Services.
However, a commenter asserted that
OIG should not use CMS’s definition of
‘‘applicable manufacturer’’ in 42 CFR
403.902, which relates to the Open
Payments provisions of the Patient
Protection and Affordable Care Act 17
(ACA), because that definition would
not include manufacturers that do not
have operations in the United States and
reliance on this definition would be
confusing because it includes
manufacturers of durable medical
equipment, which we proposed not to
include in the definition of ‘‘VBE
participant.’’
Response: Notwithstanding the
changes to the definition of ‘‘VBE
participant,’’ it remains necessary for us
to adopt a definition of ‘‘manufacturer
of a device or medical supply’’ to
identify entities that are limited
technology participants for purposes of
the care coordination arrangements safe
harbor.
The definition we are adopting at
paragraph 1001.952(ee)(14)(iv) provides
that ‘‘manufacturer of a device or
medical supply’’ means an entity that
meets the definition of applicable
manufacturer in 42 CFR 403.902
because it is engaged in the production,
preparation, propagation, compounding,
or conversion of a device or medical
supply that meets the definition of
covered drug, device, biological, or
medical supply in 42 CFR 403.902, but
not including entities under common
ownership with such entity. For
purposes of this definition, we
incorporate and adopt all of the related
terminology in 42 CFR 403.902. We
opted to rely on the ‘‘applicable
manufacturer’’ terminology described in
the Open Payments program and its
implementing regulations because it
effectively captures the universe of
entities we designate as limited
technology participants and those that
will otherwise be carved out of safe
harbor protection. Similarly, we opted
to rely on this terminology because
relying on an existing regulatory
definition promotes consistency across
the Department and minimizes
additional potential regulatory burden.
We are not adopting the alternative
proposed definition that would include
any entity that manufacturers any item
that requires premarket approval by, or
premarket notification to, the FDA, or
that is classified by the FDA as a
medical device because we believe the
17 Public Law 111–148, 124 Stat. 119, as amended
by the Health Care and Education Reconciliation
Act of 2010 (Pub. L. 111–152, 124 Stat. 1029).
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
‘‘applicable manufacturer’’ terminology
used in the Open Payments program
provides a more fulsome definition that
addresses not only the nature of the
product (i.e., whether it is regulated by
the FDA as a device) but also the nature
of the entity’s functions vis a vis that
product (e.g., production, preparation,
propagation, compounding, or
conversion). We also intend to include
medical device distributors or
wholesalers on the list of ineligible
entities because they are less likely to
have a direct role in front line patient
care coordination, and the ‘‘applicable
manufacturer’’ definition at 42 CFR
403.902 includes distributors and
wholesalers that hold title to the device
or medical supply. Thus, it is a more
comprehensive definition that aligns
with our objectives. In order to capture
distributors and wholesalers that do not
hold title to the device or medical
supply on the ineligible entity list, the
ineligible entity list in each value-based
safe harbor includes a separate category
for ‘‘a medical device distributor or
wholesaler that is not otherwise a
manufacturer of a device or medical
supplies.’’
With respect to the commenter who
cautioned that reliance on the
definitions from the Open Payments
program would not include
manufacturers that do not have
operations in the United States, we refer
the commenter to CMS regulations and
guidance regarding how foreign
companies can become subject to
reporting obligations under section
1128G of the Act.
Comment: Many commenters shared
our concerns regarding physicianowned distributorships and encouraged
us to make them ineligible to be VBE
participants. A commenter suggested
that an entity that generates more than
forty percent of its business from its
physician owners should be not be
eligible to be a VBE participant. Another
commenter suggested that we require all
VBE participants—regardless of whether
or not they meet the definition of
‘‘applicable manufacturer’’—to meet the
reporting obligations under section
1128G of the Act.
Response: We are adopting our
proposed policy that physician-owned
distributorships would not be eligible
for safe harbor protection. Physicianowned distributors will be captured by
one of two categories on the ineligible
entity lists in each of the value-based
safe harbors: Manufacturers of devices
or medical supplies or medical device
distributors or wholesalers that are not
otherwise manufacturers of devices or
medical supplies. As described above,
the term ‘‘manufacturer of devices or
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
medical supplies’’ is defined in
paragraph 1001.952(ee).
As we stated in the OIG Proposed
rule, physician-owned distributorships
are inherently suspect under the antikickback statute because the financial
incentives these companies offer their
physician owners may induce physician
owners to perform more procedures (or
more extensive procedures) and to use
the devices the physician-owned
distributorships sell in lieu of other,
potentially more clinically appropriate
devices. Therefore, as described in
greater detail below, physician-owned
distributorships are also ineligible to
rely on the care coordination
arrangements safe harbor to protect
digital health technology arrangements,
even if they otherwise fit the definition
of a manufacturer of a device or medical
supply.
With respect to the commenter that
suggested that we require all VBE
participants to meet the reporting
obligations under section 1128G of the
Act, such a requirement is outside the
scope of this rulemaking.
(e) DMEPOS Companies
Comment: Many commenters
encouraged us to include DMEPOS
companies in the definition of ‘‘VBE
participant.’’ Commenters asserted that
DMEPOS companies are on the front
line of care coordination. Many
commenters highlighted, for example,
the role of DMEPOS companies in
supporting care coordination through
home infusion, home respiratory, and
diabetes management services; others
stated that DMEPOS companies engage
directly with patients in a variety of
ways, including visiting patients in their
home. Commenters emphasized that
DMEPOS companies are particularly
critical in facilitating transitions from
one care setting to another. Commenters
also noted that the expansion of remote
monitoring technologies has enhanced
the role that DMEPOS companies play
in care coordination and that device
manufacturers are increasingly
integrating digital technologies into
medical devices that are classified as
DMEPOS. With respect to these and
other technologies, commenters noted
that DMEPOS companies may provide
useful data to support care coordination.
Other commenters encouraged us to
make DMEPOS companies ineligible for
protection under the value-based safe
harbors because they are not involved in
front line patient care coordination.
Others encouraged us to adopt
additional safeguards specific to
DMEPOS companies.
Response: We are persuaded by
commenters that DMEPOS companies
PO 00000
Frm 00031
Fmt 4701
Sfmt 4700
77713
may have an important role in valuebased arrangements, particularly in the
context of post-acute care, and that they
provide an array of health technology
services, such as remote patient
monitoring, that may facilitate the
coordination and management of patient
care. We believe that we must balance
the role of these DMEPOS companies
with our continued concerns, informed
by our historical law enforcement
experience, that some of these entities
might misuse the protections afforded in
the value-based safe harbors as a way to
offer kickbacks under the guise of care
coordination.
Given our stated interest in the
deployment of digital health
technologies to enhance coordination
and management of care and consistent
with the OIG Proposed Rule as
explained elsewhere, we have defined
the term limited technology participant
to include manufacturers of medical
supplies and entities or individuals that
sell or rent DMEPOS. Limited
technology participants, such as
DMEPOS companies, may rely on the
care coordination arrangements safe
harbor to protect digital health
technologies that they exchange with
another VBE participant or the VBE,
provided the arrangement satisfies an
additional safe harbor condition that
does not apply to other VBE
participants, discussed in greater detail
below. Our approach to DMEPOS in the
final rule strikes a balance between
encouraging the use of beneficial digital
health technology, which may be
offered by DMEPOS companies, for care
coordination and protecting programs
from potential fraud and abuse.
Comment: Some commenters asserted
that DMEPOS companies would be
willing to enter into risk-based
arrangements and encouraged OIG to
provide safe harbor protection for these
types of arrangements.
Response: We believe the commenter
is inquiring as to whether risk-based
arrangements involving DMEPOS
companies could satisfy the conditions
of a value-based safe harbor. For the
reasons described above and in the OIG
Proposed Rule, DMEPOS companies are
not eligible to rely on the value-based
safe harbors, except under the limited
technology participant pathway we have
created in the care coordination
arrangements safe harbor.
Comment: A commenter
recommended that ‘‘distribution
vendors’’ not be considered DMEPOS
companies for purpose of any exclusion.
The commenter argued that these
vendors are needed to deploy digital
medicine programs effectively by
directly supporting patients through
E:\FR\FM\02DER3.SGM
02DER3
77714
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
home delivery of digital medical
program items.
Response: All entities can be VBE
participants under our revised
approach, but entities that sell or rent
covered DMEPOS are included in the
ineligible entity lists in each valuebased safe harbor and are thus ineligible
to rely on those safe harbors, except
under the limited technology
participant pathway in the care
coordination arrangements safe harbor.
In the OIG Proposed Rule we listed
manufacturer, distributor, or supplier of
DMEPOS as an ineligible entity type.
The final rule instead lists an entity or
individual that sells or rents DMEPOS
as ineligible for safe harbor protection
(except that a limited technology
participant is eligible under the care
coordination arrangements safe harbor).
The language in the final rule focuses on
the nature of an entity’s business—
selling and renting DMEPOS—to better
capture the higher risk entities that
cannot use the safe harbors, and avoids
potentially broad terms, such as
‘‘supplier,’’ that are defined elsewhere
in Medicare regulations for different
purposes. The language ‘‘sells or rents’’
is derived from a CMS definition of
DMEPOS supplier.18
We removed the reference to
DMEPOS manufacturers because
entities that manufacture DMEPOS
would fall under the final rule’s
definition of ‘‘manufacturer of a device
or medical supply,’’ and it would have
been duplicative to include these
entities under both definitions. Some
DMEPOS distributors will also be
captured by the definition of
‘‘manufacturer of a device or medical
supply’’ and would similarly be
ineligible on that basis. We believe that
the universe of entities that we intended
to capture under the ‘‘manufacturer,
distributor, or supplier of DMEPOS’’
terminology used in the OIG Proposed
Rule will now be captured by one or
both of the categories ‘‘manufacturer of
a device or medical supply’’ and ‘‘an
entity that sells or rents [DMEPOS].’’
Comment: Several commenters noted
that many types of providers and
entities, including physician practices,
dentists, hospitals, and pharmacies, may
be enrolled in the Medicare program as
DMEPOS suppliers and questioned how
an exclusion of DMEPOS companies, or
requirements specific to DMEPOS
companies, would apply to them. A
commenter suggested that OIG should
distinguish DMEPOS companies who
derive only a small portion of their
revenues from furnishing DMEPOS.
18 42
CFR 424.57(a).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Response: In the final rule, the carveout for DMEPOS companies in each of
the value-based safe harbors does not
apply to a pharmacy or to a physician,
provider, or other entity that primarily
furnishes services. In the OIG Proposed
Rule, we sought comments on how to
ensure that these types of entities would
remain eligible for safe harbor
protection even if they own or operate
an entity that is ineligible, such as a
DMEPOS company.19 By specifically
carving these entities out of the
definition of DMEPOS companies, we
ensure that these entities will not
become ineligible for safe harbor
protection. These entities and
individuals are likewise not treated as
‘‘limited technology participants.’’
Thus, physicians, dentists, physician
practices, and other providers
(including, for example, hospitals), who
primarily furnish services, as well as
pharmacies, would not be considered
DMEPOS companies for purposes of
either the ineligible entities list or the
‘‘limited technology participant’’
definition. These parties are therefore
able to rely on the three value-based safe
harbors to the same extent as all other
eligible VBE participants (including for
arrangements involving digital health
technologies), and they are not required
to satisfy the additional condition that
applies only to limited technology
participants.
(f) Compounding Pharmacies
Comment: Several commenters
responded to our solicitation of
comments regarding the treatment of
compounding pharmacies in the rule.
Some commenters encouraged OIG not
to distinguish between retail
pharmacies, specialty pharmacies, and
compounding pharmacies. One
commenter expressed concern about
generally offering protections to all
compounding pharmacies, stating that
ongoing vigilance for fraud and abuse is
warranted for the compounding
pharmacy industry. The commenter
added that a more nuanced approach
that screens for and offers protections in
value-based arrangements for
demonstrably good actors may further
access to customized treatments,
particularly for patients with rare
diseases as well as pediatric patients.
The commenter also described the risks
of compounding without rigorous safety
and quality practices. The commenter
suggested that, to address quality,
safety, and program integrity concerns
with compounding pharmacies, OIG
could limit participation to
compounding pharmacies that
19 84
Jkt 253001
PO 00000
FR 55706 (Oct. 17, 2019).
Frm 00032
Fmt 4701
Sfmt 4700
exemplify good compounding practices
through adherence to the U.S.
Pharmacopeia (USP) Chapter 795 and
attainment of Pharmacy Compounding
Accreditation Board (PCAB)
accreditation from the Accreditation
Commission for Health Care (ACHC).
Other commenters believed that
compounding is an essential part of
patient care, including for specialty
pharmacies such as infusion pharmacies
that treat patients with severe
conditions. Commenters suggested that
pharmacists at compounding
pharmacies may play a key role in
helping coordinate individualized
patient care. Commenters urged OIG to
not exclude pharmacies from the
proposed safe harbor based on the
compounding services they provide.
Some commenters raised concerns that
excluding compounding pharmacies
from the value-based safe harbors would
expose the pharmacies to liability under
the Federal anti-kickback statute for any
remuneration they receive for providing
prescription compounded medications
or pharmacist-approved care services.
Some commenters explained their
understanding that compounding is the
preparation of a specific medication to
meet the prescriber’s exact
specifications and to be dispensed
directly to an individual patient,
pursuant to a valid prescription for that
patient. Such drugs are prescribed when
commercially available products do not
meet patient needs. Commenters noted
that compounding should not be
confused with manufacturing or the
mass production of drug products, nor
should it be confused with making
copies of commercially available drug
products, which is not allowed by law
under section 503A(b)(1)(D) of the
Federal Food, Drug, and Cosmetic Act
(21 U.S.C. 353a(b)(1)(D)).
Response: We agree that pharmacists,
including pharmacists at compounding
pharmacies, can play important roles in
coordinating and managing patient care
and as members of care teams, including
for patients with rare and serious
conditions. Under the final rule, all
pharmacies and pharmacists can
participate in VBEs. As explained
further below, most pharmacies and
pharmacists will be eligible to rely on
the value-based safe harbors to protect
remuneration, even if the pharmacy
engages in some compounding of drugs.
However, under the final rule, for
reasons explained below, pharmacies
that primarily compound drugs or
primarily dispense compounded drugs
are ineligible to protect remuneration
under the value-based safe harbors, as
well as the safe harbor protections for
patient engagement tools and supports
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
(paragraph 1001.952(hh)) and outcomesbased payments (amended paragraph
1001.952(d)). When we refer to
compounded drugs in this rule, we refer
to the common industry understanding
of them as drugs that are specifically
combined, mixed, or altered and
prepared for individual patients, or that
purport to be such drugs. As noted by
the commenters, compounded drugs are
often prescribed or dispensed for
patients for whom commercially
available products are not clinically
suitable.20 We are not defining
‘‘compounding’’ or ‘‘compounded
drugs’’ in regulatory text in this rule.
For purposes of this rule, compounding
pharmacies include entities that
primarily compound drugs or primarily
dispense compounded drugs, such as
topical pain creams, with or without
licensure or valid prescriptions.
Accordingly, we are not adopting the
narrower definitional suggestions made
by commenters.
We explained in the OIG Proposed
Rule that we were considering whether
specific types of pharmacies, such as
compounding pharmacies, should be
carved out of safe harbor protection
even if others, such as retail and
community pharmacies, are eligible for
safe harbor protection. The OIG
Proposed Rule states that pharmacies
that specialize in compounding
pharmaceuticals may pose a heightened
risk of fraud and abuse, as evidenced by
our enforcement experience, and may
not play a direct role in patient care
coordination.21 We remain deeply
concerned about fraud and abuse in the
compounding pharmacy industry.
Our recent criminal, civil, and
administrative enforcement history
shows an increasing number of fraud
allegations, investigations, and cases
related to compounded drugs, including
topical compounded drugs such as
creams, gels, and ointments to relieve
pain.22 OIG’s oversight experience also
20 See, e.g., FDA, Compounding and the FDA:
Questions and Answers, available at https://
www.fda.gov/drugs/human-drug-compounding/
compounding-and-fda-questions-and-answers
(addressing what is compounding and why some
patients need compounded drugs).
21 84 FR 55704 (Oct. 17, 2019).
22 See, e.g., Press Release, U.S. Department of
Justice, Compounding Pharmacy, Two of Its
Executives, and Private Equity Firm Agree to Pay
$21.36 Million to Resolve False Claims Act
Allegations (Sept. 18, 2019), https://
www.justice.gov/opa/pr/compounding-pharmacytwo-its-executives-and-private-equity-firm-agreepay-2136-million; Press Release, U.S. Department of
Justice, Four Florida Men Charged for Their Roles
in a $54 Million Compound Pharmacy Kickback
Scheme (June 5, 2020), https://www.justice.gov/
opa/pr/four-florida-men-charged-their-roles-54million-compound-pharmacy-kickback-scheme;
OIG, Civil Monetary Penalties and Affirmative
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
has found that Medicare Part D
spending for compounded topical drugs
was 24 times higher in 2016 than it was
in 2010, which raises concerns about
fraud and abuse.23 According to the
FDA, there are also safety and
effectiveness concerns related to
compounded drugs, which are not FDA
approved.24 This is also an area of
significant growth in Medicare Part D
spending; spending for compounded
topical drugs was 24 times higher in
2016 than it was in 2010, some of which
may be attributed to suspect billing
practices. In 2016, OIG found that about
550 pharmacies had engaged in
questionable Part D billing practices for
compounded topical drugs and
warranted further scrutiny. Each
pharmacy billed extremely high
amounts for at least one of five measures
that OIG has developed as indicators of
possible fraud, waste, and abuse.25 In
light of this enforcement and oversight
experience, we conclude that the risks
of allowing pharmacies that primarily
compound drugs or primarily dispense
compounded drugs to rely on the valuebased arrangements, patient engagement
tools and supports, and outcomes-based
payments safe harbors outweigh the
potential benefits. As explained further
below, other pharmacies are eligible to
rely on the safe harbors. As with other
entities ineligible for protection under
the value-based, patient engagement
tools and supports, and outcomes-based
payments safe harbors, compounding
pharmacies can still be VBE
participants.
We recognize that many pharmacies
may dispense some compounded drugs.
For purposes of this rule, a pharmacy is
only considered to be a compounding
pharmacy (and ineligible for protection
under certain safe harbors) if it
primarily compounds drugs or primarily
dispenses compounded drugs. We
anticipate that most retail pharmacies
and community pharmacies that offer
care coordination and management
services will not be covered by this
category and will be eligible to rely on
the safe harbors.
We are not adopting the commenters’
suggestions to provide safe harbor
Exclusions, Texas Company and Owner Agree to
Voluntary Exclusion (July 20, 2020).
23 OIG, Questionable Billing for Compounded
Topical Drugs in Medicare Part D (Aug. 2018),
available at https://oig.hhs.gov/oei/reports/oei-0216-00440.asp.
24 FDA, Compounding and the FDA: Questions
and Answers, available at https://www.fda.gov/
Drugs/GuidanceComplianceRegulatoryInformation/
PharmacyCompounding/ucm339764.htm.
25 OIG, Questionable Billing for Compounded
Topical Drugs in Medicare Part D (Aug. 2018),
available at https://oig.hhs.gov/oei/reports/oei-0216-00440.asp.
PO 00000
Frm 00033
Fmt 4701
Sfmt 4700
77715
protection for remuneration exchanged
by compounding pharmacies that
demonstrate that they are good actors or
that exemplify good compounding
practices through adherence to USP
Chapter 795 and attainment of PCAB
accreditation from ACHC. We believe
the suggested approaches would
introduce additional complexity and
uncertainty into the safe harbors by
further attempting to distinguish among
different types of compounding
pharmacies.
We do not prescribe a specific
standard or test for assessing whether a
pharmacy primarily compounds drugs
or primarily dispenses compounded
drugs. Entities may use a variety of
different methodologies, depending on
their circumstances. We expect parties
to use a reasonable methodology, which
they may wish to document. If an entity
has multiple lines of business, with one
line of business being a compounding
pharmacy, the entity should use the
multiple lines of business test as laid
out in section III.B.2.e.v of this preamble
to determine whether it is eligible to
rely on the safe harbors or a
compounding pharmacy ineligible to
rely on the safe harbors.
Entities seeking safe harbor protection
that are uncertain as to whether they are
eligible to rely on the value-based safe
harbors or any other safe harbor for a
particular arrangement may wish to use
the OIG advisory opinion process.
Finally, we want to clarify that
nothing in this rulemaking should affect
patients’ access to medically necessary
compounded drugs. The dispensing of
compounded drugs pursuant to
applicable coverage and billing rules
does not implicate the Federal antikickback statute. Nor does this rule
speak to the pricing of such products.
With respect to remuneration paid to
compounding pharmacies or
pharmacists for services furnished to
patients, whether such payments
implicate the statute is a case-by-case
determination and the safe harbors for
employment and personal services and
management contracts remain available.
As noted elsewhere, with respect to
value-based contracting with
pharmaceutical manufacturers, we may
consider safe harbor protection for such
arrangements in future rulemaking.
iii. Digital Health Technologies and
Limited Technology Participants
As explained in more detail below,
the final rule includes a pathway for
protection of ‘‘digital health
technology’’ arrangements involving
‘‘limited technology participants,’’ as
those terms are defined under the care
coordination arrangements safe harbor.
E:\FR\FM\02DER3.SGM
02DER3
77716
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
This pathway responds to comments
supporting protection of digital
technology arrangements involving
medical device manufacturers and
DMEPOS companies. VBE participants
that are not on the ineligible entity list
may exchange digital health
technologies (and any other
technologies) under the care
coordination arrangements safe harbor,
and they are not subject to the
additional safe harbor condition that
applies to limited technology
participants. Further, the pathway for
limited technology participants does not
apply to the substantial downside risk
and full financial risk safe harbors. The
care coordination arrangements safe
harbor is available for digital health
technology arrangements between
limited technology participants and
VBE participants in risk-based
arrangements.
For purposes of the pathway for
limited technology participants, we are
defining the term ‘‘limited technology
participant’’ at paragraph
1001.952(ee)(14)(iii) to mean a VBE
participant that exchanges digital health
technology with another VBE
participant or a VBE and that is: (A) A
manufacturer of a device or medical
supply, but not including a
manufacturer of a device or medical
supply that was obligated under 42 CFR
403.906 to report one or more
ownership or investment interests held
by a physician or an immediate family
member during the preceding calendar
year, or that reasonably anticipates that
it will be obligated to report one or more
ownership or investment interests held
by a physician or an immediate family
member during the present calendar
year (for purposes of this paragraph, the
terms ‘‘ownership or investment
interest,’’ ‘‘physician,’’ and ‘‘immediate
family member’’ have the same meaning
as set forth in 42 CFR 403.902); or (B)
an entity or individual that sells or rents
durable medical equipment, prosthetics,
orthotics, or supplies covered by a
Federal health care program (other than
a pharmacy or a physician, provider, or
other entity that primarily furnishes
services). In short, many manufacturers
of medical devices and supplies (but not
physician-owned distributors) and
DMEPOS companies are eligible to be
limited technology participants if they
fit in this definition.
We are defining ‘‘digital health
technology’’ at paragraph
1001.952(ee)(14)(ii) broadly to mean
hardware, software, or services that
electronically capture, transmit,
aggregate, or analyze data and that are
used for the purpose of coordinating
and managing care; such term includes
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
any internet or other connectivity
service that is necessary and used to
enable the operation of the item or
service for that purpose. Importantly,
this definition specifies the types of
technology a limited technology
participant can exchange under the safe
harbor. It does not constrain the types
of technology that can be exchanged by
other VBE participants eligible to use
the safe harbor.
Comment: Several commenters
emphasized the importance of allowing
health technology companies to
participate as VBE participants and
asserted that making medical device
manufacturers ineligible to be VBE
participants may impact the availability
of digital technologies for purposes of
coordinating and managing care because
no meaningful line can be drawn
between medical device companies and
health technology companies. For
example, a commenter explained that
they offer both traditional medical
devices and other digital health
technologies, the latter of which
includes clinical decision support tools
and artificial intelligence-assisted
diagnostic support tools. Another
commenter noted that manufacturers of
implantable devices often pair their
products with software solutions to
support patient diagnosis and treatment.
A trade association representing device
manufacturers described a program
where a manufacturer of automated
external defibrillators and cardiac
monitoring devices with transmitting
capabilities offers a device-agnostic
software solution that permits
coordination between EMS providers
and hospitals. According to the
commenter, the software enables
receiving hospitals to access cardiac
data in real time so they can have
advance notice of patients en route and
provide consultation back to EMS
personnel to direct the patient to the
appropriate treatment location (e.g.,
community hospital, hospital with
specialized services). Another
commenter explained how digital health
technology is integrated with medical
devices used by patients to provide data
to patients and providers for patient
engagement and treatment adherence
purposes. Other commenters
emphasized the difficulty of clearly
distinguishing between device
manufacturers and digital health
technology companies, and that both
may provide a mix of traditional
medical devices and digital health
technology. Commenters supported an
approach that would not
unintentionally exclude beneficial
PO 00000
Frm 00034
Fmt 4701
Sfmt 4700
digital health technology from
protection under the safe harbor.
Response: In the OIG Proposed Rule,
we expressed interest in protecting
remuneration in the form of a wide
range of mobile and digital technologies
for the coordination and management of
patient care, including, by way of
example, remote monitoring, predictive
analytics, data analytics, care
consultations, patient portals, telehealth
and other communications, and
software and applications that support
services to coordinate and monitor
patient care and health outcomes (for
individuals and populations). We noted
diabetes management services that
leverage devices and cloud storage
services to monitor blood sugar levels
and transmit data as an example.
While recognizing the promise that
digital health technologies have for
improving care coordination and health
outcomes, in the OIG Proposed Rule we
also raised fraud and abuse concerns
associated with medical device
manufacturers based on our historical
law enforcement experience. Section
III.B.2.e.d. explains those concerns in
more detail. Recognizing these factors,
we solicited comments generally on
how best to protect beneficial digital
technologies and mitigate fraud and
abuse risks. This included requesting
comment on definitions and factors to
consider for specific types of entities
that would protect digital technology
and not be too narrow or broad.
Consistent with this request for
comments, the intent in the OIG
Proposed Rule, and to address
comments received, we define the term
‘‘digital health technology’’ at paragraph
1001.952(ee)(14)(ii) and we define
‘‘limited technology participant’’ at
paragraph 1001.952(ee)(14)(iii). These
definitions balance the interests we
raised in the OIG Proposed Rule by
protecting beneficial digital health
technology and mitigating the fraud and
abuse risks by specifying the types of
technology that limited technology
participants can furnish under the care
coordination arrangements safe harbor.
This approach also addresses concerns
raised by commenters regarding
unintentionally excluding beneficial
digital health technology from safe
harbor protection. We discuss each
definition in more detail below in this
section.
Digital health technology is defined as
hardware, software, or services that
electronically capture, transmit,
aggregate, or analyze data and that are
used for the purpose of coordinating
and managing care; such term includes
any internet or other connectivity
service that is necessary and used to
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
enable the operation of the item or
service for that purpose. We intend for
this term to encompass a wide range of
digital health technologies, including
technologies that are not yet developed
or available. It also includes associated
internet or other connectivity services,
including dial-up, that are necessary
and used to enable the operation of the
item or service for the purpose of
coordinating and managing care. The
term ‘‘digital health technology’’
includes, for example, the software
solution described by the commenter
that enables hospitals to access data
from cardiac devices used by EMS
providers in the field so that they can
coordinate and manage the care of
patients undergoing a cardiac
emergency, including connectivity
services, such as mobile hotspots and
plans, necessary to enable the EMS
providers to transmit data from the field
to the hospital.
Only limited technology participants
are limited to the types of technology set
out in the definition of ‘‘digital health
technology.’’ Other VBE participants
eligible for the safe harbor may provide
additional types of technology so long
as the value-based arrangement squarely
meets all safe harbor conditions.
We share commenters’ views
regarding the desirability of enabling
VBE and VBE participants to leverage
digital health tools to support the
coordination and management of care.
All individuals (except for patients) and
entities are eligible to be VBE
Participants, and this includes health
technology companies, including those
that are not traditionally involved in
health care or may be new entrants to
health care. Except as otherwise
provided in the safe harbor regulations,
health technology companies are
eligible to rely on the protection of the
safe harbors for value-based
arrangements with other VBE
participants, provided that their
arrangements squarely meet all
applicable safe harbor conditions.
The question arose in the OIG
Proposed Rule, and remains relevant
here, whether manufacturers of devices
and medical supplies and DMEPOS
companies are health technology
companies. For most purposes, as
described above, these entities are
carved out of the value-based safe
harbors and are ineligible to rely on
them. However, we are creating a
pathway to enable these entities to
deploy digital health technologies under
the care coordination arrangements safe
harbor at paragraph 1001.952(ee). For
purposes of this safe harbor,
manufacturers of devices or medical
supplies (as defined in paragraph
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
1001.952(ee)) and DMEPOS companies
(i.e., entities or individuals that sell or
rent covered DMEPOS, not including
physicians or providers that primarily
furnish services and pharmacies) that
exchange digital health technologies
with another VBE participant or the
VBE are collectively termed ‘‘limited
technology participants’’ in paragraph
1001.952(ee).
Limited technology participants may
use the care coordination arrangements
safe harbor to protect the exchange of
digital health technologies with other
VBE participants or the VBE if the
arrangement meets an additional safe
harbor condition, described below.
Limited technology participants may
not, by definition, rely on the care
coordination arrangements safe harbor
to exchange other forms of
remuneration. All other entities eligible
to use the safe harbor can also exchange
remuneration in the form of digital
health technology, and they do not have
to meet the additional safe harbor
conditions that apply only to limited
technology participants at paragraph
1001.952(ee)(8). For example,
physicians and providers that primarily
furnish services are not treated as
limited technology participants and are
therefore not obligated to meet the
additional conditions that apply to
limited technology participants.
In short, remuneration in the form of
digital health technology may be
exchanged under the care coordination
arrangements safe harbor by all entities
that are not carved out of the safe
harbor, as well as limited technology
participants.
Consistent with our statements in the
OIG Proposed Rule reflecting our intent
that physician-owned distributorships
not be eligible to rely on the value-based
safe harbors, we do not intend for
physician-owned distributorships to be
able to use the limited technology
participant pathway in the care
coordination arrangements safe harbor.
To foreclose this possibility, we clarify
in paragraph 1001.952(ee)(14) that the
term ‘‘limited technology participant’’
does not include manufacturers of
devices or medical supplies that were
obligated under 42 CFR 403.906 to
report one or more ownership or
investment interests held by a physician
or an immediate family member during
the preceding calendar year, or that
reasonably anticipate that they will be
obligated to report one or more
ownership or investment interests held
by a physician or an immediate family
member during the present calendar
year. For purposes of this definition, the
term ‘‘manufacturer of a device or
medical supply’’ has the meaning set
PO 00000
Frm 00035
Fmt 4701
Sfmt 4700
77717
forth in paragraph 1001.952(ee)(14), and
the terms ‘‘ownership or investment
interest,’’ ‘‘physician,’’ and ‘‘immediate
family member’’ have the meaning set
forth in 42 CFR 403.902. We take this
opportunity to make clear that this
regulatory provision should not be
construed as an official definition of
unlawful physician-owned
distributorships or physician-owned
entities more broadly. This regulation
does not alter our long-standing
guidance regarding physician-owned
distributorships, and we specifically
reaffirm the guidance in our 2013
Special Fraud Alert on PhysicianOwned Entities.26
iv. Pharmacies Other Than
Compounding Pharmacies
Comment: The overwhelming
majority of commenters on this topic
supported allowing pharmacies to be
VBE participants. Commenters cited a
wide range of reasons, including that
pharmacies and pharmacists are already
involved in many aspects of care
coordination and management and that
they are on the front line of care
coordination because they often serve as
the key point of contact between
patients and the health care system due
to their geographic proximity to
patients. Commenters emphasized that
pharmacies provide many services to
patients, not just items. A commenter
also noted that an ACO may be a VBE
and that a number of ACOs currently
integrate pharmacists for medication
management and other services.
Conversely, another commenter
suggested that pharmacies should not be
eligible because they present many of
the same concerns as pharmaceutical
manufacturers, wholesalers, and
distributors.
Response: With the exception of
compounding pharmacies (as explained
in section III.2.e.ii.f of this preamble),
pharmacies can utilize each of the final
value-based safe harbors for value-based
arrangements and are not subject to any
pharmacy-specific restrictions or
limitations. Pharmacies other than
compounding pharmacies also are
eligible for safe harbor protection under
the safe harbors for patient engagement
tools and supports (paragraph
1001.952(hh)) and outcomes-based
payments (amended paragraph
1001.952(d)). We are persuaded that
many pharmacies and pharmacists have
the potential to facilitate coordination
and management of care for patients and
26 See OIG, Special Fraud Alert: Physician-Owned
Entities (Mar. 26, 2013), available at https://
oig.hhs.gov/fraud/docs/alertsandbulletins/2013/
POD_Special_Fraud_Alert.pdf.
E:\FR\FM\02DER3.SGM
02DER3
77718
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
that their participation in value-based
arrangements may further the purposes
of this final rulemaking. Except in the
case of compounding pharmacies, these
potential benefits outweigh our program
integrity concerns, which are adequately
addressed by the requirements of the
value-based safe harbors.
v. Entities With Multiple Business Lines
Comment: We received several
comments seeking guidance on how
entities with multiple business lines or
with multiple regulatory classifications
would be viewed for purposes of safe
harbor eligibility. Some commenters
requested clarification on how the
eligibility standards would be impacted
by corporate affiliations or shared
ownership. Another commenter noted
that some health systems are involved
in device and technology development.
Some questioned how OIG would
view an entity that operates both
eligible and ineligible business lines
through separate business units, with
certain commenters suggesting that it
would be impossible to distinguish
between types of entities because the
health care industry is not siloed in this
manner. Others asserted that the fact
that many companies have multiple
business lines is reason enough for OIG
not to make any types of business lines
ineligible to be VBE participants.
Another commenter requested that
clinical quality improvement and data
registries be eligible to be VBE
participants, regardless of their
ownership or other status.
Response: Under the final rule, the
question of whether a particular entity
is eligible to rely on a safe harbor, or
whether an entity fits the definition of
a limited technology participant, is
assessed at the corporate entity level by
considering the corporate entity’s
predominant or core line of business.
We did not propose, and we are not
finalizing, standards relating to common
ownership or corporate affiliation.
Corporate affiliation, whether by
majority ownership, common
ownership, or another structure, has no
bearing on eligibility.
For example, a pharmacy (other than
a compounding pharmacy as explained
in section III.2.e.ii.f) that is under
common ownership with a PBM would
be eligible to rely on the value-based
safe harbors, notwithstanding the fact
that the pharmacy is related to a PBM,
which is ineligible to rely on those safe
harbors. Likewise, within a health
system that is comprised of multiple
corporate entities, the fact that one or
more of those entities might engage in
activities that make it a manufacturer of
devices or medical supplies would not
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
impact the availability of the safe harbor
to other corporate entities in the health
system that do not engage in such
activities.
Where a single corporate entity
operates multiple business lines,
eligibility turns on the entity’s
predominant or core business. For
example, a pharmacy that is operated
within the same corporate entity as a
pharmaceutical manufacturer would not
be eligible to rely on these safe harbors
to the extent the corporate entity’s core
function is the manufacturing of
pharmaceuticals and the pharmacy
operation merely supports the
manufacturing line of business.
Similarly, where a single corporate
entity manufactures both
pharmaceuticals and medical devices,
the question of eligibility would focus
on which line of business is the
predominant or core line of business of
that corporate entity. For example, if a
corporation’s predominant function is
the manufacturing of devices (including,
for example, preparation, propagation,
assembly, and processing of devices)
and it also manufactures a
pharmaceutical product that is
incorporated into and integral to a
medical device (for example, a drugeluting medical device), the entity
would be treated as a manufacturer of
devices or medical supplies because
that remains its core business and
function. The question of whether a
quality improvement or data registry
will be eligible will similarly turn on
whether it is housed within a corporate
entity whose predominant function
places it on the carve-out list.
Large corporations that are organized
with multiple business lines within a
single corporate entity will need to
assess whether they have a predominant
or core business. We do not prescribe a
specific standard or test for assessing an
entity’s predominant or core business
function, and we expect that entities
may use a variety of different
methodologies, depending on their
circumstances. We would expect parties
to use a reasonable methodology, which
they may wish to document. For
example, share of revenues may be a
relevant metric for some entities, but for
others where one or more products are
still in development, revenues may not
be an appropriate metric. Entities
seeking safe harbor protection that are
uncertain as to whether they are eligible
to rely on the value-based safe harbors
for a particular arrangement may wish
to use the OIG advisory opinion process.
Parties seeking protection under the
safe harbors may first need to assess the
regulatory text for ineligible entities in
the specific safe harbor of interest. For
PO 00000
Frm 00036
Fmt 4701
Sfmt 4700
example, where an entity’s business
includes the sale or rental of DMEPOS
covered by a Federal health care
program, the question of eligibility is
addressed by the regulatory text, which
specifies that the ineligibility of
DMEPOS companies does not apply to
a pharmacy or a physician, provider, or
other entity that primarily furnishes
services. Thus, for example, a disease
management company that primarily
furnishes a suite of disease management
services (e.g., wellness coaching, patient
education, health technology tools to
promote medication adherence) and
also sells or rents DMEPOS in support
of these services would be eligible to
rely on the value-based safe harbors and
would not be subject to the constraints
imposed on limited technology
participants. Conversely, an entity that
sells or rents covered DMEPOS and does
not primarily furnish services would be
ineligible, except as a potential limited
technology participant under the care
coordination arrangements safe harbor.
We also note that, wholly apart from
any value-based arrangement, transfers
of remuneration from one entity to
another may implicate the Federal antikickback statute if those transfers of
remuneration are intended to induce or
reward referrals for items and services
covered by a Federal health care
program. This potential liability arises
even where the recipient subsequently
uses the remuneration in a manner that
is protected by a safe harbor. Thus, for
example, if an ineligible entity
transferred remuneration to a VBE
participant in order for the recipient
VBE participant to induce or reward
referrals back to the ineligible entity, the
initial transfer may result in liability
under the Federal anti-kickback statute,
even if the recipient VBE participant’s
subsequent transfer of the remuneration
to other VBE participants or to patients
is protected under a safe harbor.
Comment: Several commenters noted
that many providers, including
hospitals and health systems, often own
or operate pharmacies and questioned
how an exclusion of pharmacies would
apply to them.
Response: Other than pharmacies that
primarily compound drugs or primarily
dispense compounded drugs,
pharmacies are not subject to any
limitations or restrictions under this
final rule, and thus ownership or
operation of many pharmacies by
another provider would have no impact
on eligibility. Should a compounding
pharmacy exist within a health system
that is comprised of multiple corporate
entities, the fact that one of the entities
may be a pharmacy that primarily
compounds drugs or primarily
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
dispenses compounded drugs would not
impact the availability of the safe harbor
to other corporate entities in the health
system. Moreover, should a
compounding pharmacy exist within a
single entity that also furnishes other
services, such as health clinic that
furnishes physician services, the entity
would apply the multiple lines of
business test to determine whether or
not the entity would be characterized as
a compounding pharmacy.
Comment: Some commenters
described companies that are regulated
as both CLIA laboratories and
manufacturers of devices or medical
supplies because they perform their
own FDA-regulated in-vitro diagnostic
tests at their own CLIA-certified
laboratories and sought clarification
regarding how they would be viewed.
Response: We have replaced the term
‘‘clinical laboratory’’ with the term
‘‘laboratory company’’ in this final rule
to clarify the type of entities that we
intend to make ineligible to rely on the
value-based safe harbors. The term
‘‘laboratory company’’ refers to
independent companies that operate
clinical laboratories and bill for the
laboratory services they furnish through
their own billing numbers. Consistent
with the approach described above, the
entity would need to consider what its
predominant or core business function
is—manufacturing (e.g., preparation,
propagation, assembly, processing) a
medical device or furnishing laboratory
services. Without further details
regarding the commenters’ specific
business operations, we are unable to
provide a precise response here.
Comment: A commenter noted that a
pharmacy is included as a ‘‘laboratory’’
under CLIA. Other commenters noted
that pharmacies may be co-located with
health clinics or owned and operated by
other types of providers. The
commenters sought guidance on how
these relationships between entity types
would impact eligibility for protection
under the safe harbors.
Response: As discussed above, and
based upon the comments, we have
revised the terminology in this final rule
to refer to laboratory companies rather
than clinical laboratories, and we intend
for ‘‘laboratory companies’’ to mean
independent companies that operate
clinical laboratories and bill for the
laboratory services they furnish through
their own billing numbers. Consistent
with the approach set forth above,
because a pharmacy’s predominant or
core business function is to provide
pharmacy services, not laboratory
services, we would not consider the fact
that pharmacies are treated as
laboratories for other regulatory
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
purposes to impact their eligibility to
rely on the value-based safe harbors. As
noted previously, pharmacies that
primarily compound drugs or primarily
dispense compounded drugs would not
be eligible for safe harbor protection.
vi. New Safe Harbor Conditions
Comment: With respect to potential
additional safeguards for VBE
participants generally, commenters
suggested a wide range of options, some
of which we stated that we were
considering in the OIG Proposed Rule
(e.g., prohibitions on exclusivity,
required data reporting or monitoring).
Some commenters also recommended
that we implement these additional
safeguards for certain types of entities
(e.g., medical device manufacturers).
Response: Consistent with the
proposal within the OIG Proposed Rule,
we are adopting an additional safeguard
in the care coordination arrangements
safe harbor targeted to manufacturers of
devices and medical supplies and
DMEPOS companies that exchange
digital health technologies to mitigate
the increased risk of abuse presented by
allowing these entities to use this safe
harbor.
As discussed above, we have created
a new category of VBE participants,
‘‘limited technology participants,’’
which is comprised of manufacturers of
devices and medical supplies and
DMEPOS companies that exchange
digital health technology with another
VBE participant or the VBE. Consistent
with our proposal in the OIG Proposed
Rule, we are adopting a requirement in
the care coordination arrangements safe
harbor that the exchange of digital
health technologies by limited
technology participants may not be
conditioned on any recipient’s exclusive
use, or minimum purchase, of any item
or service manufactured, distributed, or
sold by the limited technology
participant. This additional safeguard
addresses the specific program integrity
concerns presented by manufacturers of
devices and medical supplies and
DMEPOS companies, which are heavily
dependent on practitioner referrals and
who might use value-based
arrangements to tether clinicians to their
products or to secure guaranteed referral
streams.
Comment: Some commenters
suggested that applying safeguards to
specific types of entities, and not others,
might deter those entities from
participating in value-based
arrangements.
Response: First, we note that we have
not imposed any additional conditions
on specific types of entities in the
substantial downside financial risk safe
PO 00000
Frm 00037
Fmt 4701
Sfmt 4700
77719
harbor or the full financial risk safe
harbor. Second, we do not concur with
the commenter’s assertion that the
limited technology participant pathway
will disincentivize participation in
value-based arrangements; this
framework allows manufacturers of
devices and medical supplies and
DMEPOS companies to participate in
value-based arrangements involving
digital health technology and benefit
from protection under the care
coordination arrangements safe harbor if
they satisfy all safe harbor conditions.
Comment: In response to our proposal
to include a safeguard that prohibits
exclusivity provisions, many
commenters expressed support for such
a safeguard. Others cautioned that
exclusivity provisions in contractual
arrangements can be appropriate in
certain situations, such as where
substantial financial investments are
required or where exclusivity is
consistent with intellectual property
rights and protections. Some
commenters encouraged us to
investigate the pros and cons of
prohibiting exclusivity provisions
before adopting this safeguard. At least
two commenters opposed any potential
prohibition of exclusivity requirements.
One commenter asserted that no
manufacturer has the capability or
resources to ensure that all of its valuebased arrangement offerings always
operate as a ‘‘plug and play,’’ always
interchangeable, product agnostic
system. Another commenter stated that
parties to value-based arrangements
should have flexibility to require use of
a medical device where clinical
evidence dictates that a particular
practice not currently in use would
vastly improve outcomes.
Response: We are adopting our
proposal to preclude protection for the
exchange of remuneration conditioned
on a recipient’s exclusive use, or
minimum purchase, of any item or
service manufactured, distributed, or
sold by a limited technology participant
in the care coordination arrangements
safe harbor. We are only applying this
condition to remuneration exchanged by
limited technology participants; it does
not apply to any other VBE participants.
We are only adopting this condition in
the care coordination arrangements safe
harbor, not the other value-based safe
harbors. We recognize that exclusivity
provisions may be appropriate business
terms in certain contexts. However,
precluding safe harbor protection for
arrangements that include exclusivity
provisions tied to products offered by
limited technology participants is an
important safeguard. This safeguard
mitigates risk that these entities, which
E:\FR\FM\02DER3.SGM
02DER3
77720
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
are heavily dependent on practitioner
referrals to sell their products, will
attempt to use the care coordination
arrangements safe harbor to protect
arrangements intended to generate
product sales or arrangements that lock
practitioners and patients into using
products that may not be in the patients’
best interests in the clinical judgment of
the practitioners.
The safe harbor requirement that
remuneration exchanged by limited
technology participants may not be
conditioned on any recipient’s exclusive
use or minimum purchase of the limited
technology participant’s products does
not prevent use of products based on
clinical best evidence. Nor does it
prevent requirements in value-based
arrangements that providers use
products based on clinical evidence
showing improved outcomes, when
those products are in a patient’s best
interests in the judgment of their
practitioners. Nor does the provision
require that all value-based
arrangements be product-agnostic or
that the digital technology provided
under such an arrangement be fully
interchangeable with other products.
The provision does mean that, where
remuneration is exchanged by a limited
technology participant, the VBE
participants will not be entitled to safe
harbor protection under the care
coordination arrangements safe harbor if
the limited technology participant
conditions the remuneration on the
exclusive use of its product or a
minimum purchase amount. This safe
harbor requirement does not apply to
remuneration exchanged by VBE
participants that are not limited
technology participants.
f. Value-Based Purpose
Summary of OIG Proposed Rule: We
proposed to define a ’’value-based
purpose’’ as: (i) Coordinating and
managing the care of a target patient
population; (ii) improving the quality of
care for a target patient population; (iii)
appropriately reducing the costs to, or
growth in expenditures of, payors
without reducing the quality of care for
a target patient population; or (iv)
transitioning from health care delivery
and payment mechanisms based on the
volume of items and services provided
to mechanisms based on the quality of
care and control of costs of care for a
target patient population.
Summary of Final Rule: We are
finalizing, without modification, our
definition of ‘‘value-based purpose.’’
Comment: While several commenters
expressed support for our proposed
definition of ‘‘value-based purpose’’ as
drafted, the majority of commenters
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
sought clarification on the term. For
example, commenters sought
clarification on how quality would be
defined and measured under the valuebased purpose and, more specifically,
whether certain measures would be seen
as reducing quality. Another commenter
requested that OIG address how parties
to a value-based arrangement would
need to document that the arrangement
met a value-based purpose. Other
commenters sought confirmation that
the definition of ‘‘value-based purpose’’
does not require parties to succeed in
achieving the applicable purpose.
Response: As a threshold matter, the
definition of ‘‘value-based purpose’’ was
crafted to provide parties with
flexibility to develop innovative care
arrangements and strategies specific to
the needs of their target patient
populations. We are not prescribing
how parties define and measure quality
to qualify for the definition or how
parties document the ways in which
they intend to achieve the VBE’s valuebased purpose(s). Whether certain
measures reduce quality is a factspecific inquiry. Further, neither the
definition of ‘‘value-based purpose’’ nor
the value-based safe harbors requires
parties to achieve the VBE’s value-based
purpose(s); rather, the definition of
‘‘value-based purpose’’ should be read
in conjunction with the definition of
‘‘value-based activity,’’ which requires
value-based activities to be reasonably
designed to achieve the VBE’s valuebased purpose(s). Documentation
requirements are specified in individual
safe harbors.
Comment: Multiple commenters
requested further guidance on the fourth
value-based purpose of transitioning
from health care delivery and payment
mechanisms based on the volume of
items and services provided to
mechanisms based on the quality of care
and control of costs of care for a target
patient population.
Response: We are finalizing the fourth
value-based purpose in recognition that
parties transitioning to value-based care
may need to provide infrastructure and
perform other activities necessary to
transition to the assumption of
downside financial risk. For example, as
discussed in section III.B.5 below,
parties to value-based arrangements that
meet the requirements of the full
financial risk safe harbor may exchange
remuneration during a twelve-month
phase-in period, where the VBE is
contractually obligated to assume full
financial risk in the next 12 months but
has not yet assumed such risk. During
this phase-in period, the parties may
have, as a value-based purpose, the
purpose of transitioning from health
PO 00000
Frm 00038
Fmt 4701
Sfmt 4700
care delivery and payment mechanisms
based on the volume of items and
services provided to mechanisms based
on the quality of care and control of
costs of care for a target patient
population, and the parties may
exchange, among other things,
remuneration necessary to enable the
VBE to transition to the assumption of
full financial risk.
Comment: Other commenters
advocated for revisions to the definition
of ‘‘value-based purpose.’’ These
comments generally focused on two
issues related to the value-based
purpose of appropriately reducing the
costs to, or growth in expenditures of,
payors without reducing the quality of
care for a target patient population:
Whether the definition of ‘‘value-based
purpose’’ should protect: (i) Costreduction efforts more broadly, rather
than only to the benefit of payors; and
(ii) cost-reduction efforts only when
paired with improved quality or
maintenance of already-improved
quality of care.
With respect to the first issue,
commenters generally were in favor of
expanding the third purpose to cover all
cost-reduction efforts, not just those that
benefit payors. At least two commenters
asserted that this expansion would be
necessary to protect gainsharing
arrangements.
Commenters’ opinions varied on the
second issue, related to our proposal
that reducing costs to, or the growth in
expenditures of, payors must be
accomplished without reducing the
quality of care for the target patient
population, with some expressing
support and others opposition. Many
commenters opined on our alternative
proposal to include the reduction of
costs to, or growth in expenditures of,
payors in the definition of ‘‘value-based
purpose’’ only where there is also an
improvement in patient quality of care
or the parties are maintaining an
improved level of care. On the one
hand, certain commenters believed this
alternative standard would be overly
prescriptive and difficult to measure;
others expressed support, with one
stating that a reduction in costs alone is
not true value and that the improvement
of care should be the first priority.
Response: We are finalizing this
portion of the definition, as proposed. A
goal of this rulemaking is to support
quality improvements and cost
efficiencies achieved through better care
coordination that benefit patients and
the health care delivery system. In our
view, arrangements that do not result in
a reduction in costs to, or growth in
expenditures of, payors—such as
reductions in surgical suite costs for a
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
hospital—do not further this goal
sufficiently to warrant protection under
the third value-based purpose
definition. The definition of ‘‘valuebased purpose’’ that we are finalizing is
not intended to foreclose internal-cost
savings arrangements, such as
gainsharing, in their entirety; however,
parties must consider whether such
arrangements would further other
purposes in the ‘‘value-based purpose’’
definition and the conditions of the
applicable value-based safe harbor. We
also do not believe a higher standard of
improving or maintaining already
improved quality of care is necessary.
We are persuaded that preventing
reductions in quality of care, paired
with the safeguards in each of the valuebased safe harbors, provides both
flexibility and sufficient protection
against the potential for patient harm.
Comment: A commenter asserted that
VBEs should have at least one valuebased purpose related to patient care
improvement and expressed concern
that allowing VBEs to focus solely on
cost reduction would compromise
patient care and have a disproportionate
impact on patients with rare conditions.
Response: While a VBE or value-based
arrangement may, but is not required to,
have as a value-based purpose
improving the quality of care for a target
patient population, none of the valuebased purposes protect value-based
arrangements that compromise patient
quality of care. Of the two value-based
purposes that incorporate cost control or
cost reduction concepts, one requires
the appropriate reduction in costs to, or
growth in expenditures of, payors
without reducing the quality of care for
a target patient population; the other
requires the transition of health care
delivery and payment mechanisms
based on the volume of items and
services provided to mechanisms based
on the quality of care and control of
costs of care to payors for a target
patient population. Both of these valuebased purposes emphasize the
importance of ensuring patient quality
of care.
We further highlight that each of the
value-based safe harbors includes a
safeguard precluding safe harbor
protection for value-based arrangements
that stint on medically necessary patient
care; this safeguard provides that the
value-based arrangement may not
induce parties to furnish medically
unnecessary items or services or reduce
or limit medically necessary items or
services furnished to any patient.
Comment: A commenter expressed
concern that the ‘‘value-based purpose’’
definition may lead to patient harm,
fails to protect adequately against
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
abusive cycling of patients for financial
gain, and potentially impinges on the
professional judgment of health care
professionals.
Response: We share the commenter’s
concerns about patient harm, abusive
cycling of patients for financial gain and
compromised professional judgment.
We have addressed these concerns
through various safeguards and
requirements of the value-based safe
harbors and the patient engagement and
support safe harbor. We note that
compliance with the value-based
purpose definition does not necessarily
qualify parties or arrangements for safe
harbor protection.
g. Coordination and Management of
Care
Summary of OIG Proposed Rule: We
proposed to define ‘‘coordination and
management of care,’’ the first of the
four value-based purposes, as the
deliberate organization of patient care
activities and sharing of information
between two or more VBE participants
or VBE participants and patients,
tailored to improving the health
outcomes of the target patient
population, in order to achieve safer and
more effective care for the target patient
population. In defining this term, we
sought to distinguish between referral
arrangements, which would not be
protected, and legitimate care
coordination arrangements, which
naturally involve referrals across
provider settings but also include
beneficial activities beyond the mere
referral of a patient or ordering of an
item or service. We expressed particular
concern about distinguishing between
coordinating and managing patient care
transitions for the purpose of improving
the quality of patient care or
appropriately reducing costs, on one
hand, and churning patients through
care settings to capitalize on a
reimbursement scheme or otherwise
generate revenue. We proposed in
preamble that we would not consider
the provision of billing or
administrative services to be the
coordination and management of patient
care.
Summary of Final Rule: We are
finalizing, with modifications, the
definition of ‘‘care coordination and
management.’’ First, we have revised
the definition to clarify that the
deliberate organization of patient care
activities and sharing of information
must occur between two or more VBE
participants, one or more VBE
participants and the VBE, or one or
more VBE participants and patients.
Second, in response to comments, we
have revised the description of the
PO 00000
Frm 00039
Fmt 4701
Sfmt 4700
77721
required goals to state that the parties’
efforts (i.e., the deliberate organization
of patient care activities and sharing of
information) must be designed to
achieve safer, more effective, or more
efficient care to improve the health
outcomes of the target patient
population. These two changes clarify
the regulatory language with respect to
the parties that engage in the care
coordination and management to
include the VBE itself, which can be
party to a value-based arrangement, and
make clear that efforts to improve
efficiency can be part of coordination
and management of care. Third, also in
response to comments, we have revised
the definition to clarify that the term
does not require achievement of the
stated goals, but rather that the efforts
must be designed to achieve such goals.
Comment: Commenters on this topic
varied in their responses to our
proposed definition of ‘‘coordinating
and managing care.’’ While we received
some comments expressing support,
others asserted that the definition was
superfluous. A commenter highlighted
that existing CMS programs already rely
on similar terminology and encouraged
OIG to align its definition.
Response: For the reasons stated in
the OIG Proposed Rule, we are
finalizing a definition of ‘‘coordination
and management of care.’’ Among other
things, this definition helps ensure that
protected arrangements serve patients
and the goals of coordinated care.
Further, given the importance of this
value-based purpose in the safe harbors,
the definition provides a standard
against which safe harbor compliance
can be measured. This is intended to
help providers seeking to comply with
the safe harbors. As noted in the OIG
Proposed Rule, we considered other
agency definitions in crafting ours.27
Although other laws and regulations,
including the physician self-referral law
and associated regulations, may utilize
the same or similar terminology, the
definition and interpretations we are
adopting in this rule would not affect
CMS’s (or any other governmental
agency’s) interpretation or ability to
interpret such term.
Comment: At least two commenters
opposed our proposed definition
because they believe it would require
27 84 FR 55707 (Oct. 17, 2019). For example, the
Agency for Healthcare Research and Quality
explains that ‘‘[c]are coordination is identified by
the Institute of Medicine as a key strategy that has
the potential to improve the effectiveness, safety,
and efficiency of the American health care system.
Well-designed, targeted care coordination that is
delivered to the right people can improve outcomes
for everyone: patients, providers, and payers.’’
https://www.ahrq.gov/ncepcr/care/
coordination.html.
E:\FR\FM\02DER3.SGM
02DER3
77722
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
constant achievement. As an alternative,
these commenters proposed revising the
definition of ‘‘coordination and
management of care’’ from the
deliberate organization of patient care
activities and sharing of information in
order to improve health outcomes, to
the deliberate organization of patient
care activities and sharing of
information in an attempt to improve
health outcomes.
Response: We thank commenters for
highlighting this issue. It was not our
intent for the definition of
‘‘coordination and management of care’’
to require constant achievement of
improved health outcomes. To address
the issue raised by the commenters and
reduce the potential for confusion, we
have revised the definition to clarify
that the organization of patient care
activities and the sharing of information
must be designed to achieve safer, more
effective, or more efficient care to
improve the health outcomes of the
target patient population. Actual
achievement of safer, more effective, or
more efficient care that improves health
outcomes is not required. However, the
parties must ensure that their efforts
(i.e., deliberate organization of patient
care activities and sharing of
information) are designed to achieve
these goals.
Comment: Several commenters
questioned whether: (i) Patient
monitoring, patient diagnostic activities,
patient treatment, and communication
related to such patient activities; or (ii)
predictive analytics, would constitute
the coordination and management of
care.
Response: Depending on the facts and
circumstances, each of the actions listed
above could qualify as the coordination
and management of care. We intend for
the coordination and management of
care to require beneficial activities
beyond the mere referral of a patient or
ordering of an item or service.
Coordination and management of care
requires some additional, deliberate
effort and sharing of information, across
two or more parties, that is designed to
augment care delivery to achieve safer,
more effective, or more efficient care to
improve health outcomes.28 For
example, the ordering of a diagnostic
test, such as an imaging study, by a
28 See, e.g., NEJM Catalyst, What is Care
Coordination? (Jan. 1, 2018), https://
catalyst.nejm,org/what-is-care-coordination/
(providing examples and noting that ‘‘[c]are
coordination synchronizes the delivery of a
patient’s health care from multiple providers and
specialists. The goals of coordinated care are to
improve health outcomes by ensuring that care from
disparate providers is not delivered in silos, and to
help reduce health care costs by eliminating
redundant tests and procedures.’’).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
provider and the sharing of the test
results back to the ordering provider
would not, without additional beneficial
activities, constitute the coordination
and management of care under the
finalized definition. If, however, the
ordering of the imaging study and the
sharing of results was part of a more
deliberate, organized effort between or
among the parties to achieve safer and
more effective care and improve health
outcomes, such as by implementing
protocols to reduce the number of
redundant tests or ensuring that test
results are readily shared with and
available to the patient and all members
of the patient’s caregiver team and used
to inform care decisions, then the
arrangement may constitute
coordination and management of care.
We also emphasize that the definition
requires not only the deliberate
organization of patient care activities,
but also the sharing of information
between (or among) the parties who are
coordinating and managing care. This
information sharing must be part of a
design to achieve safer, more effective,
or more efficient care to improve the
health outcomes of the target patient
population.
Our final rule endeavors to
encompass a wide range of beneficial
care coordination activities, with
limitations. As described in the OIG
Proposed Rule, coordination might
occur between hospitals and post-acute
care providers, specialists and primary
care providers, or hospitals and
physician practices and patients. It
could involve using care managers,
providing care or medication
management, creating a patient-centered
medical home, helping with effective
transitions of care, sharing and using
health data to improve outcomes, or
sharing accountability for the care of a
patient across the continuum of care.
These arrangements often naturally
involve referrals across provider settings
but include beneficial activities beyond
the mere referral of a patient or ordering
of an item or service. We see a clear
distinction between coordinating and
managing patient care transitions for the
purpose of improving the quality of care
or improving efficiencies, which would
fit in the definition, and churning
patients through care settings to
capitalize on a reimbursement scheme
or otherwise generate revenue, which
would not fit in the definition. The OIG
Proposed Rule cites a relevant example
of cycling patients through skilled
nursing facilities (SNFs) to maximize
revenue as the kind of arrangement we
do not intend to fit in the definition or
PO 00000
Frm 00040
Fmt 4701
Sfmt 4700
receive protection under any safe
harbor.
Comment: In response to OIG’s
solicitation of comments on the
intersection of coordination and
management of care and cybersecurity,
a commenter stated that cybersecurity
items or services should meet the
definition of ‘‘coordination and
management of care.’’ According to the
commenter, cybersecurity items or
services may be needed to share
information between or among VBE
participants, and the commenter
expressed concern that parties would
overlook opportunities to work with
small practices that cannot afford proper
cybersecurity tools.
Response: We appreciate the
commenters’ input; however, we
respectfully disagree with their
recommendation. As a general matter,
the use or sharing of cybersecurity items
and services alone would not meet the
definition of ‘‘coordination and
management of care.’’ Having reviewed
the comments and upon further
consideration of the issue, we view the
use or sharing of such items and
services to be focused on ensuring the
security of patient care items and
related information exchange, rather
than the deliberate organization of
patient care activities and sharing of
information, as required by the
definition of ‘‘coordination and
management of care.’’ That being said,
an arrangement involving the exchange
of health information technology that
incorporates cybersecurity items and
services could meet the definition of
‘‘coordination and management of
care.’’ For example, where a VBE
participant provides data analytics
software to another VBE participant to
facilitate the VBE participants’
coordination and management of care,
security features to control access to
data included within that software
would not preclude the data analytics
software from meeting the definition of
‘‘coordination and management of
care.’’ However, we note that meeting
the definition of ‘‘coordination and
management of care’’ does not, de facto,
afford safe harbor protection; for safe
harbor protection, the remuneration
exchanged must squarely satisfy all safe
harbor conditions.
The use or sharing of cybersecurity
items and services alone may meet other
value-based purposes, and such
remuneration may be eligible for
protection under the substantial
downside financial risk safe harbor
(paragraph 1001.952(ff)) or full financial
risk safe harbor (paragraph
1001.952(gg)). The cybersecurity
technology and related services safe
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
harbor, paragraph 1001.952(jj), also is
available to protect the exchange of
cybersecurity items and services,
provided all safe harbor requirements
are met.
Comment: In lieu of making the
coordination and management of patient
care a requirement specific to the valuebased safe harbors and arrangements for
patient engagement and support safe
harbor, a commenter requested that OIG
revise the definition of ‘‘value-based
purpose’’ to reflect that one of the valuebased purposes must be the
coordination and management of patient
care.
Response: We appreciate the
commenter’s input; however, we
decline to adopt the commenter’s
suggestion for two reasons. First, the
current structure facilitates alignment
between OIG’s and CMS’s value-based
terminology to ease burden on providers
and others working to comply with both
sets of rules. In addition, as finalized,
the substantial downside financial risk
and full financial risk safe harbors
already provide parties with additional
flexibility to identify value-based
purposes other than the coordination
and management of care, in defined
circumstances.
Comment: A commenter requested
clarification as to the types of activities
that constitute the provision of billing or
administrative services. This commenter
asserted certain administrative services,
such as the more effective management
of patient records, could improve the
coordination and management of patient
care and should be not be excluded
from the definition of ‘‘value-based
purpose.’’
Response: Administrative services,
depending on the facts and
circumstances, may meet the definition
of ‘‘coordination and management of
care.’’ We are clarifying our statement in
the OIG Proposed Rule that we would
not consider the provision of billing or
administrative services to be the
management of patient care 29 to make
clear that we view any billing or
financial management services
arrangement that is characterized as
facilitating the coordination and
management of patient care to be
outside the scope of this definition for
purposes of this rule. By financial
management services, we mean services
such as bookkeeping operations,
contract management, revenue cycle
management, or other similar activities.
These activities might complement the
organization of patient care activities,
but they are not the type of care
coordination activities contemplated in
29 84
FR 55707 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
our proposed rule or covered by the
final definition.
We also are mindful that, in certain
situations, the remuneration exchanged
by the parties might incidentally assist
the recipient with performing certain of
these administrative functions.
However, we believe that any benefit
that the remuneration has on the
administrative activities of the recipient
should be incidental, at most. This
approach helps ensure that value-based
arrangements eligible for safe harbor
protection focus on the delivery of care
to patients. Arrangements that focus on
billing and financial management
services arrangements may be structured
to fit in another safe harbor, such as the
safe harbor for personal services and
management contracts, which includes
protections such as a fair market value
requirement. The value-based safe
harbors are not intended to protect
billing and financial management
services arrangements, even those that
might help support care coordination
and management, that are not fair
market value under the guise of a valuebased arrangement.
We address this issue through a new
provision in the care coordination
arrangements safe harbor at paragraph
1001.952(ee)(1)(iii)(A), which provides
that the remuneration exchanged
pursuant to a value-based arrangement
may not be exchanged or used more
than incidentally by the recipient for the
recipient’s billing or financial
management services. We are not
adopting parallel provisions in the
substantial downside financial risk or
full financial risk safe harbors because
there are circumstances in which billing
and financial management services
could be included in the remuneration
that is protected by those safe harbors.
For this same reason, we are not
incorporating this limitation into the
definition of coordination and
management of care, which applies
across all of the value-based safe
harbors.
Comment: A commenter suggested
that we revise this term to require the
‘‘coordination or management of care’’
instead of the ‘‘coordination and
management of care.’’
Response: We appreciate the
commenter’s input; however, we are not
adopting the commenter’s suggestion.
The coordination and management of
care reflects an integrated set of
activities for patients, as set out in the
definition we are finalizing in this rule.
We are concerned that management
activities, standing alone, would not be
appropriately patient-focused to achieve
the intent of the value-based safe
harbors.
PO 00000
Frm 00041
Fmt 4701
Sfmt 4700
77723
Comment: A commenter appeared to
request that OIG revise its definition of
‘‘coordination and management of care’’
to provide that the deliberate
organization of patient care activities
and sharing of information may be
between VBE participants and patients’
family members or caregivers, in
addition to those activities being
conducted between VBE participants
and patients.
Response: We would consider the
deliberate organization of patient care
activities and sharing of information
between VBE participants and patients’
family members or others acting on the
patients’ behalf to meet the definition of
‘‘coordination and management of
care.’’ This may include, for example,
intervening caregivers, and family
members, such as for patients who are
children. We note that an arrangement
that is solely between a VBE participant
and a patient might constitute the
coordination and management of care,
but it would not fit in the value-based
safe harbors because those safe harbors
do not protect the exchange of
remuneration with patients. Other safe
harbors may protect the exchange of
remuneration with patients, including
the patient engagement and support safe
harbor at paragraph 1001.952(hh).
Arrangements between VBEs and one or
more of their VBE participants or
between or among VBE participants that
engage patients in efforts to coordinate
and manage care could qualify under
the value-based safe harbors with
respect to remuneration flowing
between a VBE and VBE participant or
between VBE participants if all safe
harbor conditions are met. For purposes
of the care coordination arrangements
safe harbor, parties exchanging
remuneration pursuant to the valuebased arrangement would need to be
part of the coordination and
management of care of the target patient
population in some fashion, although
levels of involvement in care
coordination may differ among VBE
participants, depending on the scope
and nature of the arrangement.
3. Care Coordination Arrangements To
Improve Quality, Health Outcomes, and
Efficiency Safe Harbor (42 CFR
1001.952(ee))
a. General Comments
Summary of OIG Proposed Rule: We
proposed a new safe harbor at proposed
paragraph 1001.952(ee) to protect inkind remuneration exchanged between
qualifying VBE participants with valuebased arrangements that squarely satisfy
all of the proposed safe harbor’s
requirements. We developed this safe
E:\FR\FM\02DER3.SGM
02DER3
77724
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
harbor to facilitate value-based care and
improved care coordination for patients
by providers and others that may be
assuming no or less than substantial
downside financial risk.
Proposed conditions included
commercial reasonableness (proposed
paragraph 1001.952(ee)(2)), written
documentation (proposed paragraph
1001.952(ee)(3)), record retention
(proposed paragraph 1001.952(ee)(11)),
and establishment and monitoring of
outcomes measures (proposed
paragraph 1001.952(ee)(1)). We
proposed that protected remuneration
would be used primarily to engage in
value-based activities that are directly
connected to the coordination and
management of patient care for the
target patient population (proposed
paragraph 1001.952(ee)(4)(ii)). We
further proposed that arrangements
could not induce VBE participants to
furnish medically unnecessary care or
reduce or limit medically necessary care
(proposed paragraph
1001.952(ee)(4)(iii)); could not be
funded by outside sources (proposed
paragraph 1001.952(ee)(4)(iv)); could
not limit medical decision-making or
patient freedom of choice (proposed
paragraphs 1001.952(ee)(7)(ii)–(iii));
could not take into account the volume
or value of business outside the valuebased arrangement (proposed paragraph
1001.952(ee)(5)); and could not include
marketing of items or services to
patients or patient recruitment activities
(proposed paragraph
1001.952(ee)(7)(iv)). We proposed a
requirement that the recipient of the
remuneration would pay at least 15
percent of the offeror’s cost of the
remuneration (proposed paragraph
1001.952(ee)(6)). We also proposed a
requirement that arrangements be
terminated within 60 days if the VBE’s
accountable body or person determined
that the arrangements were unlikely to
further coordination and management of
care, were not achieving the value-based
purpose or were resulted in material
deficiencies in quality of care (proposed
paragraph 1001.952(ee)(9)). In addition,
we proposed that an exchange of
remuneration would not be protected
under the care coordination
arrangements safe harbor if the offeror
knows or should know that the
remuneration is likely to be diverted,
resold, or used by the recipient for an
unlawful purpose (proposed paragraph
1001.952(ee)(10)). These conditions
were proposed to minimize risks of
traditional fee-for-service fraud and
abuse and pay-for-referral schemes,
particularly in arrangements where the
parties are not assuming downside risk.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Summary of Final Rule: We are
finalizing, with modifications, this safe
harbor. The safe harbor continues to
protect in-kind remuneration exchanged
between a VBE and VBE participant or
between VBE participants pursuant to a
value-based arrangement that squarely
satisfies all of the proposed safe harbor’s
requirements. We have modified and
clarified many of the safe harbor
requirements in response to public
comments, as described below. The safe
harbor includes conditions related to
commercial reasonableness, outcomes
measures, written documentation,
record retention, monitoring,
termination, marketing and patient
recruitment, and diversion and reselling
of remuneration. The safe harbor
requires that protected remuneration be
used predominately to engage in valuebased activities that are directly
connected to the coordination and
management of care for the target
patient population. Protected
arrangements cannot induce VBE
participants to furnish medically
unnecessary care or reduce or limit
medically necessary care; cannot limit
medical decision-making or patient
freedom of choice; and cannot take into
account the volume or value of business
outside the value-based arrangement.
Under the final rule, all recipients must
pay 15 percent of the offeror’s cost or 15
percent of the fair market value of the
remuneration. We are not finalizing the
proposed condition related to outside
funding of the remuneration.
As detailed in section III.B.2.e and
III.B.2.g of this preamble relating to the
VBE participant definition, we are
carving out patients and certain entities
from the safe harbor; those entities are
listed at paragraph 1001.952(ee)(13). We
are finalizing a limited pathway for safe
harbor protection in the care
coordination arrangements safe harbor
for manufacturers of devices and
medical supplies and DMEPOS
companies participating in digital
health technology arrangements at
paragraph 1001.952(ee)(13). As
discussed in section III.B.2.e.vi of this
preamble, we are finalizing a condition
in the care coordination arrangements
safe harbor that restricts those entities
from conditioning the exchange of
remuneration on any recipient’s
exclusive use, or minimum purchase, of
any item or service manufactured,
distributed, or sold by those entities.
This safe harbor protects in-kind
remuneration only. Some monetary
compensation associated with care
coordination or value-based activities
may be protected under other safe
harbors, such as the other value-based
safe harbors or the safe harbor for
PO 00000
Frm 00042
Fmt 4701
Sfmt 4700
personal services and management
contracts and outcomes-based payments
at paragraph 1001.952(d).
Comment: Many commenters
expressed support for the care
coordination arrangements safe harbor
and the existence of a value-based safe
harbor that did not mandate the
assumption of downside financial risk.
These commenters stated the safe harbor
would facilitate innovative
arrangements to improve care
coordination and facilitate community
partnerships. Other commenters, while
generally supportive of the safe harbor,
asserted that it included too many
burdensome, complex, and subjective
conditions; these commenters urged
OIG to reduce the number of
requirements in the safe harbor.
Conversely, some commenters opposed
the safe harbor, with their concerns
largely falling into two categories: (i)
The potential for fraud and abuse
because the safe harbor does not require
the parties to assume downside risk or
that there are not strong enough
program integrity guardrails; and (ii)
negative effects on competition, i.e.,
unduly benefiting larger providers.
Response: We thank commenters for
their feedback. The safe harbor is
intended to protect arrangements by
parties who are transitioning to higher
levels of risk or who are engaging in
care coordination that improves quality
and efficiency, without assuming risk.
We agree with commenters that there
could be increased risk of fraudulent or
abusive behavior (e.g., overutilization)
where providers who order items or
services are not at substantial downside
financial risk. We structured the care
coordination arrangements safe harbor
to reflect and mitigate that increased
risk. The safe harbor includes
requirements tailored to ensure that
arrangements protected by the safe
harbor—which could apply to
remuneration exchanged between
parties who refer Federal health care
program business to each other and
where both parties are paid by Federal
health care programs on a fee-for-service
basis—do not result in the traditional
FFS fraud and abuse risks. As described
in the OIG Proposed Rule, traditional
FFS fraud and abuse risks include
inappropriately increased costs to the
Federal health care programs or
patients, corruption of practitioners’
medical judgment, overutilization,
inappropriate patient steering, unfair
competition, or poor-quality care.30
We aimed to finalize a safe harbor that
is not administratively burdensome,
overly complex, or subjective, but we
30 84
E:\FR\FM\02DER3.SGM
FR 55696 (Oct. 17, 2019).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
acknowledge that parties must satisfy a
number of criteria to receive safe harbor
protection and that some parties may
find the safe harbor administratively
burdensome, overly complex, and
subjective with respect to their
particular arrangements. However, we
believe that these conditions, taken
together, ensure the safe harbor protects
legitimate value-based arrangements,
fosters improved care coordination,
allows for innovation, adequately
addresses the traditional FFS risks
described above, and limits potentially
problematic referral schemes. We
acknowledge that larger entities may be
better positioned to afford some types of
investments required by value-based
activities, but we have intentionally
crafted this safe harbor for a wide range
of care coordination arrangements,
including arrangements between small
entities, providers serving rural and
underserved communities, or both, that
might not require substantial
investment. As we describe elsewhere,
many of the conditions are flexible (i.e.,
not one-size-fits-all) and can be satisfied
in ways that take into account the size
of, and resources available to, VBE
participants.
Comment: A commenter proposed
that, in lieu of the care coordination
arrangements safe harbor, OIG
enumerate acceptable value-based
arrangements that are of minimal
monetary value to the referral source.
Response: We did not propose to
adopt a list of acceptable value-based
arrangements of minimal monetary
value in lieu of the care coordination
arrangements safe harbor, and we are
not adopting any such list as part of this
final rule.
Comment: A primary care provider
requested that we address whether or
not it would be permissible to waive
cost-sharing amounts for select services
under the care coordination
arrangements safe harbor.
Response: As a threshold matter,
whether cost-sharing is owed for a
particular service covered by Medicare
or Medicaid is programmatic policy
under the auspices of CMS and state
Medicaid programs. If cost-sharing is
owed by the beneficiary under the
applicable programmatic rules and a
provider or supplier waives any such
obligations, then a question arises about
whether any benefit stemming from the
waiver of the beneficiary’s cost-sharing
obligations implicates the Federal antikickback statute or the Beneficiary
Inducements CMP.
Cost-sharing waivers furnished to
patients would not qualify for
protection under the care coordination
arrangements safe harbor. First, cost-
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
sharing waivers are not in-kind
remuneration, and the care coordination
arrangements safe harbor is limited to
exchanges of in-kind remuneration.
Second, as explained further in section
III.2.e.i of this preamble, the context and
framework of the value-based provisions
in the OIG Proposed Rule made clear
that we did not intend patients to be
VBE participants who could engage in
value-based arrangements under the
value-based safe harbors. We are
finalizing, as proposed, that the care
coordination arrangements safe harbor
is available to protect only the exchange
of in-kind remuneration between parties
to a value-based arrangement, not
remuneration exchanged with patients.
In response to comments and for clarity,
we have: (i) Revised the definition of
‘‘VBE participant’’ to expressly exclude
patients; and (ii) revised the
introductory language of the paragraph
to expressly limit protection to
exchanges of remuneration between a
VBE and VBE participant or between
VBE participants.
In some cases, other existing
protections may be available for some
cost-sharing waivers, including costsharing waivers by certain entities that
are not offered as part of any
advertisement or solicitation; are not
routine; and are made following an
individual determination of financial
need.31
Comment: A hospital association
requested that the care coordination
arrangements safe harbor include a 12month preparation period that would be
analogous to the ’’phase-in’’ periods in
the substantial downside financial risk
and full financial risk safe harbors.
Similarly, at least two commenters
requested that OIG protect initial
investments in value-based
arrangements or activities by parties
exploring the creation of a VBE, with a
commenter requesting that OIG protect
such remuneration prior to any terms
being set forth in a written agreement.
Response: We are not adopting the
suggestion for a preparation or ‘‘phasein’’ period for the care coordination
arrangements safe harbor. There may be
practical or operational reasons for
parties to engage in financial
arrangements or make ‘‘phase-in’’
investments as they explore creating a
VBE or before committing to a particular
value-based arrangement with partners.
On balance, however, these
considerations do not outweigh the
31 See, e.g., 42 U.S.C. 1320a–7b(b)(3)(D), (G); 42
CFR 1001.952(k); OIG, Special Fraud Alert: Routine
Wavier of Copayments or Deductible Under
Medicare Part B, 59 FR 65372, 65377 (Dec. 19,
1994), available at https://oig.hhs.gov/fraud/docs/
alertsandbulletins/121994.html.
PO 00000
Frm 00043
Fmt 4701
Sfmt 4700
77725
heightened risk of fraud or abuse during
a ‘‘phase-in’’ period in advance of the
commencement of a value-based
arrangement, particularly in situations
where parties have not yet created a
VBE with its attendant accountability
and transparency protections. Moreover,
it is OIG’s belief that the need for a
‘‘phase-in’’ period is lower in the
context of this safe harbor compared to
the risk-based safe harbors because this
safe harbor is limited to in-kind
remuneration and does not require the
assumption of risk. We allow for a
preparation or ‘‘phase-in’’ period in the
two risk-based safe harbors because we
recognize that parties to a value-based
arrangement may need to exchange
remuneration during a period of time
before the VBE formally takes on
downside financial risk in order to
prepare the VBE and the VBE
participants for that assumption of risk.
The same context does not exist for the
care coordination arrangements safe
harbor because it does not require the
assumption of risk. We note, however,
that parties may be able to structure
some preparatory arrangements to fit in
this safe harbor, provided that a proper
VBE and value-based arrangement have
been established and all other safe
harbor requirements are met, including
the requirement that any exchange of
remuneration be used predominantly to
engage in value-based activities. Parties
may also look to other potentially
available safe harbors for preparatory
arrangements.
Comment: Multiple commenters
requested clarification on, and examples
regarding, the types of entities and
activities that could qualify for
protection under the care coordination
arrangements safe harbor. For example,
a commenter requested that OIG
expressly protect income guarantees for
physicians transitioning from traditional
compensation schemes to value-based
models.
Response: With respect to the
question regarding income guarantees,
income guarantees are not in-kind
remuneration and would therefore not
qualify for protection under the care
coordination arrangements safe harbor.
While neither exhaustive nor
sufficiently detailed to allow for a
comprehensive analysis of the
arrangement under the Federal antikickback statute and the care
coordination arrangements safe harbor,
we provide the following high-level
examples to illustrate arrangements that
could be structured to satisfy the
conditions of the care coordination
arrangements safe harbor.
First, to coordinate care and better
manage the care of their shared patients,
E:\FR\FM\02DER3.SGM
02DER3
77726
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
a specialty physician practice may wish
to provide data analytics items (e.g.,
software designed to present certain
data) and services (e.g., conducting data
analysis) to the primary care physician
practice with which it works closely
and from which it receives referrals for
consultations and federally
reimbursable items and services. The
data analytics items and services could,
for example, identify practice patterns
that deviate from evidence-based
protocols or confirm whether followup
care recommended by the specialty
physician practice is being sought by
patients or furnished by the primary
care physician group. This provision of
data analytics items and services could
be structured to satisfy the care
coordination arrangements safe harbor.
Second, hospitals and physicians
could work together in new ways to
coordinate and manage care for patients
being discharged from the hospital. The
hospital might provide a physician
group with care managers (who identify
the physician group’s high-risk patients
and help manage patients’ care
transitions, medications, and homebased care) to ensure patients receive
appropriate followup care postdischarge; data analytics systems to help
the group’s physicians ensure that their
patients are achieving better health
outcomes; and remote monitoring
technology to alert the group’s
physicians when a patient needs a
health care intervention to prevent
unnecessary emergency room visits and
readmissions.
Third, a medical technology company
could partner with physician practices,
to better coordinate and manage care for
patients discharged from a hospital with
digitally-equipped devices that collect
and transmit data to the physicians to
help monitor the patients’ recovery and
flag the need to intervene in real time
(e.g., a device that monitors range of
motion that could inform what an
appropriate physical therapy
intervention may be). The technology
company could provide the physician
group with necessary digital health
technology that improves the physician
group’s ability to observe recovery and
intervene, as necessary.
We remind parties seeking to
structure an arrangement to satisfy the
care coordination arrangements safe
harbor that compliance with the safe
harbor requires a fact-specific
assessment. In addition, we remind
stakeholders that the advisory opinion
process remains available for parties
seeking to determine whether a
particular arrangement satisfies the care
coordination arrangements safe harbor
or for parties that would like to request
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
prospective protection for an
arrangement that does not squarely
satisfy the terms of the safe harbor.
Comment: A commenter appeared to
believe that the statement in the OIG
Proposed Rule that ‘‘each offer of
remuneration must be analyzed
separately for compliance with the safe
harbor’’ 32 requires each value-based
arrangement to be reviewed by the
Department, with the potential for the
Department to deny safe harbor
protection for any proposal.
Response: If there are multiple
streams of remuneration flowing under
a single value-based arrangement, the
parties would need to evaluate each
such stream separately to assess
compliance with the safe harbor (or, as
appropriate, other available safe
harbors). In the context of an
enforcement action, the government
would likewise analyze each such
stream separately, and consider the
totality of the arrangement, to assess
potential liability under the Federal
anti-kickback statute. The care
coordination arrangements safe harbor
does not require, nor do any of our other
value-based safe harbors require, the
submission of the value-based
arrangement to the Department for
review.
Comment: Many commenters urged
OIG to align the care coordination
arrangements safe harbor with CMS’s
value-based exception to the physician
self-referral law, with some asserting
that the different requirements in each
would increase regulatory complexity
and pose a barrier to the advancement
of value-based care. To facilitate
alignment, commenters suggested that
OIG permit monetary remuneration,
remove any contribution requirement,
or adopt CMS’s definition of
‘‘commercial reasonableness.’’ A
commenter appeared to request that OIG
and CMS both include a provision
requiring a signed agreement.
Response: We aligned our safe harbors
with the exceptions being adopted by
CMS as part of the Regulatory Sprint
wherever possible. For the reasons
discussed in greater detail in section
III.A.1, complete alignment is not
appropriate, including with respect to
most of the provisions of the care
coordination arrangements safe harbor
referenced by commenters. In particular,
the contribution and exclusion of
monetary remuneration serve to reduce
risk of intentional kickback schemes for
reasons explained more fully in the
preamble discussions of each
requirement, sections III.B.3.g
(contribution requirement) and
32 84
PO 00000
FR 55708 (Oct. 17, 2019).
Frm 00044
Fmt 4701
Sfmt 4700
III.B.3.e.i (in-kind remuneration).
Specific to the recommended expansion
of the safe harbor to protect monetary
remuneration, we continue to believe
that providing safe harbor protection for
monetary remuneration presents
heightened fraud and abuse risks that
outweigh the potential benefits to
Federal health care programs and
patients. This is particularly true where
remuneration is exchanged between
parties that are not required to assume
substantial financial risk, and the
protected remuneration is not required
to be fair market value and may take
into account the volume or value of
referrals for the target patient
population. Consistent with this
concern, the new safe harbor for
outcomes-based payments at paragraph
1001.952(d)(2), which is available for
monetary remuneration, includes a fair
market value requirement and a
limitation on directly taking into
account the volume or value of referrals.
With respect to the commenter’s request
that OIG and CMS align their respective
signed writing requirements, we are
finalizing a requirement that the terms
of the value-based arrangement must be
set forth in writing and signed by the
parties, and we make clear that the
writing requirement can be satisfied by
a collection of documents, which aligns
with the writing requirement in CMS’s
value-based exception.
b. Outcome Measures
Summary of OIG Proposed Rule: We
proposed to provide flexibility in
selecting outcome measures given the
range of arrangements that may be
covered by the proposed safe harbor. We
proposed in proposed paragraph
1001.952(ee)(1) to require parties to
establish one or more specific evidencebased, valid outcome measures to serve
as benchmarks for assessing the
recipient’s performance under the
value-based arrangement and
advancement toward achieving the
coordination and management of care
for the target population. The measures
would not include patient satisfaction
or convenience measures. We expressed
our view that outcome measures should
reflect more than maintenance of the
status quo and considered requiring that
outcomes measures drive meaningful
improvements in quality, health
outcomes, or efficiencies, whether by
driving improvements that are
measurable or that are more than
nominal in nature. We indicated that we
were considering for the final rule and
solicited comment on whether we
should require rebasing of the outcome
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
measure (e.g., resetting the
benchmark).33
Summary of Final Rule: We are
finalizing, with modifications, the
outcome measures requirement at
paragraph 1001.952(ee)(4). The
modifications are based on public
comments. The final rule requires that
the parties to a value-based arrangement
establish one or more legitimate
outcome or process measures that the
parties reasonably anticipate will
advance the coordination and
management of care for the target
patient population based on clinical
evidence or credible medical or health
science support. The measure(s) must:
(i) Include one or more benchmarks
related to improving, or maintaining
improvement, in the coordination and
management of care for the target
patient population; (ii) relate to the
remuneration exchanged under the
value-based arrangement; and (iii) not
be based solely on patient satisfaction or
patient convenience. The outcome or
process measure and its benchmark
must be monitored, periodically
assessed, and prospectively revised, as
necessary, so that working towards the
measure continues to advance the
coordination and management of care of
the target patient population.
Comment: Commenters generally
supported the outcome measures
requirement, as proposed. However,
some commenters opposed requiring the
parties to establish outcome measures
against which a party would be
measured under a value-based
arrangement. For example, the
commenters asserted that requiring the
establishment of outcome measures
would be administratively burdensome,
would be confusing, and would not
reflect the lack of valid outcome
measures for many specialty practices.
Some commenters asked OIG for an
exception to the requirement for small
and rural-based VBE participants and
Indian health care providers. A
commenter representing Indian health
care providers requested that they be
carved out from the outcome measures
requirement because of a concern that
the outcome measures would not be
aligned with already reported Tribal
outcome measures and would become
an unnecessary administrative burden
on understaffed Indian health care
providers. Other commenters suggested
that OIG should not finalize the
outcome measures requirement because
the writing requirement in the care
coordination arrangements safe harbor
is sufficient to protect against fraud and
abuse.
33 84
FR 55708 (Oct. 17, 2020).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Response: As noted in the OIG
Proposed Rule, inclusion of a
meaningful outcome measure in a
protected value-based arrangement will
help ensure that the arrangement is
designed to advance care coordination
and serves the needs of the target
patient population. As explained below,
we have revised the requirement in the
final rule to increase flexibility, broaden
options for meeting the requirement,
and reduce administrative burden,
including on rural and small providers
and on Indian health care providers.
Our revised approach also addresses the
comment regarding lack of standards for
specialty practices because we are not
requiring use of industry standard
measures. Specialty practices may
create measures using a range of data,
information, and sources, including
internally generated data and
information, provided that, among other
requirements, the measures are based on
clinical evidence, credible medical
support, or credible health science
support, include an appropriate
benchmark, and relate to the
remuneration being provided under the
arrangement. This last requirement
helps ensure, as we explained in the
OIG Proposed Rule, that the measure
bears a close nexus to the value-based
activities in the value-based
arrangement and the needs of the target
patient population.
We are not aware of any impediment
to Indian health care providers using
existing outcomes measures that they
are already required to report; nothing
in the safe harbor requires development
of new measures if existing measures
meet the final rule requirements.
We do not agree that a writing
requirement is a sufficient safeguard
against fraud or abuse based on our
enforcement experience. While
documentation is important for
transparency and compliance
verification, it does not prevent fraud or
abuse or ensure that arrangements are
carried out in accordance with their
terms or serve their intended purposes.
Comment: Commenters varied in their
responses to the terminology we
proposed in the outcome measures
requirement (‘‘specific evidenced-based,
valid outcome measures’’). For example,
commenters asked OIG to define
‘‘outcome measure’’ and ‘‘evidencebased.’’ A commenter supported the
concept of ‘‘evidence-based’’ outcome
measures, stating that OIG’s proposal
would provide needed flexibility to
allow both clinical and non-clinical
outcome measures and to allow
participants to select up-to-date
outcome measures, such as measures
related to social determinants of health.
PO 00000
Frm 00045
Fmt 4701
Sfmt 4700
77727
Other commenters pointed out the
significant time and resources needed,
particularly for smaller VBEs and VBE
participants, to undertake studies or
gather and document evidence for novel
interventions and to develop,
implement, and monitor evidence-based
measures. Some commenters explained
that using ‘‘evidence-based’’ as the
standard would chill innovation by
precluding innovative models for which
evidence does not already exist or
value-based arrangements that are
currently pilots or demonstrations
intended to develop evidence. A
commenter expressed concern that
conditioning safe harbor protection on
‘‘valid’’ outcome measures was too
subjective and recommended the
outcome measures be ‘‘clinically
meaningful,’’ which could be based on
measurable data or real-world evidence.
Response: We have reconsidered our
use of the term ‘‘evidence-based’’ in this
rule. Our use of the term may have
indicated a level of scientific rigor and
resource investment beyond what we
intended for purposes of this safe
harbor, which is intended to be
available for experienced and new
entrants into value-based care,
including those not yet ready to assume
financial risk, and to promote
innovation in care delivery. We
intended to include a standard that
captured clinical and non-clinical
measures (including measures related to
quality of care, process improvements,
efficiency in care delivery, and social
determinants of health), while also
allowing for innovation. We did not
intend to require that protected
arrangements be grounded in
experimental research, randomized
clinical trials, best available evidence,
or other similar characteristics often
associated with the term ‘‘evidencebased’’ in common definitions. We did
not intend to be overly restrictive or to
require strict scientific evidence of the
utility of an outcome measure. Having
considered the comments, common
definitions, and input from Department
experts, we are persuaded that the term
‘‘evidence-based’’ was overly restrictive
and not the best term to describe the
outcome measures we envisioned for
purposes of this rule.
We have likewise reconsidered our
use of the terms ‘‘valid’’ and ‘‘specific’’
in the OIG Proposed Rule. These terms
dovetailed with our use of ‘‘evidencebased’’ and were intended to convey
that the selected outcome measures
needed to be grounded in legitimate,
verifiable data, or other information.
That is, we intended that selected
measures be legitimate and not sham
measures used to justify an illegitimate
E:\FR\FM\02DER3.SGM
02DER3
77728
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
exchange of remuneration. Our intent is
that selected measures be credible and
appropriate for the care coordination
and management purpose of the
arrangement. Upon further
consideration, the term ‘‘legitimate’’—
and its common sense meaning—better
effectuates our intent, and we use that
term in the final rule.
Accordingly, in this final rule, we are
revising the requirement that parties
establish one or more specific evidencebased, valid outcome measures. Under
the final rule, the parties to a valuebased arrangement must establish one or
more legitimate outcome or process
measures that the parties reasonably
anticipate will advance the coordination
and management of care for the target
patient population based on clinical
evidence or credible medical or health
science support. The terms ‘‘clinical
evidence or credible medical or health
science support,’’ better reflect our
intent to have a reasonable, flexible
standard applicable to a wide range of
arrangements and to allow selection of
measures based on scientific, clinical,
medical, social science, or industry
quality standards, or other legitimate,
verifiable data or information, whether
internal to the VBE or externally
generated. By use of the term ‘‘health
science’’ we intend to include public
health, health informatics, research and
development, and sciences that look at
the treatment and prevention of
diseases. Unlike the new protection
provided within the personal services
and management contracts safe harbor
for outcomes-based payments, in this
safe harbor parties may rely on credible
health science as well as credible
medical support, reflecting that this safe
harbor covers a wider variety of care
coordination arrangements (including
remuneration in the form of health
technology) and protects only in-kind
remuneration, rather than monetary
payments, presenting relatively lower
overall risk.
The revised requirement continues to
encompass both clinical and nonclinical measures, and internal or
externally generated measures, and will
allow participants to select up-to-date
outcome or process measures over time.
Under the final rule, parties will be
required to document the measures they
select and the clinical evidence,
credible medical support, or credible
health science support upon which they
relied in making the selection by
providing a description of the measures
in a signed writing.
Comment: Some commenters
requested clarification from OIG
regarding how parties should select
outcome measures, and others asked for
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
additional flexibility in the selection of
outcome measures. For example, parties
asked OIG to permit both internally
developed measures, i.e., measures that
do not require validation in a medical
journal or by another third-party source,
and process-based measures, such as
providing or not providing a specific
treatment to improve patient outcomes
or safety. A commenter asserted that
outcome measures should be
anticipated to advance the coordination
or management of care of the target
patient population rather than the
coordination and management of care of
individual patients. Another commenter
opposed the requirement for outcome
measures to advance the coordination
and management of care altogether,
stating that care coordination is processbased, not outcomes-based.
Other commenters expressed concern
that too much flexibility for parties to
select outcome measures could lead
parties to use subjective measures that
do not improve patient outcomes or are
otherwise abusive. A commenter
suggested OIG require that: (i) Valuebased arrangements advance the
coordination and management of care
for the target patient population; and (ii)
in any dispute concerning the
applicability of this safe harbor, the VBE
will bear the burden of proving, based
upon objective evidence, that the valuebased arrangement advanced the
coordination and management of care of
the target patient population. Some
commenters asked OIG to include an
express requirement in the final rule
that outcome measures be designed to
drive meaningful improvements in
quality, health outcomes, or efficiencies
in care delivery. Others supported a
requirement for parties to establish more
than one outcome measure or only
measures reflecting the outcomes most
important to patients.
A commenter recommended that
parties be able to assess performance
toward achieving outcome measures
with respect to the entire patient
population of an integrated delivery
system instead of a subset of that
population. A commenter asked OIG to
address issues regarding individual
physician participant measurement
compared to group measurement. The
commenter expressed concern that
individual physicians may not have
sufficient influence on the development
of outcome measures for their target
patient population and that physicianlevel measures can be challenging to
develop (including because of small
sample size and appropriate
accountability of individual physicians).
Response: We are modifying the
requirement to clarify that parties must
PO 00000
Frm 00046
Fmt 4701
Sfmt 4700
select one or more legitimate outcome or
process measures based on clinical
evidence, credible medical support, or
credible health science support. Parties
must reasonably anticipate that the
measures they select will advance the
coordination and management of the
care of the target patient population,
which is the focus of this safe harbor.
The revised measure selection standard
offers greater flexibility and
opportunities for innovation over time.
The final rule permits clinical and nonclinical measures, internally or
externally developed.
Under the final rule, the outcome or
process measures do not need to be
independently validated by a medical or
other journal or another third-party
source. They can be process-based, such
as, for example, a measurement of the
number of patients with diabetes that
had their blood pressure tested, and we
are modifying the regulatory text to
clarify this. Unlike the new protection
under the personal services and
management contracts safe harbor for
outcomes-based payments, which
requires parties to achieve an outcome
measure to receive payment (the
outcome measure may have a process
component), the care coordination
arrangements safe harbor measure
requirement offers greater flexibility. It
is broader in recognition that the safe
harbor: (i) Protects only in-kind
remuneration, such as health
technology, for which process measures
may be the most legitimate and useful
type of measure; and (ii) is available to
VBE participants that are not taking on
risk for achieving outcomes.
In response to the assertion that
outcome measures should be
anticipated to advance the coordination
or management of care of the target
patient population rather than the
coordination and management of care,
we addressed, and rejected, a similar
suggestion in section III.2.B.g regarding
changing ‘‘and’’ to ‘‘or’’ in the definition
of coordination and management of
care. Because the condition requiring
parties to establish outcome measures
incorporates the definition of
‘‘coordination and management of
care’’, it is appropriate to use that
defined term, which, for the reasons
offered above, includes an ‘‘and’’ rather
than an ‘‘or.’’
Where available, use of measures
validated by a credible third party
would be a prudent practice, but this is
not required. We confirm that parties
can select a measure applicable to the
entire target patient population or select
a different outcome or process measures
for different segments of the target
patient population (e.g., the measure for
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
organ transplant patients within a target
patient population may differ from the
appropriate measure for a nontransplant patient). In such
circumstances, the parties must (among
other criteria) reasonably anticipate that
all such measures collectively will
advance the coordination and
management of care for the entire target
patient population. With respect to
selecting the target patient population,
we refer readers to that section of this
preamble, section III.B.2.c.
We are further modifying our
proposed rule to respond to the
comments and our own concerns
regarding parties selecting measures in
a way that does not improve patient care
or that could be abusive. In the OIG
Proposed Rule, we considered requiring
that outcome measures drive
meaningful improvements in quality,
health outcomes, or efficiencies,
whether by driving improvements that
are measurable or that are more than
nominal in nature. We expressed
concern about measures that merely
reflected the status quo. Arrangements
that merely drive nominal change or
reflect only the status quo could be less
likely to serve the care coordination
aims of this rulemaking and more likely
to be vehicles to reward referrals than
arrangements in which parties receive
remuneration designed to drive
meaningful, more than nominal, change
in patient care.
Accordingly, under the final rule, the
outcome or process measures must
include one or more benchmarks related
to improvements in, or the maintenance
of improvements in, the coordination
and management of care for the target
patient population. The measures must
relate to the remuneration exchanged
under the value-based arrangement so
that there is a close nexus between the
value-based activities under the
arrangement and what the parties are
measuring. Further, the measures
cannot be based solely on patient
satisfaction or patient convenience, both
of which can be subjective,
uninformative with respect to quality or
efficiency of care, and gamed with
relative ease, including through use of
rewards or incentives to patients. On
this last point, we are aware that some
legitimate patient satisfaction or patient
convenience measurement tools provide
valuable information to providers and
others managing patient care. This safe
harbor does not preclude use of such
tools (or any other form of
measurement) as parties to value-based
arrangements see fit and find useful. But
patient satisfaction or patient
convenience cannot be the only measure
for purposes of satisfying the safe
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
harbor. Lastly, we are finalizing a
requirement for monitoring, periodically
assessing, and prospectively revising an
outcome or process measure and its
benchmark, as necessary, as described
below. This suite of requirements, taken
together, is intended to reduce the
likelihood of abuses and ensure that the
selected measures relate to the protected
remuneration and aim to foster
meaningful advancements in the
coordination and management of care.
Our revisions to the outcomes
measure provision should address the
concerns raised regarding measurement
at the individual or group levels. This
rule provides flexibility for parties to
design legitimate measures appropriate
to the arrangement, using internal or
external data, and to account for
characteristics such as available sample
size and ability of individual physicians
to effect change. It is up to the parties
to determine which individual or entity
that is a party to the arrangement, e.g.,
a VBE participant, is accountable for
assessing progress on measures.
We are not prescribing how many
measures parties must use; while we
anticipate value-based arrangements
often would have more than one
outcome or process measure (or
measures that include process measures
as a component of an outcome measure),
some arrangements may lend
themselves to only one measure.
Additionally, we are not requiring that
parties use only measures related to
those outcomes or processes most
important to patients or that value-based
arrangements must, in fact, successfully
advance the coordination and
management of care for the target
patient population. The standard we are
finalizing is designed to encourage the
selection of outcome and process
measures that will result in improved
care for patients. To the comment about
the VBE’s burden of proof in matters of
dispute about the safe harbor, as with all
safe harbors in the criminal Federal
anti-kickback statute, any party seeking
to avail themselves of the protection of
a safe harbor generally bears the burden
of proof that they meet the requirements
of the safe harbor.
Comment: Some commenters
expressed concern regarding whether
parties must meet the outcome measures
in order to have safe harbor protection,
with a few commenters stating such a
requirement would disadvantage
providers treating higher-risk patient
populations who may be less likely to
meet outcome measures.
Response: We clarify that under the
final rule, for purposes of this safe
harbor, parties need not successfully
achieve the outcome or process measure
PO 00000
Frm 00047
Fmt 4701
Sfmt 4700
77729
they select to qualify for safe harbor
protection (and if they select more than
one, they need not meet any of them).
However, parties will need to monitor
and periodically assess their
arrangements and potentially revise
measures and benchmarks, as described
below. This will ensure that the selected
measures remain a meaningful tool to
advance care coordination goals.
Without the requirement to establish
and track progress toward achieving
measures, the risk increases that parties
could abuse the care coordination
arrangements safe harbor to
inappropriately drive referrals rather
than patient care improvement.
We recognize that, despite best efforts,
parties to a value-based arrangement
may not always achieve their selected
measures due to a variety of factors,
such as uncertainty of patient behavior,
lack of control of results by a VBE
participant, or misjudgments.
We note a key distinction between
this safe harbor and the protection of
outcomes-based payments under the
personal services and management
contracts safe harbor. The personal
services and management contracts safe
harbor requires that agents achieve the
outcome measure established for their
payments in order to receive those
payments. This is in keeping with a core
purpose of the outcomes measure,
which is to be the basis for a party to
receive a protected outcomes-based
payment.
Comment: A commenter supported
adding a requirement for parties to make
information regarding any outcome
measures they establish transparent to
the public.
Response: We are not requiring that
the outcomes or process measures for
value-based arrangements be made
public under this safe harbor, although
parties are free to do so. We did not
propose a public transparency
requirement and do not finalize one
here. We recognize transparency serves
important accountability and integrity
goals. Consequently, we have included
other conditions in the final safe harbor
intended to foster transparency while
balancing the potential burden on the
parties seeking safe harbor protection.
With respect to outcome or process
measures, we are finalizing the
requirement that parties include a
description of the measures in a signed
writing and make available to the
Secretary, upon request, all materials
and records sufficient to establish
compliance with the conditions of the
care coordination arrangements safe
harbor.
Comment: Several commenters stated
that OIG should not require the use of
E:\FR\FM\02DER3.SGM
02DER3
77730
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
measures from CMS’s Quality Payment
Program (QPP) in the outcome measure
requirement, arguing that existing QPP
measures are inadequate for many
specialties. Some commenters suggested
OIG could encourage, but not require,
participants to utilize the criteria for the
QPP measures as a framework for
establishing outcome measures.
Alternatively, some commenters
requested that OIG require the use of
certain measures, such as measures
promulgated by the National Quality
Forum, or require all quality and cost
measures to be independently assessed
and approved by a third-party, multistakeholder organization.
Response: To provide flexibility and
avoid triggering concerns that any
specified measures may be inadequate
or inappropriate for certain types of
individuals or entities (e.g., specialists),
we are not requiring parties to utilize
QPP measures or measures developed
by any particular organizations or to
receive third-party approval for the
measures. Parties may use these
measures at their discretion for
purposes of this safe harbor.
Comment: Several commenters
encouraged OIG to allow patient
satisfaction and experience of care
measures, such as timeliness of care, to
qualify as outcome measures under the
care coordination arrangements safe
harbor. Along these same lines, a
commenter suggested that OIG include
patient satisfaction and efficiency of
care measures, such as creating systems
that prevent visits to the emergency
room (for example, rapid outpatient
testing and evaluation services) that
would improve outcomes and reduce
costs. This commenter observed that
satisfied patients are more likely to keep
follow up appointments and be
compliant with care. Some commenters
asserted that patient satisfaction and
experience measures reflect quality of
care and noted that CMS recognizes
patient satisfaction as a quality measure
that affects reimbursement. Other
commenters supported using
convenience measures, such as the
availability of treatment times or
timeliness of patient’s access to care, as
outcome measures because they asserted
that patient adherence to treatment
improves when care is convenient.
Another commenter stated that, while
convenience, alone, may not be a valid
measure, OIG should permit parties to
use convenience measures when they
are tied to other measures, such as
utilization. On the other hand, some
commenters did not consider patient
satisfaction or convenience to be a valid
outcome measure, noting a lack of
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
evidence tying patient satisfaction to
better clinical outcomes.
Response: The commenters variously
describe efficiency of care, patient
satisfaction, patient convenience, and
patient experience of care measures. As
explained elsewhere, we have modified
the outcomes measures requirement to
include process measures, which
addresses the commenters’ suggestions
regarding experience of care and
efficiency of care measures, such as
rapid access to outpatient testing and
evaluation services. To assist
commenters in appropriately
categorizing their outcome or process
measures, we provide additional
clarification on patient satisfaction,
patient convenience, and patient
experience measures. For purposes of
this rulemaking, patient satisfaction is
about whether a patient’s expectations
for a health care encounter were met,
e.g., a patient’s assessment of the
responsiveness of hospital staff.
Different patients with different
expectations can experience the exact
same care but report different degrees of
satisfaction.34 Patient convenience
could include measures that assess
patient access to care and accessibility
of care, or the factors involved in
arranging for the provision of care, e.g.,
the distance or proximity to a site of
care or the hours during which care can
be obtained.
In applying our regulation, patient
experience can involve finding out
whether something that should happen
in a health care setting happened, for
example, whether all hospital discharge
planning protocols were followed for
certain patients. Patient experience
measures can overlap with patient
satisfaction or convenience measures; in
particular, patient satisfaction or patient
convenience could be a sub-part of a
patient experience measure.
Accordingly, whereas patient
satisfaction or patient convenience
cannot be the sole measure for purposes
of the care coordination arrangements
safe harbor, the same may not be true for
patient experience measures, depending
on the facts and circumstances.
As stated in the OIG Proposed Rule,
we are concerned that patient
satisfaction and patient convenience
measures may not reflect actual
improvement in the quality of patient
care, health outcomes, or efficiency in
the delivery of care. In some cases, such
measures can be subjective,
uninformative with respect to quality or
efficiency of care, and potentially gamed
with relative ease, including through
use of rewards or incentives to patients.
That said, some patient satisfaction or
patient convenience measurement tools
PO 00000
Frm 00048
Fmt 4701
Sfmt 4700
provide valuable information to
government programs, providers, and
others managing patient care. This safe
harbor does not preclude use of such
tools (or any other form of
measurement) as parties to value-based
arrangements see fit and find useful. As
noted previously, while patient
satisfaction or patient convenience
cannot be the sole measure for purposes
of the care coordination arrangements
safe harbor, patient satisfaction or
patient convenience can be tied to other
legitimate measures or can exist
alongside such other measures.
Comment: Several commenters
encouraged OIG not to require regular
rebasing of outcome measures, and in
particular, they opposed specific timing
for when parties must rebase these
measures. These commenters asserted
that any timing requirement would be
arbitrary, might discourage participation
in value-based arrangements, or may not
be clinically appropriate in all
circumstances. A commenter expressed
concern that requiring rebased outcome
measures could lead to the unintended
consequence of providers abandoning
proven care coordination programs once
they have achieved a maximized
performance level. On the other hand,
some commenters supported this
requirement; for example, a commenter
supported rebasing pursuant to a
specified timeframe, such as every year,
as long as the VBE participants
determined that rebasing is feasible.
Response: In the OIG Proposed Rule,
we considered whether to require
parties to rebase outcomes measures
(i.e., reset benchmarks used to
determine whether the outcome
measure was achieved) where rebasing
is feasible. We indicated our intent to
consider specifying a timeline for
rebasing or requiring that it be done
periodically. We solicited comments on
whether rebasing should depend on the
type of outcome measure or the nature
of the arrangement. We also explained
in the preamble to the OIG Proposed
Rule that revisions to outcomes
measures (i.e., modification of outcomes
measures) would need to continue to
incentivize the recipient of the
remuneration to make meaningful
improvements. We expressed concern
that retrospective revisions could
obscure a lack of meaningful
improvement.
Upon further consideration of the
terminology in the OIG Proposed Rule,
we conclude that we can best express
our intended policy by using the term
‘‘revise’’ rather than ‘‘rebase’’ in the
final rule. The term ‘‘revise’’ has a
broader common meaning and better
reflects the goal that measures be
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
changed or updated to advance
improvements in care coordination. In
addition, we view ‘‘rebase’’ as a
subcategory of ‘‘revise’’; in other words,
we recognize that the rebasing of
benchmarks may be the best way to
‘‘revise’’ the measure. Because we
intended for parties to have the
flexibility to either ‘‘revise’’ measures,
i.e., modify or update measures to
advance improvements in care
coordination, or ‘‘rebase’’ benchmarks,
and because ‘‘revise’’ could serve as an
umbrella term which would include
‘‘rebase,’’ we believe ‘‘revise’’
encapsulates our intent.
In practice, parties can meet the
requirement by revising the measure
itself or by rebasing the benchmarks for
the measure. We recognize that rebasing
may not be necessary for all legitimate
outcome or process measures that
advance the coordination and
management of care for a target patient
population. For the final rule, measures
must be monitored, periodically
assessed, and prospectively revised as
necessary to ensure that the measure
and its benchmark continues to advance
the coordination and management of
care of the target patient population. We
emphasize that any revisions must be
prospective, not retrospective.
We are requiring a periodic
assessment and, as necessary based on
such assessment, revision of outcome or
process measures and benchmarks.
Recognizing that different measures
should be assessed on different
timelines, we are not implementing a
specific timeframe for assessing or
revising measures, as in some cases,
outcome measures could be reviewed
annually, whereas for others significant
benefits to patients could reasonably
take 2 to 3 years to achieve.
As evidenced by the above
discussion, we are also finalizing a
requirement for parties to a care
coordination arrangement to have one or
more benchmarks for each outcome or
process measure that are related to
improving or maintaining
improvements in the coordination and
management of care of the target patient
population. Benchmarks help ensure
that the remuneration exchanged
pursuant to the value-based
arrangement continues to drive
meaningful improvements, or the
maintenance of improvements, in the
coordination and management of care
for the target patient population.
Comment: Some commenters opposed
a requirement for payors to identify
outcome measures, positing that such a
top-down approach would limit
providers that are best situated to
identify value-driving activities and
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
may be impractical when payors are not
parties to a value-based arrangement.
Another commenter suggested that the
adoption of payor-identified outcome
measures by a VBE should be a
favorable factor when evaluating a
value-based arrangement for compliance
with the proposed safe harbor.
According to the commenter, payors
have unique capabilities to: (i) Give
providers the information they need to
identify patient populations that may
benefit most from management and care
coordination interventions; and (ii)
recommend benchmarks based on
experience and access to data that are
used to assess outcome measures.
Response: The final rule allows, but
does not require, the use of payor-driven
or developed outcome measures. Parties
are free to use payor measures if they
find them useful or if doing so is
required by a payor.
Comment: We solicited comments on
using a different outcomes measures
standard for information technology
than for other care coordination
arrangements. Commenters were
generally supportive of an alternative
standard, such as an adoption and use
standard, stating that it would allow
more flexibility, which is important for
arrangements that are centered on an
ever-changing and developing industry.
At least one commenter suggested
language for this alternative standard,
namely, ‘‘the parties determine in good
faith that the technology is expected to
meaningfully advance achievement of
the targeted health outcomes, patient
care quality improvements, or the
appropriate reduction in costs . . .
[etc.],’’ while another commenter
suggested that VBE participants should
have the option, but not be required, to
designate utilization and adoption
measures in IT arrangements as
alternatives to outcome measures. A
commenter who supported the use of
alternative measures for IT advocated
against OIG’s proposal to implement a
time frame after which the recipient of
IT would be required to pay fair market
value for continued use of the IT, stating
that suddenly requiring fair market
value payments may unnecessarily
cause drastic and costly changes to an
entire system and could disrupt
continuity of care.
Response: The final rule for
establishing the required outcomes or
process measures is flexible enough to
address information technology
arrangements. Legitimate process
measures (including use and adoption)
or performance measures can be used so
long as the parties reasonably anticipate
that the measures will advance the
coordination and management of care of
PO 00000
Frm 00049
Fmt 4701
Sfmt 4700
77731
the target patient population and the
benchmark and other requirements are
met. No separate outcome measures
requirement is needed for information
technology arrangements. We are not
finalizing our proposal that outcomes
measures be evidence-based, which we
acknowledged could have been a
difficult standard for some information
technology arrangements. Measures
must be selected based on clinical
evidence or credible medical or health
science support. This support may be
based on external sources or generated
internally. The specific addition of
health science as a basis for selection
reflects our intent, among other things,
to allow remuneration in the form of
information technology under the care
coordination safe harbor. Since we are
not including an IT-specific standard,
we are not placing a time limit on the
use of IT-related remuneration in care
coordination arrangements. In light of
our modifications to the measurement
standard and other safeguards against
fraud and abuse in the safe harbor,
adopting the additional requirements
we considered in the OIG Proposed Rule
related to outcomes measures for the
exchange of health information
technology is not necessary.
c. Commercial Reasonableness
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ee)(2)
to require that the value-based
arrangement pursuant to which the
remuneration is exchanged be
commercially reasonable, considering
both the arrangement itself and all
value-based arrangements within the
VBE. We indicated that we were
considering for the final rule whether to
define a ‘‘commercially reasonable
arrangement’’ as an arrangement that
would make commercial sense if
entered into by reasonable entities of a
similar type and size, even without the
potential for referrals. We solicited
comments on the need for a definition
of a ‘‘commercially reasonable
arrangement.’’
Summary of Final Rule: We are
finalizing, without modification, our
proposed requirement at paragraph
1001.952(ee)(2). We are not defining a
‘‘commercially reasonable arrangement’’
in the final rule.
Comment: Some commenters
supported a commercial reasonableness
requirement while others opposed it.
Several commenters noted that this
requirement is inconsistent with the
value-based arrangements exception to
the physician self-referral law, which
does not require that the value-based
arrangement be commercially
reasonable. Others emphasized that the
E:\FR\FM\02DER3.SGM
02DER3
77732
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
standard introduces complexity and
uncertainty that may require parties to
consult with legal counsel, with some of
these commenters asserting that this
burden could have a disproportionate
impact on small and rural providers.
Response: In the context of care
coordination arrangements where
parties are not required to take on
financial risk, the remuneration does
not need to be consistent with fair
market value, and the remuneration may
take into account the volume of patients
in the target patient population or the
value of referrals or other business
generated between the parties resulting
from referrals of the target patient
population, we believe requiring the
value-based arrangement to be
commercially reasonable is an
important safeguard to ensure that safe
harbor protection is limited to
remuneration exchanged pursuant to
value-based arrangements that are
designed and implemented to achieve
legitimate objectives rather than merely
to induce or reward referrals.
The commercial reasonableness
requirement focuses on ensuring that
parties structure the terms of their
value-based arrangement, including but
not limited to the amount of the
remuneration, in a manner that is
calibrated to achieve the parties’
legitimate business purposes. For
example, as described in the OIG
Proposed Rule, if VBE participants were
to enter into a value-based arrangement
to facilitate the sharing of patientoutcome data, it may be commercially
reasonable for a hospital VBE
participant to donate technology to a
group practice VBE participant to
facilitate this process. However, it may
not be commercially reasonable for that
same hospital VBE participant to donate
technology substantially more
sophisticated, or with enhanced
functionality, beyond that necessary for
communicating data on shared patients
between the two parties.35 We are
concerned that, absent the commercial
reasonableness requirement, the other
conditions in this safe harbor will not
sufficiently mitigate the risk of one
party offering more remuneration than
is necessary, such as in the example
above, to reward the other party for
referrals of target patient population
patients, which is why we are finalizing
the requirement in this final rule that
the value-based arrangement itself be
35 84 FR 55709. In the OIG Proposed Rule, we
noted in connection with this example that nothing
would prevent the donation of technology with
enhanced functionality when a value-based
arrangement requires that capability or when
technology without that functionality is not
practicable.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
commercially reasonable. Further, the
commercial reasonableness requirement
is the only safeguard in the care
coordination arrangements safe harbor
that directly addresses the risk that
parties might use a series of value-based
arrangements to effectuate a paymentfor-referral scheme. For this reason, we
are finalizing the second prong of the
commercial reasonableness requirement
that the value-based arrangement must
be commercially reasonable when
considering all value-based
arrangements in the VBE.
In sum, the commercial
reasonableness requirement in this safe
harbor: (i) Helps to ensure that the
value-based arrangement, and all valuebased arrangements within in the VBE,
serve legitimate objectives; (ii) mandates
that parties structure the terms of their
value-based arrangement, including but
not limited to the amount of the
remuneration, in a manner that is
calibrated to achieve the parties’
legitimate business purposes; and (iii)
reduces the likelihood that the valuebased arrangement might be a paymentfor-referral scheme.
With respect to the complexities
associated with assessing commercial
reasonableness and the potential need to
consult with legal counsel, we
appreciate those concerns and note that
the inclusion of a commercial
reasonableness condition in safe harbors
is not new. Several existing safe harbors
require protected remuneration to be
commercially reasonable. We believe
parties, including small and rural
providers, can apply this concept and
that including it as a condition of this
safe harbor will not impose significant
additional burden.
In response to those commenters who
noted that the proposed safe harbor is
inconsistent with CMS’s proposed
exception for value-based arrangements,
we note that CMS’s exception for valuebased arrangements (42 CFR
411.357(aa)(3)), as finalized, includes a
commercial reasonableness
requirement.
Comment: A commenter asserted that
the move to value-based care helps to
eliminate many of the program integrity
concerns that OIG might seek to address
through a commercial reasonableness
requirement.
Response: We agree that a shift to
value-based payment models may curb
some of the traditional program integrity
concerns associated with a fee-forservice payment system. However, this
safe harbor offers protection for care
coordination arrangements without
requiring that the parties assume
financial risk or otherwise participate in
a value-based payment model. As a
PO 00000
Frm 00050
Fmt 4701
Sfmt 4700
result, the traditional program integrity
risks resulting from fee-for-service
payment are likely to persist. For
example, we are concerned that, in
some circumstances and in the absence
of safe harbor guardrails, remuneration
furnished pursuant to a value-based
arrangement may lead to overutilization,
corruption of practitioners’ medical
judgment, inappropriate patient
steering, or unfair competition. By
requiring the value-based arrangement
to be commercially reasonable with
respect to both the arrangement itself
and all value-based arrangements within
the VBE, this condition helps to
safeguard against these program
integrity concerns by requiring that the
terms of the value-based arrangement be
calibrated to achieve the parties’
legitimate business purposes.
For example, we explained in the OIG
Proposed Rule that a single value-based
arrangement in which a hospital VBE
participant provides a necessary number
of care coordinators for the target
patient population to a SNF VBE
participant may be commercially
reasonable. However, if a VBE includes
multiple similar value-based
arrangements, each of which involves
the same hospital VBE participant
furnishing care coordinators to the same
SNF VBE participant for the same or a
similar target patient population, the
commercial reasonableness of the
remuneration exchanged within the
value-based arrangements in the
aggregate may be suspect if it lacks a
legitimate business purpose.36 This
arrangement could lead to the program
integrity concerns identified above (e.g.,
inappropriate patient steering) and,
absent a commercial reasonableness
requirement, the conditions of the safe
harbor might otherwise be met.
Comment: Some commenters asserted
that a commercial reasonableness
requirement will create an obstacle to
value-based care. Others asserted that
few arrangements would ever satisfy
this criterion because value-based
arrangements do not make any
commercial sense without the potential
for referrals. These commenters noted
that changes in referral patterns alone
are not the goal of a value-based
arrangement but that they may well be
the consequence.
Response: We are not persuaded that
a commercial reasonableness
requirement will impede the transition
to value-based care. We believe that it
is eminently feasible to structure valuebased arrangements to meet the
commercial reasonableness requirement
by ensuring that the terms of the value36 84
E:\FR\FM\02DER3.SGM
FR 55709.
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
based arrangement, and all value-based
arrangements within the VBE, are
reasonably calculated to achieve the
VBE participants’ legitimate business
purposes.
The framing of the commercial
reasonableness condition in the final
rule, which allows for the possibility of
referrals, addresses the commenters’
concerns. Specifically, we recognize
that a value-based arrangement may,
and often will, result in referrals. The
commercial reasonableness requirement
is intended to ensure that the terms of
the value-based arrangement,
considering both the arrangement itself
and all value-based arrangements within
the VBE, are calibrated to achieve the
value-based purpose(s) of the
arrangement, not the generation of
referrals. We agree with the
commenters’ related assertion that
changes in referral patterns alone are
not the goal of a value-based
arrangement but may be the
consequence.
For example, a value-based
arrangement that provides remuneration
in excess of what is reasonably
necessary to coordinate and manage the
care of the target patient population, as
contemplated by the terms of that
arrangement, would not be
commercially reasonable. Likewise,
terms that are calibrated to secure
referrals, rather than to achieve the
value-based purposes of the value-based
arrangement, would result in an
arrangement that is not commercially
reasonable for purposes of this safe
harbor. The mere fact that referral
patterns may change as a result of a
value-based arrangement does not
necessarily preclude the arrangement
from meeting the commercial
reasonableness requirement.
Comment: With respect to whether we
should adopt a definition for a
commercially reasonable arrangement,
several commenters expressed support,
but these commenters did not agree on
a definition. Some commenters
supported the definition presented in
the preamble to the OIG Proposed Rule,
which defined a ‘‘commercially
reasonable arrangement’’ as an
arrangement that would make
commercial sense if entered into by
reasonable entities of a similar type and
size, even without the potential for
referrals. Others encouraged us to adopt
CMS’s proposed definition, which states
that commercially reasonable means the
particular arrangement furthers a
legitimate business purpose of the
parties and is on similar terms and
conditions as like arrangements. Other
commenters suggested that OIG should
focus on whether the arrangement
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
makes ‘‘value-based’’ sense in the
context of a value-based arrangement
instead of whether it makes
‘‘commercial’’ sense. Other commenters
provided alternative definitions that
varied in scope. A commenter asserted
that the definition should not preclude
consideration of referrals not covered by
Medicare.
Commenters also requested various
clarifications and affirmative statements
from OIG, including that: (i)
Commercial reasonableness refers
primarily to the non-financial elements
of a transaction or arrangement while
the concept of fair market value
addresses the financial aspects, and (ii)
an arrangement may be commercially
reasonable even if it operates at a loss.
Response: While we are not adopting
a definition of ‘‘commercially
reasonable arrangement,’’ we appreciate
commenters’ requests for guidance.
There are multiple dimensions to
commercial reasonableness, including
both the financial and non-financial
terms of an arrangement. The fact that
an arrangement generates a loss for a
party is one factor, among many, that
could be considered in analyzing
whether an arrangement is
commercially reasonable. An
arrangement may be commercially
reasonable even if it does not result in
profit for one or more of the parties. Any
determination whether a particular
value-based arrangement is
commercially reasonable would be
based on the totality of the facts and
circumstances of such arrangement, and
the financial aspects of the value-based
arrangement would be relevant to that
inquiry.
With respect to the assertion that the
commercial reasonableness definition
should not preclude consideration of
referrals of non-Medicare business, as
we stated above, we are not adopting
this definition. We reiterate that the
commercial reasonableness requirement
in this safe harbor requires that the VBE
participants structure the terms of the
value-based arrangement in a manner
that is calibrated to achieve the parties’
legitimate business purposes. We also
reiterate our longstanding guidance that
arrangements that do not involve
referrals of Federal health care program
beneficiaries or business generated by
Federal health care programs may
implicate the Federal anti-kickback
statute by disguising remuneration for
Federal health care program business
through the payment of amounts
purportedly related to non-Federal
health care program business.
Arrangements with this type of
disguised remuneration would not be
calibrated to achieve a legitimate
PO 00000
Frm 00051
Fmt 4701
Sfmt 4700
77733
business purpose and would thus not be
commercially reasonable. Whether any
particular arrangement reflects this type
of disguised remuneration would
depend on the specific facts of the
arrangement.
Comment: Some commenters asserted
that the definition of ‘‘commercially
reasonable arrangement’’ in the
preamble to the OIG Proposed Rule,
which considered defining such an
arrangement as one that would make
commercial sense if entered into by
reasonable entities of a similar type and
size, even without the potential for
referrals, is inconsistent with OIG’s
prior commentary relating to the
requirement in certain other safe
harbors that the remuneration must be
reasonably necessary to accomplish the
commercially reasonable business
purpose of the arrangement.
Response: We are not further defining
a ‘‘commercially reasonable
arrangement’’ in this final rule, beyond
the test for commercial reasonableness
articulated in the regulatory text (i.e.,
that commercial reasonableness must be
evaluated by considering both the valuebased arrangement itself and all valuebased arrangements within the VBE). As
explained above, the test for commercial
reasonableness is tailored to this
particular safe harbor for care
coordination arrangements and is meant
to be both flexible to allow for
innovative arrangements that serve
legitimate objectives and sufficiently
constrained to limit the risk of schemes
to pay for referrals. That said, our prior
guidance remains instructive on the
application of the term ‘‘commercially
reasonable’’ in the safe harbor context,
particularly with respect to having a
legitimate business purpose.37
d. Writing
Summary of OIG Proposed Rule: We
proposed in proposed paragraph
1001.952(ee)(3) to require that each
value-based arrangement, pursuant to
which the remuneration is exchanged,
be set forth in a signed writing,
established in advance of, or
contemporaneous with, the
commencement of the value-based
arrangement or any material change to
the value-based arrangement. We
proposed in the same paragraph that the
writing state, at a minimum: (i) The
value-based activities to be undertaken
37 See, e.g., Medicare and State Health Care
Programs: Fraud and Abuse; Clarification of the
Initial OIG Safe Harbor Provisions and
Establishment of Additional Safe Harbor Provisions
Under the Anti-Kickback Statute; Final Rule, 64 FR
63518, 63425 (Nov. 19, 1999) available at https://
oig.hhs.gov/fraud/docs/safeharborregulations/
getdoc1.pdf.
E:\FR\FM\02DER3.SGM
02DER3
77734
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
by the parties to the value-based
arrangement; (ii) the term of the valuebased arrangement; (iii) the target
patient population; (iv) a description of
the remuneration; (v) the offeror’s cost
for the remuneration; (vi) the percentage
of the offeror’s cost contributed by the
recipient; (vii) if applicable, the
frequency of the recipient’s contribution
payments for the offeror’s ongoing costs;
and (viii) the specific evidence-based,
valid outcome measure(s) against which
the recipient would be measured.
Summary of Final Rule: We are
finalizing, with modifications, the
writing requirement in paragraph
1001.952(ee)(3). The following
modifications respond to public
comments: (i) The writing requirement
can be satisfied by a collection of
documents; (ii) parties must document
the fair market value of the
remuneration or, alternatively, the
offeror’s cost of the remuneration and
the accounting methodology utilized to
determine such cost; and (iii) parties
must document the value-based
purpose(s) of the value-based activities
provided for in the value-based
arrangement. We are also clarifying that
the terms of the value-based
arrangement must be established in
advance of, or contemporaneous with,
the commencement of the value-based
arrangement ‘‘and any material change,’’
instead of ‘‘or any material change.’’ In
the preamble to OIG Proposed Rule, we
described a writing requirement that
would promote transparency of the
value-based arrangement, both at its
commencement and when there is a
material change. These are the logical
junctures where the writing requirement
particularly serves its transparency
purposes. Our proposed regulatory text
did not make clear that the writing was
needed at both junctures; our
modifications more clearly express that
policy. Lastly, we are modifying the
writing requirement for consistency
with changes to the language of the
outcome and process measures
condition, discussed in section III.3.b.
The remaining requirements of the
writing requirement are finalized as
proposed.
Comment: While several commenters
expressed support for the writing
requirement, numerous commenters
were concerned that this requirement
does not afford parties the flexibility to
document their value-based
arrangement in a ‘‘collection of
documents’’ and instead requires a
single signed writing.
Response: We have revised the
writing requirement to permit a
‘‘collection of documents’’ approach in
response to commenters’ concerns. To
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
receive safe harbor protection, the terms
of the value-based arrangement must be
set forth in writing and signed by the
parties in advance of, or
contemporaneous with, the
commencement of the value-based
arrangement and any material change to
the value-based arrangement. Under this
approach, parties are not required to
have a single, signed writing setting
forth the terms of the agreement, but
there must be either a single, signed
writing or a collection of documents in
place—in advance of, or
contemporaneous with, the
commencement of the value-based
arrangement—in order to meet this
condition. In addition, if any material
term (e.g., an outcome or process
measure) changes during the course of
the value-based arrangement, the parties
would need to set forth such changes in
a signed writing or collection of
documents in advance of, or
contemporaneous with, the
commencement of the modified valuebased arrangement. We note that, while
the terms do not need to be set forth in
a single, signed writing, we believe this
approach is a best practice from a
compliance perspective.
Comment: A commenter requested
that OIG permit a VBE to sign the
writing required by this safe harbor on
behalf of all parties to the applicable
value-based arrangement because,
according to the commenter, it would be
challenging to arrange for all parties to
sign a single document in advance of
the commencement of the value-based
arrangement.
Response: We decline to adopt the
commenter’s suggestion. To promote
transparency and accountability, each
value-based arrangement must be set
forth in writing and signed by all parties
to the value-based arrangement. While
the VBE may be a signatory to the valuebased arrangement, its signature alone
would not meet the writing requirement
for this or any of the other value-based
safe harbors. We believe there is
sufficient flexibility in this requirement
insofar as we do not require the writing
to be a single document (i.e., the parties
can sign separate documents), and we
allow it to be signed in advance of, or
contemporaneous with, the
commencement of the value-based
arrangement.
Comment: Some commenters
disagreed with the proposed writing
requirement, stating that it was
burdensome, was too prescriptive, or
would increase the risk of inadvertent
non-compliance. Commenters took
particular issue with the requirement
that parties document the offeror’s cost
for the remuneration. A commenter
PO 00000
Frm 00052
Fmt 4701
Sfmt 4700
asserted that this provision is
unnecessary in light of the condition to
maintain and make available to the
Secretary, upon request, all materials
and records sufficient to establish
compliance with the conditions of this
safe harbor, while at least two
commenters expressed concern that it
could result in the inappropriate
disclosure of competitively sensitive
information. One such commenter
provided the example of an offeror that
might furnish certain in-kind
remuneration to a VBE participant to
benefit the VBE and further its valuebased purpose, but who might want to
offer the same in-kind remuneration to
the recipient at market rates for use in
other lines of business. According to the
commenter, it would be commercially
unreasonable to require the offeror to
disclose its cost structure and requested
that we allow parties to satisfy this
condition through a written
representation that the contribution
amount equals at least 15 percent of the
offeror’s cost.
Response: We are not persuaded that
our writing requirement is overly
prescriptive or burdensome, rather it is
an essential safeguard. The required
contents are of the kind commonly part
of business agreements: The parties,
purposes, services, financial and
business terms, duration, and metrics.
In addition, for safe harbor purposes, we
view the requirement that the writing
set forth the offeror’s cost for the
remuneration or the fair market value of
the remuneration—detailed in section
III.B.3.g—as a material term to the
parties’ arrangement because of the safe
harbor’s 15 percent contribution
requirement. The inclusion of this term
in the writing ensures a transparent
understanding of the arrangement
agreed to by the parties.
Accordingly, we are finalizing the
writing requirement, including a
requirement that parties document: (i)
Either the fair market value of the
remuneration or the offeror’s cost of the
remuneration, dependent upon the
methodology used by the parties to
determine the contribution amount; and
(ii) the percentage and amount
contributed by the recipient. Consistent
with revisions to the contribution
requirement methodology discussed in
detail in section III.B.3.g, we require
that parties who choose to document the
offeror’s cost of the remuneration,
instead of the fair market value, also
must document the reasonable
accounting methodology used to
calculate such costs.
We believe requiring parties to
calculate and document the
contribution amount based on the fair
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
market value of the remuneration or the
offeror’s cost of the remuneration
addresses commenters’ confidentiality
concerns and, for this reason, we are not
adopting the commenter’s suggestion to
use written representations of the
offeror’s cost for the purposes of
satisfying the writing requirement. We
understand that information relating to
an offeror’s cost may include
proprietary or competitively sensitive
information that parties might not wish
to put in their written agreements. We
do not believe the same holds true for
fair market value.
In response to commenters’ concerns
that the writing requirement increases
the risk of inadvertent non-compliance,
we note that our modification to permit
a collection of documents to satisfy the
requirement should help address
compliance concerns by incorporating
more flexibility in this requirement.
Further, should an arrangement
inadvertently fail to comply with a safe
harbor condition that would not mean
that the arrangement violates the
Federal anti-kickback statute. Rather,
the arrangement would not have safe
harbor protection and would need to be
analyzed based on its facts, including
the intent of the parties, for compliance
with the statute.
Comment: A commenter requested
that we address how parties to a valuebased arrangement would need to
document a value-based arrangement’s
value-based purpose.
Response: We did not expressly
propose—as part of the writing
requirement—that the parties document
the value-based purpose(s) of the valuebased activities provided for in the
value-based arrangement. However,
such requirement, which we are
including in the final rule, effectuates
our intent and logically flows from the
intersection of the following proposals,
each which is finalized here: (i) That the
writing state, among other things, the
value-based activities to be undertaken
by the parties to the value-based
arrangement; (ii) the ‘‘value-based
activity’’ definition, which would
require, in part, that the activity is
reasonably designed to achieve at least
one value-based purpose of the valuebased enterprise; and (iii) the
requirement that protected
remuneration be used predominantly to
engage in value-based activities that are
directly connected to the coordination
and management of care for the target
patient population. In particular, it
seems sensible that in describing the
value-based activity—which, by
definition, are reasonably designed to
achieve at least one value-based
purpose of the value-based enterprise—
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
and to confirm that one purpose is the
coordination and management of care,
the writing would specify the valuebased purpose that the activities are
designed to achieve.
Consequently, we finalize a condition
requiring that parties document the
value-based purpose(s) of the valuebased activities provided for in the
value-based arrangement as part of the
required writing. In particular, we view
the documentation of the value-based
purpose(s)—and specifically,
documentation of the care coordination
and management of care purpose—to be
an important component of a writing
designed to ensure transparency and
accountability.
e. Limitations on Remuneration
i. In-Kind Remuneration
Summary of OIG Proposed Rule: We
proposed that the remuneration
exchanged must be in-kind under the
proposed condition at paragraph
1001.952(ee)(4)(i).
Summary of Final Rule: We are
finalizing, without modification, the
requirement that the remuneration be
in-kind, and moving it to paragraph
1001.952(ee)(1)(i).
Comment: While some commenters
supported limiting protection under the
care coordination arrangements safe
harbor to in-kind remuneration, a
number of commenters requested that
OIG expand the safe harbor to protect
monetary remuneration of any amount
or, alternatively, monetary remuneration
up to a certain amount annually. Many
commenters asserted that the proposed
safe harbor would not protect financial
arrangements that incentivize behavior
change, such as shared savings
payments or payments to adhere to care
protocols, and further asserted that the
other safeguards in the safe harbor are
sufficient to protect against fraud and
abuse. A commenter suggested that OIG
only protect shared savings distributed
after the VBE has satisfied its expenses.
Some commenters requested that the
safe harbor protect monetary
remuneration distributed under upsideonly risk arrangements, particularly
where the remuneration is tied directly
or indirectly to achievement under a
value-based arrangement with a payor.
Other commenters asserted that the care
coordination arrangements safe harbor
should protect ownership, investment
interests, loan arrangements (including
interest payments), and similar
transactions to fund infrastructure for
the VBE that will facilitate the
development and operation of a valuebased arrangement.
PO 00000
Frm 00053
Fmt 4701
Sfmt 4700
77735
Other commenters asserted that the
safe harbor should permit the exchange
of monetary remuneration, so physician
practices can receive remuneration and
purchase their own clinical tools or
services and select staff members who
best meet the needs of the practice. For
example, a primary care practice
explained that it would like to engage a
psychologist or behavioral health
professional to assist with patients
presenting with depressive symptoms or
needing additional assistance managing
mental health conditions and that
expanding this safe harbor to protect
monetary remuneration would allow the
practice to select a behavioral health
professional who, among other things,
best meets the needs of the practice’s
patient population. They explained that,
otherwise, the offeror of in-kind
remuneration would make those
purchasing decisions and selections for
the recipient. Another commenter
asserted that OIG’s and CMS’s final
rules should align to protect both inkind and monetary remuneration or
only in-kind remuneration, arguing that
any inconsistency would result in a
barrier to the advancement of valuebased care. A commenter suggested that
the safe harbor protect monetary
remuneration for specific services; for
example, a hospital might offer to cover
the costs of a nurse navigator at a SNF,
instead of providing the nurse navigator
directly, because it wants the SNF to
have the contractual relationship with
the nurse navigator. Lastly, several
commenters requested that OIG expand
the safe harbor to protect monetary
remuneration exchanged under
arrangements involving Indian health
programs.
Response: We are finalizing the
requirement that the remuneration
exchanged pursuant to this safe harbor
must be in-kind. We continue to believe
that providing safe harbor protection to
monetary remuneration exchanged
under arrangements where: (i) The
parties are not required to assume
financial risk, and (ii) the protected
remuneration is not required to be fair
market value and may take into account
the volume or value of referrals for the
target patient population, presents
heightened fraud and abuse risks that
outweigh the potential benefits to
Federal health care programs and
patients. OIG’s longstanding guidance
makes clear that remuneration in the
form of cash and cash equivalents pose
a higher risk of interfering with clinical
decision-making, incentivizing
overutilization or inappropriate
utilization, and increasing costs to
Federal health care programs. We do not
E:\FR\FM\02DER3.SGM
02DER3
77736
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
view protection for ownership or
investment interests as fundamental to
parties entering into value-based
arrangements for the coordination and
management of care for a target patient
population. Parties seeking to protect a
particular investment interest may look
to existing safe harbors (e.g., the safe
harbor for investment interests at
paragraph 1001.952(a)); in addition, the
advisory opinion process remains
available. Further, while we understand
recipients’ desire to select their own
care coordination items and services
rather than receiving items and services
an offeror selects, we note that parties
do not have to enter into value-based
arrangements and might agree to enter
into such arrangements only where the
item(s) or service(s) being offered are
satisfactory to the recipient. We also
note that, where a party offering
remuneration desires for the recipient to
contract directly for items and services,
the recipient may do so as long as the
offeror pays the vendor of the items and
services directly. Further, while we
understand recipients’ desire to select
their own care coordination items and
services rather than receiving items and
services an offeror selects, we note that
parties do not have to enter into valuebased arrangements and might agree to
enter into such arrangements only
where the item(s) or service(s) being
offered are satisfactory to the recipient.
We also note that, where a party offering
remuneration desires for the recipient to
contract directly for items and services,
the recipient may do so as long as the
offeror pays the vendor of the items and
services directly. Lastly, we note that
individuals and entities may look to
other safe harbors, such as the safe
harbor for personal services and
management contracts and outcomesbased payment arrangements at
paragraph 1001.952(d), for protection
for certain monetary remuneration.
Finally, in response to the comment
requesting that CMS’s and OIG’s final
protections align to protect both in-kind
and monetary remuneration or only inkind remuneration, we refer readers to
section III.A.1, where we discuss
fundamental differences in statutory
structures and sanctions across the
physician self-referral law and Federal
anti-kickback statute and elaborate on
the reasoning behind conditions that
differ in any similar exception and safe
harbor finalized by CMS and OIG,
respectively, in each agency’s final rule
in connection with the Regulatory
Sprint. With respect to OIG’s specific
policy to limit the care coordination
arrangements safe harbor to in-kind
remuneration, this policy addresses the
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
heightened risk that fungible monetary
remuneration could be misused to make
intentional kickback payments and
would be more difficult to track. OIG
and CMS permit monetary and nonmonetary remuneration in the valuebased safe harbors and exceptions that
require parties to assume risk.
ii. Remuneration Used To Engage in
Value-Based Activities
Summary of OIG Proposed Rule: We
proposed to require, at proposed
paragraph 1001.952(ee)(4)(ii), that the
remuneration provided by, or shared
among, VBE participants be used
primarily to engage in value-based
activities that are directly connected to
the coordination and management of
care of the target patient population. We
recognized that in-kind remuneration
exchanged for value-based activities
may indirectly benefit patients outside
of the scope of the value-based
arrangement and that parties may find it
difficult to anticipate or project the
scope or extent of these ‘‘spillover’’
benefits.
Summary of Final Rule: We are
finalizing, with modifications, the
proposed requirement at paragraph
1001.952(ee)(1)(ii). The two
modifications are explained in greater
detail in the responses to comments.
First, the remuneration exchanged must
be used predominantly to engage in
value-based activities that are directly
connected to the coordination and
management of care for the target
patient population. We replaced the
word ‘‘primarily’’ with the word
‘‘predominantly.’’ Second, we added a
condition that the remuneration
exchanged result in no more than
incidental benefits to persons outside of
the target patient population. Further,
for the reasons previously explained in
the value-based terminology section
discussing the definition of the
‘‘coordination and management of care’’
at section III.B.2.g, we added a
condition to this final safe harbor
clarifying that remuneration exchanged
pursuant to a value-based arrangement
may not be exchanged or used more
than incidentally by the recipient for the
recipient’s billing or financial
management services.
Comment: Commenters generally
supported our proposal to require that
protected remuneration be primarily
used to engage in value-based activities
that are directly connected to the
coordination and management of care
for the target patient population and
expressed concerns about our
alternative proposal to require that the
remuneration exchanged be limited to
value-based activities that only benefit
PO 00000
Frm 00054
Fmt 4701
Sfmt 4700
the target patient population.
Commenters asserted a variety of
reasons why prohibiting spillover
benefits outside the target patient
population would be unworkable or
undesirable in practice. For example,
some commenters asserted that
prohibiting spillover benefits would
create a disincentive for innovation, and
others emphasized the complexities in
trying to manage benefits to prevent
spillover. Some commenters requested
that we expressly state that the benefits
of the value-based arrangement do not
need to be limited to the members of a
target patient population. Another
commenter stated that the term
‘‘primarily’’ is vague, which could make
this requirement difficult to implement
and monitor.
Response: We agree with the
commenters’ concerns that prohibiting
spillover benefits outside of the target
patient population would be
unworkable. In the OIG Proposed Rule,
and for purposes of this final rule, we
recognize that in-kind remuneration
exchanged for value-based activities
may indirectly benefit patients out of
the scope of the associated value-based
arrangement and that parties may find it
difficult to anticipate or project the
extent of such ‘‘spillover’’ benefits. We
likewise acknowledge the need to
provide parties with sufficient
flexibility while also minimizing the
risk of disguised, improper
remuneration unrelated to the
coordination and management of care
for the target patient population. To
address the commenters’ concerns about
spillover effects, in the final rule we
have clarified that the value-based
activities for which the remuneration is
used can result in no more than
incidental benefits to persons outside of
the target patient population. This
language acknowledges the difficulty
VBE participants could face in
preventing ‘‘spillover’’ benefits and
reflects our intent to permit safe harbor
protection for care coordination
arrangements that predominantly
benefit the target patient population.
We are replacing the proposed term
‘‘primarily’’ with ‘‘predominantly’’ in
the final rule. These words are
analogous (e.g., meaning chiefly,
mainly, principally). We make the
change for consistency with comparable
language in other safe harbors. The term
‘‘predominantly’’ appears for a similar
purpose in the EHR and cybersecurity
safe harbors, at paragraphs 1001.952(y)
and (jj), respectively, and our parallel
use of the same term in paragraph
1001.952(ee) enhances consistency for
stakeholders across safe harbors. To the
commenter’s concern about vagueness,
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
we are not quantifying with specificity
the degree to which remuneration is
used to engage in value-based activities
to offer flexibility for the range of valuebased arrangements for which safe
harbor protection may be sought.
Comment: Several commenters
requested that we clarify that a device
with multiple functions does not violate
the Federal anti-kickback statute or the
Beneficiary Inducements CMP when it
is primarily used for managing a
patient’s health care. Commenters noted
that increasingly medical devices are
being produced with multiple functions,
or they rely on non-medical platforms
such as consumer electronic products
(e.g., smartphones, tablets).
Response: It appears that the
commenters are asking whether the
furnishing of a multi-function device, or
a device that relies on a multi-use
technology platform, can meet the safe
harbor requirement that the
remuneration is predominantly used to
engage in value-based activities that are
directly connected to the coordination
and management of care for the target
patient population. We also presume for
purposes of this response that the
device would be furnished to the
recipient for less than fair market value.
As a threshold matter, compliance
with the care coordination arrangements
safe harbor depends on whether the
device is furnished from one VBE
participant to another VBE participant
or if the device is furnished directly
from a VBE participant to a patient. If
the device is furnished by a VBE
participant to another VBE participant,
then the care coordination arrangements
safe harbor may protect the
remuneration if the device will be used
predominantly to engage in value-based
activities that are directly connected to
the coordination and management of
care for the target patient population,
and all other safe harbor requirements
are met.
For example, a health information
technology tool that enables both remote
patient monitoring and two-way
telehealth capabilities may satisfy the
predominant use requirement if the
remote patient monitoring and two-way
telehealth technologies will be used by
the recipient to coordinate and manage
care for the target patient population.
However, a health information
technology tool that includes some
functionalities that the recipient may
use to coordinate and manage care for
the target patient population and other
functionalities that the recipient may
use for purposes other than to
coordinate and manage care for the
target patient population may not meet
this standard. For example, a health
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
information technology tool that the
recipient VBE participant uses to
collect, track, and analyze data relevant
to the outcome measures established by
the VBE participants and is also used to
collect, track, and analyze the VBE
participant’s internal financial metrics
for purpose of operating its own
business would likely not meet the
predominant use standard, unless the
use for financial metrics is minimal.
In the above example, if the VBE
participants wish to protect the health
information technology tool under this
safe harbor, the financial monitoring
functionalities could be disabled to
ensure that the predominant use test is
met. Alternatively, if the recipient VBE
participant pays fair market value for
the financial monitoring functionalities,
then the parties might conclude that
they do not need to protect that aspect
of the arrangement under this safe
harbor, or they may look to another safe
harbor, such as the personal services
and management contracts safe harbor
at paragraph 1001.952(d), to protect that
aspect of the arrangement. To be
protected under paragraph 1001.952(ee),
the remaining remuneration for which
fair market value has not been paid
would need to meet the predominant
use condition and all other safe harbor
conditions.
We note that if the collecting,
tracking, and analyzing data for the
outcomes measures for the target patient
population results in the VBE
participant observing something that
prompts a change to how it delivers care
for all patients, not just the target
patient population, this additional use
would constitute an incidental benefit
to persons outside the target patient
population; such incidental benefit
would not be a disqualifying feature of
the remuneration under this provision
in paragraph 1001.952(ee).
If a multi-function device is being
furnished by a VBE participant directly
to a patient, then the VBE participant
would look to the patient engagement
and support safe harbor, at paragraph
1001.952(hh), for protection, not the
care coordination arrangements safe
harbor. As explained above, the care
coordination arrangements safe harbor
does not protect remuneration—
including a free or discounted device—
flowing from VBE participants to
patients. Note that, among other
requirements, the patient engagement
and support safe harbor requires that the
remuneration has a direct connection to
the coordination and management of
care of the target patient population.
With respect to the Beneficiary
Inducements CMP, we note that
remuneration that is protected under a
PO 00000
Frm 00055
Fmt 4701
Sfmt 4700
77737
safe harbor to the Federal anti-kickback
statute is not considered remuneration
for purposes of the Beneficiary
Inducements CMP.
Comment: Some commenters argued
that this proposed limitation on the
exchange of remuneration—in
particular, the requirement that the
remuneration be used to engage in
value-based activities directly
connected to the coordination and
management of care of the target patient
population—is unduly restrictive.
Commenters stated that this condition
should not be limited to the first of the
four value-based purposes (the
coordination and management of care
for the target patient population) and
should be expanded to permit a direct
connection to any of the value-based
purposes. Commenters further asserted
that expanding this condition to require
a direct connection to any value-based
purpose would reduce regulatory
burden, foster innovation, and facilitate
alignment with CMS’s value-based
exceptions to the physician self-referral
law.
Response: The care coordination
arrangements safe harbor does not
preclude a value-based arrangement
from furthering other value-based
purposes; however, the safe harbor does
require that the remuneration
exchanged be used predominantly to
engage in value-based activities that are
directly connected to the coordination
and management of care for the target
patient population. By requiring that
each party to a value-based arrangement
under the care coordination
arrangements safe harbor include the
coordination and management of care
for the target patient population as at
least one of the value-based purposes,
we seek to distinguish between referral
arrangements, which would not be
protected, and legitimate care
coordination arrangements, which
naturally involve referrals across
provider settings but include beneficial
activities beyond the mere referral of a
patient or ordering of an item or service.
Comment: Some commenters
supported using alternative language to
the direct connection standard, such as
‘‘reasonably related and directly tied’’ or
‘‘directly connected or reasonably
related.’’ Many of these commenters
asserted that alternative language would
better convey the close nexus between
this safe harbor and the coordination
and management of care of a target
patient population. Other commenters
advocated for other changes to the
standard, e.g., replacing ‘‘directly
connected’’ with only ‘‘connected.’’
Response: We are finalizing the
standard, proposed at paragraph
E:\FR\FM\02DER3.SGM
02DER3
77738
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
1001.952(ee)(1), now codified at
paragraph 1001.952(ee)(1)(ii) requiring
that remuneration be used
predominately to engage in value-based
activities that are directly connected to
the coordination and management of
care for the target patient population.
We are not finalizing the similar
standard proposed at paragraph
1001.952(ee)(7) requiring that the valuebased arrangement is directly connected
to the coordination and management
care of the target patient population,
because doing so would introduce
unnecessary duplication to the safe
harbor. We believe the direct connection
standard we are finalizing appropriately
captures the relationship we are
requiring (i.e., a close nexus) between
the value-based activities (for which
protected remuneration must be used
predominantly to engage in) and the
coordination and management of care
for the target patient population.
Comment: A commenter sought
clarification as to whether remuneration
tied to either receiving referrals or being
included in a preferred provider
network would be a value-based activity
directly connected to the coordination
and management of care.
Response: As stated elsewhere in this
final rule, the making of a referral,
standing alone, is not a value-based
activity. Accordingly, neither the
exchange nor use of remuneration tied
solely to receiving patient referrals or
being included in a preferred provider
network would be a value-based
activity, let alone one that is directly
connected to the coordination and
management of care. Were such conduct
combined with other value-based
activities, the ‘‘direct connection’’
standard could be met, depending on
the facts and circumstances.
iii. No Furnishing of Medically
Unnecessary Items or Services or
Reduction in Medically Necessary Items
or Services
Summary of OIG Proposed Rule: We
proposed at paragraph
1001.952(ee)(4)(iii) to require that the
remuneration exchanged not induce
VBE participants to furnish medically
unnecessary items or services or reduce
or limit medically necessary items or
services furnished to any patient.
Summary of Final Rule: We are
finalizing, with modification, this
condition at paragraph
1001.952(ee)(7)(iii). The modification
provides that the value-based
arrangement (rather than merely the
remuneration) cannot induce the parties
to furnish medically unnecessary items
or services or reduce or limit medically
necessary items or services.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Comment: Commenters universally
supported this safeguard. A commenter
separately encouraged OIG to develop
clear guidelines to enforce this
provision that do not unduly hinder the
provision of health care or second-guess
physicians’ medical decision-making.
Response: We are finalizing this
proposed protection for patient care and
Federal program expenditures, with
additional modifications to fully
effectuate our intent. As stated in the
OIG Proposed Rule, remuneration that
induces a provider to order or furnish
medically unnecessary care is
inherently suspect. We likewise stated
that a reduction in medically necessary
services would be contrary to the goals
of this rulemaking and could, in certain
instances, be a violation of the CMP law
provision relating to gainsharing
arrangements.38 We do not intend to
protect arrangements that do either.
Upon further consideration, we have
determined that our choice of language
for the regulatory text too narrowly
focused on the remuneration in the care
coordination arrangement and did not
capture the full range of ways through
which ill-intentioned parties might seek
to use a value-based arrangement to
induce medically unnecessary care or
limit medically necessary care.
Accordingly, to better reflect our intent,
the final regulation text prohibits the
value-based arrangement from inducing
parties to order or furnish medically
unnecessary items or services or reduce
or limit medically necessary items or
services furnished to any patient.
In response to the commenter’s
concern that this safeguard not unduly
hinder physicians’ medical judgment,
this condition is not intended to
interfere with medical decision-making;
rather, it is intended to support
decision-making in the best interests of
patients without inappropriate financial
influence. This requirement is a
hallmark safeguard against fraudulent
and abusive practices that could lead to
inappropriate utilization, inappropriate
steering of patients, or stinting on care.
We note that a separate condition of the
safe harbor prohibits potential
limitations on VBE participant’s ability
to make decisions in the best interests
of the target patient population.
iv. Remuneration From Individuals or
Entities Outside the Applicable VBE
Summary of OIG Proposed Rule: We
proposed at 1001.952(ee)(4)(iv) that the
remuneration exchanged could not be
funded by, or otherwise result from the
contributions of, any individual or
entity outside of the applicable VBE. We
38 Section
PO 00000
1128A(b) of the Act.
Frm 00056
Fmt 4701
Sfmt 4700
stated that we were considering a
requirement that remuneration be
provided directly from the offeror to the
recipient.
Summary of Final Rule: We are not
finalizing the proposed funding
limitation or a requirement that
remuneration be provided directly from
the offeror to the recipient.
Comment: A few commenters
supported the requirement prohibiting
remuneration from individuals or
entities outside the applicable VBE.
Other commenters asked for exceptions
to the requirement, such as exceptions
for remuneration that would benefit the
VBE’s patients and where the donating
third-party would have no direction or
control over how the remuneration
could be used. Other commenters
opposed the requirement, stating that it
would prevent VBE participants from
deriving remuneration from a wide
variety of appropriate outside funding
sources, such as payors. Another
commenter raised concerns that a VBE
participant could lose safe harbor
protection unfairly if it receives
remuneration from another VBE
participant that was funded by another
party without recipient of the
renumeration knowing that source of
funding. We also received comments on
OIG’s consideration of whether to
require that remuneration be provided
directly from the offeror to the recipient,
with such commenters stating that such
a requirement would create unnecessary
practical impediments.
Response: We are not finalizing the
proposed requirement prohibiting
parties to a value-based arrangement
from exchanging any remuneration
funded by, or otherwise resulting from
the contributions of, an individual or
entity outside of the applicable VBE.
The purpose of these proposals was to
ensure that protected arrangements
would be closely related to the VBE,
that VBE participants would be
committed to the VBE and striving to
achieve the coordination and
management of care for the target
patient population, and that non-VBE
participants could not indirectly use the
safe harbor to protect arrangements that
are designed to influence the referrals or
decision-making of VBE participants.
On balance, we do not believe the
proposed conditions would add
appreciably to the program integrity
protection offered by the combination of
safeguards we are including in the final
safe harbor, which address these same
concerns. We seek to minimize practical
impediments to use of the safe harbor by
avoiding conditions we do not believe
are needed. However, we emphasize
that remuneration exchanged outside of
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
a value-based arrangement would not be
protected by any of the value-based safe
harbors.
We also are not finalizing the
requirement considered in preamble to
the OIG Proposed Rule that
remuneration be provided directly from
the offeror to the recipient. As explained
in the OIG Proposed Rule, this
requirement would have prohibited the
involvement of individuals and entities
other than the VBE or a VBE participant
in the exchange of remuneration under
a value-based arrangement, including,
potentially third-party vendors and
contractors. We agree with commenters
asserting that this requirement could
create unnecessary practical
impediments that would be outweighed
by any potential benefit of such a
condition.
f. Taking Into Account the Volume or
Value of, or Conditioning Remuneration
on, Business or Patients Not Covered
Under the Value-Based Arrangement
Summary of OIG Proposed Rule: We
proposed in proposed paragraph
1001.952(ee)(5) to prohibit the offeror of
the remuneration from taking into
account the volume or value of, or
conditioning an offer of remuneration
on: (i) Referrals of patients that are not
part of the value-based arrangement’s
target patient population; or (ii)
business not covered under the valuebased arrangement.
Summary of Final Rule: We are
finalizing, without modification, the
requirement in paragraph
1001.952(ee)(5).
Comment: While some commenters
supported our proposal, asserting that
the requirement appropriately
differentiates between actual care
coordination arrangements and
improper pay-for-referral schemes, a few
commenters did not support the
requirement for various reasons. A
commenter expressed concern that this
requirement will be difficult to
administer if recipients of remuneration
have any business arrangements outside
the VBE and posited that adequate
remedies exist under current law to
address the type of sham or abusive
arrangements this provision intends to
preclude from safe harbor protection,
although the commenter did not
identify any specific remedies. Another
commenter asserted that this
requirement should be removed to align
physician incentives with the delivery
of value-based care.
Conversely, a commenter opposed the
proposed standard on the basis that it is
too narrow and encouraged us to
prohibit parties from taking into account
the volume or value of referrals within
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
the target patient population and to also
prohibit exclusivity or minimumpurchase requirements in value-based
arrangements. The commenter
advocated for a modified condition that
would restrict any remuneration that
depends on or is calculated based on the
volume or value of any Federal health
care referrals, whether inside or outside
the target patient population.
Response: We are finalizing this
condition, as proposed. For purposes of
the safe harbor, value-based care,
including coordinated care, may take
into account the volume of patients in
the target patient population or value of
referrals or other business generated
between the parties resulting from
referrals of the target patient population
(e.g., an offeror may base the number of
hours it provides care coordination
services to the recipient on the volume
of patients in the target patient
population). A complete prohibition on
remuneration that takes into account the
volume or value of referrals could
operate as an actual or perceived barrier
to safe harbor protection for the kinds of
innovative care coordination
arrangements that are the goal of this
rulemaking. We are finalizing the
limitation with respect to referrals of
patients and business generated outside
the target patient population under the
value-based arrangement as an
important safeguard to protect against
remuneration offered under the guise of
a value-based arrangement that is
intended to induce the recipient’s
referrals of patients or business not
covered under the value-based
arrangement.
g. Contribution Requirement
Summary of OIG Proposed Rule: We
proposed in paragraph 1001.952(ee)(6)
to condition safe harbor protection on
the recipient’s payment of at least 15
percent of the offeror’s cost for the inkind remuneration (i.e., a 15 percent
contribution requirement). We also
proposed at paragraph 1001.952(ee)(6)
that the recipient make such a
contribution in advance of receiving the
in-kind remuneration, if a one-time cost,
or at reasonable, regular intervals if an
ongoing cost.
Summary of Final Rule: We are
finalizing, with modification, the
contribution requirement in paragraph
1001.952(ee)(6). Based on comments, we
are revising the contribution
requirement methodology to require
recipients to pay at least 15 percent of
either the offeror’s cost of the
remuneration, as determined using any
reasonable accounting methodology, or
the fair market value of the
remuneration. We are finalizing, with
PO 00000
Frm 00057
Fmt 4701
Sfmt 4700
77739
only a minor technical modification to
address syntax, our proposal that, if the
remuneration is a one-time cost, the
recipient must make the contribution in
advance of receiving the in-kind
remuneration; if the remuneration is an
ongoing cost, the recipient must make
any contributions at reasonable, regular
intervals.
Comment: Many commenters
expressed support for the proposed 15
percent contribution requirement or
otherwise acknowledged that some level
of contribution likely would be an
appropriate safeguard to hold VBE
participants accountable, promote
engagement, and lower the risk that
unnecessary or improper remuneration
would be furnished pursuant to a valuebased arrangement. The majority of
commenters opposed any contribution
requirement, with several asserting that
such a requirement would be
administratively burdensome; would
necessitate onerous documentation and
analysis, e.g., documenting and tracking
the exchange of remuneration, in
addition to undertaking an analysis as to
whether the items or services exchanged
constitute remuneration in the first
place; and would discourage parties
from entering into beneficial valuebased arrangements.
Response: We are retaining a 15
percent contribution requirement for
purposes of the care coordination
arrangements safe harbor. We proposed
the contribution requirement to: (i)
Increase the likelihood that the recipient
would use the care coordination item(s)
and service(s); (ii) ensure that the
remuneration would be well-tailored to
the recipient; and (iii) promote the
recipient’s vested interest in achieving
the intended purpose of the value-based
arrangement, namely, furthering the
coordination and management of care of
the target patient population.
We are not persuaded that the
contribution requirement would be
overly burdensome or chill participation
in value-based arrangements. While
there may be some administrative
burden associated with a contribution
requirement, on balance we believe this
requirement is important to mitigate
what OIG identified in the OIG
Proposed Rule as traditional fraud and
abuse risks, e.g., inappropriately
increased costs to the Federal health
care programs or patients, corruption of
practitioners’ medical judgment,
overutilization, and inappropriate
patient steering.
Comment: Many commenters
supported a lower contribution amount
(or no contribution amount) for
arrangements involving certain
providers with financial constraints.
E:\FR\FM\02DER3.SGM
02DER3
77740
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
These commenters generally asserted
that, absent an exemption from, or
significant reduction in the amount of,
the contribution requirement, many
providers would not be able to afford to
participate in value-based arrangements.
Commenters had varying suggestions for
who should qualify as a provider with
financial constraints, including, for
example, essential hospitals, critical
access hospitals, Indian health care
providers, not-for-profit social services
organizations, free and charitable
clinics, small and rural practices, and
practices serving medically underserved
areas. Some commenters offered
potential definitions while others
favored existing definitions, such as
those promulgated by the U.S. Small
Business Administration, CMS, and the
Health Resources and Services
Administration.
Response: Having considered the
comments and the goals of this
rulemaking, we are not reducing or
eliminating the contribution amount for
arrangements involving certain
providers with financial constraints.
While we remain sensitive to the
limited resources of many types of
potential VBE participants, including
those cited by commenters, we believe
that the contribution requirement serves
as an important guardrail to prevent
fraud and abuse under the guise of a
value-based arrangement and an
incentive for parties to develop
arrangements that are both effective in
coordinating and managing care and
economically prudent. We believe the
contribution requirement will help
ensure that parties are serious about
collaborating to achieve the purpose of
coordinating and managing patient care
and will deliberately design care
coordination arrangements most likely
to be effective at achieving quality and
efficiency aims in an economically
prudent manner. In addition, we decline
to make exceptions to the 15 percent
contribution requirement for categories
of VBE participants (e.g., small and rural
practices) for several reasons. First,
some designations can change over time
(for example, a physician practice may
qualify as a small practice at some
points in time but not at others,
depending on staffing changes), which
could create confusion about the
implementation of the contribution
requirement when such a change
occurs. Second, the same types of fraud
and abuse risks associated with
potentially valuable in-kind
remuneration from a referral source
apply equally to both larger or urban
recipients, for example, and the types of
recipients that requested an exemption
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
from the 15 percent contribution
requirement or a lower contribution
percentage, such as small or rural
providers. OIG’s enforcement
experience demonstrates that fraud is
perpetrated by both small and large
entities and happens across all
geographic areas. Third, the 15 percent
contribution requirement is based on
the electronic health records items and
services safe harbor at paragraph
1001.952(y)(11), which does not
differentiate among recipients. Finally,
in the context of the flexibilities of the
overall safe harbor, the advantages from
a compliance perspective of a single
bright line standard outweigh the
potential benefits of variable standards
based on geographic location or other
characteristics. Moreover, we have no
basis for determining different amounts
for different parties. Should the 15
percent contribution requirement pose a
barrier to use of the safe harbor, parties
are reminded that failure to fit in a safe
harbor does not mean that an
arrangement is necessarily unlawful and
that OIG’s advisory opinion process is
also available.
Comment: At least one commenter
suggested that the safe harbor except
certain forms of in-kind remuneration
(e.g., remuneration that consists of
cybersecurity technology and related
services and IT-related updates,
upgrades, and patches) from the
contribution requirement.
Response: We decline to include any
exceptions to the contribution
requirement under the care coordination
arrangements safe harbor because we
believe that, in the context of this safe
harbor, this requirement is important to
mitigate traditional fraud and abuse
risks and ensure that parties enter into
arrangements that serve value-based
purposes. However, we remind parties
seeking safe harbor protection for the
exchange of cybersecurity technology
and related services that the
cybersecurity technology and related
services safe harbor, paragraph
1001.952(jj), is available to protect the
exchange of cybersecurity items and
services, provided all safe harbor
requirements are met, and note that
such safe harbor does not include a
contribution requirement.
Comment: Commenters generally
opposed the proposal that the
contribution requirement be calculated
based upon the offeror’s cost. For
example, a commenter asserted that an
offeror’s cost may be difficult to
determine where the offeror has
substantial development costs but small
marginal costs for each individual
recipient or user. Another commenter
posited that this standard would
PO 00000
Frm 00058
Fmt 4701
Sfmt 4700
provide insufficient flexibility because
the benefit of the remuneration
exchanged may be realized by one party
more than the other, for example, where
the remuneration exchanged between
two or more parties primarily benefits
the offeror versus the recipient.
Commenters suggested various
methodologies to calculate the
contribution requirement, including: (i)
The offeror’s cost or fair market value;
(ii) the offeror’s cost or a price charged
by the offeror to purchasers outside of
the VBE; (iii) any reasonable accounting
methodology; and (iv) an amount based
on the price for that product or service
(or a reasonably comparable product or
service if it is new to the market)
typically charged by the offeror to
reasonably comparable customers
outside VBEs. Another commenter
recommended we define ‘‘offeror’s
cost,’’ whereas another commenter
expressed concern that the standard
would be difficult to implement because
items or services that benefit patients
could have little or no quantifiable
independent value to the VBE recipient.
A commenter asserted that calculating
cost may be difficult when tools and
software are developed internally by the
developer or manufacturer and made
available by a VBE participant or
acquired as part of a bundled sale under
the discount safe harbor. A commenter
also stated that there may be substantial
development costs but only marginal
costs for each individual recipient and
that costs could be subject to proprietary
and confidentiality obligations.
Response: In the OIG Proposed Rule,
in addition to our proposal that the
contribution requirement be calculated
based upon the offeror’s cost, we stated
we were considering two other
methodologies for determining the 15
percent requirement: Fair market value
of the remuneration to the recipient or
the reasonable value of the
remuneration to the recipient. To afford
parties additional flexibility, we are
revising the contribution requirement
methodology in this final rule to require
recipients to pay at least 15 percent of
either: (i) The offeror’s cost of the
remuneration, as determined using any
reasonable accounting methodology; or
(ii) the fair market value of the
remuneration. As indicated in the OIG
Proposed Rule, we are not requiring that
parties obtain an independent fair
market valuation. We selected fair
market value rather than reasonable
value because fair market value is a
more specific standard, a widely used
term in valuation, and common to many
existing safe harbors such that many
stakeholders and the government have
experience with it. We are finalizing the
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
requirement as ‘‘fair market value’’
instead of ‘‘fair market value of the
remuneration to the recipient’’ because
we believe the inclusion of ‘‘to the
recipient’’ could confuse generally
accepted valuation methodologies due
to its focus on only one party. We
expect that parties to a value-based
arrangement seeking protection under
this safe harbor would use generally
accepted valuation methodologies and
principles in any determination of ‘‘fair
market value’’ in relation to the
contribution requirement, which could
incorporate factors related to the
recipient.
To provide parties flexibility we are
not specifically defining ‘‘offeror’s cost’’
or requiring a specific methodology for
determining fair market value. To the
extent costs are proprietary or
confidential, depending on the
circumstances, parties could meet this
condition through the use of contractual
provisions in their value-based
arrangements to protect information
from further disclosure or rely on the
fair market value option to determine
the 15 percent contribution
requirement.
We are finalizing our proposal that, if
the remuneration is deemed by the
parties to be a one-time cost, e.g., a onetime purchase of telehealth-related
technology, the recipient must make the
contribution in advance of receiving the
in-kind remuneration; to the extent the
remuneration is deemed by the parties
to be an ongoing cost, e.g., a
subscription service to a data analytics
tool, the recipient must make any
contributions at reasonable, regular
intervals, with the frequency of such
payments documented in writing. We
note that parties have the flexibility to
structure the recipient’s contribution
payment as either a one-time or ongoing
payment, depending upon the facts and
circumstances of the arrangement and
the parties’ preference.
Comment: We received several
comments advocating for or against the
adoption of alternative proposals noted
in the OIG Proposed Rule. For example,
many commenters favored an acrossthe-board reduction in the contribution
requirement from 15 percent to 5
percent. Other commenters backed an
exemption to, or a significant reduction
in, the contribution requirement for
certain categories of remuneration, such
as technology and technology-related
items, although at least one commenter
opposed this approach due to
administrative burden concerns.
Another commenter urged OIG to
calibrate the contribution based on the
financial need of the target patient
population.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Response: We are retaining the 15
percent contribution requirement, as
proposed, with the aforementioned
methodology modifications. We believe
that a contribution requirement lower
than 15 percent would not achieve a
sufficient level of accountability and
engagement of the recipient. Moreover,
we decline to vary the contribution
requirement based upon the type of
remuneration at issue or the
arrangement’s target patient population;
such variation would introduce
unnecessary operational complexity.
Comment: A commenter
recommended that OIG take into
account nonmonetary contributions
from the recipient to the offeror for
purposes of calculating the contribution
requirement.
Response: To meet this safe harbor’s
contribution requirement, a recipient
must pay at least 15 percent of the
offeror’s cost of the remuneration (as
determined using any reasonable
accounting methodology) or at least 15
percent of the fair market value of the
remuneration. Parties to a care
coordination arrangement where any
nonmonetary contributions flow in both
directions—from the offeror to the
recipient and the recipient to the
offeror—would need to assess any
potential Federal anti-kickback statute
implications for both streams of
contributions. To the extent that both
streams of contributions constitute
remuneration, implicate the Federal
anti-kickback statute, and the parties
seek protection under the care
coordination arrangements safe harbor,
the parties must satisfy the contribution
requirement for each stream of
remuneration. There may be
circumstances under which the parties
could appropriately offset payments
made to satisfy the contribution
requirement for each stream, but any
such assessment would be fact specific.
For example, it would be appropriate for
parties to offset payment amounts to
satisfy the contribution requirement for
separate streams of remuneration to
reduce administrative burden, provided
each stream of remuneration complied
with the Federal anti-kickback statute.
In contrast, it would be inappropriate
for parties to offset payment amounts in
an attempt to reduce a party’s
contribution requirement below 15
percent and any associated arrangement
would not be protected by this safe
harbor.
Comment: A commenter
recommended that, for purposes of
applying the 15 percent contribution
requirement in the care coordination
arrangements safe harbor, OIG recognize
a VBE’s good faith allocation of the in-
PO 00000
Frm 00059
Fmt 4701
Sfmt 4700
77741
kind remuneration across various
arrangements. The commenter
identified a number of manners in
which it believed a reasonable
allocation could be made (e.g., patient
needs associated with a particular
arrangement, such as a chronic care
program), and noted that in some cases,
a reasonable allocation might be a per
capita allocation of in-kind
remuneration across all VBE
participants.
Response: First, for the purposes of
our response, we assume that the
commenter means that the in-kind
remuneration provided by the VBE or
VBE participant to other VBE
participants would be shared by various
VBE participants to a value-based
arrangement, or various value-based
arrangements, under the same VBE (e.g.,
a shared care coordinator or shared
information technology system). To the
extent that VBE participants to a valuebased arrangement or various valuebased arrangements are sharing in-kind
remuneration provided by the VBE or
another VBE participant, it would be
reasonable—under both methodologies
that parties can use to determine the
contribution requirement—to
reasonably and in good faith allocate the
‘‘offeror’s cost for the in-kind
remuneration’’ or the ‘‘fair market
value’’ of the shared resources between
the various VBE participants sharing in
the resources.
As stated above, we would expect that
parties to a value-based arrangement
seeking protection under this safe
harbor would use reasonable accounting
methodologies and generally accepted
valuation methodologies and principles
in determining any appropriate
allocation of the shared resources for the
purposes of determining the ‘‘offeror’s
cost for the in-kind remuneration’’ or
the ‘‘fair market value’’ in relation to the
contribution requirement. We
acknowledge that reasonable accounting
methodologies and commonly accepted
valuation principles would allow for
consideration of the shared nature of the
in-kind remuneration. We further
highlight that we would not expect that
any aggregate contribution amounts—
from VBE participants sharing in any inkind remuneration—result in a windfall
to the offeror.
Comment: Some commenters
expressed concern that a contribution
requirement would upend the existing
regulatory framework that parties rely
on to assess whether an item or service
constitutes remuneration. For example,
a dialysis provider stated that a
contribution requirement may
unintentionally create a presumption
that many care coordination activities
E:\FR\FM\02DER3.SGM
02DER3
77742
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
that do not constitute remuneration for
purposes of the Federal anti-kickback
statute are, in fact, remuneration with a
specific value. The same commenter
illustrated its concern by explaining that
multiple Medicare conditions for
coverage require dialysis facilities to
coordinate dialysis patients’ care with
other providers, including physicians
and nursing homes. The dialysis
provider requested that OIG confirm
that the following does not constitute
remuneration: (i) The provider performs
care coordination services because they
are required to do so by Medicare or
other payors’ rules, other law, or to meet
the clinical standard of care, and (ii) the
care coordination services provided do
not relieve another party of an
obligation assigned to it by Medicare or
other payors’ rules or other law.
Response: The contribution
requirement does not change the current
regulatory framework for assessing
whether an item or service exchanged
between two or more parties constitutes
remuneration under either the Federal
anti-kickback statute or the Beneficiary
Inducements CMP. As we have stated in
prior OIG guidance on this issue, we
view ‘‘remuneration’’ under the Federal
anti-kickback statute to consist of
anything of value in any form or manner
whatsoever.39 With respect to the
request for guidance as to whether (i)
care coordination services performed by
a provider because they are required to
do so by Medicare or other payors’
rules, other law, or to meet the clinical
standard of care, and (ii) care
coordination services that do not relieve
another party of an obligation assigned
to it by Medicare or other payors’ rules
or other law, such services could
constitute remuneration under the
Federal anti-kickback statute. However,
we remind readers that even if care
coordination services constitute
remuneration, the Federal anti-kickback
statute is not necessarily implicated. For
example, the Federal anti-kickback
statute generally is not implicated for
financial arrangements limited solely to
patients who are not Federal health care
program beneficiaries. Further,
depending on the facts and
circumstances (including the intent of
39 See,
e.g., OIG, Special Fraud Alert, 59 FR
65372, 65377 (Dec. 19, 1994), available at https://
oig.hhs.gov/fraud/docs/alertsandbulletins/
121994.html; OIG, Medicare and State Health Care
Programs: Fraud and Abuse; OIG Anti-Kickback
Provisions, 56 FR 35952, 35978 (July 29, 1991),
available at https://oig.hhs.gov/fraud/docs/
safeharborregulations/freecomputers.htm. See also
OIG advisory opinions generally, e.g., OIG Adv. Op.
No. 20–02, where OIG states, ‘‘For purposes of the
anti-kickback statute, ‘remuneration’ includes the
transfer of anything of value, directly or indirectly,
overtly or covertly, in cash or in kind.’’
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
the parties), the provision of care
coordination services may implicate the
Federal anti-kickback statute but not
violate it.
Comment: Some commenters asserted
that the proposed 15 percent
contribution requirement is arbitrary or
that there is no evidence a contribution
requirement would mitigate fraud and
abuse concerns. Other commenters
suggested that the contribution
requirement is duplicative of existing
safeguards included in the care
coordination arrangements safe harbor,
e.g., the requirement that remuneration
must be used primarily to engage in
value-based activities that are directly
connected to the coordination and
management of care of the target patient
population.
Response: We disagree with the
commenters. We believe the
contribution requirement will promote
accountability, fiscal responsibility, and
greater engagement by the recipient. We
note that contribution requirements
have been implemented in other
contexts, such as those included in the
electronic health records items and
services (EHR) safe harbor at paragraph
1001.952(y) and the Federal
Communications Commission’s Rural
Health Care Pilot Program.40 Moreover,
we do not believe the contribution
requirement is duplicative of other
safeguards. While several conditions in
the safe harbor promote accountability,
the contribution requirement provides
an objective, bright-line standard for
parties that requires recipients in valuebased arrangements to have a financial
stake in the arrangement and encourages
a tangible commitment to achieving the
value-based arrangement’s goals.
Comment: At least two commenters
drew attention to the parallel
contribution requirements in the care
coordination arrangements and EHR
safe harbors. For example, a commenter
highlighted the perceived inconsistency
of relying on the EHR safe harbor to
justify our contribution requirement on
the one hand and indicating that we
were considering revisiting or
eliminating the contribution
requirement in the EHR safe harbor on
40 See, e.g., Federal Communication Commission,
Rural Health Care Pilot Program FAQs, available at
https://www.fcc.gov/general/rural-health-care-pilotprogram#faqs (requiring eligible recipients to fund
15 percent of the cost of infrastructure design and
construction of broadband networks for health care
purposes, in recognition that a contribution
requirement will ‘‘incentiviz[e] participants to
choose the most cost-effective services and
equipment and refrain from purchasing a higher
level of service or equipment than needed’’) (as
cited to by the Federal Communication
Commission, Promoting Telehealth for Low-Income
Consumers, 84 FR 36865, 36869 (July 30, 2019)).
PO 00000
Frm 00060
Fmt 4701
Sfmt 4700
the other. Another commenter sought to
distinguish the care coordination
arrangements safe harbor from the EHR
safe harbor by stating that a contribution
requirement may be appropriate in the
EHR safe harbor because the EHR safe
harbor has less stringent standards, but
a contribution requirement is not
warranted in the care coordination
arrangements safe harbor. The
commenter further asserted that the
EHR safe harbor protects items and
services that have clear independent
value to the recipient, while items and
services exchanged pursuant to valuebased arrangements may not always
have such independent value.
Response: In the OIG Proposed Rule,
we considered removing the
contribution requirement in the EHR
safe harbor, but as discussed
subsequently in this final rule, we are
retaining the EHR safe harbor’s
contribution requirement. Accordingly,
both the care coordination arrangements
safe harbor and the EHR safe harbor, as
finalized, include a 15 percent
contribution requirement. We disagree
that the EHR safe harbor has less
stringent standards. The care
coordination arrangements and EHR
safe harbors have distinct requirements
tailored to the type of remuneration that
may be protected by the respective safe
harbor. With respect to the commenter’s
suggestion that items and services
exchanged pursuant to the care
coordination arrangements safe harbor
may not always have independent value
to the recipient (in contrast to the EHR
safe harbor), we note that any such
determination would be fact specific.
Moreover, the contribution requirement
does not change any assessment of
whether an item or service exchanged
between two or more parties constitutes
remuneration under the Federal antikickback statute. We remind
stakeholders that to implicate the
Federal anti-kickback statute, there must
be ‘‘remuneration’’ offered, paid,
solicited, or received in the transaction
or arrangement at issue. If the Federal
anti-kickback statute is not implicated
by a transaction or arrangement, then
safe harbor protection is not necessary.
Consequently, we would expect
arrangements that qualify under the care
coordination arrangements safe harbor
to involve remuneration exchanged
between the parties.
h. Direct Connection to the
Coordination and Management of Care
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ee)(7)(i)
that a value-based arrangement must
have a direct connection to the
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
coordination and management of care
for the target patient population.
Summary of Final Rule: We are not
finalizing the condition at proposed
paragraph 1001.952(ee)(7)(i) because it
would substantially duplicate the
condition at paragraph
1001.952(ee)(1)(ii), which requires the
remuneration to be used predominantly
to engage in value-based activities that
are directly connected to the
coordination and management of care.
Comment: Commenters generally did
not support the condition proposed at
paragraph 1001.952(ee)(7)(i), albeit for
varying reasons. Some took issue with
the fact that the condition did not afford
parties the flexibility to select any one
of the value-based purposes available to
VBEs, and rather tied parties to the
value-based purpose relating to the
coordination and management of care.
Some commenters argued that this
condition was not necessary in light of
other safeguards included in the care
coordination arrangements safe harbor.
Response: We are not finalizing the
condition proposed at paragraph
1001.952(ee)(7)(i) because it would
substantially duplicate the condition we
are finalizing at paragraph
1001.952(ee)(1)(ii). With respect to the
commenters that argued that the
proposed condition did not afford
parties the flexibility to select any one
of the value-based purposes available to
VBEs, and rather tied parties to the
value-based purpose relating to the
coordination and management of care,
we refer commenters to the discussion
of the condition we finalize at paragraph
1001.952(ee)(1)(ii), in section III.B.3.e.ii.
of the preamble. There we explain, in
part, that the care coordination
arrangements safe harbor’s conditions
do not preclude a value-based
arrangement from furthering other
value-based purposes; however, the safe
harbor does require that the
remuneration exchanged be used
predominantly to engage in value-based
activities that are directly connected to
the coordination and management of
care for the target patient population.
i. Preserving Clinical Decision-Making
Summary of OIG Proposed Rule: In
proposed paragraph 1001.952(ee)(7)(ii),
we proposed that the value-based
arrangement must not limit parties’
ability to make decisions in the best
interests of their patients.
We also proposed in proposed
paragraph 1001.952(ee)(7)(iii) that
value-based arrangements cannot direct
or restrict referrals if: (i) A patient
expresses a preference for a different
practitioner, provider, or supplier; (ii)
the patient’s payor determines the
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
provider, practitioner, or supplier; or
(iii) such direction or restriction is
contrary to applicable law or regulations
under titles XVIII and XIX of the Act.
Summary of Final Rule: We are
finalizing, with modification, the
proposed condition that the value-based
arrangement must not limit the VBE
participant’s ability to make decisions
in the best interests of its patients and
relocating it to paragraph
1001.952(ee)(7)(i). We are making a
technical correction to change ‘‘their
patients’’ to ‘‘its patients.’’ In paragraph
1001.952(ee)(7)(ii), we are finalizing the
condition related to directing or
restricting referrals with one
clarification. We are deleting ‘‘or
regulations’’ because ‘‘regulations’’ is
already captured by the term
‘‘applicable law’’ in the final regulation.
Thus, a value-based arrangement cannot
direct or restrict referrals if such
direction or restriction is contrary to
applicable law under titles XVIII and
XIX of the Act.
Comment: Commenters were very
supportive of prohibiting any limitation
on VBE participants’ ability to make
decisions in the best interests of their
patients and limiting how the valuebased arrangement can direct or restrict
referrals to a particular provider,
practitioner, or supplier. Many
commenters asserted that these
standards will protect patient choice
and ensure the independence of medical
or professional judgment.
Response: We agree with the
commenters, and we are finalizing these
two requirements—a prohibition on any
limitation of VBE participants’ ability to
make decisions in the best interests of
their patients, and limiting the
circumstances in which parties to a
value-based arrangement may direct or
restrict referrals—to support patient
choice and independent medical and
professional judgment. Based on these
conditions, remuneration exchanged as
part of arrangements that unduly restrict
patient choice or the independence of
medical or professional judgment
through inappropriate direction or
restriction of referrals will not be
protected. This requirement aims to
ensure that VBEs and VBE participants
that are parties to a value-based
arrangement maintain their
independent, medical, or other
professional judgment without undue
restriction. This condition is not
intended to bar VBEs or VBE
participants from communicating the
benefits of receiving care from other
VBE participants in the VBE.
Comment: Several commenters urged
the OIG to adopt more robust safeguards
to protect patient choice and ensure the
PO 00000
Frm 00061
Fmt 4701
Sfmt 4700
77743
independence of medical or
professional judgment. A commenter
recommended that health care
professionals be given the ability to
override any (i) practice guideline or
standard; (ii) electronic health record
technology; (iii) clinical-decision
support software; (iv) computerized
order entry program; or (v) policies that
may be imposed or implemented by a
VBE or payor if such an override is, in
the professional judgment of the health
care professional, consistent with their
determination of medical necessity and
appropriateness or nursing assessment,
in the best interests of the individual
patient, and consistent with the
patient’s wishes.
Another commenter asserted that the
OIG Proposed Rule appears to give a
provider the authority to direct a referral
unless the patient otherwise expresses
an alternative choice. The commenter
recommended that we include a
requirement that the VBE provide notice
to patients informing them that: (i) The
entity is participating in a financial riskbased program where the entity receives
financial benefits under applicable
conditions; (ii) referrals for care may be
made to a restricted list of providers and
practitioners; and (iii) the patient has
the freedom to choose any qualified
provider or practitioner and the right to
reject any referral to a particular
provider or practitioner if they have an
alternative preferred provider or
practitioner. Another commenter urged
OIG to provide consumer-tested
templates for VBEs to communicate
with patients that they retain their rights
to choose providers.
Response: With respect to the
commenter’s assertion that the OIG
Proposed Rule appears to give the
provider the authority to direct a referral
unless the patient otherwise expresses
an alternative choice, we note that the
provision we are finalizing also
prohibits the value-based arrangement
from directing or restricting referrals
where the patient’s payor determines
the provider, practitioner, or supplier,
or where the direction or restriction is
contrary to applicable law under titles
XVIII and XIX of the Act. Moreover,
nothing in this safe harbor gives
providers authority to direct referrals.
This provision describes one among
several conditions of safe harbor
protection, in this case a limitation on
what a protected value-based
arrangement can do.
With respect to the suggestion that
providers be permitted to override
various care protocols, guidelines,
policies, or technology-driven systems,
this safe harbor does not affect the
authority of providers to do so. A
E:\FR\FM\02DER3.SGM
02DER3
77744
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
provider’s obligation to comply with
care protocols, guidelines, policies, or
technology-driven systems is outside
the scope of this final rule. This safe
harbor speaks only to the conditions
under which a value-based arrangement
would receive prospective safe harbor
protection under the Federal antikickback statute. The value-based
arrangement may not limit the VBE
participant’s ability to make decisions
in the best interests of its patients. Facts
and circumstances demonstrating that
the value-based arrangement has limited
a VBE participant’s ability to make
decisions in the best interest of its
patients would disqualify the
remuneration exchanged pursuant to the
value-based arrangement from
protection under this safe harbor. In
drafting the final rule on this point, we
have been guided in part by experience
with long-established rules in the
physician self-referral law 41 and the
Medicare Shared Savings Program 42
that address preservation of patient
preferences and clinician judgment
choice in the context of directed
referrals.
While we appreciate the commenters’
suggestions regarding patient notice, we
did not propose a patient notice
requirement in the OIG Proposed Rule
for any of the three value-based safe
harbors, and we are not including a
patient notice requirement in this final
rule. Such a requirement would add
administrative burden without
appreciably adding benefits, including
protections against fraud and abuse,
given the combination of conditions we
are finalizing. Further, such notices, if
executed poorly, could confuse patients.
Parties may wish to provide
notifications, and nothing in this rule
prevents them from doing so. We are not
providing templates for
communications with patient regarding
patient choice, and defer to providers,
payors, and others to develop best
practices for notices and other relevant
communications.
Comment: A commenter urged the
OIG to preclude safe harbor protection
for any arrangement that involves
paying for referrals and to protect
against any given market player
requiring referrals only to certain
facilities. Another commenter
recommended that VBEs be prohibited
from taking any adverse action against
a patient that chooses an alternative
provider or practitioner.
Response: We share the commenter’s
concerns regarding abusive, pay-forreferral arrangements. We also recognize
41 See,
42 See,
e.g., 42 CFR 411.354(d)(4)(iv).
e.g., 42 CFR 425.305(b).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
that legitimate care coordination
arrangements may involve an exchange
of remuneration between parties that are
in a position to give or receive referrals
and that referrals may be made between
VBE participants coordinating and
managing a patient’s care through a
value-based arrangement. One of the
objectives of the care coordination
arrangements safe harbor is to identify
and define attributes of legitimate care
coordination arrangements and afford
protection only to remuneration
exchanged under such arrangements.
The requirements of this safe harbor and
the value-based terminology (e.g., valuebased purpose, value-based activity,
value-based arrangement) work together
to achieve this objective. Abusive, payfor-referral arrangements, such as an
arrangement where an individual or
entity is required to offer remuneration
to a provider in order to receive that
provider’s referrals or an arrangement
that encourages providers to steer
patients in ways that are not in the
patients’ best interests, will not be able
to meet the requirements of the safe
harbor.
With respect to the commenter’s
concern regarding a particular person or
entity requiring referrals only to certain
entities, we believe these types of
directed referral provisions may be
problematic in certain instances but also
are common features of many legitimate
care coordination arrangements. As
explained in the preceding response, the
limitations we are adopting in this final
rule reflect important safeguards to
protect patient choice and
independence of medical and
professional judgment and effectuate an
appropriate balance between the
competing concerns of protecting
legitimate care coordination
arrangements and preventing
inappropriate pay-for-referral schemes.
With respect to the recommendation
that, as a condition of safe harbor
protection, VBEs should be prohibited
from taking any adverse action against
a patient that chooses an alternative
provider or practitioner, we note that
nothing in the safe harbor limits or
directs a patient’s choice of provider or
services, including a patient’s choice to
seek care outside the VBE. As indicated
in the OIG Proposed Rule and
implemented in this final rule, it is our
intent that a patient can express a
preference for a different practitioner,
provider, or supplier and the valuebased arrangement cannot restrict or
limit that choice. Further, safe harbor
protection does not extend to any
arrangement where the value-based
arrangement directs or restricts referrals
to a particular provider, practitioner, or
PO 00000
Frm 00062
Fmt 4701
Sfmt 4700
supplier if the patient’s payor
determines the provider, practitioner, or
supplier or the direction or restriction is
contrary to applicable law under titles
XVIII and XIX of the Act.
j. Marketing of Items or Services or
Patient Recruitment Activities
Summary of OIG Proposed Rule: We
proposed in proposed paragraph
1001.952(ee)(7)(iv) that the value-based
arrangement could not include
marketing to patients of items or
services or engaging in patient
recruitment activities. We stated that we
did not intend for this limitation to
prohibit a VBE participant that is a party
to a value-based arrangement from
educating patients in the target patient
population regarding permissible valuebased activities.
Summary of Final Rule: We are
finalizing, with modifications, this
requirement at paragraph
1001.952(ee)(1)(iii). We have revised the
language of the text at paragraph
1001.952(ee)(1)(iii) to clarify that the
protected remuneration under the valuebased arrangement may not be
exchanged or used for the purpose of
marketing items or services furnished by
the VBE or a VBE participant to patients
or for patient recruitment activities.
Comment: Several commenters
strongly supported our proposal, or,
alternatively, advocated for the
imposition of additional conditions to
protect against abusive marketing
practices. However, the majority of
commenters on this topic either sought
clarification on the parameters of the
condition or opposed it altogether. A
commenter asked OIG to define
allowable educational activities and
prohibited marketing activities, and
another commenter questioned whether
a distinction between marketing and
educational activities is possible when,
according to the commenter, the line
between marketing and education is
subjective and requires an intent-based
inquiry. Another commenter suggested
that OIG prohibit marketing and patient
recruitment activities but permit efforts
to make patients aware of the
availability of items or services at times
when the patient could reasonably
benefit from such information. Other
commenters requested that OIG provide
guidance on, and specific examples of,
the distinction between marketing and
patient recruitment activities on the one
hand, and patient education activities
on the other. For example, a commenter
asked whether a program to screen
patients for fall risk and educate them
on their risks and appropriate next steps
would be considered patient education
or a marketing activity. Another
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
commenter asked whether a hospice’s
provision of free home-based palliative
care services or room and board to
patients unable to pay would constitute
marketing or patient recruitment
activities.
Numerous commenters opposed the
prohibition on patient marketing and
patient recruitment activities altogether,
asserting that the condition is too broad.
A commenter declared that marketing
activities are necessary in order to
meaningfully educate patients on their
health care options, and another
commenter claimed that a marketing
and patient recruitment prohibition
would limit a value-based enterprise’s
ability to leverage technology that might
empower patients to make informed
decisions and gain timely access to
appropriate care. This commenter
encouraged OIG to provide an exception
for marketing-based technology that is
used to achieve a defined health
outcome under a value-based
arrangement.
Response: We are finalizing a
narrower condition than the condition
proposed in the OIG Proposed Rule
because we agree with the commenters
that our proposed condition was
broader than necessary to prevent the
fraud and abuse concerns addressed by
the condition. Rather than prohibiting
all marketing and patient recruitment
activities under a value-based
arrangement, as proposed, the
requirement we are finalizing prohibits
the exchange of or use of remuneration
for the purpose of marketing items or
services provided by the VBE or VBE
participants or for patient recruitment
activities.
We use the terms ‘‘marketing’’ (e.g.,
promoting or selling something),
‘‘education’’ (e.g., informing,
instructing, or teaching), and
‘‘recruitment’’ (e.g., enlisting someone
to do something) in accordance with
their commonsense meanings. We are
not defining in regulatory text
‘‘marketing,’’ ‘‘patient recruitment
activities,’’ or ‘‘education,’’ or a similar
term (note that the regulatory text does
not use ‘‘education’’ or ‘‘educational
activities’’ but we use such terms in our
preamble explanation). We decline to
define these terms: (i) In recognition
that these terms are commonly
understood; and (ii) to avoid overly
prescriptive definitions that may chill
appropriate educational activities. In
lieu of regulatory definitions, we offer
illustrative examples below to aid
stakeholders in applying the safe harbor
provision.
As noted in the OIG Proposed Rule,
the proposed marketing and recruitment
restriction would prevent misuse of the
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
safe harbor by those seeking to use
purported value-based arrangements to
perpetuate fraud schemes through the
purchase of beneficiaries’ medical
identity or other inducements to lure
beneficiaries to obtain unnecessary care.
As stated in the OIG Proposed Rule, our
enforcement experience demonstrates
that fraud schemes often involve a
mixture of both inducements to lure
beneficiaries to obtain unnecessary care
and the use of marketing-like activities
to steal patients’ medical identities. In
particular, OIG has long-standing
concerns about marketing activities that
involve personal contact with
beneficiaries. For example, OIG has
previously explained that door-to-door
marketing, telephone solicitations,
direct mailings, and in-person sales
pitches or ‘‘informational’’ sessions can
be extremely coercive, particularly
when such activities target senior
citizens, Medicaid beneficiaries, and
other particularly vulnerable patients.43
Consequently, we believe that
remuneration used for marketing and
patient recruitment activities, regardless
of whether the activities are driven by
technology or tied to achieving a
defined health outcome, remains
suspect and requires fact-specific
scrutiny under the Federal anti-kickback
statute; therefore, we decline to provide
safe harbor protection for such
remuneration in this safe harbor.
Nevertheless, we acknowledge the
benefits of objective educational
materials to provide patients with
general health care information and
information about their health care
options. We do not consider
remuneration exchanged between
parties to a value-based arrangement to
(i) provide objective patient educational
materials or (ii) engage in objective
patient informational activities to
constitute marketing or patient
recruitment activities for purposes of
this safe harbor condition. As we
explained in the OIG Proposed Rule,
this condition would not prohibit a VBE
participant that is a party to the valuebased arrangement from educating
patients in the target patient population
about permissible value-based activities.
A determination regarding whether
remuneration is being exchanged or
used for the purposes of marketing
items or services or patient recruitment
activities or for an educational activity
requires a fact-specific analysis;
however, the following examples
illustrate how we distinguish between
marketing and patient recruitment, on
43 OIG, OIG Adv. Op. No. 08–20 (Nov. 19, 2008),
available at https://oig.hhs.gov/fraud/docs/advisory
opinions/2008/AdvOpn08-20.pdf.
PO 00000
Frm 00063
Fmt 4701
Sfmt 4700
77745
the one hand, and education on the
other. Using examples from the OIG
Proposed Rule,44 if a SNF or home
health agency placed a staff member at
a hospital to assist patients in the
discharge planning process, and in
doing so, the staff member educated
patients regarding care management
processes used by the SNF or home
health agency, this would not constitute
marketing of items and services
(provided the staff member only worked
with patients that had already selected
the SNF or home health agency and SNF
or home-health agency care was
medically appropriate for such patient).
However, if the SNF or home health
agency placed a staff member at a
hospital to perform care coordination
services and to market the SNF’s or
home health agency’s services to
hospital patients, the arrangement
would not comply with this
requirement because the remuneration
being exchanged pursuant to the
arrangement—the services offered by
the staff member—would be exchanged
for the purpose of engaging in
marketing.
As an additional example, we would
not consider actions, such as notifying
a patient of the criteria used by a VBE
participant to determine patient
eligibility for care coordination services
or informing the target patient
population of potential health benefits
that may be derived from care
coordination for a patient’s chronic
condition, to be marketing or patient
recruitment activities. This sort of
targeted education to the patient is
distinguishable from broader marketing
and recruiting campaigns designed to
sell products or services or recruit
patients.
Notably, in some circumstances, it
may not be necessary to make a
distinction between marketing and
education to determine whether an
arrangement fits in a value-based safe
harbor. If remuneration is exchanged
pursuant to an arrangement that does
not qualify as a ‘‘value-based
arrangement,’’ as defined here, it is not
eligible for safe harbor protection. For
example, an arrangement solely for a
direct-mail marketing campaign or other
advertising would need to qualify as a
value-based arrangement under the
definition at paragraph 1001.952(ee) to
be eligible to use a value-based safe
harbor. We cannot envision a
circumstance where such an
arrangement would be a ‘‘value-based
arrangement’’ as defined in this final
rule or be eligible under this safe harbor.
Should one VBE participant wish to
44 84
E:\FR\FM\02DER3.SGM
FR 55712 (Oct. 17, 2019).
02DER3
77746
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
engage in a direct-mail campaign that
markets, in part, another VBE
participant’s services and the parties
seek safe harbor protection for such
arrangement, they should look to the
personal services and management
contracts safe harbor at paragraph
1001.952(d).
In response to the commenter’s
inquiry regarding a screening program
for fall risk, it is not clear from the
commenter’s description whether the
program would be part of a coordinated
plan of care for a target patient
population to improve outcomes or a
marketing or patient recruitment
activity to attract patients to the VBE or
its participants. If the former, the
arrangement could qualify for safe
harbor protection, if all safe harbor
conditions are met. If the latter, it would
not be protected. Based on our oversight
experience, we are concerned that a fall
risk screening program could be
misused as a marketing or patient
recruitment activity if the screening
program was not part of the
coordination and management of care or
an objective educational program. There
is a risk that such a program could be
used to lure beneficiaries to obtain
unnecessary care. Whether a particular
fall risk screening program is a
marketing program, an educational
program, or a value-based arrangement
will depend on its specific facts and
circumstances.
Additionally, we note that
remuneration exchanged between
parties to a value-based arrangement
that is used to offer something of value
to patients to incentivize them to obtain
a fall screening examination from one of
the parties would not be protected by
this safe harbor. We have modified the
regulatory text to make clear that
prohibited marketing includes not only
exchanging remuneration for the
purpose of engaging in patient
recruitment activities or marketing but
also using remuneration for such
purposes. This change effectuates our
intent articulated in the preamble to the
OIG Proposed Rule to limit the risk of
the value-based arrangement being used
as a marketing or recruiting tool to
generate federally payable business for
the VBE participant.45 To illustrate how
this condition would operate, the
parties cannot exchange remuneration
for the purpose of engaging in patient
recruitment activities or marketing (e.g.,
a SNF or home health agency placed a
care coordinator at a hospital to market
the SNF’s or home health agency’s
services to hospital patients). In
addition, the parties cannot use the
45 84
FR 77712 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
remuneration for marketing or engaging
in patient recruitment activities (e.g.,
the hospital asks the care coordinator
placed by the SNF or home health
agency to send out mailings to the local
community regarding the hospital’s
services).
Regarding the question about a
hospice’s provision of free home-based
palliative care services or room and
board to patients unable to pay, such an
arrangement would not be protected by
the care coordination arrangements safe
harbor. This safe harbor is limited to
remuneration exchanged between
parties to a value-based arrangement,
i.e., between a VBE and VBE participant
or between VBE participants. It does not
encompass arrangements involving the
exchange of remuneration to patients.
Other safe harbors or exceptions to the
Beneficiary Inducements CMP may be
available to protect the provision of
such items and services to patients,
depending upon the facts and
circumstances.
We reiterate that nothing in this safe
harbor prevents VBEs or VBE
participants from marketing their
services. Indeed, arrangements need not
have safe harbor protection to be lawful,
and we observe that many legitimate
health care entities lawfully market
services without benefit of a safe harbor.
However, value-based arrangements that
include the exchange or use of
remuneration for the purpose of
marketing or patient recruitment would
not be eligible for protection under the
care coordination arrangements safe
harbor.
Comment: A commenter requested
that OIG address whether a VBE
participant that is a payor and owns a
company that provides remote
monitoring devices or has a vendor
relationship with a company that
provides such devices could suggest
certain device utilization for purposes of
improved care.
Response: The commenter describes
the recommendation or referral of a
device by a VBE participant that is a
payor and is affiliated with a company
that provides remote monitoring devices
but does not identify remuneration
provided under the value-based
arrangement. Without additional facts,
we can only respond generally to the
comment. First, we would highlight that
this safe harbor does not protect free or
reduced-priced items or services that
sellers provide either as part of a
product sale arrangement or ancillary to
a value-based arrangement. Free or
reduced-priced items and services
provided either as part of a product sale
arrangement or ancillary to a valuebased arrangement may not need safe
PO 00000
Frm 00064
Fmt 4701
Sfmt 4700
harbor protection or may be protected
by other safe harbors.
Second, nothing in the safe harbor
would prohibit a VBE participant from
using remuneration it received pursuant
to a value-based arrangement to inform
the target patient population of the
availability of care coordination
activities it provides to patients (e.g.,
patient monitoring) in a targeted,
objective, and educational manner so
long as the remuneration is not
exchanged or used for marketing or
patient recruitment activities. In this
final rule, we have clarified that the
content of the marketing the safe harbor
prohibits is the marketing of items and
services furnished by the VBE or a VBE
participant to patients.
To the extent that payors or other VBE
participants provide remuneration to
patients in the form of a free device,
such remuneration would not be
protected by this safe harbor. We note
that other safe harbors or exceptions to
the Beneficiary Inducements CMP may
be available to protect the provision of
such items and services, depending
upon the facts and circumstances.
Comment: A health system
recommended that provider affiliation
announcements be carved out of the
definition of marketing or recruitment
activities so that providers can inform
patients that they participate in valuebased arrangements. Another
commenter similarly urged OIG to
permit individuals or entities
participating in a VBE to market
themselves as VBE participants to
patients.
Response: Remuneration exchanged
between parties to a value-based
arrangement may be used to inform
patients in the target patient population
that the VBE participant participates in
the value-based arrangement without
such information being considered a
marketing or recruitment activity.
However, whether broader advertising
(that includes VBE participant-related
information) would be considered a
prohibited marketing or recruitment
activity for safe harbor purposes would
be a fact-specific determination. For
example, as part of a larger value-based
arrangement between a physician group
and a hospital, a hospital provides
tablets to the physician group, which
the physician group uses for in-office
patient asthma management education.
If the education application used on the
tablet identifies all VBE participants
capable of helping the patients manage
their asthma and provide other services,
the tablet would not run afoul of the
marketing prohibition because it is not
being used to market or recruit patients.
It informs patients of VBE participants
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
capable of providing disease
management and other services.
However, if the hospital also used the
tablets to send text messages,
notifications, and other pop-ups that
solicit the patient to receive services
from VBE participants, the tablet would
be marketing under this safe harbor
because it is being used for broader
advertising or patient recruitment
activity. A tablet, as part of a care
coordination arrangement, could be
protected remuneration; however, if it is
part of a larger marketing scheme, the
tablet would not be protected because
that scheme would not be eligible for
protection under this safe harbor and
would be subject to a separate analysis
under the Federal anti-kickback statute.
Similarly, if the tablet was used as part
of larger data harvesting scheme for
marketing purposes, that scheme would
not be eligible for protection under this
safe harbor and be subject to a separate
analysis under the Federal anti-kickback
statute.
Comment: A commenter sought
clarification on how to interpret the
marketing and patient recruitment
prohibition in the context of Medicare
Advantage beneficiaries, and,
specifically, whether compliance with
existing CMS and OIG requirements
associated with marketing to, and
recruitment of, Medicare Advantage
patients would be sufficient to maintain
protection under the value-based safe
harbors. In a similar vein, a health
insurer requested that OIG clarify its
definition of marketing and patient
recruitment activities, as it relates to
pre-enrollment activities.
Response: While acknowledging that
payors may be subject to a wide range
of other regulations, including CMS
regulations and guidance specific to
Medicare Advantage plans, we do not
believe that compliance with CMS
marketing requirements is sufficient for
purposes of the safe harbor. Medicare
Advantage regulations relating to
patient enrollment and marketing are
specific to payor-patient interactions in
that program. In contrast, the conditions
of this safe harbor are focused on
facilitating beneficial care coordination
and addressing potential fraud and
abuse risks related to the exchange of
remuneration between and among
providers and suppliers. We remind the
commenter that compliance with the
care coordination arrangements safe
harbor, as with all Federal anti-kickback
statute safe harbors, is voluntary, and
Medicare Advantage plans, or their
contractors, may continue to seek
protection under other existing safe
harbors.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Comment: Several commenters
expressed concern that the prohibition
on marketing and patient recruitment
activities may conflict with existing
CMS rules regarding discharge
planning, or, at the very least: (i) Be
inconsistent with the concept of a
preferred provider network operating
within the context of a VBE; or (ii)
potentially limit VBE participants’
ability to inform patients of the
availability of items and services during
the discharge planning process.
Response: The prohibition on the
marketing of items and services and
patient recruitment activities, as
finalized, relates specifically to the
remuneration exchanged. Thus, for
example, if a skilled nursing facility
provides remuneration to a hospital
under a value-based arrangement in the
form of a discharge planner, the
discharge planner could not market or
recruit patients to the skilled nursing
facility; doing so would prevent the
value-based arrangement from
qualifying for safe harbor protection.
Nothing in the safe harbor prevents the
hospital from informing patients about
available skilled nursing facilities
during the discharge planning process.
This prohibition is not inconsistent
with current CMS hospital conditions of
participation regarding discharge
planning, which require (among other
conditions) that hospitals provide a
comprehensive list of certain post-acute
care providers, as applicable, to patients
prior to discharge.46 Providing a
comprehensive list of post-acute care
providers would not constitute
exchanging or using remuneration for
marketing or patient recruitment for safe
harbor purposes. This would be true
even if the discharge planner provided
to the hospital in the prior example
were the person furnishing the list to
patients, provided the discharge planner
did not market or recommend the
skilled nursing facility or another VBE
participant on the list.
This prohibition is not inconsistent
with the potential for a preferred
provider network to operate within the
context of a VBE. Using the above
discharge planner example, the
remuneration could comply with the
marketing and patient recruitment
activity prohibition if, for example, the
discharge planner only provides written
educational materials regarding the
preferred provider network to target
patient population members and does
not actively recruit patients to the
skilled nursing facilities in the preferred
provider network and does not market
or recommend any particular provider
46 42
PO 00000
CFR 483.42(c).
Frm 00065
Fmt 4701
Sfmt 4700
77747
on the list. It is incumbent on parties
seeking to establish and operate
preferred provider networks to do so in
a manner that complies with all
pertinent regulations, and our safe
harbor requirements are not intended to
interfere with or supplant other
compliance obligations.
Comment: A commenter expressed
concern that the proposed prohibition
on marketing and patient recruitment
would bar a VBE from publishing
quality improvement or cost reduction
data. The commenter declared that
VBEs should be permitted to share
performance data regarding VBE
participants to help inform patient
choice.
Response: We would not consider the
publication of quality and cost data to
constitute marketing or patient
recruitment activity. Therefore, parties
to a value-based arrangement could
exchange remuneration for the purpose
of publishing such data, and we believe
such data may be beneficial to inform
patient choice.
Comment: To mitigate OIG’s concerns
regarding marketing, a manufacturer
suggested that OIG include as an
additional safe harbor requirement that
VBE participants disclose their
participation in the VBE to patients,
similar to the Medicare Shared Savings
Program beneficiary notice
requirements.
Response: We thank the commenter
for its suggestion. As noted elsewhere in
this rule, we did not propose a patient
notice requirement in the OIG Proposed
Rule and are not including a patient
notice requirement for reasons
explained elsewhere. However, VBE
participants are not prohibited, as noted
above, from utilizing notices to
transparently disclose their
participation in a VBE to patients.
k. Monitoring and Assessment
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ee)(8)
that the VBE, a VBE participant in the
value-based arrangement acting on the
VBE’s behalf, or the VBE’s accountable
body or responsible person monitor and
assess, no less frequently than annually,
or once during the term of the valuebased arrangement for arrangements
with terms of less than 1 year: (i) The
coordination and management of care
for the target population in the valuebased arrangement; (ii) any deficiencies
in the delivery of quality care under the
value-based arrangement; and (iii)
progress toward achieving the evidencebased, valid outcome measure(s) in the
value-based arrangement. We further
proposed to require that the party
conducting such monitoring and
E:\FR\FM\02DER3.SGM
02DER3
77748
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
assessment report the results of the
monitoring and assessment to the VBE’s
accountable body or responsible person
(if the VBE’s accountable body or
responsible person is not itself
conducting the monitoring and
assessment).
Summary of Final Rule: We are
finalizing the monitoring and
assessment requirement, with
modifications, at paragraph
1001.952(ee)(9). We are requiring that
the VBE, a VBE participant in the valuebased arrangement acting on the VBE’s
behalf, or the VBE’s accountable body or
responsible person reasonably monitor
and assess the following, no less
frequently than annually, or once during
the term of the value-based arrangement
for arrangements with terms less than 1
year: (i) The coordination and
management of care for the target
patient population in the value-based
arrangement; (ii) any deficiencies in the
delivery of quality care under the valuebased arrangement; and (iii) progress
toward achieving the legitimate
outcome or process measure(s) in the
value-based arrangement. We are
revising the proposed language—from
specific evidence-based, valid outcome
measure(s) to legitimate outcome or
process measure(s)—to align with the
standard for outcomes measures
finalized in paragraph 1001.952(ee)(4),
discussed at section III.B.3.b.
We also require that the party
conducting such monitoring and
assessment report their findings to the
VBE’s accountable body or responsible
person (if the VBE’s accountable body or
responsible person is not itself
conducting the monitoring and
assessment). Finally, we are making a
technical correction by adding ‘‘the
following’’ and ‘‘of the following’’ to the
introductory language of the paragraph
for greater clarity about what must be
monitored and assessed.
Comment: Many commenters
supported an annual monitoring and
assessment requirement, where
monitoring is tailored to the complexity
and sophistication of the VBE and VBE
participants. A physician trade
organization recommended that OIG
require monitoring and assessment of a
value-based arrangement’s value-based
activities instead of the coordination
and management of care for the target
patient population, and another
commenter asserted that OIG should
require monitoring and assessment of
whether value-based activities meet any
of the value-based purposes. A
commenter urged that the monitoring
and assessment provision require
monitoring of utilization, referral
patterns, and expenditure data to ensure
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
that abuse is curtailed, and gaming is
reduced. Another commenter supported
heightened standards and conditions for
monitoring and assessment but did not
specify any such standards and
conditions. Some commenters opposed
a monitoring and assessment
requirement, with a commenter stating
that writing-related safeguards are
sufficient to protect against fraud and
abuse.
Response: We are finalizing a
monitoring and assessment requirement
because we believe it is a critical
safeguard to ensure oversight of the
value-based arrangement. We are not
adopting the suggestion to expand the
condition to require monitoring of all
value-based activities instead of the
coordination and management of the
care for the target patient population.
Paragraph 1001.952(ee)(1)(ii) of this safe
harbor requires the remuneration
exchanged to be used predominantly to
engage in value-based activities related
to the coordination and management of
care for the target patient population;
consequently, we believe that it is
appropriate to require the monitoring
and assessment to focus on this valuebased purpose. Under this requirement,
the responsible party must monitor and
assess whether and how the
coordination and management of care is
being implemented. ‘‘Coordination and
management of care’’ is defined at
paragraph 1001.952(ee)(14) for purposes
of this safe harbor as the deliberate
organization of patient care activities
and sharing of information between two
or more VBE participants or VBE
participants and patients, tailored to
improving the health outcomes of the
target patient population, in order to
achieve safer and more effective care for
the target patient population. Thus, we
expect any monitoring and assessment
to evaluate how the value-based
arrangement is or is not achieving this
value-based purpose, as defined in this
final rule. The monitoring and
assessment may identify opportunities
to reevaluate the value-based activities
the parties are undertaking and the
manner in which they are undertaking
them to improve their chances of
achieving this value-based purpose.
While we are not requiring
monitoring and assessment of
utilization, referral patterns, and
expenditure data, monitoring and
assessment of such data may be a best
compliance practice for many
arrangements, depending on the
complexity and sophistication of the
VBE participants, the VBE, and the
value-based arrangement and available
resources. We have added ‘‘reasonably,’’
to the monitoring and assessment
PO 00000
Frm 00066
Fmt 4701
Sfmt 4700
provision to codify that, for all valuebased arrangements, monitoring and
assessment should be reasonable in
relation to the complexity and
sophistication of the VBE participants,
the VBE, and the value-based
arrangement and available resources.47
We would expect parties to do as much
as is appropriate based on the
complexity and sophistication of the
VBE participants, the VBE, and the
value-based arrangement and available
resources, but nothing in this provision
should be construed to stop parties from
having more robust monitoring and
assessment processes than those
described herein. This requirement
both: (i) Provides flexibility for VBE
participants associated with smaller,
less-sophisticated VBEs and value-based
arrangements to effectuate relatively
more modest monitoring and
assessment processes; and (ii) requires
VBE participants associated with more
complex and sophisticated VBEs and
value-based arrangements to develop
and operate appropriately complex and
robust monitoring and assessment
processes.
Comment: A commenter expressed
concern that the annual monitoring and
assessment requirement may have
limited impact unless: Patients have a
clearly articulated pathway for
communicating and resolving concerns;
outcome measures are valid and reflect
outcomes important to patients; and
results are reported to the Department or
another oversight entity. Another
commenter asked OIG to provide more
information on the monitoring and
assessment requirement and,
specifically, to outline the reporting,
auditing, and general oversight
requirement of each VBE participant in
the VBE.
Response: We appreciate the
commenter’s concern regarding the
potential limited impact of the
monitoring and assessment requirement.
We are not requiring parties to valuebased arrangements to establish specific
protocols for receiving and addressing
patient concerns or to report data to the
Department, except as otherwise set
forth in paragraph 1001.952(ee)(12),
which requires that the VBE or VBE
participant make available to the
Secretary, upon request, all materials
and records sufficient to establish
compliance with the conditions of this
safe harbor. However, we are finalizing
the requirement for parties to establish
one or more legitimate outcome or
process measures, and to monitor and
assess certain information.
47 84
E:\FR\FM\02DER3.SGM
FR 55713 (Oct. 17, 2019).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Specifically, to comply with the
monitoring and assessment requirement,
either the VBE, a VBE participant in the
value-based arrangement acting on the
VBE’s behalf, or the VBE’s accountable
body or responsible person must
reasonably monitor and assess: (i) The
coordination and management of care
for the target patient population in the
value-based arrangement; (ii) any
deficiencies in the delivery of quality
care under the value-based arrangement;
and (iii) progress toward achieving the
legitimate outcome or process
measure(s) in the value-based
arrangement. While, as stated above, the
final safe harbor does not require the
establishment of specific monitoring
and assessment protocols or prescribe
how VBEs must receive and address any
patient concerns, we note that, as part
of any VBE’s regular monitoring
activities, it would be a good
compliance practice to establish a
mechanism through which patients and
others could submit reports related to,
for example, deficiencies in the delivery
of quality care under the value-based
arrangement. Further, it would be a
good compliance practice, as part of any
VBE’s regular monitoring and
assessment activities, to assess any
credible reports of, for example,
deficiencies in the delivery of quality
care under the value-based arrangement
to determine their validity and any
potential triggering of the termination
and corrective action provision.
Again, the final rule does not
prescribe a one-size-fits-all approach for
monitoring and assessment, nor does it
specify the reporting, auditing, and
general oversight requirement of each
VBE participant in the VBE. This lack of
specificity is designed to allow VBEs
(and their VBE participants) flexibility
to establish a monitoring and
assessment program that is reasonable
for that particular VBE and value-based
arrangement. As stated above, the
monitoring and assessment processes
for each value-based arrangement
should be reasonable in relation to the
complexity and sophistication of the
VBE, VBE participants, and value-based
arrangement. Given the flexibility
parties have to form VBEs and valuebased arrangements of varying levels of
complexity, we anticipate that the
monitoring and assessment processes
for the diverse value-based
arrangements that could be protected by
this safe harbor may vary.
Comment: A commenter expressed
concern that, if the party responsible for
monitoring and assessment does not
comply with the requirements of the
safe harbor, that party’s noncompliance
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
places other parties at risk through no
fault of their own.
Response: A safe harbor applies only
where each condition of the safe harbor
is squarely met. Therefore, if the party
responsible for monitoring and
assessment does not perform its
responsibility in accordance with the
safe harbor requirements, the
remuneration exchanged pursuant to the
value-based arrangement would not
receive protection. However, where
another party has done everything that
it reasonably could to comply with the
safe harbor requirements applicable to
that party but the remuneration
exchanged loses safe harbor protection
as a result of another party’s
noncompliance, the party’s efforts to
take all possible reasonable steps would
be relevant in a determination of
whether such party had the requisite
intent to violate the Federal antikickback statute.
Comment: Commenters expressed
concern regarding, and urged flexibility
for, the requirement for monitoring and
assessment of progress toward evidencebased outcome measures. For example,
a commenter asserted that participants
to a new value-based arrangement need
time to achieve success, as evidenced by
the performance results of Medicare
Shared Saving Program, and may not be
able to progress quickly towards the
outcome measures. Commenters noted
that factors beyond a provider’s control
can impact outcomes and that
interventions such as primary care,
preventive services, and chronic care
management may yield benefits that
take numerous years to materialize.
Response: For a number of reasons,
we believe the responsible party or
parties should monitor and assess
progress toward the outcome or process
measure(s) the parties establish. Such
monitoring and assessment may reveal
whether efforts to achieve the outcome
measure(s) have led to improvements or
deficiencies in patient care; whether the
outcome measure(s) the parties initially
established continue to be the best
goalposts for achieving one or more
value-based purposes; and whether the
items or services the offeror provided
under the value-based arrangement,
such as care coordination services, are
effective tools for driving beneficial
changes in care delivery. We agree with
commenters that factors beyond a VBE
participant’s control could impact
outcomes and that benefits of outcome
measures could manifest over a longer
timeframe; for this reason, the
requirement for monitoring and
assessment does not mandate that the
parties achieve the outcome or process
measure(s) on any particular timeframe.
PO 00000
Frm 00067
Fmt 4701
Sfmt 4700
77749
l. Termination of the Arrangement
Summary of OIG Proposed Rule: We
proposed at proposed paragraph
1001.952(ee)(9) that the parties
terminate the value-based arrangement
within 60 days if the VBE’s accountable
body or responsible person determines
that the value-based arrangement: (i) Is
unlikely to further the coordination and
management of care for the target
patient population; (ii) has resulted in
material deficiencies in quality of care;
or (iii) is unlikely to achieve the
evidence-based, valid outcome
measure(s). We said we were
considering for the final rule, and
sought comments on, an alternative to
the proposed termination requirement
that would instead allow for
remediation—within a reasonable
timeframe—before any required
termination.
Summary of Final Rule: We are
finalizing, with modifications, a
termination provision for this safe
harbor at paragraph 1001.952(ee)(10).
Under the final rule, if the VBE’s
accountable body or responsible person
determines, based on the monitoring
and assessment conducted pursuant to
paragraph 1001.952(ee)(9), that the
value-based arrangement has resulted in
material deficiencies in quality of care
or is unlikely to further the coordination
and management of care of the target
patient population, the parties must,
within 60 days, either terminate the
arrangement or develop and implement
a corrective action plan designed to
remedy the deficiencies within 120 days
and, if the corrective action plan fails to
remedy the deficiencies within 120
days, terminate the value-based
arrangement.
Comment: Some commenters
expressed support for our proposed
termination requirement, but many
expressed concerns about what it would
mean in practice. Many commenters
supported the alternative we described
in the preamble to the proposed rule
that would allow for remediation,
within a reasonable timeframe, before
any required termination. These
commenters noted a variety of
operational and policy concerns with
mandating termination within 60 days.
For example, some commenters noted
that complex arrangements may require
more than 60 days to unwind
responsibly. Some commenters
suggested that a cure period be
permitted where the VBE determines
that a plan of correction may be devised
to cure the deficiencies, and others
suggested that remediation should be an
option, but not a requirement. With
respect to the length of a remediation
E:\FR\FM\02DER3.SGM
02DER3
77750
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
period during which parties could
develop and implement a corrective
action plan, commenters suggested a
variety of time periods, ranging from 90
days to 1 year. Multiple commenters
suggested a 120-day period. Another
commenter suggested that any
termination requirement should be
suspended indefinitely as long as the
parties are working in good faith to
implement a corrective action plan. A
commenter also noted that there is a
difference between arrangements that
are not making progress and those that
are causing harm and suggested that the
latter require immediate termination.
Finally, a commenter requested that OIG
clarify that parties do not have an
obligation to assess for any events that
trigger the termination provision on an
ongoing basis, but instead are required
to do so annually or prior to renewal of
an agreement.
Response: We appreciate commenters’
concerns regarding the potential
challenges associated with requiring
termination within 60 days if the VBE’s
accountable body or responsible person
determines one or more of the triggering
events has occurred. Several changes in
the final rule address many of the
concerns expressed by the commenters.
The final rule provides more flexibility
by requiring the parties, within 60 days,
either to terminate the arrangement or to
develop and implement a corrective
action plan in the event the VBE’s
accountable body or responsible person
determines that the value-based
arrangement has resulted in material
deficiencies in quality of care or is
unlikely to further the coordination and
management of care for the target
patient population. The option for
corrective action plans is consistent
with our statements in the OIG
Proposed Rule that we were considering
allowing for remediation within a
reasonable timeframe and that our goal
is a reasonable but also prompt
termination of arrangements that are no
longer serving the goals for which safe
harbor protection is offered.
The final rule does not require the
parties to terminate the arrangement or
implement a corrective action plan if
the VBE’s accountable body or
responsible person determines that the
value-based arrangement is unlikely to
achieve its legitimate outcome or
process measures. This safe harbor does
not require the recipient to achieve an
outcome or process measure. Also, the
safe harbor permits the parties to the
value-based arrangement to modify
outcome or process measures
prospectively, as long as other elements
of the safe harbor continue to be met (for
example, a change to an outcome
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
measure would be a material change to
the value-based arrangement that would
need to be documented in writing and
signed by the parties, in accordance
with paragraph 1001.952(ee)(3)).
With respect to the option to develop
and implement a corrective action plan,
the final rule requires that such plan be
designed to remedy the identified
deficiencies within 120 days. If the
corrective action plan fails to remedy
the deficiencies within 120 days, the
parties are required to terminate the
value-based arrangement, and safe
harbor protection for remuneration
exchanged pursuant to the value-based
arrangement would no longer be
available. We selected a 120-day period
based on recommendations from
commenters and because we believe this
time period is both long enough to allow
a meaningful opportunity to remediate
the deficiencies and short enough to
necessitate diligent attention by the
parties.
With respect to the commenter who
asserted that a determination that the
value-based arrangement has resulted in
patient harm should require immediate
termination, we appreciate the
commenter’s concern, and we agree that
such a determination is a serious
finding that should prompt immediate
attention by the parties. We did not
include a ‘‘patient harm’’ provision in
the OIG Proposed Rule because
incidents of patient harm will always be
‘‘material deficiencies in quality of
care,’’ that would trigger this condition.
However, not all material deficiencies in
quality of care necessarily mean that
there has been patient harm.
Finally, with respect to the
commenter that requested clarification
regarding the frequency with which
parties must assess for any events that
would trigger the termination or
corrective action provision, we note
that, consistent with the OIG Proposed
Rule, this final rule ties the termination
of the value-based arrangement or
implementation of a corrective action to
certain triggering events identified
through ‘‘monitoring and assessment.’’
Monitoring and assessment must occur
no less frequently than annually or at
least once during the term of the valuebased arrangement for arrangements
with terms of less than 1 year. Thus, at
a minimum, the party or parties
responsible for monitoring and
assessment must monitor the matters
listed in the regulation at paragraph
1001.952(ee)(9) and report the results so
that the accountable body or person can
make a determination as to whether any
of the events that trigger the termination
or corrective action provision have
occurred. We note that it would be a
PO 00000
Frm 00068
Fmt 4701
Sfmt 4700
best compliance practice to ensure
monitoring and assessment also
involves receiving and assessing reports
and other information related to the
circumstances that must be monitored
and assessed (e.g., deficiencies in the
delivery of quality care under the valuebased arrangement). These reports
would inform the accountable body or
responsible person’s determination
regarding termination or corrective
action under paragraph
1001.952(ee)(10).
Comment: A commenter expressed
concern that the safe harbor contains too
much deference to the subjective beliefs
and determinations of the VBE
participants, who the commenter asserts
are self-interested. The commenter
recommended that the termination
provision in the safe harbor be revised
to require termination if the information
available to the VBE’s accountable body
or responsible person indicates that a
triggering event has occurred. The
commenter also recommended that the
safe harbor specify that the VBE bears
the burden of proof with respect to the
question of whether the information
available to the VBE’s accountable body
or responsible person required
termination of the value-based
arrangement.
Response: We believe that the
revisions we are adopting in this final
rule, which require termination or a
corrective action plan if the VBE’s
accountable body or responsible person
reaches one of two determinations help
to mitigate the commenter’s concerns
regarding excessive deference to the
subjective beliefs of the VBE
participants. We do not believe it is
necessary to specify that the VBE bears
the burden of proof with respect to
whether termination was required
because any party seeking to avail
themselves of the protection of a safe
harbor generally bears the burden of
proof that they meet the requirements of
the safe harbor.
Comment: Several commenters raised
concerns regarding our proposal to
require termination if the VBE’s
accountable body or responsible person
determines that the value-based
arrangement is unlikely to achieve the
evidence-based, valid outcome
measure(s). For example, several
commenters noted that it may take time
to see results and that results may
plateau at certain times. Commenters
suggested that this provision may result
in parties’ prematurely judging an
arrangement’s success or failure and
that 60 days was an arbitrary timeframe.
Another commenter expressed concern
that the termination provision implies
that an arrangement could move in and
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
out of compliance with the safe harbor
as performance changes from month to
month. Another commenter requested
that participants be permitted to modify
measures prospectively, rather than
have to terminate the value-based
arrangement.
Response: We appreciate the concerns
raised by commenters, and we are not
finalizing the proposed requirement that
the parties terminate the arrangement if
the VBE’s accountable body or
responsible person determines that the
value-based arrangement is unlikely to
achieve the outcome measure(s). We
believe that requiring termination, or a
corrective action plan, upon such a
determination is at odds with other
elements of this safe harbor. As we have
stated elsewhere, this safe harbor does
not require that the value-based
arrangement result in a particular level
of performance on the outcome or
process measure. It requires that the
parties identify an outcome or process
measure and that the outcome or
process measure relates to the
remuneration exchanged under the
arrangement. We also wish to clarify
that the safe harbor permits the parties
to modify the outcome or process
measure prospectively during the term
of the agreement, as long as the other
elements of the safe harbor continue to
be met and the modification is
memorialized in a writing signed by the
parties.
We caution, however, that this safe
harbor separately requires the VBE, a
VBE participant in the value-based
arrangement acting on the VBE’s behalf,
or the VBE’s accountable body or
responsible person to reasonably
monitor, assess, and report progress
toward achieving the outcome or
process measure. There may be
circumstances where such monitoring
and assessment of outcome or process
measure progress may generate a finding
that indicates that the value-based
arrangement no longer meets all of the
requirements of the safe harbor. For
example, the finding may indicate that
the remuneration exchanged is not
being used predominantly to engage in
value-based activities that are directly
connected to the coordination and
management of care for the target
patient population. Thus, while we are
not creating an affirmative obligation to
terminate or enter into a corrective
action plan based on a determination
that the value-based arrangement is
unlikely to achieve the selected
outcome or process measure, we caution
that parties to a value-based
arrangement who wish to be protected
under the safe harbor should
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
periodically evaluate compliance with
safe harbor standards.
m. Diversion, Resell, or Use for
Unlawful Purposes
Summary of OIG Proposed Rule: In
proposed paragraph 1001.952(ee)(10),
we proposed that an exchange of
remuneration would not be protected
under the care coordination
arrangements safe harbor if the offeror
knows or should know that the
remuneration is likely to be diverted,
resold, or used by the recipient for an
unlawful purpose.
Summary of Final Rule: We are
finalizing, without modification, this
requirement at paragraph
1001.952(ee)(11).
Comment: We received very few
comments on this proposal. Some
commenters expressed support for the
provision, while another commenter
raised concerns that this standard
would be difficult for individual
providers and small group practices to
understand and comply with because
the standard is not specifically defined.
Response: We believe that the
standard is straightforward. Where an
offeror knows, or should know, that the
recipient is likely to divert or resell the
remuneration, or otherwise use it for an
unlawful purpose, the remuneration is
not protected by the safe harbor. This
could arise in cases where the
recipient’s intended diversion is overt.
For example, where a recipient
expressly states its intent to sell the
items received from the offeror to third
parties, it would make clear its intended
diversion. It can also arise, for example,
where the nature or scope of the
remuneration offered to the recipient is
such that the offeror should know that
diversion or resale is likely, such as
where a VBE participant provides
remuneration far in excess of what
could reasonably be needed for the
recipient to undertake the value-based
activity for which the remuneration is
intended and the remuneration is
transferable in nature. For example, if a
VBE participant provides handheld
tablets to another VBE participant to
facilitate coordination and management
of care, but the offeror provides
substantially more tablets than could
reasonably be used by the recipient for
the intended purpose (e.g., 100 tablets
when ten are objectively sufficient for
the intended use), then the offeror might
reasonably know that the recipient is
likely to divert or resell the excess
tablets. In sum, this standard is an
explicit statement of what is otherwise
implicit in the conditions of the care
coordination arrangements safe harbor:
The exchange of remuneration that the
PO 00000
Frm 00069
Fmt 4701
Sfmt 4700
77751
offeror knows or should know is likely
to be diverted, resold, or used by the
recipient for purposes other than the
coordination and management of care of
a target patient population would not be
protected under this safe harbor.
n. Materials and Records
Summary of OIG Proposed Rule: To
enhance transparency, we proposed a
requirement at proposed paragraph
1001.952(ee)(11) that VBE participants
or the VBE make available to the
Secretary, upon request, all materials
and records sufficient to establish
compliance with the conditions of this
safe harbor. We solicited comments
regarding whether we should require
parties to maintain materials and
records for a set period of time (e.g., at
least 6 years or 10 years).
Summary of Final Rule: We are
finalizing, with modifications, the
materials and records requirement at
paragraph 1001.952(ee)(12). The final
rule specifies that, for a period of at
least 6 years, the VBE or its VBE
participants must maintain records and
materials sufficient to establish
compliance with the conditions of the
safe harbor.
Comment: While we received
relatively few comments on this
condition, commenters were generally
supportive of our proposal. In response
to our solicitation regarding whether we
should require parties to maintain
materials and records for a set period of
time, e.g., 6 years or 10 years, multiple
commenters were in favor of a 6-year
retention period, with one stating that
this approach would facilitate alignment
with CMS’s proposed rule and existing
HIPAA requirements.
Response: We are persuaded that a 6year retention period will promote
transparency while aligning with the
corresponding requirement in CMS’s
final rule. We have modified the
relevant provisions in the care
coordination arrangements, substantial
downside financial risk, and full
financial safe harbors.
Comment: A commenter questioned
the need for a materials and records
requirement because maintenance of
these materials is already part of any
compliance program. The same
commenter further questioned whether
OIG would bring an investigation or
pursue a Federal anti-kickback statute
case based solely on the failure to satisfy
a documentation requirement rather
than the underlying substantive
safeguards.
Response: We continue to believe this
requirement promotes transparency and
gives parties notice that the Secretary
may request materials and records
E:\FR\FM\02DER3.SGM
02DER3
77752
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
sufficient to demonstrate compliance
with the care coordination arrangements
safe harbor. We further note that not all
parties seeking protection under this
safe harbor may have a compliance
program or may have developed one
that requires maintenance of materials
and records for less than 6 years.
Safe harbors offer voluntary
protection from liability under the
Federal anti-kickback statute for
specified arrangements, and no entity or
individual is required to fit within a safe
harbor. Failure to fit within a safe
harbor does not mean a party has
violated—or even implicated—the
Federal anti-kickback statute, it simply
means the party may not look to the safe
harbor for protection for that
arrangement. For a party to assert safe
harbor protection, all of the safe harbor’s
conditions must be satisfied, including
any condition related to materials and
records. Further, it would be prudent for
any party relying on a safe harbor to
protect certain remuneration to
document in some form compliance
with that safe harbor. Decisions
regarding enforcement actions are made
based on application of the Federal antikickback statute to the specific facts and
circumstances presented by an
arrangement.
Comment: A commenter stated that
OIG should adopt additional
requirements related to materials and
records, including contemporaneous
documentation of, among other things,
the VBE’s belief that the value-based
arrangement is reasonably designed to
achieve a value-based purpose, the
specific basis for such belief, and the
VBE’s reasonable anticipation that
particular evidence-based, valid
outcome measures will advance the
coordination and management of care of
the target patient population.
Response: We decline to require the
specific requested certifications. We
intentionally drafted the materials and
record requirement broadly to avoid
creating a list of all documentation that
parties must develop and maintain to
comply with this condition of the safe
harbor. Moreover, we do not seek to
increase administrative burden by
prescribing the manner in which parties
must document their compliance.
Comment: A health system stated that
the proposed care coordination
arrangements safe harbor included
burdensome reporting requirements and
expressed concern about the large
volume of paperwork that would go
back and forth between ACOs and HHS
or CMS.
Response: We disagree with the
commenters’ assertion that the materials
and records requirement is burdensome.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
To the extent parties wish to avail
themselves of the protection of this safe
harbor, we believe it is reasonable to
require them to maintain documentation
that demonstrates their compliance with
its terms. With respect to the
commenter’s concern about the
exchange of large volumes of
paperwork, we note that parties must
only furnish such documentation to the
Secretary upon request. We do not
anticipate this requirement will
necessitate frequent exchange of
paperwork between, for example, an
ACO and OIG.
Comment: A medical device
manufacturer expressed concern that
materials and records submitted to the
Secretary pursuant to this condition
would be subject to the Freedom of
Information Act or other disclosure
requirements. The manufacturer stated
such materials could include
proprietary and confidential trade secret
information.
Response: OIG is subject to the
Freedom of Information Act (FOIA) and
the Department’s FOIA regulations set
forth at 45 CFR part 5. These regulations
provide that submitters of records may
designate in writing that all or part of
the information contained in such
records is exempt from disclosure under
FOIA exemption 4—covering trade
secrets and confidential commercial or
financial information—at the time they
submit such records or within a
reasonable time thereafter. The
Department, including OIG, will make
reasonable efforts to notify submitters of
records if the Department determines
that material that submitters have
designated as exempt from disclosure
under FOIA exemption 4 may have to be
disclosed in response to a FOIA request.
Under the Department’s FOIA
regulations, submitters have an
opportunity to respond and, if desired,
file a court action to prevent disclosure
of exempt records.
o. Additional Proposed Safeguards
i. Bona Fide Determination
Summary of OIG Proposed Rule: We
considered a condition that would
require that, in advance of, or
contemporaneous with, the
commencement of the applicable valuebased arrangement, the VBE’s
accountable body or responsible person
make two bona fide determinations with
respect to the value-based arrangement:
(i) The value-based arrangement is
directly connected to the coordination
and management of care for the target
patient population; and (ii) the valuebased arrangement is commercially
reasonable, considering both the
PO 00000
Frm 00070
Fmt 4701
Sfmt 4700
arrangement and all value-based
arrangements within the VBE.48
Summary of Final Rule: We are not
finalizing the proposed condition.
Comment: We received relatively few
comments on this proposal.
Commenters either expressed general
statements of support or opposition,
with a commenter who opposed the
condition asserting that such bona fide
determinations would add unnecessary
complexity to demonstrating
compliance with the safe harbor.
Response: We are not finalizing this
requirement. We believe the goal of this
proposed safeguard—ensuring
appropriate oversight by the VBE’s
accountable body or responsible
person—is achieved through the
combination of other conditions
included in this safe harbor. We do not
believe this condition is needed to
prevent fraud or abuse in light of the
totality of other conditions we are
finalizing in this rule.
ii. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We
considered, and sought comment on, a
condition prohibiting VBEs or VBE
participants from billing Federal health
care programs, other payors, or
individuals for the remuneration
exchanged under the value-based
arrangement; claiming the value of the
remuneration exchanged under the
value-based arrangement as a bad debt
for payment purposes under a Federal
health care program; or otherwise
shifting costs to a Federal health care
program, other payors, or individuals.
Summary of Final Rule: We are not
finalizing the proposed condition.
Comment: We received comments
expressing either general support for or
opposition to this proposed safeguard.
For example, in support of finalizing a
cost-shifting prohibition, a commenter
stated that a value-based enterprise’s
decision to offer remuneration in the
context of a value-based arrangement
should not make other parties
financially responsible for such
payments. A commenter argued that this
proposed safeguard, among others,
would be duplicative of other
requirements in the safe harbor or be
incompatible with or irrelevant in a
value-based system. The commenter
asserted that the additional safeguards
proposed by OIG, including a
prohibition on cost-sharing, would
create an additional barrier to valuebased arrangements rather than breaking
down barriers that already exist. Other
commenters, including Tribal
organizations, advocated against the
48 84
E:\FR\FM\02DER3.SGM
FR 55714 (Oct. 17, 2019).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
inclusion of a cost-shifting prohibition,
stating such a safeguard is unnecessary
because improvements in care
coordination result in overall savings to
the Federal Government even if they
result in additional referrals or
payments by Medicare and Medicaid.
Response: Having considered the
comments, we are not finalizing a costshifting prohibition. On balance, we
conclude that the combination of
conditions in the final safe harbor will
adequately protect against fraud and
abuse risks, and an additional safeguard
related to cost-shifting is not necessary
in the context of the value-based safe
harbors. We did not intend to limit
appropriate billing of Federal health
care programs or other payors for
medically necessary items and services
furnished in connection with valuebased care. As we explained in the OIG
Proposed Rule, we do not want to
exclude arrangements from safe harbor
protection that involve legitimate
shifting of costs that result from
achieving care coordination goals or
other value-based purposes. As we
explained, depending on the
arrangement, one might expect to see
increases in primary care costs or costs
for care furnished in home and
community settings paired with
reductions in unnecessary
hospitalizations, duplicative testing,
and emergency room visits; one also
might see increases in remote
monitoring or care management
services. Parties remain responsible for
billing Federal health care programs and
other payors in accordance with their
program rules.
iii. Fair Market Value Requirement and
Restriction on Remuneration Tied to the
Volume or Value of Referrals
Summary of OIG Proposed Rule: We
stated that we were considering
including one or both of the following
conditions in the care coordination
arrangements safe harbor: (i) A fair
market value requirement on any
remuneration exchanged pursuant to a
value-based arrangement; and (ii) a
prohibition on VBE participants
determining the amount or nature of the
remuneration they offer, or the VBE
participants to whom they offer such
remuneration, in a manner that takes
into account the volume or value of
referrals or other business generated,
including both business or patients that
are part of the value-based arrangement
and those that are not.
Summary of Final Rule: We are not
finalizing either proposed condition in
the care coordination arrangements safe
harbor.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Comment: While we received some
comments expressing support for these
conditions, the overwhelming majority
of commenters opposed the inclusion of
a fair market value requirement or of a
prohibition on determining the amount
or nature of the remuneration in a
manner that takes into account the
volume or value of referrals or other
business generated. While varying in
their rationales, commenters generally
asserted that including either safeguard
would constrain care coordination
efforts. Several commenters supported
the condition that would prohibit taking
into account the volume or value of
referrals but recommended limiting this
condition to patients who are not part
of the value-based arrangement.
Response: In this final rule, we are not
adopting a blanket prohibition on
determining the amount or nature of
remuneration in a manner that takes
into account the volume or value of
referrals or other business generated;
rather, we are finalizing a narrower
prohibition that the offeror of the
remuneration cannot take into account
the volume or value of, or condition an
offer of remuneration on: (i) Referrals of
patients that are not part of the valuebased arrangement’s target patient
population; or (ii) business not covered
under the value-based arrangement. We
stated in the OIG Proposed Rule, and we
continue to believe, that fair market
value requirements and restrictions that
prohibit paying remuneration based on
the volume or value of referrals help
ensure that protected payments are for
legitimate purposes and are not
kickbacks. For this reason, we included
a safeguard in paragraph 1001.952(ee)(5)
that requires, as a condition of safe
harbor protection, that the offeror not
take into account the volume or value
of, or condition remuneration on,
business or patients not covered under
the value-based arrangement. This
approach is consistent with our
proposal in paragraph 1001.952(ee)(5),
as well as the comments summarized
above recommending that we limit any
volume or value condition to patients
who are not part of the value-based
arrangement.
However, we also acknowledge
commenters’ concerns that legitimate
care coordination arrangements may
naturally involve referrals across
provider settings. In this final rule,
therefore, we have not finalized a fair
market value requirement or a
prohibition on determining the amount
or nature of remuneration in a manner
that takes into account the volume or
value of referrals or other business
generated. Instead, we have relied on
other program integrity safeguards so
PO 00000
Frm 00071
Fmt 4701
Sfmt 4700
77753
that the safe harbor will protect
beneficial care coordination
arrangements while precluding
protection for pay-for-referral schemes
that do not serve, and may be contrary
to, the goals of coordinated care and the
shift to value. These safeguards operate
to preclude safe harbor protection for
abusive arrangements such as a provider
churning patients through care settings
to capitalize on a reimbursement
scheme or otherwise generate revenue
and arrangements where VBE
participants offer, or are required to
provide, remuneration to receive
referrals or to be included in a
‘‘preferred provider network’’ (i.e.,
‘‘pay-to-play’’ arrangements).
In response to commenters’ concerns
that a fair market value requirement
would constrain the kinds of care
coordination arrangements that we
intend to protect, we also are not
finalizing a fair market value
requirement. However, we have
included a commercial reasonableness
standard in this safe harbor, which
requires that the value-based
arrangement be commercially
reasonable, considering both the
arrangement itself and all value-based
arrangements within the VBE. We
believe this commercial reasonableness
standard, in combination with the other
safe harbor conditions, appropriately
balances program integrity concerns and
the need to facilitate innovative valuebased arrangements.
iv. Additional Requirements for Dialysis
Providers
Summary of OIG Proposed Rule: In
recognition of the unique attributes of
the dialysis industry (e.g., market
dominance by a limited number of
dialysis providers), we expressed
concern in the OIG Proposed Rule that
participation by dialysis providers in
value-based arrangements could present
increased fraud and abuse risks.
Accordingly, we solicited comments on
potential additional safe harbor
conditions specific to dialysis providers
to ensure that their care coordination
arrangements operate to improve the
management and care of patients and
are not pay-for-referral schemes. We
stated that we were considering
including conditions such as enhanced
monitoring, reporting, or data
submission.
Summary of Final Rule: We are not
finalizing additional conditions on
dialysis providers in the care
coordination arrangements safe harbor.
Comment: Commenters generally
opposed additional conditions on
dialysis providers on the basis of one or
both of the following arguments: (i)
E:\FR\FM\02DER3.SGM
02DER3
77754
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
ESRD patients would stand to benefit
the most from the care coordination
arrangements safe harbor (highlighting,
for example, the fact that such patients
require care across multiple providers);
and (ii) OIG’s concerns regarding market
consolidation were misplaced. Other
commenters stated additional
safeguards were not necessary for
dialysis providers based on data
indicating improved quality of care for
ESRD patients and reduction of costs. In
contrast, an association representing
dialysis providers shared OIG’s
concerns that the unique characteristics
of the highly concentrated dialysis
market posed unique and significant
fraud and abuse risks and encouraged
OIG to develop detailed methodologies
and metrics to facilitate OIG’s
monitoring and assessment of market
consolidation and possible pay-forreferral schemes, before permitting
dialysis providers to use the value-based
safe harbors.
Response: While we are mindful of
concerns created by a potential decrease
in competition among dialysis
providers, we are persuaded that the
potential benefits of care coordination
within the dialysis community
outweigh the concerns for a potential
decrease in competition. Accordingly,
we are not imposing additional
requirements specific to dialysis
providers in the care coordination
arrangements safe harbor.
v. Submission of Information to
Department
Summary of OIG Proposed Rule: To
promote transparency, we solicited
comments in the OIG Proposed Rule on
a requirement, specific to the care
coordination arrangements safe harbor,
for VBEs to submit certain data to the
Department that would identify the
VBE, VBE participants, and value-based
arrangements.
Summary of Final Rule: We are not
finalizing this proposed requirement in
the care coordination safe harbor.
Comment: Some commenters strongly
supported a requirement for VBEs to
submit data to the Department or to a
publicly available database that would
identify the VBE, VBE participants, and
value-based arrangements. A commenter
supported an optional reporting
requirement and appeared to believe
that any such data submission would
result in the applicable parties’
automatically satisfying the safe
harbor’s writing requirement.
Other commenters urged OIG not to
adopt such a requirement and provided
various reasons for their position. For
example, some commenters stated that
the requirement would be unduly
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
burdensome or that the administrative
burden would outweigh any program
integrity benefit to the Department,
while at least one commenter believed
the requirement could discourage
implementation of value-based
arrangements or full compliance with
the safe harbor. Another commenter
asserted that a requirement for VBEs to
submit certain data to the Department
would be unnecessary in light of the
proposed requirement for parties to
make available to the Secretary, upon
request, all materials and records
sufficient to establish compliance with
the conditions of the care coordination
arrangements safe harbor. A commenter
also expressed concern that the
materials and records submitted to the
Department could be subject to the
Freedom of Information Act and
misused by some to gain access to
potentially competitive, proprietary
information regarding trade secrets,
commercial relationships, or valuebased arrangement business model
information.
Response: To minimize burden, the
final care coordination arrangements
safe harbor does not require VBEs to
submit data to the Department (e.g., data
or information relating to the identity
the VBE, VBE participants, and valuebased arrangements), unless records are
requested by the Secretary under the
materials and records requirement. OIG
will continue to evaluate whether to
modify this safe harbor in the future. A
better understanding of the structure of
VBEs, likely VBE participants, and the
form of value-based arrangements could
allow for more effective oversight and
identification of potential problems.
OIG maintains its oversight authorities
to conduct audits and evaluations, as
well as criminal, civil, and
administrative investigations of fraud
and misconduct related to Federal
health care programs, operations, and
beneficiaries. Finally, we remind parties
that they must make available to the
Secretary, upon request, all materials
and records sufficient to establish
compliance with the conditions of a safe
harbor, a required at paragraph
1001.952(ee)(12).
p. Alternative Regulatory Structure
Summary of OIG Proposed Rule: In
the OIG Proposed Rule, we stated that
we were considering an alternative
regulatory structure and approach to
protect care coordination and other
value-based arrangements that are not at
full financial risk and are not part of a
CMS-sponsored model.49 Under the
alternative approach, we stated that we
49 84
PO 00000
FR 55715–16 (Oct. 17, 2019).
Frm 00072
Fmt 4701
Sfmt 4700
would rely on the personal services and
management contracts safe harbor at
paragraph 1001.952(d) to allow greater
flexibility for innovation as
arrangements become more closely
aligned with value-based purposes and
the parties take on more downside
financial risk.
Summary of Final Rule: We are not
finalizing the alternative regulatory
structure.
Comment: Several commenters
opposed this alternative regulatory
approach. Some argued that it would
not provide as clear a mechanism for
obtaining safe harbor protection for
value-based arrangements as the
proposed value-based safe harbors and
that a fair market value requirement
would create operational challenges.
Another commenter asserted that the
alternative approach would not provide
sufficient protection against fraud and
abuse and encouraged OIG to proceed
with the proposed value-based safe
harbors. Another commenter expressed
support for the alternative regulatory
structure to the extent OIG did not
adopt the value-based exceptions
proposed by CMS.
Response: We thank commenters for
their insights. While we believe that the
alternative approach of creating tiered
protection using the personal services
and management contracts safe harbor
at paragraph 1001.952(d) also would
accomplish the objective of allowing
greater flexibility for innovation as the
arrangements become more closely
aligned with value-based purposes and
the parties take on more downside
financial risk, we concluded that the
value-based framework described in
section III.B.1 of this preamble is better
calibrated to achieve the objectives of
the Regulatory Sprint to Coordinated
Care. We elected to finalize the valuebased framework because we agree with
those commenters who stated that the
value-based framework would better
protect against fraud and abuse, and we
were mindful of those commenters who
stated that the alternative approach
would create operational challenges.
Comment: A commenter suggested
that OIG adopt a safe harbor specific to
value-based activities undertaken by an
integrated delivery system that includes
a non-profit payor and a dedicated
physician group that includes physician
owners and employees. According to
the commenter, the remuneration paid
among the system’s components
presents a low risk of fraud and abuse.
Another commenter recommended that
OIG adopt a safe harbor for a limited set
of arrangements that are pre-approved
by OIG to promote care coordination
and management, reduce costs, or
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
facilitate a transition to value-based
care. According to the commenter, the
safe harbor should be limited to specific
value-based purposes delineated by
OIG, with certification required for any
arrangements that have value-based
purposes outside those identified by
OIG.
Response: We did not propose these
suggested safe harbors, and thus, we are
not adopting them in this final rule.
Depending on the facts and
circumstances, remuneration exchanged
pursuant to an arrangement between or
among parties in an integrated delivery
system could be protected under one of
the value-based safe harbors we are
finalizing in this final rule. With respect
to the comment requesting a safe harbor
for arrangements that would be preapproved by OIG and, in certain
instances, subject to certification
requirements, we believe that such an
approach would be administratively
unworkable and overly burdensome.
Parties who would like to recommend
new safe harbors not finalized in this
rulemaking may do so by responding to
OIG’s annual solicitation regarding the
development of new or modified safe
harbor regulations.50
4. Value-Based Arrangements With
Substantial Downside Financial Risk (42
CFR 1001.952(ff))
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ff) a
safe harbor for certain value-based
arrangements involving the exchange of
remuneration between a VBE that
assumes substantial downside financial
risk from a payor and a VBE participant
that meaningfully shares in the VBE’s
downside financial risk. We proposed
methodologies for determining
substantial downside financial risk and
what it means to meaningfully share in
risk (discussed further at III.B.4.b). We
proposed that the safe harbor would
protect both monetary and in-kind
remuneration and explained that the
safe harbor would offer greater
flexibility, compared to the care
coordination arrangements safe harbor
at paragraph 1001.952(ee), in
recognition of the VBE’s assumption of
substantial downside financial risk. We
explained in the OIG Proposed Rule that
the safe harbor could apply, for
example, to a value-based arrangement
between an accountable care
organization that is a VBE and a
network provider to share savings and
losses earned or owed by the
accountable care organization, or
between a VBE that has contracted with
50 Section 1128D(a) of the Act (42 U.S.C. 1320a–
7d(a)).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
a payor for an episodic payment and a
hospital and post-acute care provider
that would be coordinating care for the
patients under the episodic payment.
We proposed additional conditions that
would apply under the safe harbor,
detailed in sections III.B.4.c–q.
Summary of Final Rule: We are
finalizing, with modifications, the
requirements of this safe harbor at
paragraph 1001.952(ff). For a valuebased arrangement to be protected
under this safe harbor, a VBE must
assume substantial downside financial
risk from a payor under one of three
methodologies, and a VBE participant
must assume a meaningful share of the
VBE’s total risk, which share has been
reduced, under the first methodology,
from 8 percent in the proposed rule to
at least 5 percent in the final rule. The
final provisions governing these levels
of risk are discussed at section III.B.4.b
of this preamble. The safe harbor, as
finalized, protects both monetary and
in-kind remuneration exchanged
pursuant to value-based arrangements
between VBEs and VBE participants.
Other conditions finalized in the rule
are explained in detail at sections
III.B.4.c–q. These conditions include:
Ineligible entities; inclusion of a 6month ‘‘phase-in’’ period; requirements
that certain remuneration be used to
engage in value-based activities and
directly connect to certain value-based
purposes; writing and record retention
requirements; protections for patient
choice and clinical decision-making;
protections against medically
unnecessary services; limits on
marketing or patient recruitment; and
limits on remuneration that takes into
account business or patients outside the
value-based arrangement. We are not
finalizing the proposed limit on outside
funding of protected remuneration. The
final safe harbor does not offer
protection for arrangements downstream
of a VBE participant, such as
arrangements between two VBE
participants. The final safe harbor
permits protection for payments made
under the upstream risk-assumption
contracts between the VBE and the
payor from whom the VBE assumes risk.
The final safe harbor at paragraph
1001.952(ff) may be used by participants
in CMS-sponsored models, if safe harbor
conditions are met, but it is primarily
for other kinds of value-based
arrangements, including arrangements
in the commercial market. We are
separately finalizing a safe harbor at
paragraph 1001.952(ii) for CMSsponsored models (as defined) (see
discussion at section III.B.7).
PO 00000
Frm 00073
Fmt 4701
Sfmt 4700
77755
a. General Comments
Comment: While some commenters
supported the substantial downside
financial risk safe harbor, others
expressed concern that the safe harbor
is too complicated to be useful.
Response: We appreciate commenters
highlighting their concerns. We have
revised the substantial downside
financial risk safe harbor by
streamlining and clarifying its defined
terms and conditions, which we believe
addresses these concerns. For example,
in paragraph 1001.952(ff)(9), we
provided additional clarity about the
manner in which parties must calculate
savings and losses pursuant to
methodologies in the definition of
‘‘substantial downside financial risk.’’
Comment: Multiple commenters
urged OIG to align this safe harbor with
CMS’s exception to the physician selfreferral law for value-based
arrangements with meaningful
downside financial risk in order to
facilitate their compliance efforts.
Commenters generally favored the risk
thresholds proposed in the meaningful
downside financial risk exception to the
physician self-referral law over the
substantial downside financial risk
thresholds proposed in OIG’s safe
harbor.
Response: As with the OIG Proposed
Rule, we coordinated with CMS in the
development of this final rule and
aimed to promote alignment between
the two rules where possible. For a
general discussion of the rationale for
our decision to finalize safe harbors that
diverge in certain aspects from the
parallel exceptions to the physician selfreferral law, we refer readers to section
III.A.1 of the preamble to this final rule.
With respect to the risk thresholds in
CMS’s rule, and as discussed further
below, we have determined that CMS’s
methodology is not appropriate for this
safe harbor because it focuses on
physician risk arrangements and
remuneration rather than risk assumed
at the VBE level.
b. Definitions
i. Substantial Downside Financial Risk
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ff)(8)(i)
that a VBE would be at substantial
downside financial risk if it were
subject to risk pursuant to one of four
methodologies: (i) Shared savings with
a repayment obligation to the payor of
at least 40 percent of any shared losses,
where loss is determined based upon a
comparison of costs to historical
expenditures, or to the extent such data
is unavailable, evidence-based,
comparable expenditures; (ii) a
E:\FR\FM\02DER3.SGM
02DER3
77756
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
repayment obligation to the payor under
an episodic or bundled payment
arrangement of at least 20 percent of any
total loss, where loss is determined
based upon a comparison of costs to
historical expenditures, or to the extent
such data is unavailable, evidencebased, comparable expenditures; (iii) a
prospectively paid population-based
payment for a defined subset of the total
cost of care of a target patient
population, where such payment is
determined based upon a review of
historical expenditures, or to the extent
such data is unavailable, evidencebased, comparable expenditures; or (iv)
a partial capitated payment from the
payor for a set of items and services for
the target patient population where such
capitated payment reflects a discount
equal to at least 60 percent of the total
expected fee-for-service payments based
on historical expenditures or, to the
extent such data is unavailable,
evidence-based, comparable
expenditures of the VBE participants to
the value-based arrangements.
Summary of Final Rule: We are
finalizing, with modifications, the
definition of ‘‘substantial downside
financial risk’’ at paragraph
1001.952(ff)(9)(i). Based on comments,
we are reducing the risk threshold that
parties must assume in order to meet the
definition of ‘‘substantial downside
financial risk’’ for the first payment
methodology (the ‘‘Shared Savings and
Losses Methodology’’) to 30 percent,
and we are clarifying that, under this
methodology, savings and losses must
be calculated by comparing current
expenditures for all items and services
that are covered by the applicable payor
and furnished to the target patient
population to a bona fide benchmark
designed to approximate the expected
total cost of such care. We are clarifying
that, for the second methodology,
savings and losses must be calculated by
comparing current expenditures for all
items and services furnished to the
target patient population pursuant to a
defined clinical episode of care that is
covered by the applicable payor to a
bona fide benchmark designed to
approximate the expected total cost of
care for the defined clinical episode of
care (the ‘‘Episodic Payment
Methodology’’). We also clarify that, for
the Episodic Payment Methodology, the
parties must design the clinical episode
of care to cover items and services
furnished collectively in more than one
care setting. We are finalizing a revised
partial capitation methodology (the
‘‘VBE Partial Capitation Methodology’’)
pursuant to which the VBE is at
substantial downside financial risk if
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
the VBE receives from the payor a
prospective, per-patient payment that is:
(i) Designed to produce material
savings; and (ii) paid on a monthly,
quarterly, or annual basis, for a
predefined set of items and services
furnished to the target patient
population designed to approximate the
expected total cost of expenditures for
the predefined set of items and services.
Finally, we are not finalizing the
proposed population-based payment
methodology because population-based
payments may not, in all circumstances,
involve downside financial risk. For
example, we understand that at least
some population-based payments do not
put providers at risk of receiving a lower
reimbursement amount and instead are
used as a cash-flow mechanism to
support provider investments in care
management tools.
Comment: Although we received
some statements of support, the
overwhelming majority of commenters
on this topic opposed our proposed
definition of ‘‘substantial downside
financial risk.’’ These commenters
generally asserted that our proposed risk
thresholds were too high, particularly
for the Shared Savings and Losses
Methodology and suggested other
thresholds, such as 10 percent for the
Shared Savings and Losses
Methodology. For example, a
commenter asserted that our proposed
definition of ‘‘substantial downside
financial risk’’ was not aligned with the
levels of risk assumed under other
public and private sector value-based
payment initiatives and would serve as
a barrier to providers entering into riskbased arrangements. The same
commenter suggested that, in setting
qualifying risk levels too high, OIG
would promulgate safe harbors that
would be available only to sophisticated
entities that are able to take on high
levels of financial risk (e.g., ACOs
associated with large health systems).
Another commenter stated that our
identified risk thresholds were arbitrary
and biased against smaller and rural
health care providers because such
providers likely lack the capital reserves
necessary to assume substantial
downside financial risk. Other
commenters asserted that our view of
risk was too narrow by failing to
consider the importance of upside
financial risk, contractual risk, clinical
risk related to treating complex patients,
operational risk, and investment risk. At
least one commenter urged OIG to
include financial risk that is assumed
only in the event certain quality
benchmarks are not met.
Response: We solicited comments on
whether the proposed risk thresholds
PO 00000
Frm 00074
Fmt 4701
Sfmt 4700
should be higher or lower, or whether
some or all of the methodologies should
be modified to better capture the
assumption of substantial downside
financial risk for items and services
furnished to patients or omitted from
the final rule entirely. In response to
comments and based on further
consideration of risk assumption
requirements used by Innovation Center
models, we are reducing the risk
threshold required for the Shared
Savings and Losses Methodology from
40 to 30 percent, and we are not
including a risk threshold in the VBE
Partial Capitation Methodology. We are
retaining the 20 percent risk threshold
for the Episodic Payment Methodology
because we believe the risk threshold
proposed and finalized is consistent
with the design of episodic payment
models in which health care
stakeholders currently participate,
including Innovation Center models that
adopt a similar payment methodology.
The risk thresholds in the final rule
reasonably reflect substantial downside
financial risk under the three
methodologies for purposes of this safe
harbor. Moreover, we believe risk
thresholds are necessary to mitigate
traditional fraud and abuse risks
associated with payment systems that
incorporate, in whole or in part, fee-forservice reimbursement methodologies.
Arrangements with lower risk levels
would be analyzed for compliance with
the anti-kickback statute on a factspecific basis.
The requirement for the VBE to
assume substantial downside financial
risk, as opposed to upside financial risk,
contractual risk, clinical risk related to
treating complex patients, operational
risk, or investment risk, or financial risk
that is assumed only in the event certain
quality benchmarks are not met, is
appropriate because we are not
persuaded that other types of risk would
provide as strong an incentive to change
ordering or referring behaviors of
providers and suppliers that might still
be paid on a fee-for-service basis or
otherwise help ensure that safeharbored arrangements would serve
appropriate value-based purposes. We
believe the risk levels set in the final
rule will be substantial enough to
reduce any traditional volume-driven
incentives to overutilize or increase
program costs by ordering and referring
providers and to increase incentives to
promote efficient delivery of health
care.
This safe harbor does not prevent the
VBE from assuming other types of risk
from the payor suggested by
commenters, e.g., investment risk,
contractual risk, and clinical risk related
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
to treating complex patients, as long as
the VBE also assumes substantial
downside risk from a payor. However,
we note that these other types of risk
may result in an exchange of
remuneration that implicates the
Federal anti-kickback statute and must
be separately considered for compliance
with the statute.
As discussed in section III.B.4.d
below, a VBE and a payor that is a VBE
participant can enter into value-based
arrangements to protect remuneration
under this safe harbor. The types of risk
suggested by commenters may be
protected by this safe harbor if
remuneration exchanged and the
associated value-based arrangements
meet all applicable conditions.
We appreciate the challenges
associated with assuming risk that
certain smaller and rural providers may
face. The definition of ‘‘VBE’’ affords
parties significant flexibility and places
no limit on the number of providers that
can participate in the VBE and work
together to assume substantial downside
financial risk. We also highlight that
other safe harbors, including the care
coordination arrangements safe harbor,
at paragraph 1001.952(ee), and the
outcomes-based payments safe harbor at
paragraph 1001.952(d)(2), may be
available for parties that are not ready
to assume the level of risk required by
this safe harbor.
Comment: Commenters requested
clarification on the practical application
of the methodology OIG proposed in the
‘‘substantial downside financial risk’’
definition—shared savings with a
repayment obligation to the payor of at
least 40 percent of any shared losses.
For example, a commenter asked
whether the shared savings and losses
repayment calculation must be
applicable to the entire value-based
enterprise or if it could be limited to a
particular shared savings and losses
arrangement between specified VBE
participants. Other commenters asked
whether the shared savings and losses
repayment obligation could be in the
form of a forfeited withhold or risk-pool
payment, as opposed to an actual
repayment of cash. Similarly, another
commenter asserted that this
methodology should permit the
assumption of risk through front-end
withholds or dues assessments. Another
commenter asked how the shared
savings and losses percentage threshold
should be calculated if the sharing rate
varies based on quality performance and
other adjustments.
Response: In response to commenters’
request for additional detail, we are
clarifying that the Shared Savings and
Losses Methodology expressly requires
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
that any losses and savings calculations
take into account all items and services
that are covered by the applicable payor
and furnished to the target patient
population, not simply those items and
services furnished by specified VBE
participants. In other words, the Shared
Savings and Losses Methodology is
dependent on the items and services
covered by the payor and provided to
the target patient population, not the
specific composition of the VBE and its
VBE participants. For example, a VBE
could not limit its risk for shared
savings and losses under this
methodology for certain outpatient
items and services by only entering into
value-based arrangements with a narrow
set of providers that only furnish care in
outpatient settings.
In response to comments, we also are
clarifying that this methodology permits
the assumption of risk prospectively or
retrospectively. As long as the VBE
meets the requirements of the Shared
Savings and Shared Losses
Methodology, as finalized, including the
requirement that losses and savings be
calculated by comparing certain
expenditures to a bona fide benchmark
designed to approximate the expected
total cost of the applicable care, this safe
harbor does not prescribe how the payor
and VBE structure payments to
effectuate the VBE’s risk.
Finally, under the Shared Savings and
Losses Methodology, financial risk must
equal at least 30 percent of loss, where
loss is determined by comparing current
expenditures for all items and services
that are covered by the applicable payor
and furnished to the target patient
population to a bona fide benchmark
designed to approximate the expected
total cost of such care. To satisfy the
Shared Savings and Losses
Methodology, any adjustments based on
quality performance or other factors
may not bring the financial risk below
30 percent of such loss.
Comment: With respect to the second
proposed methodology (the Episodic
Payment Methodology), some
commenters asked whether such
arrangements could be prospective or
retrospective. A commenter asserted
that we should add another episodic or
bundled payment arrangement
methodology, similar to this
methodology, but that requires any
repayment obligation for losses to equal,
at a minimum, 20 percent of historical
expenditures. The commenter also
requested that we clarify that this
methodology applies only to an
‘‘episode of care’’ that involves multiple
care settings. Finally, a commenter,
asserting that it was unaware of any
value-based arrangement that can
PO 00000
Frm 00075
Fmt 4701
Sfmt 4700
77757
provide quality care at 80 percent of
episode costs, recommended we reframe
this substantial downside financial risk
methodology as ‘‘discount-based.’’
Response: As an initial matter, we
clarify that the Episodic Payment
Methodology is with respect to a set of
defined items and services related to a
clinical condition and, as a result, have
replaced the OIG Proposed Rule term
‘‘episodic or bundled payment
methodology’’ with ‘‘clinical episode of
care’’ in order to better convey this
requirement. We also confirm that
financial risk assumed pursuant to the
Episodic Payment Methodology may be
prospective or retrospective.
In response to the commenter that
requested we clarify that this
methodology applies only to an
‘‘episode of care’’ that involves multiple
care settings, we are requiring in
paragraph 1001.952(ff)(9)(i)(B)(2) that
the parties design the clinical episode of
care to cover items and services
collectively furnished in more than one
care setting. The VBE and the payor can
meet this requirement as long as they
design the clinical episode of care to
cover a collection of items and services
that they anticipate will be provided in
more than one care setting even if a
particular patient in the target patient
population undergoing a clinical
episode of care ultimately does not
receive items and services in more than
one care setting. We believe this
requirement is consistent with episodic
or bundled payment methodologies that
involve services delivered by more than
one provider and promotes
collaboration across providers and
suppliers that may otherwise operate
independently and deliver care in silos.
To illustrate these clarifications, the
Episodic Payment Methodology could
include a clinical episode of care for an
inpatient procedure for which the payor
and the VBE design the clinical episode
of care to cover items and services
furnished across care settings in a
hospital and post-acute care setting,
such as a physician clinic or a skilled
nursing facility. In contrast, we do not
consider a bundled payment to a
provider for an episode of care that
occurs in a single setting, such as a DRG
payment to a hospital for inpatient
services, to be an episodic payment for
purposes of this rule.
Lastly, we are not finalizing an
episodic payment methodology that
requires a repayment obligation for
losses equal to, at a minimum, 20
percent of historical expenditures or
reframing the Episodic Payment
Methodology as ‘‘discount based,’’ as
suggested by a commenter. We clarify
that the Episodic Payment Methodology,
E:\FR\FM\02DER3.SGM
02DER3
77758
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
as finalized, does not require the payor
to discount the cost of items and
services included in the defined clinical
episode of care by 20 percent. Rather,
the VBE must assume risk for at least 20
percent of any loss realized pursuant to
a defined clinical episode of care, with
losses (and savings) calculated by
comparing current expenditures for all
items and services included in the
defined clinical episode of care and
furnished to the target patient
population to a bona fide benchmark
designed to approximate the expected
total cost of such care.
Comment: Commenters generally
expressed confusion regarding the
application of the fourth prong included
in the proposed ‘‘substantial downside
financial risk’’ definition—a partial
capitation payment that reflects a
discount equal to at least 60 percent of
the total expected fee-for-service
payments. For example, a commenter
asked why this methodology includes a
discount because capitation itself places
a physician at risk through a permember, per-month payment. Another
commenter suggested that we revise this
prong to encompass capitated payments
for a limited set of services, e.g., primary
care. Some commenters asserted that the
60 percent discount level was not
economically feasible and suggested
that OIG lower the discount level.
Response: In response to comments,
we are finalizing the VBE Partial
Capitation Methodology, with
modifications. We are removing the
discount percentage requirement in
recognition that the partial capitation
payment, as set forth in paragraph
1001.952(ff)(9)(i)(C), itself, constitutes
the assumption of substantial downside
financial risk. In keeping with the intent
of the prior discount percentage
requirement, we also are requiring that
this methodology be designed to result
in material savings. In other words, the
VBE Partial Capitation Methodology is
designed to achieve cost efficiencies by
incentivizing better care coordination
that benefits patients and the health care
delivery system by placing the VBE at
substantial downside financial risk.
We are not defining material savings
in regulatory text to provide parties
flexibilities in designing partial
capitation payments. There are a
number of ways that parties might
design a partial capitation payment
consistent with this methodology to
generate material savings. For example,
the parties may design a capitation
payment with utilization targets that are
intended to lower costs versus historical
utilization, or the parties may use other
methodologies that incentivize the VBE
to operate more efficiently and lower
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
costs. We recognize that, as the VBE and
its VBE participants become more
efficient, the opportunity to achieve
materials savings, as that term is
commonly understood, may become
more difficult. As a VBE successfully
reduces costs in one year, it becomes
harder to further reduce costs in
subsequent years. Under this
methodology, and because we are not
defining ‘‘material savings,’’ parties
have flexibility to design partial
capitation payment rates to account for
such issues. For example, the parties
could use national or regional
utilization data in designing the partial
capitation payment to appropriately
adjust the payment rates to account for
the efficiency of the VBE.
Additionally, given the complexity of
establishing a partial capitation
payment, payors, from whom the VBE
assumes risk under this methodology,
will have a significant role in their
design. Payors have experience and
expertise in designing actuarial models
to assess and project costs for their
plans and establish rates. Capitation
payments designed consistent with
generally accepted actuarial principles
can, for example, ensure that a partial
capitation payment: (i) Captures all
reasonable, appropriate, and attainable
costs; (ii) is sufficient, based on past and
anticipated service utilization by the
target patient population; (iii) reflects
cost trends; (iv) is risk adjusted as
appropriate; and (iv) provides
documentation and transparency on
how the rate was developed. While not
an exhaustive list, these factors would
be relevant in assessing whether a
capitation payment is designed to
generate material savings.
We also are clarifying the form in
which the VBE must receive a partial
capitation payment. Specifically, we are
requiring that the VBE receive from a
payor a prospective, per-patient
payment, paid on a monthly, quarterly,
or annual basis. This methodology
would not include fee-for-service
payments under the Medicare inpatient
prospective payment system or other
fee-for-service payments under
Medicare Parts A or B. The per-patient
payment must be for a predefined set of
items and services furnished to the
target patient population, designed to
approximate the expected total cost of
expenditures for the predefined set of
items and services. As noted above, this
payment must be intended to result in
material savings.
We emphasize that, under the VBE
Partial Capitation Payment
Methodology, the VBE is assuming risk
for a predefined set of items or services
that are less than all of the items and
PO 00000
Frm 00076
Fmt 4701
Sfmt 4700
services covered by the payor, in
contrast to the full financial risk safe
harbor, which requires the VBE to
assume full financial risk for all items
and services from a payor. For example,
a partial capitation payment under this
methodology may cover primary care
services only for a target patient
population but not inpatient services,
prescription drugs, or other items and
services covered by the payor.
While we are not specifying a
percentage or scope of items and
services that must be reimbursed on a
capitated basis, the requirement that
partial capitation payments be intended
to result in material savings achieves a
similar purpose. A VBE assuming
substantial downside risk is afforded
flexibility under this safe harbor
because, as explained previously, this
level of risk mitigates the traditional
risks of fraud and abuse associated with
fee-for-service payments. The
effectiveness of that mitigation is
directly connected to the incentive
associated with substantial downside
risk methodologies; increased risk
means the VBE has a greater incentive
to reduce costs and improve outcomes
for patients. In the context of the VBE
Partial Capitation Methodology, the
substantial downside risk is partly
dependent on the scope of items and
services covered by the partial
capitation payment. For example, a VBE
that receives a partial capitation
payment for inpatient services
associated with one DRG has less
incentive than a VBE that receives a
partial capitation payment for all
inpatient services.
We recognize that payors are unlikely
to contract with a VBE under a partial
capitation payment for a narrow set of
items or services. However, ensuring
that VBEs have the appropriate level of
incentives by assuming risk is a key
safeguard in this safe harbor and is the
reason why we are finalizing the
requirement that partial capitation
payments be designed to generate
material savings. We note that the scope
of services is just one factor for
determining whether the capitation
payment was designed to generate
material savings. For example, a VBE
and a payor could design a partial
capitation payment that meets this
methodology if the VBE receives
capitation payments for a narrow set of
services that are typically high cost as
long as the capitation payments for that
limited set of high-cost items or services
were designed to generate material
savings.
We also note that this safe harbor
conditions protection on the VBE
assuming substantial downside
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
financial risk from the payor for the
predefined items and services. It does
not require the VBE to assume other
functions from the payor, such as
enrollment, grievance and appeals,
solvency standards, and other
administrative functions performed by
payors.
Comment: In response to our
solicitation of comments regarding
alternative means to calculate savings
and losses (and in particular, how best
to establish a baseline that appropriately
assesses the VBE’s financial
performance), we received a number of
comments recommending modifications
to the proposed requirement that, for
each methodology under the
‘‘substantial downside financial risk’’
definition, parties would need to
determine any savings or losses realized
based upon a review of historical
expenditures, or to the extent such data
was unavailable, evidence-based,
comparable expenditures. For example,
several commenters questioned our
reliance on historical expenditures as a
reliable datapoint, with several
expressing concern that such a standard
may not be adequately risk-adjusted or
an accurate benchmark to the extent
parties are providing new treatments,
items, and services (representing the
latest advances in technology, for
example) that exceed the cost of
treatment in benchmark years. At least
two commenters recommended that we
add ‘‘projected spending’’ as a method
to compare costs, with one asserting that
historical expenditures may not be
appropriately risk adjusted. A
commenter also suggested that we allow
parties to adjust payments as needed to
cover the costs of new treatment
options.
Response: We are no longer requiring
that parties rely on historical
expenditures or evidence-based,
comparable expenditures to determine a
benchmark used in calculating any
losses or savings realized. We recognize,
as highlighted by commenters, that
historical expenditures could be volatile
or otherwise result in an inaccurate
benchmark, particularly for smaller
entities, and that other data, such as
national or regional data, may be
appropriate factors that can be used for
setting an accurate benchmark.
Consequently, we are revising this
requirement to provide that, for two of
the methodologies finalized in the
‘‘substantial downside financial risk’’
definition—the Shared Savings and
Losses Methodology and the Episodic
Payment Methodology—parties must
calculate any losses or savings based
upon a bona fide benchmark, i.e., a
legitimate benchmark, designed to
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
approximate the cost of care.51
Specifically, for the Shared Savings and
Shared Losses Methodology, we require
that the parties calculate losses by
comparing current expenditures for all
items and services that are covered by
the applicable payor and furnished to
the target patient population to a bona
fide benchmark designed to
approximate the expected total cost of
such care. Similarly, for the Episodic
Payment Methodology, we require that
parties calculate losses by comparing
current expenditures for all items and
services that are covered by the
applicable payor, furnished to the target
patient population, and relate to a
defined clinical episode of care to a
bona fide benchmark designed to
approximate the expected total cost of
care for the defined clinical episode of
care.
This revision has two aims. First, we
seek to protect against the selection of
benchmarks that artificially create
savings or inappropriately insulate any
VBE participant from losses. This is
based on our intent to ensure that
parties are truly assuming downside
financial risk. Second, we seek to
provide parties with the flexibility
necessary to establish a baseline tailored
to the contract or value-based
arrangement between the VBE and the
payor. Thus, under these revised
methodologies, a bona fide benchmark
does not need to be based on historical
expenditures or, to the extent such data
is unavailable, evidence-based,
comparable expenditures, as proposed
in the OIG Proposed Rule. With this
revised standard, a bona fide benchmark
may be appropriately adjusted, e.g.,
through a prospective or retrospective
risk-adjustment to account for outlier
health care expenditures, provided the
methodology for such adjustment is
established in advance. We emphasize
that any such adjustment must be
consistent with the requirement that the
bona fide benchmark be designed to
approximate the expected total cost of
care.
We note that there are several ways
that parties may demonstrate that a
benchmark is bona fide. Parties seeking
51 We are not requiring that parties compare
current expenditures to a bona fide benchmark
designed to approximate the expected total cost of
care for the VBE Capitation Payment Methodology
because of its prospective nature and per-patient,
per-month, per-quarter, or per-year payment
structure. Instead, for this methodology, parties
must establish a capitated payment for a predefined
set of items and services furnished to the target
patient population, designed to approximate the
expected total cost of expenditures for the
predefined set of items and services. The capitated
payment must also (among other criteria) be
intended to result in material savings.
PO 00000
Frm 00077
Fmt 4701
Sfmt 4700
77759
examples of bona fide benchmarks may
look to Innovation Center models, the
Medicare Shared Savings Program,
Medicaid programs, or private payors
that have adopted and validated
benchmarks for their participants in
similar risk-based models. Bona fide
benchmarks may incorporate concepts
such as risk adjustments, cost
projections (including those related to
new treatments), and peer comparisons,
as applicable. Given the complexity of
establishing a benchmark, we anticipate
that payors from whom the VBE
assumes risk will be involved in their
design. Similar to the design of a partial
capitation payment, payors have
relevant experience and expertise in
designing actuarial models to assess and
project costs for their plans that will
support the development of bona fide
benchmarks. Benchmarks that are
validated or designed consistent with
generally accepted actuarial principles
will likely be bona fide. Parties will
need to assess and ensure the validity
and appropriateness of the benchmark
based on the specific facts and
circumstances of their VBE, the valuebased arrangement, the scope of the
items and services covered, and the
target patient population.
Comment: Several commenters
requested that OIG include a cap or
stop-loss threshold in the substantial
downside financial risk safe harbor that
would limit the amount of loss incurred
by the VBE. For example, specific to the
clinical episode of care methodology, a
commenter recommended that we limit
potential losses to 20 percent of
historical expenditures; specific to the
shared savings methodology, a
commenter encouraged protection for
arrangements that include stop-loss
thresholds for shared losses set at a
certain percentage of historical
benchmark costs, akin to the Medicare
Shared Savings Program.
Alternatively, other commenters
urged OIG to simply clarify that
reinsurance arrangements, or other like
arrangements to protect against
catastrophic losses, would not fall
outside of our proposed definition of
‘‘substantial downside financial risk.’’
According to these commenters,
reinsurance arrangements are critical to
encouraging the assumption of
downside financial risk.
Response: Given the inherent
differences in target patient populations,
the sophistication of parties
participating in value-based
arrangements, and varying risk
methodologies that parties may adopt,
we decline to include a specific cap,
stop-loss threshold, or reinsurance
threshold. This provides parties
E:\FR\FM\02DER3.SGM
02DER3
77760
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
flexibility to adopt various risk
methodologies that still satisfy the safe
harbor’s definition of ‘‘substantial
downside financial risk.’’ Parties
entering into a contract or a value-based
arrangement to assume substantial
downside financial risk should have the
flexibility to determine the appropriate
cap, stop-loss, or reinsurance threshold,
if any, and we clarify that neither the
safe harbor’s conditions nor the
definition of ‘‘substantial downside
financial risk’’ precludes parties from
entering into reinsurance arrangements
or other like arrangements to protect
against catastrophic losses.
Nevertheless, we caution that such
arrangements should not be used as a
vehicle to materially shift the
substantial downside financial risk a
VBE is otherwise required to assume
pursuant to this safe harbor.
Comment: Several commenters
supported OIG’s alternate proposal to
adopt risk levels more closely aligned
with advanced APMs and other payor
advanced APMs, as both terms are
defined at 42 CFR 414.1305, or
requested that the definition of
‘‘substantial downside financial risk’’
include advanced APMs. In addition, a
commenter noted that the risk levels
proposed by OIG exceeded those
required in advanced APMs.
Response: We are not revising the risk
levels set forth in the ‘‘substantial
downside financial risk’’ definition to
align with those of advanced APMs and
other payor advanced APMs, as both
terms are defined at 42 CFR 414.1305.
Different risk thresholds between this
safe harbor and advanced APMs and
other payor advanced APMs are
appropriate in light of the differing
objectives between this rulemaking and
the Quality Payment Program, the
Medicare payment program that relies
on the defined terms advanced APMs
and other payor advanced APMs. For
example, the advanced APM track of the
Quality Payment Program is specific to
eligible clinicians and offers a potential
five percent Medicare bonus payment,
among other benefits. By contrast, this
safe harbor protects arrangements of a
wide variety of industry stakeholders
beyond eligible clinicians from liability
under a criminal statute and sets out the
conditions under which that protection
is available.
It is possible that participants in an
advanced APM might assume risk at
levels that meet the requirements of this
safe harbor. Further, some advanced
APM participants may be eligible for
safe harbor protection under the new
CMS-sponsored model arrangements
safe harbor found at paragraph
1001.952(ii).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Comment: Multiple commenters
requested that we opine on whether
certain arrangements would meet our
proposed definition of ‘‘substantial
downside financial risk.’’ For example,
at least two commenters requested that
we address whether a bonus pool or
gainsharing arrangement, tied to the
achievement of certain outcome
measures, could potentially meet our
definition of ‘‘substantial downside
financial risk.’’ The commenters argued
in favor of such an interpretation,
asserting that the potential to earn a
bonus payment constitutes downside
risk to the extent the bonus is (i)
otherwise considered part of the
recipient’s aggregate compensation, and
(ii) withheld if outcome measures are
not met.
Response: The definition of
‘‘substantial downside financial risk’’
requires, among other criteria, that the
VBE assume the potential for realizing
losses. This definition would permit
parties to design a two-sided risk
methodology that would place the VBE
at downside financial risk and upside
financial risk. In other words, the
definition requires, at a minimum, the
VBE to assume substantial downside
financial risk, but does not preclude the
parties from including other risk
methodologies, so long as all other
conditions of the safe harbor are met.
For example, arrangements that include
a bonus pool or gainsharing, along with
the VBE assuming the required
substantial downside financial risk, may
be protected by this safe harbor.
However, a risk methodology that only
includes upside risk would not meet
this requirement.
ii. Meaningful Share
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ff)(2)
that this safe harbor would protect
remuneration exchanged between a VBE
and a VBE participant if the VBE
participant meaningfully shares in the
VBE’s substantial downside financial
risk for providing or arranging for items
and services for the target patient
population. We proposed that a VBE
participant would meaningfully share in
the VBE’s risk if the VBE participant
met one of the following three
methodologies: (i) A risk-sharing
payment pursuant to which the VBE
participant is at risk for 8 percent of the
amount for which the VBE is at risk
under its agreement with the applicable
payor (e.g., an 8-percent withhold,
recoupment payment, or shared losses
payment); (ii) a partial or full capitated
payment or similar payment
methodology (excluding certain
enumerated reimbursement
PO 00000
Frm 00078
Fmt 4701
Sfmt 4700
methodologies); or (iii) in the case of a
VBE participant that is a physician, a
payment that meets the requirements of
the physician self-referral law’s
regulatory exception for value-based
arrangements with meaningful
downside financial risk at 42 CFR
411.357(aa)(2).
Summary of Final Rule: We are
finalizing, with modifications, at
paragraph 1001.952(ff)(3) a requirement
for the VBE participant to be at risk for
a meaningful share of the VBE’s
substantial downside financial risk for
providing or arranging for the provision
of items and services for the target
patient population. We are finalizing,
with modifications, the proposed
definition of ‘‘meaningful share’’ at
paragraph 1001.952(ff)(9)(ii).
Specifically, based on comments we are:
(i) Revising the first methodology of the
‘‘meaningful share’’ definition (the
‘‘Risk-Sharing Payment Methodology’’)
to clarify that any risk assumed by a
VBE participant pursuant to this
methodology must be two-sided risk; (ii)
lowering the risk threshold for the RiskSharing Payment Methodology from 8
percent to at least 5 percent of the losses
and savings, as applicable, realized by
the VBE pursuant to its assumption of
substantial downside financial risk; (iii)
revising the second methodology of the
‘‘meaningful share’’ definition to apply
to prospective, per-patient payments for
a predefined set of items and services
furnished to the target patient
population (the ‘‘Meaningful Share
Partial Capitation Methodology’’); and
(iv) not finalizing the proposed
methodology applicable to physician
payments that meet the requirements of
the physician self-referral law’s
regulatory exception for value-based
arrangements with meaningful
downside financial risk at 42 CFR
411.357(aa)(2) (the ‘‘CMS Exception
Methodology’’).
Comment: While we received
comments in favor of our proposed
requirement for the VBE participant to
assume a meaningful share of the VBE’s
substantial downside financial risk,
many advocated against it, suggesting
no or optional risk requirements for VBE
participants downstream from the VBE
assuming substantial downside
financial risk. These commenters
highlighted varying Innovation Center
models that do not require the
downstream assumption of risk.
Response: We are finalizing a
requirement for VBE participants, other
than the payor from which the VBE is
assuming risk, to be at risk for a
meaningful share of the VBE’s
substantial downside financial risk
pursuant to a value-based arrangement
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
with the VBE. This safe harbor is not
chiefly designed for Innovation Center
models, which may not have downside
financial risk, and which may fit more
readily in the new safe harbor at
paragraph 1001.952(ii) for CMSsponsored models. The requirement to
assume a meaningful share of the VBE’s
risk is foundational to the structure of
the safe harbor, which does not include
certain established safeguards, such as a
fair market value requirement, designed
to mitigate risks inherent to a traditional
fee-for-service payment methodology,
nor additional safeguards present in the
care coordination arrangements safe
harbor, such as a bar on monetary
compensation or a contribution
requirement, that protect against
payment for referral schemes. The
requirement to assume a meaningful
share of the VBE’s risk helps ensure that
VBE participants ordering or arranging
for items and services for the target
patient population share in the VBE’s
value-based purposes and costreduction goals.
The payor from which the VBE is
assuming substantial downside
financial risk is exempt from the
requirement to meaningfully share in
the VBE’s substantial downside
financial risk in paragraph
1001.952(ff)(3). As discussed in greater
detail in section III.B.4.d, this carve-out
applies to those payors from which
VBEs are assuming risk that elect to also
be a VBE participant and enter into a
value-based arrangement with a VBE. In
such circumstances, the payor, as a VBE
participant, need not share again in the
risk that the VBE assumed from it in the
value-based arrangement.
Comment: While at least one
commenter supported the risk threshold
in the first proposed methodology for
meaningfully sharing in the VBE’s risk
(a risk-sharing payment pursuant to
which the VBE participant is at risk for
8 percent of the amount for which the
VBE is at risk under its agreement with
the applicable payor), the majority of
commenters advocated that we lower
the risk threshold, such as to 5 percent.
Commenters highlighted varying
Innovation Center models that impose
lower risk requirements or rely on a
broader risk framework. Other
commenters suggested that this
methodology should be expanded to
encompass other types of risk, for
example, operational or contractual risk.
Commenters suggested that a more
expansive methodology would
encourage a greater number of providers
to take on downside risk arrangements
while still effectively deterring potential
fraudulent behavior. A commenter
recommended that OIG revise the first
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
proposed methodology for meaningfully
sharing in the VBE’s risk to state that the
VBE participant is at risk for ‘‘at least
8 percent’’ of the VBE’s risk to allow for
other arrangements that involve greater
downside risk.
Response: We are revising the RiskSharing Payment Methodology to
reduce the required minimum risk
threshold from 8 percent to at least 5
percent and requiring two-sided risk
(e.g., savings and losses). We believe
this level of risk is appropriate to ensure
VBE participants share the VBE’s goal of
cost reduction and to reduce fraud and
abuse risks while making this safe
harbor more accessible to individuals
and entities that want to exchange
remuneration with the VBE pursuant to
this safe harbor. As finalized, this
methodology aligns with the Shared
Savings and Losses Methodology in the
definition of ‘‘substantial downside
financial risk.’’ This modification will
provide VBE and VBE participants
additional flexibilities to align risksharing methodologies and protect
similar exchanges of remuneration (e.g.,
savings and losses) in value-based
arrangements.
We are not permitting VBE
participants to meet the Risk-Sharing
Payment Methodology by assuming
other types of risk, such as operational
or contractual risk. We are concerned
these types of risk would not adequately
align a VBE participant’s financial
incentives with that of the VBE’s costreduction goals resulting from the VBE’s
assumption of substantial downside
financial risk.
Comment: Some commenters opposed
pegging the first risk-sharing payment
methodology of the ‘‘meaningful share’’
definition to the total risk assumed by
the VBE. For example, a commenter
noted that VBE participants, and in
particular smaller providers, are
unlikely to accept risk for 8 percent of
the total amount for which the VBE is
at risk from the payor. The commenter
urged OIG to revise its meaningfully
share standard to require that the VBE
participant assume risk only for its own
costs and suggested 20 percent as a
potential risk assumption threshold.
Response: As finalized, the RiskSharing Payment Methodology
continues to require that the VBE
participant share in a certain percentage
of the VBE’s total risk. However, in
response to comments, we are finalizing
a lower risk threshold of 5 percent for
this methodology and clarifying that
this methodology requires two-sided
risk.
We also clarify that, to the extent a
VBE realizes catastrophic losses,
triggering any reinsurance or other like
PO 00000
Frm 00079
Fmt 4701
Sfmt 4700
77761
arrangement into which the VBE has
entered, the VBE participant would
calculate any amount owed to the VBE
pursuant to this methodology based on
the VBE’s losses, as adjusted by the
reinsurance or other like arrangement.
Comment: A commenter requested
that OIG define ‘‘partial capitation
arrangements’’ in the context of the
second proposed methodology for
meaningfully sharing in the VBE’s
risk—a partial or full capitation
payment or similar payment
methodology, excluding the Medicare
inpatient prospective payment system
or other like payment methodology. The
commenter also asked whether there is
a minimum amount that would qualify
as partial capitation.
Response: In response to comments,
we are finalizing the Meaningful Share
Partial Capitation Methodology with
revisions that, for clarity, more fully
describe the permissible capitation
methodology. Pursuant to this revised
methodology, a VBE participant must:
(i) Receive from the VBE a prospective,
per-patient payment on a monthly,
quarterly, or annual basis for a
predefined set of items and services
furnished to the target patient
population by the VBE participant
designed to approximate the expected
total cost of those expenditures for the
predefined items or services; and (ii) not
separately claim payment from the
payor for the predefined set of items and
services covered by the partial capitated
payment. Consistent with our stated
goal in the OIG Proposed Rule, we
believe this methodology ensures that
those VBE participants assuming a
meaningful share of the VBE’s risk
pursuant to the Meaningful Share
Partial Capitation Methodology do so in
a manner that is aligned with the
payor’s cost-reduction goals.
For the same reasons we are not
specifying the percentage or scope of
items and services that must be
included in the VBE Partial Capitation
Methodology, we are not specifying a
minimum amount of items and services
that must be covered to meet the
Meaningful Share Partial Capitation
Methodology. Likewise, we note that
this methodology would not include
fee-for-service payments under the
Medicare inpatient prospective payment
system or other fee-for-service payments
under Medicare Parts A or B. Payments
must be made on a monthly, quarterly,
or annual basis to satisfy this
methodology.
A VBE participant may be at risk
through this methodology not only
where the VBE is at substantial
downside financial risk through the
VBE Partial Capitation Methodology but
E:\FR\FM\02DER3.SGM
02DER3
77762
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
also any other substantial downside
financial risk methodology. For
example, VBE participants could be at
risk through the Meaningful Share
Partial Capitation Methodology, and the
VBE could assume substantial downside
financial risk from a payor through the
Episodic Payment Methodology.
Comment: We received varying
comments on the third proposed
methodology for meaningfully sharing
in the VBE’s risk: Physician VBE
participants would be deemed to
meaningfully share in the VBE’s risk if
they meet the definition of ‘‘meaningful
downside financial risk’’ under the
physician self-referral law at 42 CFR
411.357(aa)(2). Some commenters either
opposed this provision altogether or
advocated for a lower threshold than the
25 percent threshold for sharing in the
costs of the remuneration exchanged
under a value-based arrangement, with
a few commenters suggesting between 5
and 15 percent. On the other hand,
some commenters supported this
provision stating, for example, that it
facilitated alignment across OIG’s and
CMS’s rules. Another commenter
requested that OIG amend this provision
to apply more broadly to other VBE
participants and not just physicians.
Response: We are not finalizing the
third proposed methodology (the CMS
Exception Methodology). Pursuant to
the final meaningful downside financial
risk exception at 42 CFR 411.357(aa)(2),
a physician must be at ‘‘meaningful
downside financial risk’’ for failure to
achieve the value-based purpose(s) of
the value-based enterprise during the
entire duration of the value-based
arrangement. A physician assumes
‘‘meaningful downside financial risk’’ if
the physician is responsible to repay or
forgo no less than 10 percent of the total
value of the remuneration the physician
receives (or is entitled to receive) under
the value-based arrangement in the
event of the failure to achieve the valuebased purpose(s) of the value-based
enterprise.
Upon further consideration of the
varied comments we received regarding
the CMS Exception Methodology, we
believe the CMS Exception
Methodology does not fit within the
framework of the substantial downside
financial risk safe harbor, which is
different from the meaningful downside
financial risk exception CMS is
finalizing. Unlike CMS’s meaningful
downside financial risk exception,
OIG’s safe harbor requires the VBE
participant to assume risk for a
meaningful share of the VBE’s
substantial downside financial risk. Risk
under the CMS Exception Methodology
is tied to a percentage of the total value
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
of the remuneration the physician
receives under the value-based
arrangement rather than a percentage of
the risk the VBE assumes from the
payor. The CMS Exception Methodology
does not require the physician to
meaningfully share in financial risk
assumed by the VBE, a requirement of
the safe harbor.
Comment: A commenter expressed
concern that the differing standards for
the assumption of downside risk in the
safe harbor (i.e., ‘‘substantial downside
financial risk’’ and ‘‘meaningfully
sharing in the VBE’s substantial
downside financial risk’’) would
confuse parties to value-based
arrangements and discourage
participation. The commenter appeared
to suggest that OIG adopt a single, low
risk threshold in the substantial
downside financial risk safe harbor.
Response: While we appreciate the
commenter’s input, we respectfully
disagree. It is appropriate to have
differing risk assumption requirements
for the VBE and the VBE participant.
The VBE is contracting or entering into
a value-based arrangement with a payor
to assume substantial downside
financial risk, most likely for items and
services provided across care settings
and by multiple VBE participants.
Conversely, the VBE participant
contracting with the VBE is not only one
step removed from the payor contract,
but its performance of value-based
activities is likely to have a narrower
focus, specific to the items and services
it furnishes to the target patient
population. As such, we believe a lower
risk assumption threshold is appropriate
for the VBE participant.
Comment: A commenter
recommended that ‘‘advanced APMs’’
and ‘‘other payer APMs,’’ as both terms
are defined at 42 CFR 414.1305, should
be expressly included in the safe harbor
and automatically qualify as assuming a
meaningful share of the VBE’s
substantial downside financial risk.
Another commenter suggested that we
adopt the ‘‘more than nominal risk’’
standard for advanced APMs instead of
the proposed ‘‘meaningfully share’’
standard.
Response: Because this safe harbor
has broader applicability to the health
care industry than the regulations in
which the defined terms referenced by
the commenter are used (which apply to
a Medicare payment program for
physicians), we decline to revise the
definition of ‘‘meaningful share’’ to
encompass the potentially lower risk
thresholds set forth in the ‘‘advanced
APM’’ and ‘‘other payer APM’’
definitions as set forth in 42 CFR
414.1305 or adopt, in lieu of
PO 00000
Frm 00080
Fmt 4701
Sfmt 4700
‘‘meaningful share,’’ the ‘‘more than
nominal risk’’ standard. Thus,
participants in advanced APMs and
other payer APMs will not
automatically qualify as having a
‘‘meaningful share’’ of the VBE’s
substantial downside financial risk and
must meet the risk thresholds we are
finalizing.
Comment: A commenter asked
whether a VBE participant could join an
existing value-based arrangement
between a VBE and one or more VBE
participants and satisfy the safe harbor
requirement to assume a meaningful
share of the VBE’s risk by sharing in
such risk only for the duration of its
participation in the value-based
arrangement, as opposed to the duration
of the value-based arrangement.
Response: If the VBE has already
entered into a value-based arrangement
with one or more VBE participants for
purposes of this safe harbor, a party may
join the existing value-based
arrangement as a VBE participant
provided all safe harbor requirements
are met, including amending the signed
writing to include a description of the
manner in which the new VBE
participant will have a meaningful share
of the VBE’s substantial downside
financial risk.
We note that, other than during the 6month phase-in period that is available
under this safe harbor, the VBE
participant must be at risk for a
meaningful share of the VBE’s risk
throughout its participation in the
value-based arrangement. This
requirement does not apply if the VBE
participant is the payor from which the
VBE is assuming risk.
Comment: A commenter asserted that
OIG should add language to the safe
harbor stating that VBE participants’
meaningful share of risk can be through
front-end withholds or dues
assessments and need not be through
back-end repayment.
Response: For the risk methodologies
under the definition of ‘‘meaningful
share,’’ we did not propose, and the
final rule does not prescribe, how the
parties to a value-based arrangement
may effectuate the VBE participant’s
risk, and as such, the parties could
effectuate risk prospectively or
retrospectively.
iii. Other Defined Terms
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ff)(8)(ii)
that the terms ‘‘coordination and
management of care,’’ ‘‘target patient
population,’’ ‘‘value-based activity,’’
‘‘value-based arrangement,’’ ‘‘valuebased enterprise,’’ ‘‘value-based
purpose,’’ and ‘‘VBE participant’’ would
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
have the meaning set forth in proposed
paragraph 1001.952(ee).
Summary of Final Rule: We are
finalizing, with modifications, our
proposed use of the value-based
terminology at paragraph
1001.952(ff)(9)(iii). We no longer use the
term ‘‘coordination and management of
care’’ in this safe harbor. Additionally,
because we are finalizing at paragraph
1001.952(ff)(1) a requirement making
certain entities ineligible to use the safe
harbor, we adopt for this safe harbor the
definition of ‘‘manufacturer of a device
or medical supply’’ at paragraph
1001.952(ee)(12).
Comment: A few commenters
requested that OIG define the term
‘‘payor,’’ with a commenter specifically
suggesting that we define such term to
include a managed care organization
that has a contract with Medicare,
Medicaid, or another Federal health care
program that is subject to 1128B of the
Act. A commenter also asked OIG to
define the term ‘‘used’’ in relation to the
requirement that remuneration be used
primarily to engage in value-based
activities that are directly connected to
the items and services for which the
VBE is at substantial downside financial
risk and that are set forth in writing. The
commenter also asked OIG to define the
term ‘‘offeror’s cost’’ in relation to the
requirement that the writing state all
material terms of the value-based
arrangement, including the offeror’s cost
of the remuneration.
Response: We are not defining the
term ‘‘payor.’’ The term has its
commonsense meaning of a payor of
health care items and services on behalf
of patients. We confirm that, for
purposes of this safe harbor, such term
would include managed care
organizations that have contracted with
Medicare, Medicaid, and other Federal
health care programs. We also are not
defining the term ‘‘used’’ in regulatory
text but use the term consistent with its
commonsense, well-understood
meaning (e.g., to put into action or
service, utilize). Further, we decline to
define the term ‘‘offeror’s costs’’
because, as explained at section
III.B.4.k, we are not finalizing the
requirement that the writing include the
offeror’s costs.
c. Entities Ineligible for Safe Harbor
Protection
Summary of OIG Proposed Rule: We
proposed in proposed paragraph
1001.952(ee) to limit the entities that
could qualify as VBE participants,
which would have the effect of limiting
availability of the value-based safe
harbors, including the substantial
downside financial risk safe harbor at
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
proposed paragraph 1001.952(ff), for
those ineligible entities. The proposed
definition of ‘‘VBE participant’’ is
summarized more fully in section
III.B.2.e of this preamble.
Summary of OIG Final Rule: As
explained at section III.B.2.e, we are not
finalizing our proposal in proposed
paragraph 1001.952(ee) to limit the
entities that could qualify as VBE
participants. Rather, in the final rule we
are identifying parties ineligible to rely
on safe harbors in the safe harbors
themselves. For the substantial
downside financial risk safe harbor, we
are finalizing a requirement that
remuneration is not exchanged by any
of the following entities: (i)
Pharmaceutical manufacturers,
wholesalers, and distributors; (ii) PBMs;
(iii) laboratory companies; (iv)
pharmacies that primarily compound
drugs or primarily dispense
compounded drugs; (v) manufacturers
of devices or medical supplies; (vi)
entities or individuals that manufacture,
sell, or rent DMEPOS (other than a
pharmacy or a physician, provider, or
other entity that primarily furnishes
services, all of whom remain eligible);
and (vii) medical device distributors or
wholesalers that are not otherwise
manufacturers of devices or medical
supplies.
Summaries of comments, our
responses, and policy decisions
regarding this issue can be found in the
discussion of VBE participants in
section III.B.2.e of this preamble.
d. VBE’s Assumption of Risk From a
Payor
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ff)(1)
that the VBE must assume substantial
downside financial risk from a payor
and that the VBE could assume such
risk directly from a payor or through a
VBE participant acting on behalf of the
VBE (i.e., as an agent of, and
accountable to, the VBE).
Summary of Final Rule: We are
finalizing, with modifications, this
requirement at paragraph
1001.952(ff)(2). First, we are modifying
the safe harbor to provide two options
to VBEs assuming substantial downside
financial risk from a payor. A VBE can
assume risk from the payor through an
arrangement that meets the definition of
‘‘value-based arrangement,’’ or a VBE
can assume risk from a payor through a
contract that places the VBE at
substantial downside financial risk. The
first option provides protection for the
remuneration exchanged between the
payor and the VBE, if all safe harbor
requirements are met. To effectuate this,
the payor must be a VBE participant and
PO 00000
Frm 00081
Fmt 4701
Sfmt 4700
77763
the VBE must assume risk from the
payor through a value-based
arrangement. Under the second option,
if a payor does not wish to be part of
the VBE, the VBE can assume
substantial downside financial risk from
the payor through a written contract.
Under this option, the contract that
places the VBE at risk is not a valuebased arrangement and the safe harbor
would not protect remuneration
exchanged pursuant to it.
Second, we are modifying the risk
assumption requirement to clarify that
the payor cannot act on behalf of the
VBE; the VBE must be a distinct legal
entity or represented by a VBE
participant, other than a payor, that acts
on the VBE’s behalf.
Comment: Some commenters opposed
the proposed requirement that a VBE
assume risk from a payor, asserting
payor involvement should not be a
prerequisite to safe harbor protection.
For example, a post-acute-care provider
asserted that, where the financial risk
shared between providers is significant,
the safe harbor should be available
regardless of whether a payor is directly
involved.
Response: We are finalizing the
requirement that the VBE assume
substantial downside financial risk from
a payor because we view it as a critical
safeguard against the potential for fraud
and abuse. Payors are ultimately
responsible for the cost of the items and
services furnished to a target patient
population, which informs our decision
to require that they be party to the risk
arrangement that serves as the
foundation for this safe harbor.
Moreover, the payor serves as an entity
with both a holistic view of, and a
financial interest in reducing, total
expenditures for the target patient
population, which we believe mitigates
the risks traditionally associated with
fee-for-service systems, such as
overutilization or inappropriate
utilization.
Consistent with our emphasis in the
OIG Proposed Rule that parties
assuming substantial downside
financial risk have more flexibility, we
have modified the safe harbor so that
payors and VBEs have two options for
entering into the risk arrangement—
entering into either a value-based
arrangement or a written contract for the
VBE to assume risk from the payor.
Under the first option for risk
arrangements, payors must be a VBE
participant, which is permitted under
our final definition of ‘‘VBE
participant.’’ The payor (as a VBE
participant) and the VBE can enter into
a value-based arrangement for the VBE
to assume substantial downside
E:\FR\FM\02DER3.SGM
02DER3
77764
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
financial risk. As we proposed and are
finalizing in this rule, the introductory
paragraph to 1001.952(ff) protects
remuneration exchanged between a VBE
and a VBE participant pursuant to a
value-based arrangement. Therefore,
remuneration exchanged pursuant to a
payor’s and a VBE’s value-based
arrangement could be protected by this
safe harbor, including remuneration
exchanged to implement a substantial
downside financial risk methodology
(e.g., shared savings and losses), if the
value-based arrangement meets all
applicable conditions of the safe harbor.
We do not believe this option would
pose an unreasonable burden on the
payor because a value-based
arrangement requires only the provision
of at least one value-based activity for a
target patient population, and the payor
and VBE already must enter into an
agreement to effectuate the VBE’s
assumption of risk for the target patient
population. We believe any burden
would be outweighed by the benefits of
safe harbor protection.
Under the second option, payors that
do not wish to be part of the VBE may
choose to enter into a written contract
for purposes of the VBE assuming
substantial downside financial risk.
Under this option, payors would not be
VBE participants, the written contract
between the payor and the VBE would
not be a value-based arrangement, and
the payor would not be subject to the
other conditions of the safe harbor. In
such circumstances, these contracts
must only meet the condition at
paragraph 1001.952(ff)(2), i.e., they must
evidence the VBE’s assumption of
substantial downside financial risk from
the payor. Remuneration exchanged
pursuant to a risk assumption contract
that is not a value-based arrangement is
not protected by this safe harbor. The
VBE and the payor would need to assess
any potential remuneration exchanged
pursuant to the risk arrangement
contract and its compliance with the
Federal anti-kickback statute.
In response to the commenter
suggesting that providers should be
permitted to assume risk without a
payor, we recognize that there may be
risk-based arrangements between and
among providers that facilitate the goals
set forth in the definition of ‘‘valuebased purpose’’ and that seek to reduce
overall costs. However, this safe harbor
does not protect such arrangements.
Other safe harbors may be available to
protect such arrangements, such as the
care coordination arrangements safe
harbor or the personal services and
management contracts and outcomesbased payment arrangements safe
harbor.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Comment: Commenters requested that
we clarify how the safe harbor would
apply to arrangements involving certain
categories of Federal health care
program beneficiaries, such as Medicare
fee-for-service patients or Indian Health
Service (IHS) beneficiaries. In
particular, multiple commenters
expressed concern that, because Indian
health care is compensated through IHS
appropriations and the Medicare,
Medicaid, and CHIP programs, Indian
health care providers could not be riskbearing entities, as required in the
proposed substantial downside financial
risk safe harbor.
Response: Given the requirement that
the VBE assume substantial downside
financial risk from a payor, this safe
harbor will be available only for
contracts or value-based arrangements
where the target patient population is
comprised of patients insured by a
payor with which a VBE can enter into
a risk arrangement. For example,
whereas the safe harbor may be
available for certain Medicaid direct
contracting or managed care models,52 it
likely would not currently be available
for an arrangement with a target patient
population comprised of patients
enrolled only in Medicare Parts A and
B (i.e., Medicare fee-for-service)
because, outside of Innovation Center
models and the Medicare Shared
Savings Program, we are not aware of a
mechanism that would allow a VBE to
contract with the Medicare program to
assume substantial downside financial
risk for items and services for those
patients.
It is also possible that Indian health
care providers might not be risk-bearing
entities for purposes of this safe harbor.
This would not foreclose Indian health
care providers from engaging in care
coordination arrangements and seeking
safe harbor protection under the care
coordination arrangements safe harbor,
which does not require the assumption
of any risk (but is available for nonmonetary remuneration in risk-bearing
arrangements), or other available safe
harbors, such as the personal services
and management contracts and
outcomes-based payments safe harbor
that protects monetary payments for
achieving quality outcomes. Moreover,
the fact that an arrangement does not fit
in a safe harbor does not make the
arrangement unlawful, and the OIG
advisory opinion process is also
available for parties seeking a
52 See Center for Health Care Strategies, Inc.,
Value-Based Payments in Medicaid Managed Care:
An Overview of State Approaches (Feb. 2016),
available at https://www.chcs.org/media/VBP-Brief_
022216_FINAL.pdf.
PO 00000
Frm 00082
Fmt 4701
Sfmt 4700
determination about a specific existing
or proposed arrangement.
Comment: At least two commenters
expressed support for the ability of a
VBE participant to contract and assume
risk on behalf of the VBE.
Response: We confirm that, for
purposes of this final rule, parties have
this flexibility. A VBE may assume risk
from the payor directly or through a
single VBE participant acting on its
behalf because we recognize that not all
VBEs may be a separate legal entity.
Comment: While acknowledging
patients’ right to choose a provider, a
commenter requested that OIG not
require parties to assume downside
financial risk for those patients who
choose to receive health care items or
services from parties outside of the VBE.
According to the commenter, physicians
participating in VBEs that are clinically
integrated need to refer patients within
high-functioning networks that follow
care management programs, and
providers should not be required to
assume downside financial risk for
those patients who seek care outside the
network.
Response: We are not adopting the
commenter’s suggestion to exclude
those patients who choose to receive
care outside a VBE from the calculation
of downside financial risk. While we
recognize that patients in the target
patient population ultimately could
select providers and suppliers both
inside and outside the VBE, we believe
the VBE and its VBE participants can
still coordinate and manage the care of
these patients and should be required to
assume risk for these patients in order
to benefit from the increased flexibility
afforded by this safe harbor. In addition,
allowing providers to remove patients
from the calculation of downside risk if
they choose any provider outside the
VBE could lead to manipulation of the
target patient population in ways that
could compromise the quality of patient
care, e.g., providers might encourage
more costly patients to obtain care
elsewhere. This approach is consistent
with the Medicare Shared Savings
Program.
Comment: A medical device
manufacturer asserted that this safe
harbor should be expanded to recognize
that, in many cases, the items or
services for which the VBE is at risk will
not necessarily be provided directly to
patients in the target patient population
but instead may be an ancillary part of
their care under the value-based
arrangement, such as products and
services deployed by medical device
manufacturers.
Response: We require that the VBE be
at substantial downside financial risk
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
for providing or arranging for the
provision of items and services for a
target patient population and that the
VBE participant assume a meaningful
share of that risk. There is no
requirement that such items and
services be provided directly to the
target patient population, and there is
nothing in the safe harbor that prevents
the VBE’s risk from encompassing items
and services for, but not provided
directly to, the target patient population,
such as ancillary products and services.
However, pursuant to paragraph
1001.952(ff)(1)(v), manufacturers of
devices or medical supplies are not
eligible to use this safe harbor to
exchange remuneration.
e. Phase-In Period
Summary of OIG Proposed Rule: To
address start-up arrangements for
parties preparing to take on risk, we
proposed at paragraph 1001.952(ff)(1)
that this safe harbor would protect
remuneration exchanged between the
VBE and a VBE participant during the
6 months prior to the date by which the
VBE must assume substantial downside
financial risk. We proposed that, during
this phase-in period, the VBE must be
contractually obligated to assume such
risk from a payor.
Summary of Final Rule: We are
finalizing the 6-month phase-in period,
with modification, and relocating it to
paragraph 1001.952(ff)(2).
Comment: Commenters
overwhelmingly supported a phase-in
period, noting that many providers and
organizations will need time to assume
downside financial risk. However, many
commenters asserted that the proposed
6-month time period was insufficient
and recommended a longer phase-in
period, such as 1 or 2 years. These
commenters expressed concern that,
absent a longer phase-in period, the safe
harbor would be available to only highly
sophisticated and large organizations
that already have the capacity to take on
high levels of financial risk. Another
commenter argued that a longer phasein period is essential in order to allow
newly formed or small VBEs the
flexibility to establish baselines against
which to measure losses or savings.
Some commenters highlighted other
justifications for a longer phase-in
period, including the significant
training and integration needed for the
adoption of new software systems and
the need for providers with less
experience with value-based
arrangements, including small or rural
providers, to have more time to assume
financial risk. Other commenters
requested that OIG extend the phase-in
period only in defined circumstances,
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
e.g., for VBEs created by independent
medical practices or in circumstances
where the 6-month phase-in period
would place an undue burden on the
parties to the arrangement. Finally,
another commenter suggested a
capacity-building period of 2 years
where an entity would take on lower
levels of downside financial risk and
gradually build up to the thresholds set
forth in the definition of ‘‘substantial
downside financial risk.’’
Response: We solicited comments on
whether 6 months was a sufficient
timeframe for a phase-in period or
whether a longer or shorter timeframe
would be appropriate. Having reviewed
the comments and considered the issue,
we have determined that, while some
parties interested in assuming
substantial downside financial risk
might benefit from a phase-in period of
more than 6 months, a 6-month phasein period, paired with the availability of
the care coordination arrangements safe
harbor, should provide a sufficient onramp for parties seeking safe harbor
protection for start-up or capacitybuilding arrangements to prepare to
assume substantial downside financial
risk.
In addition, the changes we have
made to the definition of ‘‘substantial
downside financial risk’’ to replace the
previous requirements for comparisons
to historical benchmarks should allay
concerns raised by newly formed or
small entities about the time needed to
establish baselines against which to
measure losses or savings. In particular,
the new standard for setting a
benchmark provides flexibility to
individuals and entities that may not
have historical benchmarks to establish
benchmarks using other appropriate
data, such as regional or national data.
Comment: A commenter requested
that OIG confirm that all remuneration
exchanged during the phase-in period
related to VBE participants’ good faith
efforts to set up the VBE or value-based
arrangement would be protected, even if
the value-based arrangement ultimately
did not move forward.
Response: To qualify for protection
during the phase-in period, the VBE
must have a contract or a value-based
arrangement with the payor to assume
risk within the next 6 months. To
illustrate, if a VBE enters into a contract
with a payor on January 1, the VBE must
assume substantial downside financial
risk no later than July 1st. The phase-in
period runs from January 1 to July 1 (or
an earlier date if the VBE assumes risk
sooner). We recognize that a VBE might
discover during the phase-in period that
it is unable to assume the planned risk
because, for example, of a failure to
PO 00000
Frm 00083
Fmt 4701
Sfmt 4700
77765
achieve an adequate network or
necessary infrastructure. Remuneration
exchanged between a VBE and a VBE
participant during the phase-in period
would be protected even if the VBE
ultimately does not assume substantial
downside financial risk at the
conclusion of the phase-in period,
provided the VBE had entered into a
contract or a value-based arrangement
with the payor to assume substantial
downside financial risk and all other
safe harbor requirements were met.
With respect to the question about
setting up a VBE, under the final rule,
parties may not use the 6-month phasein period to protect remuneration
exchanged in order to set up a VBE
because, as a condition of meeting the
safe harbor, the VBE must already be in
existence. In addition, there must be a
value-based arrangement between the
VBE and VBE participant that includes
the exchange of payments or something
of value for which safe harbor
protection is sought. The remuneration
under this value-based arrangement
could relate to efforts to set up
necessary infrastructure to assume risk
for the target patient population.
Comment: A commenter asked OIG to
protect all legitimate pre-arrangement
activities associated with assuming risk,
even where the VBE is not under a
contractual obligation to assume risk.
Another commenter asked whether
payments by an academic medical
center to physicians to maintain income
levels during the phase-in period are
protected.
Response: We decline to protect prearrangement activities when the VBE
has not entered into a contract or a
value-based arrangement to assume risk
from a payor, although the actual
assumption of risk need not occur for 6
months. The requirement that the VBE
enter into a contract or value-based
arrangement to assume risk is a critical
safeguard to protect against parties’
attempts to exploit the phase-in period
of this safe harbor to protect problematic
payments when they have no intention
of entering into the risk arrangements
required by the safe harbor.
Income guarantee payments would
not satisfy any of the risk-based
methodologies set forth in the
definitions of ‘‘substantial downside
financial risk’’ or ‘‘meaningful share.’’
Whether income guarantee payments to
physicians could otherwise be protected
by this safe harbor would depend on
whether such remuneration satisfies all
requirements of the safe harbor. For
example, such payments likely would
not satisfy the requirement that
remuneration be directly connected to at
least one of the three value-based
E:\FR\FM\02DER3.SGM
02DER3
77766
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
purposes defined in paragraph
1001.952(ee)(14)(x)(A)–(C). It seems
unlikely that income guarantee
payments would be directly connected
to the deliberate organization of patient
care activities and sharing of
information to improve care for the
target patient population, as the
definition of coordination and
management of care requires.
Additionally, while we acknowledge
that income guarantees could result in
ancillary benefits to patients or could
contribute to appropriate cost
reductions, we consider it unlikely that
income guarantee payments could be
directly connected to improvements in
the quality of care or appropriate
reductions in costs.
f. Remuneration Used To Engage in
Value-Based Activities
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ff)(3)(i)
that the remuneration exchanged
pursuant to this safe harbor must be
used primarily to engage in value-based
activities that are directly connected to
the items and services for which the
VBE is at substantial downside financial
risk.
Summary of Final Rule: We are
finalizing, with modifications, this
requirement at paragraph
1001.952(ff)(4)(ii). First, for the reasons
set forth in section III.B.3.e.ii of this
preamble, we are replacing the word
‘‘primarily’’ with ‘‘predominantly’’ so
that the safe harbor now requires the
remuneration exchanged to be used
predominantly to engage in value-based
activities that are directly connected to
the items and services for which the
VBE has assumed (or has entered into a
written contract or value-based
arrangement to assume within the next
6 months) substantial downside
financial risk. Second, we are modifying
this requirement to provide that the
remuneration exchanged pursuant to a
methodology for the assumption of risk
does not need to meet this condition if
the remuneration is part of a valuebased arrangement that meets all other
safe harbor conditions. That is,
remuneration exchanged between either
a VBE and a payor (as a VBE
participant) pursuant to a methodology
that meets the definition of ‘‘substantial
downside financial risk,’’ or between a
VBE and a VBE participant (other than
a payor) pursuant to a methodology that
meets the definition of ‘‘meaningful
share,’’ need not be used predominantly
to engage in value-based activities that
are directly connected to the items and
services for which the VBE is at
substantial downside financial risk.
Lastly, we are clarifying that the items
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
and services to which the value-based
activities must be directly connected are
those for which the VBE has assumed
(or has entered into a written contract or
value-based arrangement to assume
within the next 6 months) substantial
downside financial risk. This
clarification is in recognition that
parties to a value-based arrangement
may exchange remuneration during the
phase-in period when the VBE has not
yet assumed substantial downside
financial risk but has entered into a
written contract or value-based
arrangement to assume such risk within
the next 6 months.
Comment: Some commenters
expressed general concern that this
proposed requirement would be
administratively burdensome, and at
least one commenter more specifically
stated that it would be burdensome to
track how monetary remuneration is
spent in order to ensure compliance
with this requirement. Another
commenter suggested that this
requirement would preclude protection
of remuneration in the form of shared
savings. These commenters appeared to
request that OIG remove this condition
either in its entirety (thereby permitting
parties to use any remuneration
protected under this safe harbor for any
purpose permissible under applicable
law) or only with respect to monetary
remuneration or a subset of monetary
remuneration, such as shared savings
and other performance-based payments.
Alternatively, a commenter asserted that
OIG should treat certain payments, such
as bonus distributions and performancebased payments, as payments for the
past performance of activities directly
connected to the items and services for
which the VBE is at risk.
Response: The commenters’ concerns
and recommendations appear to stem
from a perceived difficulty with tracking
and monitoring the VBE participant’s
use of the remuneration. In response to
the commenter’s concerns, we are
revising this requirement to include the
following modifier at the start of
paragraph 1001.952(ff)(4)(i): Unless
exchanged pursuant to risk
methodologies defined in paragraph
(9)(i) or (ii). With this modifier,
monetary remuneration exchanged
pursuant to a risk methodology that
meets the definition of ‘‘substantial
downside financial risk’’ or ‘‘meaningful
share,’’ i.e., the risk methodologies
defined in paragraph 1001.952(ff)(9)(i)
and (ii), does not need to be used
predominantly to engage in value-based
activities. Because such remuneration
effectuates the assumption of risk
required by the safe harbor, it is
appropriate to exempt this remuneration
PO 00000
Frm 00084
Fmt 4701
Sfmt 4700
from the requirement for remuneration
to be used predominantly to engage in
value-based activities.
All other remuneration exchanged
must be used predominantly to engage
in value-based activities that are directly
connected to the items and services for
which the VBE has assumed substantial
downside financial risk. With respect to
the commenters’ concerns regarding
tracking another party’s use of such
remuneration, we emphasize that the
safe harbor does not require the offeror
of remuneration to track the recipient’s
use to determine whether such use is
consistent with the safe harbor
requirement to predominantly use
remuneration to engage in value-based
activities for the target patient
population. We recognize that all parties
to the value-based arrangement would
lose safe harbor protection if the
recipient fails to satisfy the predominant
use requirement, but we believe there
are ways for an offeror to protect itself
against this risk, such as by including
terms in the signed writing requiring the
recipient to use funds in a particular
manner. With respect to a commenter’s
concern that this condition would
preclude the protection of shared
savings, this condition, as finalized,
would not preclude the protection of
shared savings, as long as the shared
savings arrangement satisfies all of the
safe harbor’s conditions.
We are not persuaded by the
suggestion that we allow remuneration
to be used for any purpose permissible
under applicable law. In order to use
this safe harbor, the parties must have
formed a value-based enterprise that has
one or more value-based purposes. We
believe that requiring remuneration to
be used predominately for value-based
activities associated with the target
patient population is an important
mechanism to help ensure that the
parties are working toward these
purposes.
Comment: Commenters stated that the
requirement for parties to exchange
remuneration that is used to engage in
value-based activities that are ‘‘directly
connected’’ to the items and services for
which the VBE has assumed (or has
entered into a contract to assume within
the next 6 months) substantial downside
financial risk could subject parties
seeking protection under this safe
harbor to undue scrutiny regarding what
constitutes a direct connection.
Response: We believe parties are wellpositioned to demonstrate that the
value-based activities they undertake
have a direct connection to the items
and services provided to patients in the
target patient population. Pursuant to
paragraph 1001.952(ff)(5) of the safe
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
harbor, the value-based activities must
be set forth in writing, which provides
an opportunity for parties to document
how such activities are directly
connected to the items and services for
which the VBE is at substantial
downside financial risk.
By way of example, in a value-based
arrangement where a VBE is at risk for
an episode of care involving hospital
and post-acute care, if the VBE furnishes
or finances the provision of additional
clinical staff or social workers for use by
both a VBE participant hospital and a
VBE participant skilled nursing facility,
the clinical staff or social workers must
predominantly engage in value-based
activities that are directly connected to
the items and services furnished during
the episode of care for which the VBE
is at substantial downside financial risk.
In the OIG Proposed Rule, we provided
an example involving a target patient
population undergoing hip replacement
surgery to show what it means to have
a direct connection between the valuebased activities and items and services
for the target patient population. Using
this same example under the final rule,
if a VBE is at substantial downside
financial risk for the items and services
provided to patients in a target patient
population undergoing hip replacement
surgery, the VBE could give a VBE
participant money to hire a staff
member who predominately coordinates
patients’ transitions between care
settings after hip replacement surgery.
The VBE could not give the VBE
participant money to hire a staff
member who coordinates transitions
between care settings for patients
undergoing an array of surgical
procedures other than hip replacement
surgery.53
g. Direct Connection to Value-Based
Purposes
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(ff)(3)(ii)
that the protected remuneration must be
directly connected to one or more of the
VBE’s value-based purposes, at least one
of which must be the coordination and
management of care for the target
patient population.
Summary of Final Rule: We are
finalizing, with modification, this
condition at paragraph
1001.952(ff)(4)(i). The final rule
provides that protected remuneration
must be directly connected to at least
one of the three value-based purposes
defined in paragraph
1001.952(ee)(13)(x)(A)–(C).
Remuneration may advance more than
one value-based purpose.
53 84
FR 55694, 55718 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
We summarize and respond to
comments specific to the substantial
downside financial risk safe harbor
regarding this condition below. For a
more detailed discussion and a
summary of the general comments
received regarding the requirement for a
direct connection to the coordination
and management of care, as proposed in
both the care coordination arrangements
safe harbor and this safe harbor, and our
responses, we refer readers to the care
coordination arrangements safe harbor
section discussion at section III.B.3.h.
Comment: A commenter asserted that
all payment arrangements protected by
this safe harbor should have as a valuebased purpose a focus on cost reduction
and quality improvement.
Response: In the context of
remuneration exchanged pursuant to
value-based arrangements where parties
have met the requirements of the
definitions of ‘‘substantial downside
financial risk’’ and ‘‘meaningful share,’’
we recognize that it may be appropriate
for parties to have value-based purposes
related to achieving appropriate cost
reductions or quality improvements.
Accordingly, we are revising this
condition to provide parties additional
options for remuneration to be directly
connected to at least one of three valuebased purposes defined in paragraph
1001.952(ee)(13)(x)(A)–(C).
Remuneration must be directly
connected to one or more of the
following value-based purposes: The
coordination and management of care
for the target patient population;
improving the quality of care for the
target patient population; and
appropriately reducing the costs to, or
growth in expenditures of, payors
without reducing the quality of care for
the target patient population. Parties
may choose to meet one or more of these
three value-based purposes to satisfy
this condition. For a more detailed
discussion regarding these value-based
purposes see section III.B.2.f.
h. Reductions in Medically Necessary
Items or Services
Summary of OIG Proposed Rule: At
proposed paragraph 1001.952(ff)(3)(iii),
we proposed to require that the
remuneration exchanged not induce the
VBE participants to reduce or limit
medically necessary items or services
furnished to any patient.
Summary of Final Rule: We are
finalizing, with modification, this
condition at paragraph
1001.952(ff)(7)(iii). We are modifying
the condition to clarify that the valuebased arrangement (not merely the
remuneration exchanged) may not
induce the VBE or VBE participants to
PO 00000
Frm 00085
Fmt 4701
Sfmt 4700
77767
reduce or limit medically necessary
items or services furnished to any
patient. We summarize and respond to
comments specific to the substantial
downside financial risk safe harbor
regarding this provision below. For a
more detailed discussion and a
summary of additional comments
received regarding this requirement, as
proposed in both the care coordination
arrangements and substantial downside
financial risk safe harbors, and our
responses, we refer readers to the care
coordination arrangements safe harbor
discussion at section III.B.3.e.iii.
Comment: Multiple commenters
supported additional conditions to
safeguard against the risks of cherrypicking, lemon-dropping, and stinting
on care. For example, a commenter
stated that the assumption of downside
financial risk presented a heightened
risk for cherry-picking patients,
discharging highly complex, rare, or
costly patients, and stinting on care for
patients with high medical needs. The
commenter appeared to recommend
Federal Government oversight of valuebased arrangements to address these
risks. Another commenter
recommended OIG formally monitor for
cherry-picking or lemon-dropping
activities and eliminate eligibility for
safe harbor protection for parties
inappropriately engaged in these
activities.
Response: We acknowledge that
assuming downside financial risk may
heighten the risks identified by the
commenter. We believe that the
parameters created by the value-based
definitions as well as the safeguards in
this safe harbor protect against such
conduct. For example, the definition of
‘‘target patient population’’ requires that
the VBE or its VBE participants identify
the target patient population using
legitimate criteria, and criteria that seek
to exclude costly or noncompliant
patients would not be legitimate.
However, in response to the comment
that the nature of value-based
arrangements, themselves, can create
incentives for stinting or cherry-picking,
we are expanding this prohibition to
apply to not only the remuneration
exchanged between the parties but also
all terms and conditions of a valuebased arrangement.
With respect to OIG’s oversight, we
anticipate that individuals and entities
that are part of a value-based enterprise
will be subject to OIG’s program
integrity and oversight activities to the
same extent as other individuals and
entities that engage in Federal health
care program business.
E:\FR\FM\02DER3.SGM
02DER3
77768
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
i. Ownership or Investment Interests
Summary of OIG Proposed Rule: At
proposed paragraph 1001.952(ff)(3)(iv),
we proposed that this safe harbor would
not protect an ownership or investment
interest in the VBE or any distributions
related to an ownership or investment
interest.
Summary of Final Rule: We are
finalizing, without modification, this
condition and relocating it to paragraph
1001.952(ff)(4)(iii).
Comment: A few commenters
opposed this condition. For example, a
commenter asserted that some potential
participants may not be comfortable
investing in a VBE where such
investment is unprotected by safe
harbors and therefore may avoid
involvement in otherwise beneficial
substantial downside financial risk
arrangements. Another commenter
urged OIG to clarify that it was not our
intent to prohibit VBE participants from
establishing a corporate structure for a
VBE in which the participants may
receive an equity interest, stating that,
without such a clarification, the safe
harbor would unnecessarily restrict the
ability of individuals and entities to
dictate the corporate structure of VBEs
they create.
Response: We do not view protection
for ownership or investment interests as
fundamental to removing barriers to
parties entering into value-based
arrangements and are not protecting
them under this safe harbor. Parties
seeking to protect a particular
ownership or investment interest may
look to other safe harbors (e.g., the safe
harbor for investment interests,
paragraph 1001.952(a), which protects
certain investment interests if all
requirements of the safe harbor are met),
and the advisory opinion process
remains available.
j. Remuneration From Individuals or
Entities Outside the Applicable VBE
Summary of OIG Proposed Rule: At
proposed paragraph 1001.952(ff)(3)(v),
we proposed that the safe harbor would
not protect remuneration funded, or
otherwise resulting from contributions,
by an individual or entity outside of the
applicable VBE.
Summary of Final Rule: We are not
finalizing this condition.
Comment: A commenter asserted that
imposing this requirement would
inhibit contributions or funding by an
affiliate of a VBE or a VBE participant
(e.g., a parent organization). Another
commenter suggested OIG permit
‘‘outside’’ donations under the
substantial downside financial risk safe
harbor when the donation would benefit
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
a VBE’s patients and the third-party
donor would have no direction or
control over how the funds would be
spent.
Response: We are not finalizing this
condition because of concerns that it
may be unduly prescriptive and for the
reasons described at section III.3.e.iv
related to the similar proposal for the
care coordination arrangements safe
harbor. However, the exchange of
remuneration between parties other
than the VBE and a VBE participant
(e.g., remuneration exchanged between
a third-party donor and a VBE
participant or a VBE) would not be
protected by this or any value-based safe
harbor. Similarly, in the circumstances
presented by the commenter, we would
not view contributions or funding from
an affiliate of a VBE (that is not a VBE
participant) to that VBE as qualifying for
protection under this or any value-based
safe harbor. However, under this final
rule, the mere fact that an affiliate of a
VBE exchanges remuneration with that
VBE would not preclude safe harbor
protection for value-based arrangements
between that VBE and its VBE
participants.
Comment: A commenter requested
that we address how the exclusion of
safe harbor protection for remuneration
funded, or otherwise resulting from
contributions, by an individual or entity
outside of the applicable VBE would
operate where a VBE sought to enter
into a value-based arrangement with a
payor that was not, itself, a VBE
participant.
Response: As noted above, we are not
finalizing the proposed condition. For
purposes of the value-based safe
harbors, we are finalizing a definition of
‘‘value-based arrangement’’ in paragraph
1001.952(ee)(14)(vii) that requires the
arrangement to be only between or
among the VBE and one or more of its
VBE participants or between or among
VBE participants in the same VBE.
However, the modification explained
in section III.B.4.d above, addresses the
commenter’s concern regarding
assuming risk from a payor that is not
a VBE participant. In that section, we
explained that, while a payor could opt
to be a VBE participant, it need not do
so in order for a VBE to contract to
assume substantial downside financial
risk from a payor. However, unless the
payor is a VBE participant, this safe
harbor would not protect the
remuneration exchanged between the
payor and the VBE.
k. Writing
Summary of OIG Proposed Rule: At
proposed paragraph 1001.952(ff)(4), we
proposed that the terms of the value-
PO 00000
Frm 00086
Fmt 4701
Sfmt 4700
based arrangement must be set forth in
a signed writing that contains, among
other information, a description of the
nature and extent of the VBE’s
substantial downside financial risk for
the target patient population and a
description of the manner in which the
recipient meaningfully shares in the
VBE’s substantial downside financial
risk.
Summary of Final Rule: We are
finalizing, with modifications, this
condition at paragraph 1001.952(ff)(5).
The modifications are based on public
comments. First, parties must document
the manner in which the VBE assumes
risk from a payor and the VBE
participant assumes a meaningful share
of such risk. Second, the writing
requirement can be satisfied by a
collection of documents. Third, we are
not requiring documentation of the
offeror’s costs. Fourth, the writing must
be established in advance of, or
contemporaneous with, the
commencement of the value-based
arrangement ‘‘and any material change,’’
instead of ‘‘or any material change.’’
Thus, the initial terms of the valuebased arrangement must be set forth in
the signed writing, in advance of, or
contemporaneous with the
commencement of the arrangement, and
any material change to the value-based
arrangement also must be set forth in
the signed writing in advance of, or
contemporaneous with the
commencement of the material change.
As with the similar modification we are
making to the writing requirement in
the care coordination arrangements safe
harbor, these are the logical junctures
where the writing requirement
particularly serves its transparency
purposes. Our proposed regulatory text
did not make clear that the writing was
needed at both junctures; our
modifications more clearly express that
policy.
This writing requirement does not
apply to the contracts between a payor
and a VBE in circumstances where the
payor is not a VBE participant. Such
contracts would not constitute valuebased arrangements, subject to this
condition. However, as set forth in
paragraph 1001.952(ff)(2), such
contracts must be in writing.
For further discussion of the general
comments we received regarding a
writing requirement in the value-based
safe harbors, we refer readers to section
III.B.3.d discussing the writing
requirement for purposes of the care
coordination arrangements safe harbor;
in this section, we respond only to the
comments specific to the proposed
substantial downside financial risk safe
harbor’s writing requirement.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Comment: A commenter
recommended that OIG revise this
condition of the substantial downside
financial risk safe harbor to remove the
requirement that parties specify the type
and the offeror’s cost of the
remuneration. The commenter stated
that the offeror’s cost is not material to
the arrangement because the safe harbor
does not include a contribution
requirement and, furthermore, may be
difficult to determine.
Response: We agree and are removing
the requirement that the parties include
the offeror’s costs in the writing.
l. Does Not Take Into Account the
Volume or Value of, or Condition
Remuneration on, Business or Patients
Not Covered Under the Value-Based
Arrangement
Summary of OIG Proposed Rule: At
proposed paragraph 1001.952(ff)(5), we
proposed that the VBE or VBE
participant offering the remuneration
could not take into account the volume
or value of, or condition the
remuneration on, referrals of patients
outside of the target patient population
or business not covered under the valuebased arrangement. This safeguard is
identical to that proposed for the care
coordination arrangements safe harbor.
Summary of Final Rule: We are
finalizing this condition, without
modification and relocating it to
paragraph 1001.952(ff)(6). For a more
detailed discussion and a summary of
our responses to the comments received
on this condition and our rationale for
finalizing it, we refer readers to the care
coordination arrangements safe harbor
discussion at III.B.3.f. Comments
received on this topic addressed the
condition as it applied to the valuebased safe harbors generally; we did not
receive separate comments on this
condition specific to this safe harbor.
m. Preserving Clinical Decision-Making
Summary of OIG Proposed Rule: At
proposed paragraph 1001.952(ff)(6)(i),
we proposed that value-based
arrangements must not limit VBE
participants’ ability to make decisions
in the best interests of their patients. In
addition, at proposed paragraph
1001.952(ff)(6)(ii) we proposed that
value-based arrangements cannot direct
or restrict referrals to a particular
provider, practitioner, or supplier if: (i)
A patient expresses a preference for a
different practitioner, provider, or
supplier; (ii) the patient’s payor
determines the provider, practitioner, or
supplier; or (iii) such direction or
restriction is contrary to applicable law
or regulations under titles XVIII and XIX
of the Act. We proposed to interpret this
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
condition consistent with the parallel
condition proposed for the care
coordination arrangements safe harbor.
Summary of Final Rule: We are
finalizing, with modification, the
proposed condition that the value-based
arrangement must not limit the VBE
participant’s ability to make decisions
in the best interests of its patients at
paragraph 1001.952(ff)(7)(i). We are
making a technical correction to change
‘‘their patients’’ to ‘‘its patients.’’ We
also are finalizing, with modification,
the condition related to directing or
restricting referrals, at paragraph
1001.952(ff)(7)(ii). We are deleting ‘‘or
regulations’’ from the proposed
provision because regulations are
captured by the term ‘‘applicable law.’’
For a more detailed discussion,
summaries of comments we received
regarding this requirement, as proposed
in each of the value-based safe harbors,
and our responses, we refer readers to
the discussion of this condition in the
care coordination arrangements safe
harbor at section III.B.3. Below we
discuss the comments we received on
this condition specific to the proposed
substantial downside financial risk safe
harbor.
Comment: A commenter requested
that OIG clarify how this requirement
would apply to an arrangement
involving patients who are covered by
managed care payors, where patient
preferences are likely to be limited.
Response: If a managed care payor
determines the providers, practitioners,
or suppliers from whom patients may
seek health care items and services
under a managed care plan, then the
value-based arrangement could not
direct or restrict referrals to a particular
provider, practitioner, or supplier in a
contrary manner.
n. Materials and Records
Summary of OIG Proposed Rule: At
proposed paragraph 1001.952(ff)(7), we
proposed to require that the VBE or its
VBE participants make available to the
Secretary, upon request, all materials
and records sufficient to establish
compliance with the conditions of the
safe harbor. We solicited comments
regarding whether we should require
parties to maintain materials and
records for a set period of time (e.g., at
least 6 years or 10 years).
Summary of Final Rule: We are
finalizing, with modification, the
materials and records requirement. We
are specifying that, for a period of at
least 6 years, the VBE or its VBE
participants must maintain records and
materials sufficient to establish
compliance with the conditions of the
safe harbor.
PO 00000
Frm 00087
Fmt 4701
Sfmt 4700
77769
This requirement will promote
transparency and facilitate alignment
with CMS’s parallel value-based
exception. For a more detailed
discussion and a summary of and
responses to the comments received
about the records requirement, as
proposed in each of the value-based safe
harbors, we refer readers to the
discussion of this condition in the care
coordination arrangements safe harbor
at section III.B.3.n. Comments received
on this topic addressed the requirement
as it applied to the value-based safe
harbors generally; we did not receive
separate comments on this requirement
specific to this safe harbor.
o. Marketing of Items or Services or
Patient Recruitment Activities
Summary of OIG Proposed Rule: We
proposed at paragraph
1001.952(ff)(6)(iii) a condition to bar
protection for remuneration exchanged
pursuant to value-based arrangements
that include marketing to patients of
items or services or engaging in patient
recruitment activities. We proposed to
interpret this condition consistent with
our interpretation of the same proposed
requirement in the care coordination
arrangements safe harbor.
Summary of Final Rule: We are
finalizing this requirement, with
modifications and relocating it to
paragraph 1001.952(ff)(4)(v). As with
the care coordination arrangements safe
harbor, rather than prohibiting all
marketing and patient recruitment
activities, we are modifying this
provision to prohibit the exchange of
remuneration for the purpose of
marketing items or services furnished by
the VBE or VBE participants to patients
or for the purpose of patient recruitment
activities. Comments received on this
topic addressed the requirement as it
applied to the value-based safe harbors
generally; we did not receive separate
comments on this requirement specific
to this safe harbor. Consequently, we
refer readers to the discussion in section
III.B.3.j of this condition in the care
coordination arrangements safe harbor
for a summary of applicable comments,
our responses, and a more detailed
discussion of this standard, including
our rationale for the modification being
made.
p. Downstream Arrangements
Summary of OIG Proposed Rule: We
proposed to protect only remuneration
exchanged between a VBE and a VBE
participant at paragraph 1001.952(ff).
Summary of Final Rule: We are
finalizing, without modification, the
requirement that the exchange of
remuneration be between the VBE and
E:\FR\FM\02DER3.SGM
02DER3
77770
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
a VBE participant in the introductory
paragraph of 1001.952(ff).
Comment: A commenter agreed with
our proposal to limit this safe harbor to
remuneration exchanged solely between
the VBE and a VBE participant and
acknowledged the potential fraud and
abuse risks inherent in downstream
arrangements where a contracting party
has assumed little or no financial risk.
However, the majority of commenters
advocated for extending safe harbor
protection to remuneration that passes
between and among VBE participants,
or between VBE participants and
downstream contractors. A commenter
stated that downstream arrangements
are essential to facilitating care
coordination efforts, while another
commenter asserted that requiring a
VBE participant to meaningfully share
in the VBE’s substantial downside
financial risk appropriately curtails any
fee-for-service incentives. A commenter
posited that this requirement would
result in value-based activities being
inefficiently routed through the VBE,
and another commenter questioned why
this safe harbor only protects
remuneration between a VBE and VBE
participant when the care coordination
arrangements safe harbor more broadly
protects remuneration between a VBE
and a VBE participant or between VBE
participants.
Response: We did not propose to
protect arrangements where
remuneration is passed from one VBE
participant to another VBE participant
or from a VBE participant to a
downstream contractor. In this final
rule, we are limiting safe harbor
protection to the exchange of
remuneration between the VBE and a
VBE participant for which the
combination of safe harbor conditions
was designed. This safe harbor provides
greater regulatory flexibility than the
care coordination arrangements safe
harbor, and as a result, we decline to
extend safe harbor protection to
downstream financial arrangements to
which the VBE is not a party and that
may not include all of the safeguards
required by this safe harbor, including
requirements related to the assumption
of downside financial risk. A VBE
participant seeking to exchange
remuneration with another VBE
participant may look to the care
coordination arrangements safe harbor
or other safe harbors, such as the
personal services and management
contracts and outcomes-based payments
safe harbor.
Comment: A commenter expressed
concern that limiting safe harbor
protection to remuneration exchanged
between the VBE and a VBE participant
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
would be unworkable if the applicable
VBE were comprised of an informal
network of individuals and entities
(versus a separate legal entity). In
particular, the commenter seemed to
believe that, in such circumstances, the
VBE participants would not be able to
protect any remuneration using this safe
harbor.
Response: This safe harbor requires
that a VBE assume substantial downside
financial risk for certain items and
services provided to the target patient
population. In circumstances where the
VBE is not a formal legal entity, but
rather is comprised of a network of VBE
participants, a single VBE participant
may act on behalf of the VBE to contract
or enter into a value-based arrangement
with a payor to assume substantial
downside financial risk. In such
circumstances, this safe harbor could
protect the exchange of remuneration
between the VBE participant acting on
behalf of the VBE and other VBE
participants. We note that, while
different VBE participants may act on
behalf of the VBE at different times
during the term of the value-based
arrangement, only remuneration
between a VBE participant acting on
behalf of the VBE and another VBE
participant may be protected. The safe
harbor would not protect remuneration
exchanged between two VBE
participants, neither of whom are
currently acting on behalf of the VBE.
q. Possible Additional Safeguards
Summary of OIG Proposed Rule: We
stated in the preamble to the OIG
Proposed Rule that we were considering
adopting specified additional safeguards
in the final rule, including a commercial
reasonableness requirement, a
monitoring standard, a cost-shifting
prohibition, and a requirement to
submit information to the Department
regarding the VBE, the VBE participants,
and the value-based arrangement.
Summary of Final Rule: We are not
finalizing these proposed conditions.
Upon further consideration, we do not
consider them necessary to mitigate
fraud and abuse risk given the overall
structure and totality of conditions in
the final safe harbor.
Comment: We received a variety of
comments regarding potential
additional safeguards in the substantial
downside financial risk safe harbor. A
commenter opposed the addition of a
commercial reasonableness
requirement, asserting that it would be
inconsistent with CMS’s similar
exception and potentially would chill
innovation where parties have assumed
downside risk. Several commenters
suggested including additional
PO 00000
Frm 00088
Fmt 4701
Sfmt 4700
transparency requirements for patients.
A commenter recommended that we
include a prohibition on inappropriate
cost shifting to Federal health care
programs. A few commenters suggested
that OIG require objective and
quantifiable outcome measures to show
the remuneration exchanged enhances
patient outcomes. Another commenter
urged us to include a termination
provision similar to that in the care
coordination arrangements safe harbor.
Response: We are not imposing a
commercial reasonableness requirement
in this safe harbor in recognition of the
VBE and its VBE participants assuming
substantial downside financial risk. We
believe the assumption of downside
financial risk helps to ensure that the
remuneration is exchanged in order to
achieve value-based purposes rather
than to pay for referrals, which is at the
core of the commercial reasonableness
standard in other safe harbors. We did
not propose patient transparency or
notice requirements and are not
including such conditions in this final
rule. While parties may choose to
provide patient notifications, such a
condition in the safe harbor would not
add appreciable additional protection
against payments for referrals. We also
are not including a cost-shifting
prohibition, in recognition that the
assumption of substantial downside
financial risk is intended to drive a
reduction in costs, which may include
Federal health care program costs.
While parties may include
termination provisions or outcome
measure requirements as part of their
value-based arrangements, we are not
requiring these terms as a condition of
the safe harbor.
5. Value-Based Arrangements With Full
Financial Risk (42 CFR 1001.952(gg))
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg) a
full financial risk safe harbor that would
protect remuneration exchanged
between a VBE and a VBE participant
pursuant to a value-based arrangement
where the VBE has assumed, or is
contractually obligated to assume
within the next 6 months, full financial
risk, as set out at proposed paragraph
1001.952(gg)(1). We proposed to define
‘‘full financial risk’’ at proposed
paragraph 1001.952(9)(i) to mean that
‘‘the VBE is financially responsible for
the cost of all items and services
covered by the applicable payor for each
patient in the target patient population
and is prospectively paid by the
applicable payor.’’
We proposed that the full financial
risk safe harbor would include certain
safeguards, such as requirements that:
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
(i) The VBE have a signed writing with
the payor that specifies the target
patient population and terms
evidencing full financial risk (proposed
paragraph 1001.952(gg)(1)); (ii) the
parties have a signed writing that
specifies the material terms of the valuebased arrangement (proposed paragraph
1001.952(gg)(2)); and (iii) the VBE
participant not claim payment from a
payor (proposed paragraph
1001.952(gg)(3)). Further, we proposed
at paragraph 1001.952(gg)(4) that the
remuneration exchanged be used
primarily to engage in value-based
activities; be directly connected to one
or more of the VBE’s value-based
purposes, at least one of which must be
the coordination and management of
care for the target patient population;
not induce reductions or limitations of
medically necessary care; and not be
funded by outside contributions. At
proposed paragraph 1001.952(gg)(5), we
proposed a restriction on taking into
account the volume or value of business
outside the value-based arrangement,
and at proposed paragraph
1001.952(gg)(6), we proposed that the
VBE provide or arrange for an
operational utilization review program
and quality assurance program. At
proposed paragraph 1001.952(gg)(7), we
proposed a restriction on marketing and
patient recruitment, and at proposed
paragraph 1001.952(gg)(8), we proposed
a requirement to make available
materials and records to the Secretary.
Summary of Final Rule: We are
finalizing, with modifications, the safe
harbor at paragraph 1001.952(gg). We
are modifying the definition of ‘‘full
financial risk’’ at paragraph
1001.952(gg)(10)(ii) to require the VBE
to be at risk on a prospective basis for
the cost of all items and services
covered by the applicable payor for each
patient in the target patient population
for a term of at least 1 year. We are
defining ‘‘prospective basis’’ at
paragraph 1001.952(gg)(10)(ii) to mean
the VBE has assumed financial
responsibility for the cost of all items
and services covered by the applicable
payor prior to the provision of items and
services to patients in the target patient
population.
We are finalizing the proposed
safeguards, with some modifications at
paragraphs 1001.952(gg)(2)–(8), as
explained in more detail in the topical
discussions below. In addition, we have
added a list of entities ineligible to use
the safe harbor at paragraph
1001.952(gg)(1) for the reasons set forth
in the discussion of the definition of
‘‘VBE participant’’ at section III.B.2.e.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
a. General Comments
Comment: While some commenters
expressed support for this proposed safe
harbor, multiple commenters conveyed
their concerns that this safe harbor may
have limited application. For example,
some commenters noted that the
proposed safe harbor requirements,
including the definition of ‘‘full
financial risk,’’ would limit the safe
harbor to only large integrated delivery
systems capable of providing nearly all
Medicare and Medicaid covered
services to a target patient population
and would disadvantage small and rural
practices and practices serving
underserved areas. Other commenters
highlighted a potential intersection
between certain state insurance and
licensure laws and the proposed safe
harbor requirements that could,
according to the commenters, limit the
availability of safe harbor protection
only to those entities that could comply
with such state laws, some of which
may require a VBE to be licensed as a
health care services plan. To address
this issue, a commenter requested
revisions to the proposed safe harbor to
make safe harbor protection available to
advanced, risk-bearing provider
networks in states with such licensure
requirements.
Response: We designed this safe
harbor to provide significant flexibility
under the Federal anti-kickback statute
in light of the level of financial risk
assumed by the parties. We crafted the
‘‘full financial risk’’ definition, as well
as the conditions of this safe harbor, to
balance the additional flexibilities
under the anti-kickback statute with
appropriate safeguards against both
risks associated with fee-for-service
payment systems, such as
overutilization and skewed decisionmaking, and risks present in risk-based
arrangements, including stinting on care
(underutilization), cherry-picking
lucrative or adherent patients, and
lemon-dropping costly or noncompliant
patients. We believe that the definition
of ‘‘full financial risk,’’ combined with
the conditions of this safe harbor,
appropriately balance the flexibilities
afforded by this safe harbor with any
identified program integrity risks.
We understand that there currently
are a limited number of providers
assuming the level of risk required by
this safe harbor. The purpose of
implementing a full financial risk safe
harbor is to remove one potential barrier
to providers taking on more risk and
having additional financial incentives to
coordinate care. Providers assessing
whether they can move to full financial
risk in the future can consider this safe
PO 00000
Frm 00089
Fmt 4701
Sfmt 4700
77771
harbor and the flexibilities it offers
under the Federal anti-kickback statute
as one factor in that determination.
There are other factors that parties
would consider in the decision to
assume a higher level of risk, including
some considerations raised by the
commenters. While safe harbors cannot
address all factors that may prohibit a
provider from taking on full financial
risk, this safe harbor is designed to
encourage more providers to do so. We
also note that this safe harbor conditions
protection on the VBE assuming full
financial risk from the payor for the
items and services. It does not require
the VBE to assume other functions from
the payor, such as enrollment, grievance
and appeals, solvency standards, and
other administrative functions
performed by payors.
We recognize that some states may
have laws that limit providers and other
health care entities from taking on full
financial risk unless they form licensed
health care plans or meet other
licensure requirements. We have
attempted to create significant flexibility
under the Federal anti-kickback statute
while recognizing that parties still must
comply with applicable state laws. For
example, this safe harbor provides
flexibility around how the VBE assumes
full financial risk from a payor. Such
flexibilities provide payors, VBEs, and
VBE participants with options to
structure arrangements that are
consistent with the safe harbor and state
laws. Nothing in these safe harbors
preempts any applicable state law
(unless such state law incorporates the
Federal law by reference). Other safe
harbors may be available to parties
unable—by virtue of any state law
requirements—to structure an
arrangement that satisfies the conditions
of this safe harbor.
Comment: A commenter suggested
that we consider a new safe harbor or a
fraud and abuse waiver for Medicare
Advantage plans testing value-based
arrangements. The commenter asserted
that such a safe harbor or waiver would
allow entities not otherwise eligible for
protection under the value-based safe
harbors to participate in value-based
arrangements.
Response: We did not propose a safe
harbor or a fraud and abuse waiver
specific to Medicare Advantage plans,
and thus we are not finalizing such safe
harbor or waiver in this final rule. This
safe harbor may be available to protect
remuneration exchanged under certain
Medicare Advantage plan arrangements,
provided the plan enters into a contract
or a value-based arrangement with a
VBE pursuant to which the VBE
assumes full financial risk from the
E:\FR\FM\02DER3.SGM
02DER3
77772
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
plan. We also note that there may be
other existing safe harbors not modified
by this final rule that are available to
protect financial arrangements involving
a Medicare Advantage plan, such as
paragraphs 1001.952(t) and (u), and the
advisory opinion process remains
available.
Comment: While a commenter
expressed support for OIG’s and CMS’s
consistent definitions of full financial
risk, others requested that OIG finalize
a full financial risk safe harbor that
further aligns with CMS’s parallel full
risk exception. These commenters
generally urged OIG and CMS to impose
the same risk thresholds and
requirements for purposes of the full
financial risk safe harbor and the CMS
full risk exception.
Response: As with the OIG Proposed
Rule, in this final rule, we have
endeavored to align our full financial
risk safe harbor to the greatest extent
possible with CMS’s full risk exception.
The definition of ‘‘full financial risk’’
we are finalizing is more closely aligned
with the definition of ‘‘full financial
risk’’ that CMS is finalizing in its full
risk exception. However, reflecting
statutory differences that exist between
the Federal anti-kickback statute and the
physician self-referral law, explained
further in section III.A.1, the full
financial risk safe harbor differs from
CMS’s full risk exception. For example,
in recognition of the statutory
differences between the two laws, the
safe harbor includes conditions that
differ from those in CMS’s parallel
exception, such as the requirement that
the value-based arrangement be set forth
in writing and that the VBE provide or
arrange for a quality assurance program
for services furnished to the target
patient population.
b. Definitions
i. Full Financial Risk
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg)(9)(i)
that a VBE would be at ‘‘full financial
risk’’ for the cost of care of a target
patient population if the VBE is
financially responsible for the cost of all
items and services covered by the
applicable payor for each patient in the
target patient population and is
prospectively paid by the applicable
payor.
Summary of Final Rule: We are
finalizing, with modifications, a
definition of ‘‘full financial risk’’ at
paragraph 1001.952(gg)(9)(i). The
modifications, based on public
comments, provide parties with
additional flexibility in the manner in
which the VBE assumes risk from the
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
applicable payor. The definition of ‘‘full
financial risk’’ now requires the VBE to
be at risk on a prospective basis for the
cost of all items and services covered by
the applicable payor for each patient in
the target patient population for a term
of at least 1 year. ‘‘Prospective basis,’’ as
defined at paragraph 1001.952(gg)(9)(ii),
means the VBE has assumed financial
responsibility for the cost of all items
and services covered by the applicable
payor prior to the provision of items and
services to patients in the target patient
population.
Comment: While at least one
commenter supported the definition of
‘‘full financial risk,’’ as proposed, the
vast majority of commenters
recommended that we revise the
definition to encompass arrangements
where the VBE assumes risk for less
than all of the items and services
covered by the applicable payor. For
example, many commenters
recommended that the VBE be required
to have risk only for ‘‘substantially all’’
items and services furnished to the
target patient population, which
commenters suggested could be defined
as 75 percent of such items and services.
Other commenters requested that full
financial risk include assuming risk for
a much more specifically defined set of
services (e.g., hospital inpatient and
outpatient care or ongoing services
related to breast care). Other
commenters asked OIG to carve out
certain high-cost or specialty items and
services (e.g., organ transplants or
pharmacy benefits) or new technologies
that were not incorporated into rate
calculations from the scope of items and
services for which a VBE must be at
risk.
Some commenters requested that the
definition of ‘‘full financial risk’’
include risk only for all of the items and
services required to treat a particular
disease or condition or an episode of
care (e.g., risk for all of the items and
services required to treat diabetes for
patients with diabetes in the target
patient population or an episode of care
for a knee replacement). Another
commenter asked OIG to permit partial
capitation arrangements and, lastly
some commenters contended that full
financial risk should include risk for
only the items and services to which the
remuneration relates. Many of these
commenters asserted that VBE
participants would still be incentivized
to maximize quality and efficiency of
care even where the VBE assumes risk
for less than all items and services
provided to the target patient
population by the applicable payor.
Response: We are finalizing a
definition of ‘‘full financial risk’’ that
PO 00000
Frm 00090
Fmt 4701
Sfmt 4700
requires the VBE to be at risk on a
prospective basis for the cost of all items
and services covered by the applicable
payor for each patient in the target
patient population for a term of at least
1 year. We decline to extend safe harbor
protection under this safe harbor where
a VBE has assumed risk for only a
subset of items and services, such as for
75 percent of items and services, for all
items and services except certain highcost or specialty items and services, or
for only the items and services to which
the remuneration relates, although we
note that the substantial downside
financial risk safe harbor may be
available for such arrangements.
Additionally, a VBE could assume full
financial risk for patients with a
particular disease condition (e.g.,
patients with diabetes) by selecting a
target patient population comprised
only of patients with diabetes, but the
VBE must cover all items and services
for those patients. Therefore, while a
VBE must be at risk for all items and
services furnished to the target patient
population, the VBE can limit the
number of patients for whom it assumes
full financial risk through its selection
of the target patient population, as long
as the VBE selects the target patient
population using legitimate and
verifiable criteria, among other
requirements.
In light of the significant flexibility
we are offering under this safe harbor,
we believe the risk level we are
requiring for VBEs is necessary to
reduce traditional fraud and abuse
concerns associated with payment
systems that incorporate, in whole or in
part, fee-for-service reimbursement
methodologies. While we appreciate the
challenges associated with assuming
risk for certain high-cost or specialty
items and services or new technologies,
VBEs may address such challenges
through arrangements to protect against
catastrophic losses, such as riskadjustment or reinsurance agreements,
without losing safe harbor protection.
Comment: Some commenters asked
OIG to clarify whether the VBE and its
VBE participants can collectively be at
risk for items and services to the target
patient population, such as by each VBE
participant being at risk only for the
services it provides.
Response: A value-based enterprise is
a collection of two or more VBE
participants. As such, some or all of the
VBE participants that comprise the VBE
can combine their respective risk to
satisfy the definition of ‘‘full financial
risk’’ as long as the VBE participants’
collective risk amounts to risk for all
items and services covered by the
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
applicable payor for the target patient
population.
Comment: A physicians’ trade
organization expressed concern that
smaller practices that attempt to assume
too much risk could result in the
closures of community practices and
consolidation. Another commenter
highlighted that there may be
substantial up-front investments that
can strain any physician practice’s
limited resources but can be particularly
challenging for small, rural, or
underserved practices with smaller
patient pools to spread risk.
Response: We recognize that the full
financial risk safe harbor requires a level
of risk that many in the health care
industry may not currently be able to
assume. For parties seeking protection
for remuneration exchanged pursuant to
risk arrangements requiring a lower
level of risk, the substantial downside
financial risk safe harbor or the care
coordination arrangements safe harbor
may be available. This safe harbor does
not require small, rural, or community
practices or practices serving
underserved populations to assume full
financial risk or make substantial upfront investments on their own. Parties
have flexibility in establishing a VBE,
which must have at least two VBE
participants but can have any number of
additional VBE participants. We believe
the ‘‘VBE participant’’ definition and
the safe harbors in this final rule
provide small, rural, and community
practices and practices serving
underserved populations options to
enter into arrangements to assume
higher levels of risk without having to
integrate practices or become part of a
larger health care system.
Further, we believe that establishing a
VBE with other providers, either
similarly situated entities or larger
entities, could help practices (including
small, rural, and community practices)
take on more risk and mitigate potential
financial shocks. As value-based
arrangements continue to proliferate, we
believe there may be opportunities for
these types of practices to form VBEs,
take on risk, and potentially have
success in reducing costs and
coordinating care.
Comment: Commenters requested that
the definition of ‘‘full financial risk’’
expressly include payments based on
global budgets, as well as capitation and
other alternative payment
methodologies.
Response: While the definition of
‘‘full financial risk’’ does not expressly
list global budget or capitation payment
methodologies as permissible payment
methodologies, we confirm that such
prospective payment methodologies
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
would satisfy the definition of ‘‘full
financial risk’’ as long as the global
budget or capitation payments covered
the cost of all items and services
covered by the applicable payor for the
target patient population for a term of at
least 1 year. Without additional detail
related to the alternative payment
methodologies referenced by the
commenter, we are unable to opine on
whether such payment methodologies
would meet the definition of ‘‘full
financial risk.’’ Parties also may request
an advisory opinion from OIG to
determine whether an arrangement
meets the definition of ‘‘full financial
risk’’ and the conditions of the full
financial risk safe harbor or is otherwise
sufficiently low risk under the Federal
anti-kickback statute to receive
prospective immunity from
administrative sanctions by OIG.
Comment: A commenter requested
that OIG explain why the proposed
definition of ‘‘full financial risk’’
required that the payor prospectively
pay the VBE.
Response: We proposed a definition
of ‘‘full financial risk’’ that required
prospective payment, and we stated in
the OIG Proposed Rule that we
interpreted ‘‘prospective’’ to mean the
anticipated cost of all items and services
covered by the applicable payor for the
target patient population had been both
determined and paid in advance (as
opposed to billing under the otherwise
applicable payment systems and
undergoing a retrospective
reconciliation after items and services
have been furnished). In this final rule,
we are revising the definition of full
financial risk to require risk on a
prospective basis and defining
‘‘prospective basis’’ to mean the VBE
has assumed financial responsibility for
the cost of all items and services
covered by the applicable payor prior to
the provision of items and services to
patients in the target patient population.
As such, the VBE no longer needs to be
prospectively paid by the applicable
payor prior to the provision of items and
services to each patient in the target
patient population. Instead, the VBE
must simply assume financial
responsibility prior to the provision of
items and services.
We are requiring the assumption of
risk on a prospective basis not only in
recognition of the additional flexibilities
under the Federal anti-kickback statute
that this safe harbor affords but also
because risk assumption can serve to
limit the potential harms that may result
from financial incentives inherent to
fee-for-service payments systems, such
as overutilization and skewed medical
decision-making. For example, if
PO 00000
Frm 00091
Fmt 4701
Sfmt 4700
77773
providers know the amount of
reimbursement they will receive for
providing items and services to the
target patient population before
providing such items and services, then
the providers may be less likely to order
excessive tests or otherwise provide
unnecessary items and services to the
patients.54
Comment: We received various
comments regarding how a payor could
transfer risk to the VBE. For example, a
commenter requested confirmation that
the payor and VBE could engage in
retrospective reconciliations. Another
commenter asserted that OIG should
add language to the safe harbor stating
that risk, both at the enterprise level and
at the VBE participant level, can be
through front-end withholds or dues
assessments and need not be through a
back-end repayment. A commenter
further asked whether, as long as the
payment covers a particular period, the
payor could pay the VBE at the end or
in the middle of the coverage period.
Response: Under the revised
definition of ‘‘full financial risk,’’ a
payor could pay the VBE at any point
in the coverage period and engage in
retrospective reconciliations, as long as
the VBE has assumed full financial risk
for a term of at least 1 year prior to the
provision of items and services to
patients in the target patient population.
We also are not dictating the manner in
which the VBE exchanges remuneration
with VBE participants, so a VBE could
impose front-end withholds or dues
assessments on VBE participants.
Comment: A commenter asserted that
the OIG Proposed Rule’s proposed
definition of ‘‘full financial risk’’
allowed a payor to make payments to
physician practices to offset losses that
the practices incurred.
Response: This safe harbor would not
protect payments from a payor to a
physician practice that is a VBE
participant to offset losses the practice
incurred because the safe harbor
prohibits a VBE participant from
claiming payment in any form from a
payor for the items and services covered
under the value-based arrangement. In
other words, under the terms of this safe
harbor, the VBE must assume full
financial risk for the cost of all items
54 Mark W. Friedberg, Peggy C. Chen, Chapin
White et al., Effects of Health Care Payment Models
on Physician Practice in the United States, RAND
Corporation (2015); K. John McConnell, Stephanie
Renfro, Richard C. Lindrooth et al., Oregon’s
Medicaid Reform And Transition To Global Budgets
Were Associated With Reductions In Expenditures,
Health Affairs (Mar. 2017); James C. Robinson,
Stephen M. Shortnell et al., Quality-Based Payment
for Medical Groups and Individual Physicians,
INQUIRY: The Journal of Health Care Organization,
Provision, and Financing (May 2009).
E:\FR\FM\02DER3.SGM
02DER3
77774
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
and services covered by the applicable
payor; this means that any claims
submitted to a payor by a VBE
participant related to such items and
services—including a claim for payment
to offset losses incurred—would fail this
requirement. The VBE, however, may
enter into reinsurance or other riskadjustment arrangements and could
address losses incurred by VBE
participants by using reinsurance
payments, for example, to reimburse
VBE participants for such losses.
Comment: Many commenters
appreciated OIG’s position that the
definition of ‘‘full financial risk’’ would
not prohibit a VBE from entering into
arrangements to protect against
catastrophic losses. Multiple
commenters requested guidance on the
risk mitigation terms that full-risk
arrangements can include while
satisfying the requirements of the safe
harbor, including whether there is a
particular threshold on the amount of
loss coverage. A commenter specifically
asked whether incentive arrangements
requiring stop-loss protection to meet
existing physician incentive regulations
in Federal health care programs would
qualify as protecting against
catastrophic losses under the full
financial risk safe harbor.
Response: We are not imposing a
specific limit on the amount of loss
coverage a VBE may have, but as we
stated in the OIG Proposed Rule, we
would expect any stop-loss or other risk
adjustment arrangements to act as
protection for the VBE against
catastrophic losses and not as a means
to shift material financial risk back to
the payor. Whether stop-loss protection
required by the existing physician
incentive regulations would be
appropriate stop-loss protection for a
VBE assuming risk pursuant to this safe
harbor may depend on a number of
factors, including the structure of the
VBE, scope of the target patient
population, and items and services
covered by the applicable payor.
Comment: A commenter expressed
concern that, because the proposed
definition of ‘‘full financial risk’’
requires the assumption of risk for the
cost of all items and services covered by
the applicable payor, it would by
default necessitate the involvement of
hospitals as VBE participants. The
commenter appeared to believe that this
would lead to further consolidation of
the health care industry.
Response: It is not the intent of this
rule to foster industry consolidation.
Rather, this rule aims to increase
options for parties to create a range of
innovative arrangements eligible for safe
harbor protection. The safe harbor does
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
not require all parties providing items
and services to the target patient
population to be VBE participants and
thus does not require the VBE to enter
into value-based arrangements with all
such parties. For example, a VBE may
enter into a services contract with a
hospital that is not a VBE participant for
the provision of items and services to
the target patient population, although
we note that the VBE must be at risk
from the payor for the items and
services provided by such hospital to
the target patient population.
Accordingly, we do not view a
hospital’s participation in a value-based
arrangement as a driver of industry
consolidation; rather, we view the
voluntary nature of a hospital’s
participation, as well as the voluntary
participation of all other individuals or
entities in a value-based arrangement, as
facilitating collaboration and the
transition to value-based care.
Individuals and entities are not required
to integrate their practices or
corporations to meet the definition of
‘‘VBE,’’ to be a VBE participant, or to
rely on this safe harbor. These
definitions provide individuals and
entities flexibility to determine how best
to structure a VBE and the associated
value-based arrangements to meet valuebased purposes. VBEs and VBE
participants that assume full financial
risk from a payor and enter into valuebased arrangements that meet the
conditions of this safe harbor likely
require different, more closely
coordinated arrangements than VBEs
and VBE participants that rely on the
care coordination arrangements safe
harbor. However, both sets of entities
have flexibility to determine with what
types of VBE participants to work and
what types of arrangements work best.
ii. Items and Services
Summary of OIG Proposed Rule: We
proposed to define ‘‘items and services’’
at paragraph 1001.952(gg)(9)(ii) as
having the same meaning as that set
forth in paragraph 1001.952(t)(2)(iv).
Summary of Final Rule: We are
finalizing, with modification, the
proposed definition of ‘‘items and
services’’ at paragraph
1001.952(gg)(9)(iii) to mean health care
items, devices, supplies, and services.
Comment: A commenter expressed
concern that the proposed definition of
‘‘items and services’’ would
inadvertently exclude arrangements that
the health care industry views as full
risk because ‘‘items and services’’ was
defined to include services reasonably
related to the provision of health care
items, devices, supplies, or services,
including, but not limited to, non-
PO 00000
Frm 00092
Fmt 4701
Sfmt 4700
emergency transportation, patient
education, attendant services, social
services (e.g., case management),
utilization review and quality
assurance. According to the commenter,
the scope of ‘‘items and services’’ could
add significant potential costs to parties
seeking protection under the safe
harbor. The commenter recommended
that OIG revise the definition of ‘‘items
and services’’ to include covered
medical items and services but not
items and services more in the nature of
optional supplemental benefits.
Response: In response to the
commenter’s concerns, we are
modifying the proposed definition of
‘‘items and services’’ to mean only
health care items, devices, supplies, and
services. We are no longer crossreferencing and incorporating the
definition of ‘‘items and services’’ found
in paragraph 1001.952(t)(2)(iv). Thus, a
VBE may assume risk for items and
services reasonably related to the
provision of health care items, devices,
supplies, or services such as nonemergency transportation, patient
education, and social services (as
provided for in the definition of ‘‘items
and services’’ found in paragraph
1001.952(t)(2)(iv)), but doing so is no
longer a safe harbor requirement.
The scope of items and services for
which a VBE must be at risk depends on
the items and services covered by the
payor. We recognize that, across the
health industry, what constitutes full
risk for health care items, devices,
supplies, and services varies greatly
from program to program and plan to
plan, and we have tailored this safe
harbor requirement accordingly. For
example, Medicare Advantage generally
does not cover items and services for
long-term care at nursing facilities, but
Medicaid does. This safe harbor does
not change the scope of items and
services a payor must cover in order for
a VBE to meet the definition of ‘‘full
financial risk.’’
As we explained in the OIG Proposed
Rule, a VBE would be at ‘‘full financial
risk’’ if it contracts or enters into a
value-based arrangement with a
Medicaid managed care organization
and receives a fixed per-patient permonth amount to be at full financial risk
if the fixed amount covered the cost of
all items and services covered by the
Medicaid managed care plan and
furnished to the target patient
population. Similarly, we would
consider a VBE to be at ‘‘full financial
risk’’ if it contracts or enters into a
value-based arrangement with a
Medicare Advantage plan to receive a
prospective, capitated payment for all
items and services covered by the
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Medicare Advantage plan for a target
patient population. Under this safe
harbor, we are not protecting partial
capitated arrangements that require the
VBE to assume risk for only a limited set
of items and services.
Parties may utilize OIG’s advisory
opinion process to determine whether
an arrangement meets the conditions of
this safe harbor or is otherwise
sufficiently low risk under the Federal
anti-kickback statute to receive
prospective immunity from
administrative sanctions by OIG.
Comment: While recognizing that the
proposed definition of ‘‘full financial
risk’’ ties risk to payor coverage, a
commenter requested that OIG
explicitly state the extent to which
medication costs may be included in the
items and services for which a VBE
must be at risk under the safe harbor.
Another commenter stated that, if
prescription drugs are included in the
definition of all items and services for
purposes of the full financial risk safe
harbor, it is important that
pharmaceutical manufacturers be
eligible to participate in the VBE.
Response: To the extent the payor
with which the VBE contracts to assume
full financial risk covers prescription
drugs, the VBE’s risk must encompass
prescription drugs. The definition of
‘‘full financial risk’’ requires that the
VBE assume financial responsibility on
a prospective basis for the cost of all
items and services covered by the
applicable payor for each patient in the
target patient population. Conversely, if
the contracting payor does not cover
prescription drugs, the VBE does not
need to assume risk for such costs.
While we recognize that prescription
drugs may be included in the definition
of ‘‘full financial risk,’’ manufacturers of
a drug or biological remain ineligible to
give or receive protected remuneration
under this safe harbor as finalized here.
Such parties may be VBE participants,
but they cannot exchange remuneration
protected by this safe harbor. We refer
readers to the section of this final rule
addressing the definition of ‘‘VBE
participant’’ for a discussion of our
rationale.
iii. Other Defined Terms
Summary of OIG Proposed Rule: We
proposed in proposed paragraph
1001.952(gg)(9) that the terms
‘‘coordination and management of
care,’’ ‘‘target patient population,’’
‘‘value-based activity,’’ ‘‘value-based
arrangement,’’ ‘‘value-based enterprise,’’
‘‘value-based purpose,’’ and ‘‘VBE
participant’’ would have the meaning
set forth in proposed paragraph
1001.952(ee).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Summary of Final Rule: We are
finalizing, with modifications, our
proposed use of the value-based
terminology at paragraph
1001.952(gg)(9)(iv). We no longer use
the term ‘‘coordination and management
of care’’ in this safe harbor.
Additionally, because paragraph
1001.952(gg)(1) makes certain entities
ineligible to use the value-based safe
harbors, we are finalizing the term
‘‘manufacturer of a device or medical
supply,’’ with the same meaning set
forth in paragraph 1001.952(ee)(14).
c. Entities Ineligible for Safe Harbor
Protection
Summary of OIG Proposed Rule: We
proposed in proposed paragraph
1001.952(ee) to limit the entities that
could qualify as VBE participants,
which would have the effect of limiting
availability of the value-based safe
harbors, including the full financial risk
safe harbor at proposed paragraph
1001.952(gg), for those ineligible
entities. The proposed definition of
‘‘VBE participant’’ is summarized more
fully in section III.B.2.e of this
preamble.
Summary of Final Rule: We are not
finalizing our proposal in proposed
paragraph 1001.952(ee) to limit the
entities that could qualify as VBE
participants. As explained at section
III.B.2.e, in the final rule we are
identifying parties ineligible to rely on
safe harbors in the safe harbors
themselves. For the full financial risk
safe harbor, we are finalizing a
requirement that remuneration is not
exchanged by any of the following
entities: (i) Pharmaceutical
manufacturers, wholesalers, and
distributors; (ii) PBMs; (iii) laboratory
companies; (iv) pharmacies that
primarily compound drugs or primarily
dispense compounded drugs; (v)
manufacturers of devices or medical
supplies; (vi) entities or individuals that
manufacture, sell, or rent DMEPOS
(other than a pharmacy or a physician,
provider, or other entity that primarily
furnishes services, all of whom remain
eligible); and (vii) medical device
distributors or wholesalers that are not
otherwise manufacturers of devices or
medical supplies. This list, set forth at
paragraph 1001.952(gg)(1), effectuates
proposals in the OIG Proposed Rule to
make these entities ineligible to use this
safe harbor for the exchange of
remuneration pursuant to a value-based
arrangement.
Comments, our responses, and policy
decisions regarding this issue can be
found in the discussion of VBE
participants in section III.B.2.e of this
preamble.
PO 00000
Frm 00093
Fmt 4701
Sfmt 4700
77775
d. VBE’s Assumption of Risk From a
Payor
Summary of OIG Proposed Rule: We
proposed at paragraph
1001.952(gg)(1)that the VBE must
assume full financial risk from a payor.
We proposed that VBEs could assume
full financial risk directly from a payor
or through a VBE participant acting on
behalf of the VBE.
Summary of Final Rule: We are
finalizing this requirement at paragraph
1001.952(gg)(2), with the following
modifications. First, VBEs have two
options to assume full financial risk
from a payor. A VBE can assume risk
from the payor through an arrangement
that meets the definition of ‘‘valuebased arrangement,’’ or a VBE can
assume risk from a payor through a
contract that places the VBE at full
financial risk.
The first option for risk arrangements
requires the payor to be a VBE
participant, which is permitted under
our final definition of ‘‘VBE
participant.’’ The payor (as a VBE
participant) and the VBE can enter into
a value-based arrangement for the VBE
to assume full financial risk. As we
proposed and are finalizing in this rule,
the introductory paragraph to
1001.952(gg) protects remuneration
exchanged pursuant to a value-based
arrangement. Therefore, remuneration
exchanged pursuant to a payor’s and a
VBE’s value-based arrangement could be
protected by this safe harbor, including
remuneration exchanged to implement
the full financial risk methodology, if
the value-based arrangement meets all
applicable conditions of the safe harbor.
Under the second option, payors that
do not wish to be part of the VBE may
choose to enter into a written contract
with the VBE that is not a value-based
arrangement for the purposes of the
VBE’s assumption of full financial risk.
Under this option, payors would not be
VBE participants, the written contract
between the payor and the VBE would
not be a value-based arrangement, and
the payor would not be subject to the
other conditions of the safe harbor. In
such circumstances, these contracts
must only meet the condition at
paragraph 1001.952(gg)(2), i.e., they
must evidence the VBE’s assumption of
full financial risk from the payor.
Remuneration exchanged pursuant to a
risk assumption contract that is not a
value-based arrangement is not
protected by this safe harbor. The VBE
and the payor would need to assess any
potential remuneration exchanged
pursuant to the risk arrangement
contract and its compliance with the
Federal anti-kickback statute.
E:\FR\FM\02DER3.SGM
02DER3
77776
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
To enable the payor and VBE to use
this safe harbor to protect remuneration
exchanged pursuant to their value-based
arrangement, we are providing at
paragraph 1001.952(gg)(4) of the safe
harbor that, even though the payor is a
VBE participant, the payor is exempt
from the prohibition against a VBE
participant claiming payment in any
form from the payor for items or
services covered under the value-based
arrangement.
We are also modifying this
requirement to clarify that the payor
cannot act on behalf of the VBE; the
VBE must be a distinct legal entity or
represented by a VBE participant, other
than a payor, that acts on the VBE’s
behalf.
We summarize and respond to
comments regarding this proposed
condition as applied only to the full
financial risk safe harbor below. For a
summary of the comments received
regarding the requirement that a VBE
assume financial risk from a payor
pursuant to a value-based arrangement,
in both the substantial downside
financial risk and full financial risk safe
harbors and our responses, we refer
readers to the discussion of this
condition in the substantial downside
financial risk safe harbor at section
III.B.4.d.
Comment: Commenters requested that
OIG clarify that payors can act on behalf
of the VBE to assume full financial risk.
Response: We are revising the
regulatory text in response to these
comments to clarify that a single VBE
participant may act on behalf of the VBE
to assume full financial risk from a
payor, provided it is not itself a payor.
That is, the agent of the VBE and the
payor from which the VBE is assuming
full financial risk from may not be the
same entity.
Comment: Multiple commenters
expressed concern that, because Indian
health care is compensated through
Indian Health Service appropriations
and the Medicare, Medicaid, and CHIP
programs, Indian health care providers
could not be risk-bearing entities, as
required in the proposed full financial
risk safe harbor.
Response: It is possible that Indian
health care providers might not be riskbearing entities for purposes of this safe
harbor; that would be a programmatic
matter outside the scope of this
rulemaking. There may be other
providers of varying types that are not
able to, or choose not to, meet the
requirements of this safe harbor. This
would not foreclose Indian health care
providers or other providers from
engaging in care coordination
arrangements and seeking safe harbor
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
protection under the care coordination
arrangements safe harbor at paragraph
1001.952(ee), which does not require
the assumption of any risk (but is
available for risk-bearing arrangements),
or other available safe harbors, such as
the safe harbor for personal services and
management contracts and outcomesbased payments at paragraph
1001.952(d). Moreover, the fact that an
arrangement does not fit in a safe harbor
does not make the arrangement
unlawful. The OIG advisory opinion
process is also available for providers
seeking a legal opinion regarding their
arrangements.
Comment: A commenter requested
that the safe harbor not be limited to
items and services covered by a
particular payor, but rather extended to
all items and services provided to a VBE
participant’s patients, regardless of
payor. For example, the commenter
requested that the safe harbor protect
risk-based arrangements between a
health system and providers where the
VBE assumes risk for all of the
providers’ patients, regardless of the
patients’ payors.
Response: A VBE could assume full
financial risk for all of the items and
services provided to all of a VBE
participant’s patients, provided the VBE
and VBE participant have defined the
target patient population to include all
of the VBE participant’s patients, and if
the VBE participant’s patients are
insured by multiple payors, the VBE has
assumed full financial risk from each
payor that insures a patient who is part
of the target patient population. The risk
that a VBE assumes is not limited to the
items and services covered by the
applicable payor that a VBE participant
provides (e.g., only the items and
services provided by the health system);
rather, the VBE’s risk encompasses all
items and services covered by the
applicable payor, regardless of whether
a VBE participant or another provider
provides such items and services.
e. Phase-In Period
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg)(1)
that the full financial risk safe harbor
would protect remuneration exchanged
pursuant to value-based arrangements
between a VBE and a VBE participant
where the VBE is contractually
obligated to assume full financial risk in
the next 6 months. We solicited
comments on whether such lead time
should be shorter or longer.
Summary of Final Rule: We are
finalizing, with modification, a
protected ‘‘phase-in’’ period at
paragraph 1001.952(gg)(2). In response
to comments requesting a longer phase-
PO 00000
Frm 00094
Fmt 4701
Sfmt 4700
in period, we are extending the
protected phase-in period for parties
that have entered into a contract or a
value-based arrangement to assume full
financial risk from the proposed 6
months to 1 year.
In contrast to the substantial
downside financial risk safe harbor, we
believe an extended 1-year phase-in
period is warranted where a VBE is
preparing to assume full financial risk
for the total cost of items and services
covered by the applicable payor for the
target patient population.
We refer readers to the substantial
downside financial risk safe harbor
section at III.B.4.e regarding the phasein requirement for a summary of
comments we received on this phase-in
period, and our responses, as applicable
to both the substantial downside
financial risk safe harbor and full
financial risk safe harbor and for a more
detailed discussion of this standard. We
did not receive comments regarding the
phase-in period specific to the full
financial risk safe harbor. Among other
comments, commenters recommended a
1-year phase-in period for both safe
harbors.
f. Writing
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg)(2)
that the parties to the value-based
arrangement must set forth the material
terms of the value-based arrangement in
a signed writing that includes the valuebased activities to be undertaken by the
parties. At proposed paragraph
1001.952(gg)(1), we proposed that the
VBE have a signed writing with the
payor that specifies the target patient
population and contains terms
evidencing the VBE’s full financial risk.
Summary of Final Rule: We are
finalizing, with modification, a writing
requirement for value-based
arrangements at paragraph
1001.952(gg)(3). The modification,
based on public comments, clarifies that
the writing requirement can be satisfied
by a collection of documents. The
writing requirement now states that the
value-based arrangement must be set
forth in writing, signed by the parties,
and specify all material terms, including
the value-based activities and the term.
This writing requirement does not apply
to contracts between a VBE and a payor
that are not value-based arrangements.
For further discussion of and
responses to the general comments we
received regarding a writing
requirement, we refer readers to section
III.B.3.d that discusses the writing
requirement for purposes of the care
coordination arrangements safe harbor.
The general comments addressed
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
aspects of the writing requirement that
were common to all three value-based
safe harbors. In this section, we discuss
only the comments specific to the
proposed full financial risk safe harbor’s
writing requirement.
Comment: A commenter asked OIG to
clarify whether, to the extent parties
have multiple value-based arrangements
for which they are seeking protection
under this safe harbor, each value-based
arrangement must be set forth in
separate writings or whether one
agreement could suffice.
Response: This safe harbor, like the
substantial downside financial risk safe
harbor, does not dictate the manner in
which parties document their valuebased arrangements. For example, a VBE
could choose to document the valuebased arrangement it entered into with
a payor and the value-based
arrangement it entered into with a
downstream VBE participant in a single
writing; alternatively, it could maintain
two separate writings for the two
distinct value-based arrangements.
g. 1-Year Minimum Term of ValueBased Arrangement
Summary of OIG Proposed Rule: In
the OIG Proposed Rule, we proposed in
paragraph 1001.952(gg)(2) to require
that the term of the value-based
arrangement be for a period of at least
1 year.
Summary of Final Rule: We are not
finalizing this proposed requirement.
Comment: A few commenters
opposed the proposed requirement that
the term of the value-based arrangement
be for at least 1 year, with one
commenter asserting that a value-based
arrangement term requirement could
impose unnecessary obstacles to
beneficial innovation. Commenters also
asked whether an arrangement would
meet this requirement of the safe harbor
if the parties terminate the arrangement
during the first year but do not enter
into a substantially similar arrangement
until the expiration of the first year.
Response: We are not finalizing the
proposed requirement that the term of
the value-based arrangement be for a
period of at least 1 year. We believe the
requirement for a VBE to assume full
financial risk from the payor for a
period of at least 1 year is a sufficient
safeguard against gaming without also
requiring the value-based arrangement
to have a 1-year minimum term. Parties
must still document the term of their
value-based arrangement as a condition
of meeting this safe harbor’s writing
requirement.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
h. Remuneration Used To Engage in
Value-Based Activities
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg)(4)(i)
to require that the remuneration
exchanged be used primarily to engage
in the value-based activities set forth in
the parties’ signed writing.
Summary of Final Rule: We are not
finalizing this proposed requirement.
Comment: A commenter asked
whether, given the requirement that
remuneration must be used primarily to
engage in value-based activities, all
activities of an integrated delivery
system subject to global budget
arrangements, either upstream or
downstream, will relate to the valuebased activities for the target patient
population. Another commenter
requested that we interpret this
requirement to mean that, if
substantially all of an integrated
delivery system’s activities include the
assumption of financial risk for all
services, the remaining incidental
activities and associated remuneration
among VBE participants also would be
protected.
Response: We are not finalizing the
proposed requirement that all
remuneration exchanged pursuant to the
full financial risk safe harbor be used
primarily to engage in value-based
activities for the target patient
population. We intended this proposed
condition to safeguard against the
exchange of remuneration to
inappropriately induce referrals.
However, based on comments received
to this safe harbor and the substantial
downside financial risk safe harbor (as
detailed in section III.B.4.f), we do not
think this safeguard is necessary in the
full financial risk safe harbor, given this
safe harbor’s unique combination of
safeguards, and in particular, the
requirement that the VBE assume full
financial risk from a payor for a target
patient population and the safe harbor’s
limitation on exchanges of remuneration
to those between the VBE and a VBE
participant. For purposes of the
substantial downside financial risk safe
harbor, we addressed this issue more
narrowly, excluding monetary
remuneration exchanged pursuant to a
risk methodology that meets the
definition of ‘‘substantial downside
financial risk’’ or ‘‘meaningful share’’
from the requirement that remuneration
exchanged be used predominantly to
engage in value-based activities.
However, for the reasons set forth above,
we believe a more flexible approach is
warranted in this safe harbor, and we
are not finalizing the proposed
condition.
PO 00000
Frm 00095
Fmt 4701
Sfmt 4700
77777
With respect to the comment
regarding safe harbor protection for
incidental activities and associated
remuneration where substantially all of
an entity’s activities include the
assumption of financial risk for all
services, we note that the value-based
safe harbors do not protect business
models or necessarily all activities and
remuneration flowing under, for
example, an integrated delivery system.
Rather, the full financial risk safe
harbor, like the other value-based safe
harbors, protects discrete streams of
remuneration exchanged pursuant to a
value-based arrangement, and parties
would need to evaluate each stream
separately to assess compliance with the
Federal anti-kickback statute, and as
applicable, any available safe harbor.
i. Direct Connection to Value-Based
Purposes
Summary of OIG Proposed Rule: We
proposed at paragraph
1001.952(gg)(4)(ii) to require that the
remuneration be directly connected to
one or more of the VBE’s value-based
purpose(s), at least one of which must
be the coordination and management of
care for the target patient population.
We proposed that this condition would
be interpreted consistent with the
similar condition in the care
coordination arrangements safe harbor.
Summary of the Final Rule: We are
finalizing, with modification, the
requirement that remuneration
exchanged between the VBE and a VBE
participant under this safe harbor be
connected to one or more value-based
purposes at paragraph
1001.952(gg)(5)(i). Based on public
comment, we are modifying the
provision to remove the requirement
that all remuneration be connected to
the purpose of coordinating and
managing care for the target patient
population.
Comment: Commenters asked for
examples of the types of arrangements
the safe harbor could protect, and a
commenter specifically asked whether
the safe harbor would protect fee-forservice payments, bonus payments
based on quality outcomes, or both from
a VBE to a VBE participant. A
commenter also asked whether a VBE
could give remuneration to an owner of
the VBE, where the owner is a VBE
participant.
Response: This safe harbor could
protect arrangements for bonus
payments based on quality outcomes or
shared savings and losses arrangements,
among other types of payment
arrangements, as long as all
requirements of the safe harbor are
satisfied, including the requirement that
E:\FR\FM\02DER3.SGM
02DER3
77778
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
the remuneration exchanged must be
directly connected to one or more valuebased purposes. With respect to the
commenter’s question about fee-forservice payment, this safe harbor does
not dictate the manner of payment
between the VBE and the VBE
participant for items and services
rendered to the target patient
population. Provided the VBE has
assumed full financial risk from a payor
and the VBE participant does not claim
payment from the payor for the items
and services furnished to the target
patient population, the VBE could pay
the VBE participant on a fee-for-service
basis.
Whether a VBE could give
remuneration to an owner of the VBE,
where the owner is a VBE participant,
is a fact-specific determination. While
the safe harbor, by its terms, does not
preclude remuneration exchanged
between a VBE and an owner of the VBE
where the owner is a VBE participant,
we highlight that this safe harbor does
not protect an ownership or investment
interest in the VBE or any distributions
related to an ownership or investment
interest.
Unlike the similar requirement in the
other value-based safe harbors, we are
not requiring a direct connection to any
specific value-based purpose under this
safe harbor. This safe harbor is designed
to protect the broadest scope of
remuneration, and some remuneration
may be more closely connected to one
of the other value-based purposes.
Therefore, we are providing more
flexibility for a VBE assuming full
financial risk to determine the valuebased purpose(s) to which the exchange
of remuneration is directly connected.
This includes remuneration exchanged
pursuant to a value-based arrangement
between the VBE and the payor (as a
VBE participant) that effectuates the
VBE’s assumption of full financial risk
from the payor. For a summary of
comments received regarding the
requirement for a direct connection to
the coordination and management of
care and further discussion of this
requirement as proposed in the care
coordination arrangements safe harbor,
the substantial downside financial risk
safe harbor, and the full financial risk
safe harbor, we refer readers to the
applicable section of this final rule for
each safe harbor.
j. No Reduction in Medically Necessary
Items or Services
Summary of OIG Proposed Rule: We
proposed at paragraph
1001.952(gg)(4)(iii) to require that
remuneration must not induce the VBE
or VBE participants to reduce or limit
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
medically necessary items or services
furnished to any patient. We proposed
to interpret this condition consistent
with the similar condition proposed in
the care coordination arrangements safe
harbor.
Summary of Final Rule: We are
finalizing, with modification, this
condition at paragraph 1001.952(gg)(6).
The modification provides that the
value-based arrangement (not merely
the remuneration exchanged) may not
induce the VBE or VBE participants to
reduce or limit medically necessary
items or services furnished to any
patient.
For a summary of comments received
and our responses regarding this
condition, as proposed in each of the
value-based safe harbors, we refer
readers to the care coordination
arrangements and substantial downside
financial risk safe harbor sections
discussing this requirement at III.B.3.e
and III.B.4.h, respectively.
k. Taking Into Account the Volume or
Value of, or Conditioning Remuneration
on, Business or Patients Not Covered
Under the Value-Based Arrangement
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg)(5)
that the VBE or VBE participant offering
the remuneration could not take into
account the volume or value of, or
condition the remuneration on, referrals
of patients outside of the target patient
population or business not covered
under the value-based arrangement.
This proposed safeguard is identical to
that included in the proposed care
coordination arrangements and
substantial downside financial risk safe
harbors.
Summary of Final Rule: We are
finalizing, without modification, this
condition, and relocating it to paragraph
1001.952(gg)(7). Comments received on
this topic addressed the requirement as
it applied to the value-based safe
harbors generally; we did not receive
separate comments on this requirement
specific to this safe harbor.
Consequently, we refer readers to the
care coordination arrangements safe
harbor section regarding this
requirement at III.B.3.f for a summary of
applicable comments, our responses,
and a more detailed discussion of this
standard.
l. Offer or Receipt of Ownership or
Investment Interests
Summary of OIG Proposed Rule: We
proposed at paragraph
1001.952(gg)(4)(iv) that the full financial
risk safe harbor would not protect an
ownership or investment interest in the
VBE or any distributions related to an
PO 00000
Frm 00096
Fmt 4701
Sfmt 4700
ownership or investment interest, and
we solicited comments on this approach
and, in particular, any operational
challenges this approach might present.
Summary of Final Rule: We are
finalizing, without modification, this
condition and relocating it to paragraph
1001.952(gg)(5)(ii).
Comment: Similar to the substantial
downside financial risk safe harbor,
several commenters opposed this
condition or, alternatively, requested
that OIG clarify that it does not intend
to prohibit VBE participants from
establishing a corporate structure for a
VBE in which participants may each
receive some equity. A commenter
asserted that, without modifying or
clarifying OIG’s approach to protecting
an ownership or investment interest in
the VBE or any distributions related to
an ownership or investment interest, the
safe harbor would unnecessarily restrict
individuals and entities from dictating
the corporate structure of the VBEs they
elect to create. Another commenter
stated that the safe harbor should
protect ownership or investment
interests where payors require that only
a single entity, as opposed to a
collection of entities, enter into the full
financial risk arrangement.
Response: We do not view protection
for ownership or investment interests in
a VBE as fundamental to parties
entering into value-based arrangements
under this safe harbor and decline to
protect them under this safe harbor. We
are concerned that, were we to protect
such remuneration streams, such
protection would serve only to align
financial interests of the parties without
benefitting the payor or target patient
population. Remuneration in the form of
ownership or investment interests
presents a higher risk that offers of
investment interests or returns on
investment will be for the purpose of
inducing referrals, without attendant
care coordination, quality, or costreduction benefits related to the target
patient population or the payor. Parties
seeking to protect a particular
ownership or investment interest may
look to existing safe harbors (e.g., the
safe harbor for investment interests
found at paragraph 1001.952(a)), and the
advisory opinion process remains
available.
Regardless of whether a payor
requires that a single entity, as opposed
to a collection of entities, enter into a
contract or a value-based arrangement to
assume full financial risk, the safe
harbor itself requires a single individual
or entity to contract or enter into a
value-based arrangement with the payor
to assume full financial risk (e.g., the
VBE may directly contract with the
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
payor or a single VBE participant (other
than a payor) may act on behalf of the
VBE to contract with the payor). If a
VBE participant that has assumed full
financial risk as an agent of the VBE
seeks to share its risk with other parties
to the VBE, the safe harbor is available
to protect such risk-sharing
arrangements, provided they meet all
requirements of the safe harbor.
m. No Remuneration From Individuals
or Entities Outside the Applicable VBE
Summary of OIG Proposed Rule: We
proposed at paragraph
1001.952(gg)(4)(v) that the full financial
risk safe harbor would not protect any
remuneration funded by, or otherwise
resulting from contributions by, any
individual or entity outside of the
applicable VBE.
Summary of Final Rule: We are not
finalizing this proposed requirement,
based on concerns—raised by
commenters in the context of the same
provision in the care coordination
arrangements safe harbor—that this
condition could inadvertently restrict
the exchange of beneficial remuneration
that we intend to protect. While we are
not finalizing this condition, we
emphasize that remuneration exchanged
outside of a value-based arrangement
would not be protected by any of the
value-based safe harbors. We did not
receive separate comments on this
requirement specific to this safe harbor.
Consequently, we refer readers to the
care coordination arrangements safe
harbor and substantial downside
financial risk safe harbor sections at
III.B.3.e and III.B.4.j discussing this
requirement for a summary of
applicable comments, our responses,
and a more detailed explanation of our
rationale for not finalizing this standard.
n. Utilization Review and Quality
Assurance Programs
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg)(6)
that the VBE must provide or arrange for
an operational utilization review
program and a quality assurance
program that protects against
underutilization and specifies patient
goals, including measurable outcomes,
where appropriate. We noted that such
proposed conditions would mirror those
found in the managed care safe harbor
at paragraph 1001.952(u) but explained
that we were considering other ways to
frame these proposed conditions to
reflect the utilization review and quality
assurance mechanisms in place today.
Summary of Final Rule: We are
finalizing, with modifications, this
proposed condition at paragraph
1001.952(gg)(8). Based on public
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
comment, the modifications afford
parties additional flexibility in
conducting quality and utilization
reviews. Specifically, VBEs seeking
protection under this safe harbor must
provide or arrange for a quality
assurance program for services
furnished to the target patient
population that: (i) Protects against
underutilization of items and services
furnished to the target patient
population; and (ii) assesses the quality
of care furnished to the target patient
population. We are not finalizing the
proposed requirement to have an
operational utilization review program.
Comment: Some commenters
supported our proposal to require the
VBE to provide or arrange for an
operational utilization review program
and a quality assurance program, while
another commenter requested that OIG
reconsider this requirement, stating that
VBEs are not the equivalent of a
managed care organization and that
operational utilization review programs
and quality assurance programs are
robust, expensive programs that require
significant lead time to implement. A
couple of commenters asked OIG to
explain the term ‘‘operational,’’ and a
commenter specifically asked whether a
utilization review program that is used
only on an annual basis would be
considered ‘‘operational.’’ Another
commenter asked whether an existing
utilization review program of a
contracting payor or provider would
meet this requirement.
Response: We are revising the
terminology used in order to afford
parties additional flexibility consistent
with our intent that a VBE provide or
arrange for a program to protect against
underutilization and specify patient
goals. Specifically, VBEs must provide
or arrange for a quality assurance
program for services furnished to the
target patient population that: (i)
Protects against underutilization of
items and services furnished to the
target patient population; and (ii)
assesses the quality of care furnished to
the target patient population. Such a
quality assurance program may include
an operational utilization review
program and specify patient goals;
however, an operational utilization
review program is no longer a
requirement. Pursuant to this revised
standard, parties may determine what
activities and mechanisms are most
suitable to assess the quality and
appropriateness of care furnished to the
target patient population, provided such
mechanisms meaningfully protect
against underutilization and assess the
quality of care furnished to the target
patient population.
PO 00000
Frm 00097
Fmt 4701
Sfmt 4700
77779
The flexibility we are providing to
parties is in recognition that VBEs may
be subject to varying requirements
related to quality assurance programs
based on State law or the terms of its
value-based arrangement with the
payor. Notwithstanding this additional
flexibility, as with the condition
proposed in the OIG Proposed Rule, this
revised requirement effectuates our
intent that a VBE provide or arrange for
a program to protect against
underutilization and specify patient
goals.
In response to commenters’ specific
inquiries, we acknowledge that, even
with the additional flexibility afforded
by our revisions to this condition,
quality assurance programs are robust
and potentially expensive undertakings.
Thus, we are highlighting that this
condition does not mandate that VBEs
establish such review programs
themselves; the VBE may also arrange
for such programs. For example, VBEs
may look to payors with which they are
contracting or entering into value-based
arrangements to assume full financial
risk to share, or fully assume, this
responsibility. In such circumstances,
the VBE may reasonably rely on the
payor’s existing quality assurance
program infrastructure provided it
meets all safe harbor requirements.
o. No Marketing of Items or Services or
Patient Recruitment Activities
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg)(7)
to exclude safe harbor protection for
remuneration exchanged pursuant to a
value-based arrangement that included
marketing items or services to patients
or engaging in patient recruitment
activities. We proposed to interpret this
condition consistent with our
interpretation of this same proposed
requirement in the care coordination
arrangements safe harbor.
Summary of Final Rule: We are
finalizing, with modifications, the
limitation on marketing and patient
recruitment at paragraph
1001.952(gg)(5)(iii). Rather than
prohibiting all marketing and patient
recruitment activities, we modified the
provision to prohibit the exchange or
use of remuneration for the purpose of
marketing items or services furnished by
the VBE or VBE participants to patients
or for the purpose of patient recruitment
activities. We received only one
comment on this requirement specific to
this safe harbor, detailed below. We
refer readers to the care coordination
arrangements safe harbor’s discussion
regarding this requirement at section
III.B.3.j for a summary of applicable
comments, our responses, additional
E:\FR\FM\02DER3.SGM
02DER3
77780
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
explanation regarding this standard, and
a rationale for the modification we are
making.
Comment: Without further explaining
its position, a commenter stated that
there is no need for any marketing or
patient recruitment limitations in the
full financial risk safe harbor.
Response: Consistent with the other
value-based safe harbors, we have
modified the marketing requirement to
be more limited in scope but to preclude
protection for remuneration exchanged
or used for the purpose of marketing
items or services furnished by the VBE
or a VBE participant to patients or
patient recruitment activities. Although
we agree that the VBE’s assumption of
full financial risk generally warrants
greater flexibility in this safe harbor, we
continue to believe that a prohibition on
certain marketing and patient
recruitment practices is an important
fraud and abuse safeguard across all
three value-based safe harbors for the
reasons set forth in the discussion of the
marketing condition in the care
coordination arrangements safe harbor.
In particular, with respect to the full
financial risk safe harbor, we are
concerned that remuneration under the
value-based arrangement may be
exchanged or used to engage in
inappropriate patient recruitment
activities to incentivize, for example,
beneficiary enrollment in, or alignment
to, a particular health plan.
p. Materials and Records
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(gg)(8)
that the VBE or its VBE participants
maintain documentation sufficient to
demonstrate compliance with the safe
harbor’s conditions and to make such
records available to the Secretary upon
request. We solicited comments
regarding whether we should require
parties to maintain materials and
records for a set period of time (e.g., at
least 6 years or 10 years). We proposed
to interpret this requirement as
described in the OIG Proposed Rule’s
preamble discussing the proposed care
coordination arrangements safe harbor.
Summary of Final Rule: We are
finalizing, with modification, the
materials and records requirement at
paragraph 10001.952(gg)(9). The final
rule includes new language to specify
that, for a period of at least 6 years, the
VBE or its VBE participants must
maintain materials and records
sufficient to establish compliance with
the conditions of the safe harbor. We
did not receive separate comments on
this requirement specific to this safe
harbor; the comments received related
to the value-based safe harbors
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
generally. Consequently, for a more
detailed discussion and a summary of
and responses to the comments received
regarding this requirement, we refer
readers to section III.B.3.n discussing
the materials and records condition in
the care coordination arrangements safe
harbor.
q. Downstream Arrangements
Summary of OIG Proposed Rule: In
the preamble, we noted that the
proposed full financial risk safe harbor
would apply only to remuneration
exchanged between a VBE and a VBE
participant pursuant to a value-based
arrangement. We stated that the
proposed safe harbor would not protect
remuneration exchanged between or
among VBE participants that are part of
the same VBE, between a VBE
participant and a downstream
contractor, or between two downstream
contractors. We explained that we were
concerned about extending safe harbor
protection to remuneration exchanged
pursuant to these arrangements because
the downstream parties may have
assumed little or no financial risk,
which could result in fee-for-service
incentives, and therefore, a risk of
overutilization or other traditional
harms associated with fee-for-service
payments. We solicited comments on a
variety of alternate approaches to
protecting remuneration exchanged
pursuant to certain downstream
arrangements (e.g., additional
safeguards in either the full financial
risk safe harbor or another safe harbor).
Summary of Final Rule: We are
finalizing, without modification, the
requirement that the exchange of
remuneration must be between the VBE
and a VBE participant in the
introductory paragraph to 1001.952(gg).
We are not extending safe harbor
protection to remuneration that passes
from one VBE participant to another
VBE participant or a downstream
contractor. As articulated in the
substantial downside financial risk safe
harbor section discussing downstream
arrangements, we are limiting safe
harbor protection to the exchange of
remuneration between the VBE and a
VBE participant because we believe it is
important to provide the protection and
regulatory flexibility the risk-based safe
harbors afford only where the VBE is a
party to the value-based arrangement.
We are concerned that, without the VBE
as a party, where neither party has
assumed full financial risk and may
continue to bill the applicable payor on
a fee-for-service-basis, there is a
heightened concern about traditional
FFS fraud and abuse risks. We note that
a VBE participant seeking to exchange
PO 00000
Frm 00098
Fmt 4701
Sfmt 4700
remuneration with another VBE
participant may look to the care
coordination arrangements safe harbor
or other safe harbors, such as the
personal services and management
contracts and outcomes-based payments
safe harbor.
For a summary of the comments
received regarding this limitation, our
responses, and a detailed explanation
regarding our decision not to extend this
safe harbor to downstream
arrangements, we refer readers to our
discussion of the parallel provision in
the substantial downside financial risk
safe harbor in section III.B.4.p. We did
not receive comments on this
requirement specific to this safe harbor
that diverged from the comments
summarized in the section describing
the parallel provision in the substantial
downside financial risk safe harbor.
r. Potential Additional Safeguards
Summary of OIG Proposed Rule: We
stated in the preamble that we were
considering adopting two additional
safeguards for purposes of the final rule:
A cost-shifting prohibition and a
requirement that parties submit
information to the Department regarding
their value-based arrangement.
Summary of Final Rule: We are not
finalizing the two additional proposed
safeguards. Similar to the substantial
downside financial risk safe harbor, we
are not including a cost-shifting
prohibition, in recognition that the
assumption of full financial risk is
intended to drive a reduction in costs,
which may include Federal health care
program costs. We did not receive
comments on this alternative condition
specific to this safe harbor that diverged
from the comments summarized in
section III.B.4.q of the substantial
downside financial risk safe harbor
preamble, and we refer readers to that
section for a summary of comments
received and our responses.
We are likewise not finalizing a
requirement for parties to submit
information to the Department for the
reasons previously articulated in the
care coordination arrangements safe
harbor’s discussion of this alternative
safeguard, including minimizing
administrative burden. We did not
receive comments on this condition
specific to this safe harbor that diverged
from the comments previously
summarized in section III.B.4.p of the
care coordination arrangements safe
harbor preamble, and we refer readers to
that section for a summary of comments
and our responses.
We received comments requesting
additional safeguards to the full
financial risk safe harbor that we did not
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
propose, and we summarize such
comments below.
Comment: Several commenters
supported the addition of other
safeguards that we did not propose in
the preamble to the full financial risk
safe harbor. For example, some
commenters supported a requirement
for value-based arrangements to include
objective and quantifiable outcome
measures, and a commenter asserted
that the outcome measures, the
methodology for measuring them, and
how the measures affect cost should be
transparent to the public. Other
commenters suggested that we include
the requirement that neither the valuebased arrangement nor VBE participants
limit parties’ ability to make decisions
in the best interest of their patients.
Response: We are not requiring, in the
context of the full financial risk safe
harbor, that value-based arrangements
include outcome measures (or any
public transparency requirements
related to such outcome measures)
because we did not propose this as a
requirement, and we do not believe that
such a requirement would appreciably
mitigate risk, given other conditions of
the safe harbor. However, we note that
we are separately requiring that the VBE
provide or arrange for a quality
assurance program for services
furnished to the target patient
population that: (i) Protects against
underutilization of items and services
furnished to the target patient
population; and (ii) assesses the quality
of care furnished to the target patient
population. While outcome
measurement is not a requirement of
this safe harbor, as a practical matter,
we anticipate that an assessment of the
quality of care furnished to the target
patient population pursuant to a quality
assurance program may include
quantitative or qualitative measures
assessing, for example, performance on
certain outcome measures. We did not
propose and are not finalizing a
requirement that neither the value-based
arrangement nor VBE participants limit
the parties’ ability to make decisions in
the best interest of their patients, nor do
we think it would be necessary given
other protections in the safe harbor.
6. Arrangements for Patient Engagement
and Support To Improve Quality, Health
Outcomes, and Efficiency (42 CFR
1001.952(hh))
Summary of OIG Proposed Rule: We
proposed to establish a new safe harbor
at paragraph 1001.952(hh) to protect
remuneration in the form of patient
engagement tools and supports
furnished directly by VBE participants
to patients in a target patient
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
population. The tools and supports
could not be funded by anyone outside
the VBE (proposed paragraph
1001.952(hh)(2)). We proposed to
protect only in-kind preventive items,
goods, or services, or in-kind items,
goods, or services, such as healthrelated technology, patient healthrelated monitoring tools and services, or
supports and services designed to
identify and address a patient’s social
determinants of health (proposed
paragraph 1001.952(hh)(3)(i)). We
proposed that protected remuneration
would need to have a direct connection
to the coordination and management of
care (proposed paragraph
1001.952(hh)(3)(ii)) and advance one of
six enumerated goals related to patient
care (proposed paragraph
1001.952(hh)(3)(vii)). The proposal
included a $500 cap on the amount of
protected remuneration a VBE
participant could furnish to a patient on
an annual basis, with an exception
based on the good faith, individualized
determination of a patient’s financial
need (proposed paragraph
1001.952(hh)(5)). The proposed safe
harbor included several additional
conditions, such as a requirement that
provision of a tool or support would not
result in medically unnecessary or
inappropriate items or services
reimbursed in whole or in part by a
Federal health care program. Other
proposed conditions are summarized
more fully below.
Summary of Final Rule: We are
finalizing, with modifications, the
patient engagement and support safe
harbor at paragraph 1001.952(hh). The
bases for the modifications are
explained the preamble sections that
follow. In particular, we have revised
the language at paragraph
1001.952(hh)(3)(i) to remove the specific
illustrative categories of health-related
technologies, patient health-related
monitoring tools and services, and
supports and services designed to
identify and address a patient’s social
determinants of health. With respect to
preventive items, goods, and services,
we have moved the element of
prevention to the list of enumerated
goals that can be advanced by protected
remuneration at paragraph
1001.952(hh)(3)(vi). The final language
at paragraph 1001.952(hh)(3)(i)
articulates our policy to be agnostic as
to the types of in-kind tools and
supports that can be protected by the
safe harbor if all safe harbor conditions
are met.
Further, we are finalizing at paragraph
1001.952(hh)(1) a list of entities that
may not furnish or otherwise fund or
contribute to protected tools and
PO 00000
Frm 00099
Fmt 4701
Sfmt 4700
77781
supports under this safe harbor, which
includes manufacturers, distributors,
and wholesalers of pharmaceuticals;
pharmacy benefit managers; laboratory
companies; pharmacies that primarily
compound drugs or primarily dispense
compounded drugs; manufacturers of
devices and medical supplies (unless
the tool or support is digital health
technology); entities or individuals that
sell or rent DMEPOS (other than a
pharmacy, a manufacturer of a device or
medical supply, or a physician,
provider, or other entity that primarily
furnishes services); medical device
distributors and wholesalers; and
physician-owned medical device
companies. Similar to our approach in
the care coordination arrangements safe
harbor at paragraph 1001.952(ee), a tool
or support furnished or funded by a
manufacturer of a device or medical
supply (as defined in paragraph
1001.952(ee)(14)) is eligible for safe
harbor protection only if the tool or
support is digital health technology
(defined at paragraph 1001.952(ee)(14)).
As explained at section III.B.2.e above,
we are listing ineligible entities in each
safe harbor rather than excluding them
in the definition of VBE participant.
The final safe harbor protects only inkind remuneration. The final safe harbor
includes at paragraph 1001.952(hh)(5)
the proposed $500 annual, aggregate cap
provision (without the proposed
exception for tools and supports above
the cap furnished based on good faith,
individualized determinations of a
patient’s financial need). The final safe
harbor also includes at paragraph
1001.952(hh)(3)(iv) the proposed
requirement that the provision of a tool
or support not result in medically
unnecessary or inappropriate items or
services reimbursed in whole or in part
by a Federal health care program.
Additional conditions of the final safe
harbor are summarized by topic in
discussions that follow.
a. General Comments
Comment: Among the commenters
offering general feedback on the
proposed safe harbor, some commenters
supported the proposed safeguards,
others supported adding some or all of
the additional considered safeguards on
which we solicited comments, and
others stated that certain proposed or
additional safeguards would impose a
significant administrative burden on
stakeholders seeking protection under
the safe harbor. A number of comments
noted that the safe harbor would
promote patient engagement, encourage
adherence to treatment, and improve
outcomes. Other commenters requested
E:\FR\FM\02DER3.SGM
02DER3
77782
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
specific changes or clarifications to
various proposals.
Response: We appreciate the
commenters’ suggestions regarding the
scope and impact of this safe harbor,
including the conditions we proposed
and considered. As discussed below, we
are finalizing a number of the proposed
conditions, in some cases with
modifications suggested by commenters.
We also are removing or modifying
some conditions in response to
comments and adding some of the
proposed conditions for which we
solicited comments.
b. Entities Ineligible for Protection
Summary of OIG Proposed Rule: We
proposed to protect only tools and
supports furnished by VBE participants,
as defined in proposed paragraph
1001.952(ee)(12). This proposed
definition excluded pharmaceutical
manufacturers, laboratories, and
manufacturers, distributors, and
suppliers of DMEPOS. As a result, these
entities would be ineligible to use this
proposed safe harbor. The entities we
proposed to make ineligible to
participate in a VBE are described in
more detail in section III.B.2.e of this
preamble. We also indicated that the
final rule might exclude additional
entities from furnishing patient
engagement tools and supports,
including physician-owned device
companies, compounding pharmacies,
and medical device and supply
manufacturers, wholesalers, and
distributors.55 We solicited comments
on several alternative frameworks for
protected offerors and conditions
related to protected offerors under this
safe harbor, including whether the
offeror should assume at least some
downside financial risk.
Summary of Final Rule: As explained
in section III.B.2.e of this preamble, the
final definition of VBE participant has
been expanded to make all entity types
eligible as VBE participants. However,
within each value-based safe harbor, we
identify entities that are ineligible to
rely on that particular safe harbor. For
the patient engagement and support safe
harbor, and as set forth in paragraph
1001.952(hh)(1), we are finalizing the
following entities as ineligible to use the
safe harbor to furnish protected
remuneration to patients: (i)
Pharmaceutical manufacturers,
wholesalers, and distributors; (ii) PBMs;
(iii) laboratory companies; (iv)
pharmacies that primarily compound
drugs or primarily dispense
compounded drugs; (v) manufacturers
of devices or medical supplies (except
55 84
FR 55703–06, 55722 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
with respect to digital health
technology, as described below); (vi)
entities or individuals that sell or rent
DMEPOS (other than a pharmacy, a
medical device or supply manufacturer
that also sells or rents DMEPOS, or a
physician, provider, or other entity that
primarily furnishes services, all of
whom remain eligible); (vii) medical
device distributors or wholesalers that
are not otherwise manufacturers of
devices or medical supplies; and (viii)
medical device manufacturers,
distributors, or wholesalers with
ownership or investment interests held
by physicians. This expanded list of
excluded entities addresses our
concerns, based on our longstanding
enforcement and oversight experience,
that certain types of entities present a
higher risk of misusing this safe harbor
primarily or significantly to offer
remuneration to beneficiaries as a
means to market their products and
services rather than to improve the
coordination and management of patient
care.
In this final rule, OIG recognizes the
important role that digital health
technology plays in advancing the
Department’s goals in connection with
the Regulatory Sprint, including
improving the coordination and
management of patient care.
Accordingly, at paragraph
1001.952(hh)(1)(v), this final rule
permits manufacturers of devices and
medical supplies to furnish patient
engagement tools or supports that
constitute digital health technology, as
defined at paragraph 1001.952(ee)(14).
On balance and in consideration of the
full set of applicable safe harbor
conditions, we have concluded that this
policy would advance the benefits of
improved care coordination without
undue risk to patients or programs.
With respect to whether an entity falls
into a category of ineligible entities, we
refer readers to the discussion of the
various types of ineligible entities and
entities with multiple lines of business
at section III.B.2.e of this preamble. The
same rationale set forth there for
excluding each type of entity from the
value-based safe harbors and the same
analysis for categorizing entities with
multiple lines of business apply to the
patient engagement and support safe
harbor.
Comment: A number of commenters
supported OIG’s proposal to limit safe
harbor protection to tools and supports
furnished by VBE participants, as
defined in the OIG Proposed Rule,
because it helps ensure that the tools
and supports are aligned with the goals
of well-coordinated care and improving
value by incentivizing coordination and
PO 00000
Frm 00100
Fmt 4701
Sfmt 4700
collaboration among a patient’s
providers. Commenters also supported
making specific types of entities
ineligible for protection under this safe
harbor, such as pharmaceutical
manufacturers and manufacturers,
distributors, and suppliers of DMEPOS.
Response: We are finalizing our
policy that safe harbor eligibility is
limited to VBE participants and,
consequently, that tools and supports
furnished or funded by certain types of
entities would not be eligible for safe
harbor protection. The final patient
engagement and support safe harbor
protects only remuneration provided by
a VBE participant; this term, as defined
in this final rule, does not limit or
restrict what type of entity may be a
VBE participant. However, this safe
harbor does not protect tools and
supports furnished or funded by the
entities listed in paragraph
1001.952(hh)(1), even if such entities
are VBE participants.
We continue to believe that offering
and furnishing patient engagement tools
and supports by these ineligible entities
elevates the risk of fraud and abuse. For
example, as we stated in the OIG
Proposed Rule, offers of tools or
supports by pharmaceutical
manufacturers to a patient could
improperly influence the patient, as
well as a clinician’s decision to
prescribe one drug over another. Such
remuneration could influence a patient
to request a particular drug that is more
expensive or less clinically efficacious
than other clinically equivalent drugs.
This could both improperly influence
patient choice and increase costs to
Federal health care programs—two
factors cited by Congress to consider
when developing safe harbors—without
necessarily increasing quality.
Similarly, we remain concerned that the
entities identified as ineligible for this
safe harbor may inappropriately use
patient engagement tools and supports
to induce the use of medically
unnecessary items and services; market
their products; or divert patients from a
more clinically appropriate item or
service, provider, or supplier without
regard to the best interests of the
patient. Accordingly, we are finalizing
paragraph 1001.952(hh)(1) to specify
that the entities listed above are
ineligible to furnish, fund, or contribute
to remuneration protected by the patient
engagement and support safe harbor.
Comment: Several commenters urged
OIG to broaden the safe harbor to
protect tools and supports offered by
entities that are not VBE participants.
Another commenter noted that many
payors and providers have developed
effective patient incentive programs that
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
have occurred outside the value-based
care setting but nonetheless advance
OIG’s goals of improving adherence to a
followup care plan, improving
adherence to a treatment or drug
regimen, enhancing the management of
a disease or condition, or ensuring
patient safety. Commenters also
expressed concern that requiring VBE
participation imposes an increased
administrative burden on providers,
which could be a barrier to offering
patient engagement tools and supports.
Another commenter added that limiting
the safe harbor to VBE participants
would effectively preclude singleprovider entities from safe harbor
protection.
Response: As noted above, we are
finalizing a condition that safe harbor
protection is only available for tools and
supports furnished by VBE participants,
subject to additional conditions. In the
preamble to the OIG Proposed Rule, we
explained that safe harbor protection
would only be available to VBE
participants in order to align the
proposed patient engagement and
support safe harbor with the valuebased framework proposed in that
rule.56 Limiting safe harbor protection to
VBE participants is an important
condition because it requires entities to
adhere to certain formalities that
promote value-based objectives
including, for example, articulating a
value-based purpose and identifying a
target patient population based on
legitimate and verifiable criteria that are
set out in writing and further the VBE’s
value-based purpose.
Moreover, we believe the modest
administrative steps required to
establish a VBE—namely, establishing
an accountable body and creating a
governing document—require that
entities determine how to effectively
promote value-based care (e.g., how the
VBE participant intends to achieve its
value-based purpose). In the context of
patient engagement tools and supports,
the VBE must connect the provision of
tools and supports to the goal of
furthering value-based care that
underlies this rulemaking. We
emphasize that we perceive the
administrative steps required to
establish a VBE as relatively minimal,
and they should not pose a significant
burden on providers and others that
desire to furnish protected tools and
supports. We also note that solo
practitioners are not foreclosed from
protection under this safe harbor. A solo
practitioner could partner with another
entity or individual—without changing
the membership of the practitioner’s
56 84
FR 55722 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
own practice—to form a VBE. As a VBE
participant, the solo practitioner would
then be eligible to offer protected tools
and supports to patients, provided the
other conditions of the safe harbor are
satisfied.
Comment: Several commenters urged
OIG to extend safe harbor protection to
providers in rural or underserved areas
even if they are not VBE participants.
According to commenters, these
practices may not have sufficient patient
populations or resources to create or
participate in a VBE.
Response: We do not believe the
modest administrative steps required to
establish a VBE will be a barrier to most
entities—including providers serving
rural or underserved patients—that are
seeking to offer tools and supports to
beneficiaries. Moreover, we believe that
requiring entities to fulfill certain VBErelated requirements will help ground
any offer or provision of patient
engagement tools and supports in the
value-based objectives central to this
rule, namely the coordination and
management of patient care. A VBE does
not require a target patient population to
be a particular size, and in any event a
small practice or a provider in a rural
or underserved community may partner
with larger providers or other entities
with more resources to form VBEs.
Accordingly, the final rule does not
offer providers in rural or underserved
areas an exception to the safe harbor’s
condition that requires that the
individual or entity offering or
furnishing protected tools and supports
be a VBE participant.
Comment: Commenters recommended
that tools and supports furnished or
funded by various specific types of
entities should be eligible for protection
under this safe harbor. In particular,
commenters recommended that
pharmaceutical manufacturers;
manufacturers, distributors, and
suppliers of DMEPOS; and
laboratories—all of which were
ineligible for VBE participation per the
definition of ‘‘VBE participant’’ in the
OIG Proposed Rule—should be eligible
to furnish or fund protected tools and
supports under this safe harbor.
Commenters also noted that
pharmaceutical manufacturers;
manufacturers, distributors, and
suppliers of DMEPOS; and laboratories
increasingly are diversified entities that
include corporate affiliates and business
units that provide a wide range of items
and services, including health
technologies, care coordination and
clinical management, and other
offerings and services. Commenters also
urged that pharmacists, pharmacies,
pharmacy benefit managers, dialysis
PO 00000
Frm 00101
Fmt 4701
Sfmt 4700
77783
facilities, and health technology
companies should be eligible for
protection under the patient engagement
and support safe harbor.
Response: Under the final rule, tools
and supports furnished or funded by
manufacturers, distributors, and
wholesalers of pharmaceuticals;
individuals and entities that sell or rent
DMEPOS; pharmacy benefit managers;
laboratory companies; pharmacies that
primarily compound drugs or primarily
dispense compounded drugs; medical
device distributors and wholesalers; and
physician-owned medical device
companies are not eligible for protection
under the patient engagement and
support safe harbor. Based on our
longstanding enforcement and oversight
experience, there is a risk that these
entities could misuse this safe harbor to
offer remuneration to beneficiaries as a
means to market their products and
services rather than advancing the goal
of improving the coordination and
management of patient care. For the
same reasons, medical device
manufacturers are not eligible for
protection under this safe harbor except
to the extent the tools or supports
provided are digital health technology.
Similar to the care coordination
arrangements safe harbor, we have taken
a tailored, risk-based approach to
address protection for the provision of
digital health technology to patients.
Among the entities that are otherwise
ineligible for this safe harbor, we have
identified manufacturers of devices or
medical supplies as an entity type that
should, to advance the policy goals of
this rulemaking, have a limited pathway
for protection when they provide digital
health technologies as defined in this
rule. Under the final rule, manufacturers
of devices or medical supplies as
defined in paragraph 1001.952(ee)(14)
are eligible for protection under the
patient engagement and support safe
harbor, but only to the extent that the
tools and supports they provide to
patients meet the definition of digital
health technology, as also defined in
paragraph 1001.952(ee)(14). All VBE
participants that are eligible to use this
safe harbor may provide patients with
digital health technology. Eligible VBE
participants, other than a manufacturer
of a device or medical supply, are not
limited to digital heath technology as
defined at paragraph 1001.952(ee)(14) as
long as all safe harbor conditions are
met.
Under the final care coordination
arrangements safe harbor, DMEPOS
companies (i.e., entities or individuals
that sell or rent DMEPOS (other than a
pharmacy, a manufacturer of a device or
medical supply, or a physician,
E:\FR\FM\02DER3.SGM
02DER3
77784
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
provider, or other entity that primarily
furnishes services)) are also eligible for
the limited technology participant
pathway. However, for the patient
engagement and support safe harbor, we
are finalizing our proposal to make
companies that sell or rent DMEPOS
ineligible for the safe harbor without
exception. We make this distinction
based on the different roles and risks
associated with entities and individuals
that sell or rent DMEPOS when they
interact directly with patients. Our
enforcement experience reveals
persistent and troubling fraud and abuse
in sectors of the DMEPOS industry,
including inducements paid to
beneficiaries to order medically
unnecessary products or to disclose
their Medicare beneficiary identifier or
other personal information. Entities and
individuals that sell or rent DMEPOS
have more pervasive and personal
relationships with individual patients
and sell more products directly to
patients than manufacturers of medical
devices and supplies. This restriction
does not mean that patients cannot
receive digital tools and supports
related to DMEPOS under the safe
harbor, but they cannot be provided or
funded by entities and individuals that
sell or rent DMEPOS. Arrangements
between entities and individuals that
sell or rent DMEPOS and patients would
be subject to a case-by-case analysis for
compliance with the Federal antikickback statute.
Consistent with the discussion in
section III.B.2.e.ii, the final rule lists ‘‘an
entity or individual that sells or rents’’
DMEPOS as ineligible for safe harbor
protection unless the entity or
individual is a pharmacy, a
manufacturer of a device or medical
supply, or a physician, provider, or
other entity that primarily furnishes
services. This approach focuses on the
nature of the entity’s business rather
than relying on unrelated definitions of
‘‘distributor’’ or ‘‘supplier.’’ As
explained in section III.B.2.e.ii, carving
out pharmacies, providers, and other
entities that primarily furnish services
will ensure that these entities—which
are likely to be at the front lines of care
coordination—remain eligible for safe
harbor protection.
For purposes of the patient
engagement and support safe harbor, a
manufacturer of a device or medical
supply is eligible for protection, as
provided in paragraph
1001.952(hh)(1)(vi), even if it rents or
sells DMEPOS. The multiple business
lines analysis would not be needed. The
definition for DMEPOS companies at
paragraph 1001.952(hh)(1)(vi) is
different from the definition of DMEPOS
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
companies for the care coordination
arrangements safe harbor to effectuate
and clarify the policy goal that the
patient engagement and support safe
harbor protect digital technology
provided by medical device and supply
manufacturers.
Regarding commenters’ concern about
the potential impact of the safe harbor’s
entity carve-outs on diversified entities
that include corporate affiliates and
business units that provide a wide range
of items and services, we reiterate the
discussion in section III.B.2.e.v above
regarding entities with multiple lines of
business.
Among other specific entity types
addressed by commenters, we note that
the only entities not eligible to provide
protected remuneration under this safe
harbor are those entities listed in
paragraph 1001.952(hh)(1). Accordingly,
many of the entities mentioned by
commenters including many
pharmacists and pharmacies and
dialysis facilities could furnish
protected tools and supports, provided
all conditions of the safe harbor are
satisfied. Pharmacy benefit managers are
not eligible to furnish protected tools
and supports under this safe harbor for
the reasons set forth at section III.B.2.e.
Health technology companies are
eligible to be VBE Participants and
furnish protected tools and supports. If
the health technology company is a
manufacturer of a device or medical
supply, then it may only furnish
protected tools and supports in the form
of digital health technology. If the
health technology company is an entity
or individual that sells or rents
DMEPOS covered by a Federal health
care program (other than a pharmacy, a
manufacturer of a device or medical
supply, or a physician, provider, or
other entity that primarily furnishes
services) or any other type of ineligible
entity, it may not use this safe harbor.
As explained in more detail in section
III.B.2.e.ii.f, pharmacies that primarily
compound drugs or primarily dispense
compounded drugs are ineligible for
protection under the patient engagement
and support safe harbor. We have
significant concerns about fraud and
abuse risks based on enforcement and
oversight experience involving
compounding pharmacies. Although
pharmacies that primarily compound
drugs or primarily dispense
compounded drugs are ineligible for
safe harbor protection, we believe most
community pharmacies would remain
eligible. As explained in section
III.B.2.e.iv, we believe that many
community and retail pharmacies have
the potential to be VBE participants and
further the coordination and
PO 00000
Frm 00102
Fmt 4701
Sfmt 4700
management of patient care, including
through the provision of patient
engagement tools and supports.
Accordingly, pharmacies (other than
compounding pharmacies) are fully
eligible for protection under this safe
harbor.
Comment: Some commenters objected
to categorically limiting protection
based on entity type altogether, urging
OIG to focus on program integrity
safeguards that could prohibit
inappropriate behavior rather than
carving out categories of entities from
protection. A commenter suggested that,
to the extent OIG retains its categorical
approach in the final rule, it should
clarify that parties will not be ineligible
for safe harbor protection on the basis of
corporate affiliates, shared ownership,
or separate business units.
Response: As noted in our response to
the prior comment, the entities listed in
paragraph 1001.952(hh)(1) may not
furnish protected tools and supports
under this safe harbor because of the
risk that tools and supports from these
entities could improperly influence
patients or physicians. The final rule
does not explicitly prohibit an entity
that is a corporate affiliate or under
shared ownership with an ineligible
entity from offering protected tools and
supports. For entities with multiple
business lines, this preamble at section
III.B.2.e.v describes the analysis to
determine whether such an entity
would be considered one of the
ineligible entity types under this safe
harbor. Notably, corporate affiliation—
whether by majority ownership,
common ownership, or another
structure—has no bearing on eligibility
for safe harbor protection under the
patient engagement and support safe
harbor.
Comment: Several commenters
recommended that OIG structure the
patient engagement and support safe
harbor to protect tools and supports
offered by Indian health programs.
Response: We are mindful of the
important work done by Indian health
programs and the critical needs of their
patient populations for improved
coordination and delivery of care.
Indian health care providers that
become VBE participants are eligible to
use this safe harbor to provide tools and
supports to beneficiaries. We did not
propose and have not structured a
specific safe harbor for Indian health
programs. Providers interested in
patient engagement programs can also
use the local transportation safe harbor.
It is important to note that arrangements
that do not fit in a safe harbor are not
necessarily unlawful, and the OIG
advisory opinion process remains
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
available for providers seeking a legal
opinion regarding an existing or
proposed arrangement.
Comment: In response to our
solicitation of comments in the OIG
Proposed Rule regarding a potential
condition that safe harbor protection is
only available to entities that assume
downside financial risk, several
commenters urged OIG not to adopt
such a financial risk assumption
requirement. One commenter opined
that there is no logical connection
between a provider’s financial risk and
the benefits of patient engagement.
Another commenter noted that adding a
financial risk requirement could limit
application of this safe harbor to large
practices and health systems, positing
that small, rural, and underserved
practices are unable to take on financial
risk and therefore would not be able to
provide tools and supports protected by
the safe harbor should it include a
requirement that protected offerors
assume downside financial risk. A
commenter noted that for a VBE with
downside financial risk there is no
incentive to provide an item, tool,
support, or service that is not related to
treating or preventing a disease or injury
among a target patient population. As
such, inherently, the VBE participant
must believe the tool or support will
provide a medical or health benefit to
the patient to whom it is being given.
Another commenter with experience as
a risk-bearing ACO entity supported
limiting this safe harbor to VBEs
engaged in risk-bearing arrangements,
citing a learning curve in the
appropriate use of tools and supports,
and highlighting that the assumption of
downside financial risk may offset some
of the traditional fraud and abuse
concerns, such as overutilization.
Response: We agree with commenters
and believe that various providers and
other entities—including those who
have not assumed downside financial
risk—could engage in beneficial patient
engagement and support. Consequently,
in an attempt to promote flexibility and
innovation related to patient
engagement and support, the safe harbor
as finalized in this rule does not contain
a financial risk requirement.
c. Limitations on Recipients
Summary of OIG Proposed Rule: The
proposed safe harbor protected only
tools and supports furnished by a VBE
participant to a patient within a defined
‘‘target patient population,’’ as that term
is defined at proposed paragraph
1001.952(ee)(12)(ii), and without regard
to payor type. We solicited comments
on whether to broaden the category of
patients who can receive protected tools
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
and supports under this safe harbor to
include, for example, any patient, so
long as the tools and supports
predominantly address needs of the
target patient population and the tools
and supports have a direct connection
to the coordination and management of
care for the patient.57
Summary of Final Rule: We finalize,
with modification, our proposal to limit
safe harbor protection to tools and
supports provided to patients in a target
patient population. The final safe harbor
clarifies our intent that, to qualify for
safe harbor protection, a tool or support
must be furnished by a VBE participant
to a patient in the target patient
population of a value-based
arrangement to which the VBE
participant is a party. This language
ensures that the remuneration is linked
to the target patient population relevant
to the VBE to which the VBE participant
is a party. It further ensures that the
remuneration has a direct connection to
the coordination and management of
care of the relevant target patient
population, as set forth in the condition
at paragraph 1001.952(hh)(3)(ii).
Comment: Several commenters
appreciated that we proposed protection
for patient engagement tools and
supports offered to a target patient
population, notwithstanding payor type,
and agreed as a general matter that the
provision of protected tools and
supports should be limited to the target
patient population.
Response: We have finalized the
condition, as proposed. The safe harbor
only protects remuneration provided to
a patient in a target patient population.
Comment: Some commenters
suggested that this safe harbor not
incorporate the definition of ‘‘target
patient population’’ proposed at
paragraph 1001.952(ee)(12)(ii), or that
this safe harbor protect tools and
supports given to certain patients
outside the target patient population.
Other commenters proposed alternative
‘‘target patient population’’ definitions
or exceptions for rural and underserved
communities outside of the VBE
construct, as well as exceptions
designed to address social determinants
of health. Commenters also asked us to
finalize a broad category of protected
recipients without any defined
parameters, such as limiting the scope
of protected recipients to patients with
a specific disease state or certain
chronic conditions. Several commenters
highlighted problems with and sought
clarity regarding a VBE participant’s
inability to retrospectively or
prospectively identify or assign patients
57 84
PO 00000
FR 55723 (Oct. 17, 2019).
Frm 00103
Fmt 4701
Sfmt 4700
77785
to the target patient population, and
whether a precise population was
required to satisfy the definition of
‘‘target patient population’’ for purposes
of this safe harbor.
Response: The final safe harbor
retains the conditions that a protected
tool or support must be provided to a
patient in the target patient population
and must have a direct connection to
the coordination and management of
care of the target patient population. We
believe that requiring a VBE participant
to specify a target patient population
prior to offering patient engagement
tools and supports will help tie the tools
and supports to the underlying valuebased purposes of the VBE and will
necessitate careful consideration of the
objective characteristics of the patient
population that likely will benefit from
any offered tools and supports. We also
believe that a connection to an
objectively defined target patient
population decreases the risk that
valuable remuneration will be offered to
patients as an inducement to seek care.
We have incorporated the definition of
‘‘target patient population’’ as finalized
at paragraph 1001.952(ee)(14)(v) for the
sake of consistency and because VBE
participants will have familiarity with
the defined term through the creation of
a VBE.
As noted in the summary above, we
also are finalizing the proposed
requirement that only tools and
supports furnished by VBE participants
are eligible for protection under this safe
harbor. This provision does not impose
additional burdens on VBE participants.
Establishing a VBE requires articulating
a value-based purpose and defining a
target patient population, which
significantly contributes to meeting this
condition. The requirement that a
patient engagement tool or support be
furnished by a VBE participant to a
patient in a target patient population
does not include any exceptions for
patients in rural or underserved areas,
or for remuneration intended to address
social determinants of health. We
emphasize, however, that VBE
participants have considerable
flexibility in determining how to define
a target patient population, as long as
the population is selected using
legitimate and verifiable criteria that are
set out in writing and further the VBE’s
value-based purpose. In addition, VBE
participants could establish multiple
target patient populations for the
purposes of furnishing tools and
supports to be protected by this safe
harbor as long as all safe harbor
conditions are satisfied.
Comment: Many commenters
supported the alternative language for
E:\FR\FM\02DER3.SGM
02DER3
77786
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
which we solicited comments, which
would have protected tools and
supports furnished to any patient, as
long as the tools and supports
predominantly address the needs of the
target patient population, and the tools
and supports have a direct connection
to the coordination and management of
care for the patient, noting, for example,
that it can be challenging to make
accurate prospective predictions of
which patients are aligned with a target
patient population at any given time.
Response: In this final rule, we
decline to protect remuneration
furnished to patients outside a specified
target patient population. Limiting
protected tools and supports only to
patients within the target patient
population will help to ensure the tools
and supports have a nexus to the VBE’s
underlying value-based purpose in a
way that might be more attenuated
under our alternative proposal.
Comment: Some commenters
recommended that the safe harbor
protect the provision of tools or
supports for patients whose conditions
or circumstances are similar to those of
the target patient population,
highlighting the risk of penalties
associated with providing tools and
supports to patients who could benefit
from them despite falling outside of the
target patient population.
Response: The final safe harbor
requires VBE participants seeking
protection under the patient engagement
and support safe harbor to define the
scope of the applicable target patient
population to include patients likely to
benefit from the relevant tools and
supports. As discussed above in more
detail in section III.B.2.c, the selection
criteria—not the individual patients—
must be identified in advance. Parties
may modify their target patient
population selection criteria
prospectively by amending their
existing value-based arrangement. VBE
participants can retroactively attribute
patients to the target patient population
without amending the value-based
arrangement if such patients meet the
selection criteria established prior to the
commencement of the value-based
arrangement.
d. Furnished Directly to the Patient
Summary of OIG Proposed Rule: We
proposed to include a condition at
proposed paragraph 1001.952(hh)(1)
that the tool or support must be
furnished directly to the patient by a
VBE participant. We solicited comments
on arrangements through which a VBE
participant might order or arrange for
the delivery of a tool or support from an
independent third party. We also sought
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
comment on whether to expressly
permit a VBE participant to furnish the
tool or support through someone acting
on the VBE participant’s behalf and
under the VBE’s direction, such as a
physician practice that is a VBE
participant providing a tool or support
through an individual member of the
practice or a nurse employed by the
practice. We also solicited comments
regarding whether to require patient
notice if third parties are involved in the
furnishing of the tool or support.
Summary of Final Rule: We are
finalizing, with modification, this
condition at paragraph 1001.952(hh)(2).
The final rule extends safe harbor
protection to a VBE participant that
provides patient engagement tools or
supports through a third party that
qualifies as an ‘‘eligible agent,’’ as
defined in paragraph 1001.952(hh)(9).
Comment: Most commenters did not
support the condition requiring that
tools or supports be furnished directly
to the patient by the VBE participant, for
several reasons. For example,
commenters asserted that, depending on
the size or sophistication of the VBE
participant’s practice, the VBE
participant may outsource the
furnishing of the tool or support, or
otherwise not be present at the time it
is furnished. Others suggested that a
partner or an agent of a VBE participant,
such as a vendor, contractor, or
employee of the participant, should also
be permitted to furnish the patient
engagement tools or supports at the
direction of the VBE participant, noting
that for entities and individuals
furnishing tools and supports,
outsourcing the provision of such tools
and supports to independent third
parties is a common practice. Other
commenters recommended protection of
tools and supports provided by
nontraditional or nonclinical (but
health-related) third parties that address
social determinants of health or
transportation needs. For example, a
health system commenter indicated that
it contracts with vendors to provide
digital devices and tools to patients.
Another commenter also provided an
illustrative example, explaining that to
furnish a patient with a ‘‘grab bar’’ at
home, it would purchase a grab bar
through an online retailer and then
contract with a local hardware vendor to
install the grab bar. Another commenter
recommended safe harbor protection for
the provision of tools and supports
through which the third party is under
the control and oversight of the VBE
participant and is otherwise eligible to
participate in a VBE (as proposed in the
OIG Proposed Rule).
PO 00000
Frm 00104
Fmt 4701
Sfmt 4700
Response: We agree that the safe
harbor should protect the provision of
tools and supports through a person or
entity acting on behalf of the VBE
participant and under the VBE
participant’s direction, but only if
certain conditions are met. Requiring
that the tool or support be furnished
directly to the patient by the VBE
participant prevents entities that are
ineligible to participate in a VBE from
directly or indirectly furnishing tools or
supports to patients. Also, as we
explained in the OIG Proposed Rule, the
requirement would help patients
understand who is furnishing the tool or
support and why. Notwithstanding, we
have finalized a provision at paragraph
1001.952(hh)(2) that extends protection
to tools and supports furnished through
a VBE participant’s ‘‘eligible agent,’’
assuming the other conditions of the
safe harbor are met. For purposes of this
paragraph, ‘‘eligible agent’’ means any
person or entity that is not identified in
paragraph 1001.952(hh)(1)(i)–(viii) as
ineligible to furnish protected tools and
supports. Thus, the eligible agent must
be an individual or entity that could
furnish protected tools and supports
under paragraph 1001.952(hh)—even
though the eligible agent does not itself
need to become a VBE participant. The
VBE participant’s eligible agent could
be, for example, employees and
contractors of a practice when the VBE
participant is the practice itself, or other
third parties such as technology vendors
or retailers. This condition also means
that an entity precluded from furnishing
or funding protected tools and supports
under paragraph 1001.952(hh)(1) cannot
be an eligible agent of a VBE participant
for purposes of furnishing a protected
patient engagement tool or support.
Furthermore, this safe harbor does not
protect any remuneration that flows
through or is furnished by a third party
that is not an eligible agent.
Comment: Some commenters
recommended that a tool or support be
eligible for safe harbor protection if it is
furnished to a caregiver or family
member of a patient in the target patient
population.
Response: We agree that a tool or
support should be eligible for safe
harbor protection if it is furnished to a
caregiver or family member of a patient
in the target population, as long as the
tool or support satisfies all conditions of
the safe harbor conditions. As we stated
in the OIG Proposed Rule, a tool or
support would not be considered
‘‘diverted’’ if furnished to the patient
indirectly through the patient’s
caregivers or family members, or
through another individual acting on
behalf of the patient. We provided
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
examples of such scenarios, including
one in which a patient is unable to care
for himself or herself and another
person has legal authority or the
patient’s consent to do so, such as when
a parent caring for a minor child with
asthma accepts and installs an air
purifier on behalf of the child.58
Although we included this discussion
in the context of a proposed condition
to mitigate potential diversion of patient
engagement tools and supports—which
is not being finalized in this rule—we
nevertheless believe the discussion is
applicable to the ‘‘furnished directly’’
condition at paragraph 1001.952(hh)(2).
Accordingly, intervening caregivers and
family members or others acting on
behalf of the patient may facilitate the
provision of the tool or support without
the remuneration running afoul of the
‘‘furnished directly’’ requirement if all
other conditions of the safe harbor are
satisfied.
Comment: Some commenters
suggested that when a third party is
providing the tool or support, the
patient should be notified in writing or
otherwise about the sponsor and other
details about the vendor and the
purpose of the tool or support. Other
commenters objected to any additional
notification requirements as
burdensome to the provider and the
patient.
Response: We appreciate the
commenters’ suggestion but decline to
impose such a notification requirement.
The safe harbor only protects the
provision of tools and supports that are
recommended by a patient’s health care
professional, and many of the
enumerated goals in the safe harbor also
require the involvement of the patient’s
licensed health care professional. Based
on these conditions, we believe
beneficiaries are unlikely to receive
tools or supports that otherwise meet
the conditions of the safe harbor
without an awareness of the source and
purpose of those items or services.
Furthermore, lack of awareness of the
source and purpose also may diminish
the likelihood for improved patient
engagement. To best promote patient
engagement and ensure the benefits of
any tools and supports are realized, VBE
participants have an incentive to clearly
communicate about the tools and
supports they provide without a formal
patient notification requirement.
e. Funding Limitations
Summary of OIG Proposed Rule: In
proposed paragraph 1001.952(hh)(2), we
proposed to prohibit any third-party
entity or individual outside of the VBE
58 84
FR 55728 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
from financing or otherwise
contributing to the provision of patient
engagement tools or supports. In the
OIG Proposed Rule, this condition
would have prevented entities not
eligible to become VBE participants
from circumventing that limitation and
seeking protection for tools and
supports they furnished to patients
under the patient engagement and
support safe harbor.
Summary of Final Rule: We are
finalizing, with modifications, this
condition at paragraph 1001.952(hh)(4).
Specifically, the final regulation text
states that the patient engagement tool
or support must not be funded or
contributed by a VBE participant that is
not a party to the applicable value-based
arrangement or by an entity listed at
paragraph 1001.952(hh)(1)(i) through
(viii). The modifications have been
made to ensure that the specified
entities ineligible for protection under
this safe harbor at paragraph
1001.951(hh)(1) are not able to
circumvent that restriction by indirectly
funding or contributing to tools and
support protected under this safe
harbor. This condition also clarifies our
intent that the VBE participant must be
a party to the ‘‘applicable value-based
arrangement.’’ In other words, the
patient receiving the tool or support
must be a member of the target patient
population of a VBA to which the VBE
participant is a party. This also ensures
that the remuneration has a direct
connection to the coordination and
management of care of the target patient
population of the applicable VBA to
which the VBE participant is a party.
The condition at paragraph
1001.952(hh)(4) effectuates our
proposed policy to bar safe harbor
protection for tools and supports funded
by entities that, under the proposed
rule, could not have been in a VBE (see
section III.B.2.e.ii for discussion of these
entities). The safe harbor does not
protect any patient engagement tools
and supports funded by or involving
contributions from entities identified at
paragraph 1001.952(hh)(1)(i) through
(viii).
Comment: Several commenters found
this condition unduly restrictive, citing
potential challenges with meeting this
condition when delegating the provision
of tools and supports or sharing a care
coordinator with someone outside of the
VBE. Another commenter stated that
entities explicitly ineligible for
participation in a VBE under the OIG
Proposed Rule’s definition of ‘‘VBE
participant’’ play a vital role in
supporting the care of patients, and
without funding from such entities,
hospitals and payors would be limited
PO 00000
Frm 00105
Fmt 4701
Sfmt 4700
77787
regarding what types of patient
engagement tools and supports they
could provide.
Response: We are finalizing this
condition with modifications. This
condition is an important safeguard that
prevents entities ineligible for safe
harbor protection from circumventing
the conditions of the safe harbor by
doing indirectly what they cannot do
directly. Regarding commenters’
concerns about the impact of this
condition on the ability to delegate the
provision of tools or supports, we
emphasize that, as discussed in the
prior section of this preamble, VBE
participants may provide tools and
supports via an eligible agent, which
can be any third party as long as the
third party is not otherwise ineligible to
furnish protected tools and supports
under this safe harbor.
Comment: A commenter supported
this condition, noting that outside
funding or contributions pose a risk of
inappropriate steering to specific
suppliers of products or services. Other
commenters appreciated the purpose of
this limitation but asked OIG to allow
for certain donations from foundations
or charities to a VBE, together with a
safeguard prohibiting the donating third
party from having direction or control
over how the funds are spent. Another
commenter stated that other types of
entities such as construction companies
may offer to modify homes with ramps
and wider doors, among other things,
without charge, and that this condition
could prevent protection for such
donations.
Response: We appreciate that many
entities would like to fund or otherwise
contribute to protected patient
engagement tools and supports provided
by a VBE participant, including through
charitable or otherwise arm’s-length
donations made to a VBE. Our goal in
implementing the funding and
contribution limitations is to ensure that
entities that may not furnish protected
tools and supports directly are unable to
indirectly provide or fund protected
tools and supports. We believe that
limiting the types of entities that may
fund protected tools and supports is an
important safeguard against
circumvention schemes, including
potential arrangements involving
foundations or charities. Without the
funding and contribution limitations, it
is possible that entities ineligible to
provide tools and supports could
indirectly fund such items or services
through a foundation, charity, or other
entity, which could make it difficult to
determine the ultimate source of
funding. We believe the final funding
and contribution limitations described
E:\FR\FM\02DER3.SGM
02DER3
77788
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
here provide sufficient flexibility for
VBE participants to provide protected
tools and supports while safeguarding
against the heightened risk of fraud and
abuse related to tools and supports
furnished to patients by the types of
entities that are ineligible for safe harbor
protection.
Nothing in this condition would
prevent a charity or foundation from
providing tools and supports directly to
patients, assuming such an arrangement
complies with the Federal anti-kickback
statute or Beneficiary Inducements
CMP, if either statute is implicated. If
the charity or foundation is not funded
by health care entities, the arrangement
might not implicate the statutes.
Further, nothing in this safe harbor
would prevent construction companies
from modifying homes with ramps,
widening doors, or providing other
construction services for free to patients,
provided those arrangements comply
with the statute. Free services offered to
a patient directly by a construction
company that does not provide
Federally reimbursable items or services
or make referrals for them would not
implicate the statutes, and therefore,
safe harbor protection would not be
needed. However, such free services
offered through an intermediary that
provides federally reimbursable items
and services, such as a hospital, would
need to be evaluated on a case-by-case
basis under the statute; the arrangement
between the construction company and
hospital would not implicate the statute,
but the arrangement between the
hospital and patient might.
f. Nature of the Remuneration
Commenters provided numerous
suggestions regarding specific types of
remuneration potentially protected
under this safe harbor. In the sections
below, we respond to such comments
and provide examples of potentially
protected types of remuneration, but we
note that the examples or categories of
items, goods, and services included here
are neither exhaustive nor
presumptively protected under this safe
harbor. Specifically, we remind
stakeholders that all conditions of the
safe harbor must be squarely satisfied
for the tools and supports to be
protected by the safe harbor.
i. In-Kind Remuneration
Summary of OIG Proposed Rule: At
proposed paragraph 1001.952(hh)(3)(i),
we proposed to protect any in-kind
preventive item, good, or service, or an
in-kind item, good, or service such as
health-related technology, patient
health-related monitoring tools and
services, or supports and services
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
designed to identify and address a
patient’s social determinants of health.
Summary of Final Rule: We are
finalizing, with modifications, the
provision at paragraph
1001.952(hh)(3)(i). The final rule
protects patient engagement tools and
supports that are in-kind items, goods,
and services provided they meet all
applicable safe harbor conditions. We
are not finalizing the regulatory text at
proposed paragraph 1001.952(hh)(3)(i)
that provided specific examples of
protected in-kind items, goods, or
services (i.e., health-related technology,
patient health-related monitoring tools
and services, supports and services
designed to identify and address social
determinants of health). As finalized by
this rule, paragraph 1001.952(hh)(3)(i)
specifies that protection is offered only
for in-kind items, goods, or services,
without specifying categories of items,
goods, or services. We believe including
nonexhaustive categories in regulatory
text was not necessary or helpful to
explain the meaning of an ‘‘in-kind
item, good, or service.’’ These changes
are intended to ensure the final rule
does not inadvertently preclude types or
categories of tools or supports that could
receive protection under the safe harbor.
Provided that all safe harbor
requirements are satisfied, the final rule
protects a broad range of tools and
supports that may include, among
others, health-related technology,
patient health-related monitoring tools
and services, and supports and services
designed to identify and address a
patient’s social determinants of health.
We have modified and reorganized the
regulatory text to better effectuate this
policy.
Based on public comments, we
confirm that preventive items, goods, or
services can be protected under this safe
harbor. However, we are not finalizing
the proposed regulatory text at
paragraph 1001.952(hh)(3)(i) regarding
preventive care. To make clear that
preventive items, goods, or services can
fit in the safe harbor, we have amended
the goal of ‘‘management of a disease or
condition’’ to read ‘‘prevention or
management of a disease or condition’’
at paragraph 1001.952(hh)(3)(vi)(D).
Comment: A number of commenters
supported our overall approach to
identify categories of protected in-kind
remuneration instead of endeavoring to
provide a comprehensive list of tools
and supports eligible for safe harbor
protection and believed that the
categories proposed are—and should
remain—sufficiently flexible to
encompass a range of tools and supports
across various care settings.
Commenters stated that VBEs should
PO 00000
Frm 00106
Fmt 4701
Sfmt 4700
have flexibility to determine the most
appropriate tools and supports to
provide as a part of the arrangements
and recommended against OIG
specifying a list of tools and supports
that could, ultimately, stifle innovation,
particularly with respect to tools and
supports designed to address social
determinants of health. Alternatively,
some commenters encouraged us to
provide greater specificity and more
examples of protected patient
engagement tools and supports based on
comments received in response to the
OIG Proposed Rule. For example, a
commenter urged OIG to provide as
many examples as possible of the tools
and supports that would and would not
be protected by this safe harbor in the
preamble to the final rule. Others
requested some examples but urged us
to clarify that any examples are
illustrative, not exhaustive.
A commenter supported protection
for tools and supports that impact
positive behavioral change, such as
receiving an annual wellness visit,
participating in a smoking cessation
program, or seeking care from a lower
cost provider (e.g., receiving imaging
services in a freestanding setting as
opposed to a hospital outpatient
department). The commenter also
supported addressing a barrier to
adhering to a care plan, such as
providing cooking classes to facilitate
the preparation of healthy meals,
providing condition-specific groceries,
or providing condition-specific
technology (e.g., electronic scales,
internet service to facilitate data
collection, or both). Another commenter
listed examples of additional dialysisrelated tools and supports that should
be covered.
Response: Rather than listing specific
examples of tools and supports
potentially eligible for protection under
this safe harbor, the final safe harbor
contains a list of goals at paragraph
1001.952(hh)(3)(vi), at least one of
which a tool or support must advance
in order to qualify for safe harbor
protection. We believe this provides
substantial flexibility for VBE
participants to offer a wide range of
tools and supports.
As noted above, we have omitted the
examples of remuneration listed in
proposed paragraph 1001.952.(hh)(3)(i).
With respect to tools and supports
designed to address a patient’s social
determinants of health, such
remuneration is protected if it meets one
of the final safe harbor’s enumerated
goals listed at paragraph
1001.952(hh)(3)(vi). This change is
intended to ensure the final rule is
agnostic about the specific types or
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
categories of tools and supports
protected by this safe harbor. As a
result, health-related technology and
patient health-related monitoring tools
and services are eligible for safe harbor
protection if they meet the other
conditions of the safe harbor, including
at least one of the goals at paragraph
1001.952(hh)(3)(vi).
We have provided some examples of
categories and specific tools and
supports in the discussion below at
section III.B.6.f.iv related to social
determinants of health, as well as
general descriptions of certain health
technologies potentially protected by
this safe harbor. We also agree with
commenters who suggested that any
examples provided in this final rule’s
preamble should be illustrative rather
than exhaustive, to provide for
flexibility and innovation in the
provision of patient engagement tools
and supports. We intend for the safe
harbor to protect a range of in-kind
remuneration and agree that many of the
tools and supports described by the
commenters may satisfy the safe harbor
if all other conditions of the safe harbor
are met.
Comment: A commenter stated that
the proposed safe harbor is too narrow
to truly drive patient engagement
because, although it protects the
provision of tools and supports to
patients, it does not protect efforts to
encourage the utilization of those tools
or otherwise protect efforts to
incentivize care adherence.
Response: We disagree that the safe
harbor lacks sufficient regulatory
flexibility for the provision of tools and
supports that promote patient
engagement. In response to the
suggestion that the safe harbor should
protect efforts to encourage the
utilization of protected tools and
supports, we note that nothing in the
safe harbor would limit the ability of
VBE participants to educate patients
about available tools and supports as
long as the VBE participant does not use
the patient engagement tools or supports
to market other reimbursable items or
services, or for patient recruitment
purposes, as prohibited at paragraph
1001.952(hh)(6).
In response to the suggestion that the
safe harbor should protect efforts to
incentivize care adherence, we note that
a VBE participant must ensure that the
tool or support advances an enumerated
goal at paragraph 1001.952(hh)(3)(vi),
several of which involve patient
adherence. For example, the safe harbor
protects tools and supports that advance
goals for adherence to a treatment
regimen, adherence to a drug regimen,
and adherence to a followup care plan
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
if all other conditions are met. In
addition, we think that the conditions
requiring a licensed health care
professional to recommend the tool or
support and requiring that the tool or
support be directly connected to the
coordination and management of care
require the offeror to evaluate whether
the tool or support will advance the
enumerated goals listed in the safe
harbor.
Comment: A commenter requested
OIG clarify its interpretation of the
phrase ‘‘preventive care item or service’’
for the purposes of this safe harbor to
ensure that the definition remains
flexible enough to encompass rapidly
advancing technology. Another
commenter requested that we add
‘‘primary and secondary prevention’’ to
the regulatory text of this safe harbor to
clarify that various forms of preventive
efforts are protected by the safe harbor.
Another commenter requested that we
add ‘‘tertiary’’ prevention. Commenters
generally supported OIG’s proposal to
defer to VBE participants or physicians
in determining: (i) What constitutes a
preventive item or service for the
purposes of this safe harbor; and (ii) the
appropriate tools and supports to
address such preventive care, asserting
that physicians are in the best position
to assess whether a particular item or
service is preventive.
Response: Tools and supports in
furtherance of preventive care and
services can be protected under this safe
harbor if the other conditions are
satisfied. The final safe harbor
regulation does not identify a specific
category of remuneration for preventive
care items, goods, or services. Instead,
preventive items, goods, and services
could be protected under the safe
harbor’s general protection of in-kind
items, goods, or services that satisfy the
conditions of the safe harbor, including
advancing one of the safe harbor’s
enumerated goals. For example, a
preventive item, good, or service could
advance the goal of ‘‘prevention or
management of a disease or condition’’
at paragraph 1001.952(hh)(3)(vi)(D).
ii. Cash, Cash Equivalents, and Gift
Cards
Summary of OIG Proposed Rule: We
proposed at proposed paragraph
1001.952(hh)(3)(iii) to exclude
protection for remuneration in the form
of cash, cash equivalents, and gift cards,
and we sought additional comments on
whether the safe harbor should protect
those forms of remuneration.
Summary of Final Rule: We are
finalizing, with modification, the
proposed condition at paragraph
1001.952(hh)(3)(iii). The final regulatory
PO 00000
Frm 00107
Fmt 4701
Sfmt 4700
77789
text does not reference gift cards
because some gift cards would be
considered in-kind remuneration
eligible for safe harbor protection. Cash,
cash equivalents, and most gift cards are
excluded in the final rule because the
safe harbor is limited to in-kind
remuneration.
Comment: Several commenters
echoed the concerns we raised in the
OIG Proposed Rule regarding the risks
of protecting cash, cash equivalents, and
gift cards under the safe harbor, urging
us to limit safe harbor protection to inkind remuneration to reduce the risk of
inappropriate patient steering or
coercion.
Response: We agree with these
comments, and we believe restricting
protection to in-kind remuneration in
the final rule reflects OIG’s longstanding
concern about the fraud and abuse risks
inherent to providing cash, cash
equivalents, or gift cards to
beneficiaries.
Comment: A number of commenters
urged OIG to protect gift cards under
this safe harbor. In particular, several
commenters suggested that we clarify
that a voucher provided through a debit
card-like mechanism that could be used
to acquire tools or supports, such as
food or transportation, would be
considered ‘‘in-kind’’ under the safe
harbor. Another commenter urged OIG
to protect the provision of gift cards but
suggested that prepaid debit cards
should be excluded from protection,
similar to existing OIG guidance
regarding cash and cash equivalents.
A commenter recommended
protecting gift cards that may be
redeemed only at certain stores for
certain purposes consistent with OIG’s
previous guidance on cash and cash
equivalents, as long as they are not
advertised or otherwise included in
prospective marketing or promotional
efforts, and earned via active, verifiable
participation in core elements of a
beneficiary’s treatment plan.
A commenter noted that gift cards
provide sufficient flexibility with less
risk than cash, noting that a gift card
may be exchanged for cash, but
typically at a reduced value.
Response: As we stated in the
preamble to the OIG Proposed Rule, we
would consider a voucher for a
particular tool or support (e.g., a meal
voucher or a voucher for a taxi) to
satisfy the safe harbor’s in-kind
requirement. However, consistent with
our treatment of these issues in prior
regulations,59 we consider debit cards,
rebate checks, and most gift cards to be
cash equivalents and not a protected
59 81
E:\FR\FM\02DER3.SGM
FR 88393 (Dec. 7, 2016).
02DER3
77790
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
form of in-kind remuneration under this
safe harbor.
We are not, however, departing from
OIG’s existing guidance regarding
limited-use gift cards.60 Gift cards that
can be redeemed only for certain
categories of items (such as fuel-only
gift cards redeemable at gas stations)
could meet the in-kind requirement
under this safe harbor. Gift cards meet
the in-kind requirement only if their
potential use is limited to certain
categories of items or services that meet
the conditions of the safe harbor. For
instance, a gift card for a service that
delivers the ingredients necessary for a
healthy meal would meet the in-kind
requirement and could be protected if
the other conditions of the safe harbor
are satisfied. Gift cards offered by large
retailers or online vendors that sell a
wide variety of items (e.g., big-box
stores) could easily be diverted from
their intended purpose or converted to
cash; we would consider such gift cards
to be cash equivalents and therefore not
eligible for protection under this safe
harbor.
Comment: A commenter posited that
when gift cards are furnished to patients
within the VBE context, the financial
model of VBEs serves as an inherent
safeguard against unnecessary and
excessive utilization. The commenter
asserted that when a VBE is financially
at risk for improving outcomes, the VBE
likely would not furnish gift cards to
patients to drive unwarranted
utilization and would be financially
incentivized to encourage only
beneficial utilization that improves
health and helps manage the total cost
of care.
Response: Although we recognize that
VBEs assuming downside financial risk
may have incentives to avoid offering
tools and supports to beneficiaries that
could drive medically unnecessary
utilization, we are not, as discussed
above, requiring VBE participants under
this safe harbor to assume some degree
of financial risk. We believe that some
of the risks associated with fee-forservice payment systems—such as
overutilization—may continue to exist
in VBEs where VBE participants
continue to be paid on a fee-for-service
basis. Therefore, there is a risk that
VBEs would furnish gift cards to
patients to drive inappropriate
utilization, but such conduct would not
be protected by this safe harbor and may
implicate the Federal anti-kickback
statute.
Comment: Several commenters urged
OIG to protect cash, cash equivalents,
and gift cards under this safe harbor but
60 81
FR 88393 n. 19 (Dec. 7, 2016).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
to attach additional safe harbor
conditions to such means of
remuneration. For example, a
commenter suggested that cash, cash
equivalents, and gift cards should be
protected as a reward for taking a
particular action, but that remuneration
should be provided only after a patient
has taken the required action. Another
commenter suggested that OIG protect
cash, cash equivalents, and gift cards
but impose a separate monetary cap that
parallels OIG’s nominal value guidance.
The commenter also urged OIG to
consider requiring that any patient
eligible to receive a cash or cashequivalent incentive would need to be
an ‘‘established patient’’ as defined in
the local transportation safe harbor,
paragraph 1001.952(bb).
Other safeguards recommended by
commenters specific to cash, cash
equivalents, and gift cards include:
Prohibiting the advertising of rewards;
tying incentives to outcomes associated
with the prescribed course of treatment;
a requirement that incentives cannot be
utilized to generate business or
otherwise promote the utilization of
unnecessary or inappropriate items and
services; limiting the use of such
incentives to items that promote health
and wellness, such as nutritious food,
exercise equipment, or health
monitoring and tracking devices; and
requiring entities to have an evidencebased reason to believe that cash, cash
equivalents, or gift cards can increase
patient adherence to recommended
medical guidance. A commenter
suggested that retrospective evaluation
and auditing could be used to identify
any potentially fraudulent activity
relating to cash, cash equivalents, and
gift cards.
Response: We appreciate the
commenters’ suggestions for additional
safe harbor conditions specific to the
provision of cash, cash equivalents, and
gift cards. Based on longstanding
program integrity concerns, the final
safe harbor only protects in-kind
remuneration to include limited types of
gift cards as described further above.
OIG historically has had significant
concerns about providing protection for
providers’ and other health care
stakeholders’ offers of cash or cash
equivalents to patients, and our
oversight experience suggests that cash
and cash-equivalent remuneration raises
substantial fraud and abuse risks,
including the potential for inappropriate
utilization of medically unnecessary
items and services and improper patient
steering. OIG tailored the final safe
harbor’s safeguards to in-kind tools and
supports; therefore, it is not necessary to
adopt additional conditions
PO 00000
Frm 00108
Fmt 4701
Sfmt 4700
recommended by commenters specific
to the provision of cash, cash
equivalents, and gift cards.
Comment: Commenters noted that
cash and cash equivalents are a useful
way to address social determinants of
health and noted that cash and cash
equivalents could facilitate patient
access to transportation, counseling and
coaching, meal preparation, existing and
emerging self-monitoring health
technologies, and other supports that
promote independence and positive
health outcomes.
Response: We recognize that cash and
cash equivalents may be a useful way to
address social determinants of health.
We remain concerned, however, for the
reasons explained above, that cash or
cash-equivalent remuneration to Federal
health care program beneficiaries
presents an elevated risk of fraud and
abuse, and we are finalizing our
proposal to protect only in-kind
remuneration. Parties can structure a
wide range of arrangements involving
in-kind remuneration to address social
determinants of health under the final
safe harbor. For example, in lieu of cash,
protected tools and supports could
include vouchers or limited-use gift
cards (e.g., to address transportation
access to medical appointments to
advance adherence to a followup care
plan, a ride share voucher or gas card
could be protected, provided all other
safe harbor conditions are satisfied).
Arrangements involving cash or cash
equivalents used to address social
determinants of health are not
necessarily illegal; they would need to
be evaluated under the anti-kickback
statute on a case-by-case basis,
including the intent of the parties.
Comment: A commenter asserted that
expanding the safe harbor to protect gift
cards, discount cards, and coupons
toward future services would support
the viability of smaller independent
practices that operate in consolidated
markets and are competing against
hospitals and health systems.
Response: We appreciate the
commenter’s concern regarding
consolidation and the potential effects
of our safe harbors on competition. This
final safe harbor protects certain,
limited categories of gift cards in
accordance with OIG’s previous
guidance on cash equivalents and
limited-use gift cards. We note that
discount cards and coupons may qualify
as protected in-kind remuneration as
long as the other conditions of this safe
harbor are satisfied. We do not,
however, intend for this safe harbor to
protect waivers or reductions in patient
cost-sharing obligations, as discussed
below. For example, a coupon designed
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
to cover only a patient’s cost-sharing
obligation would not be protected by
this safe harbor. We also note that to the
extent parties wish to have safe harbor
protection for any discounts offered to
beneficiaries, they would need to
comply with the terms of the discount
safe harbor at paragraph 1001.952(h) in
order to receive safe harbor protection.
Finally, to the extent the commenter is
referencing gift cards, discount cards,
and coupons that would reward patients
for seeking care, such arrangements may
not satisfy the prohibition on marketing
and patient recruitment at paragraph
1001.952(hh)(6).
Comment: A number of commenters
offered general support for extending
safe harbor protection to cash, cash
equivalents, and gift cards provided to
patients as rewards or incentives to
promote various behaviors, including
attending necessary appointments,
adherence to a treatment regimen, or
participation in a substance abuse
treatment or behavioral modification
program. Several commenters cited a
body of research suggesting that cash
incentives can be effective at improving
patient engagement and adherence or
behavioral modification. For example, a
commenter cited behavioral economics
research findings that even nominal
amounts of cash or cash-equivalent
remuneration can produce substantial
improvements in overall health
outcomes when used as an incentive to
motivate patients to lead healthier
lifestyles.
Commenters also noted that gift cards
may be employed as rewards for healthy
patient behaviors and activities in a
number of other contexts, including
pursuant to certain section 1115 waiver
programs, some Medicaid managed care
organizations, and programs or
initiatives related to Medicaid
Incentives for the Prevention of Chronic
Diseases.
Response: In the OIG Proposed Rule,
we solicited comments on including gift
cards when they are provided to
patients with certain conditions, such as
substance abuse disorders and
behavioral health conditions, as part of
an evidence-based treatment program
for the purpose of effecting behavioral
change. We appreciate the responses
from commenters and understand that
incentives can effectively drive patient
adherence to treatment programs, lead
patients to follow healthier lifestyles, or
effect other behavioral changes.
For example, we recognize that
research shows that contingency
management interventions are the most
effective currently available treatment
for stimulant use disorders. Substance
use disorder treatment programs
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
utilizing contingency management often
involve payments to the patient in the
form of the opportunity to earn
vouchers, gift cards, or even, in some
models, salaries in exchange for desired
prosocial behaviors or meeting specified
goals. We also understand and
acknowledge that there is a growing
problem with stimulant (e.g., cocaine
and methamphetamine) co-use with
opioids. Combatting the opioid
epidemic, including ensuring that
patients have access to effective
treatment programs, has been a top
priority for the Administration, the
Department, and OIG. In addition, many
treatments involving contingency
management interventions have been
developed over decades by scientists
supported by the Federal government
through the National Institutes of
Health.
After weighing the potential benefits
of contingency management and other
programs designed to motivate
beneficial behavioral change with the
potential risks to program integrity—
and understanding that many of these
programs involve cash and cashequivalent payments to patients—we are
not expanding the patient engagement
and support safe harbor to include cash
and cash-equivalent payments offered as
part of contingency management
interventions or other programs to
motivate beneficial behavioral changes.
This does not mean that all such cash
or cash-equivalent payments are
unlawful, but they would be subject to
case-by-case analysis under the Federal
anti-kickback statute and Beneficiary
Inducements CMP. In addition, we
emphasize—as further discussed
below—that in-kind remuneration and
certain limited-use gift cards offered as
part of contingency management
interventions or other programs to
motivate beneficial behavioral changes
could receive protection under the
patient engagement and support safe
harbor if all safe harbor conditions are
satisfied. Indeed, OIG’s final rule offers
many opportunities for those treating
patients for substance use disorders to
improve the coordination and
management of patient care through
value-based arrangements between
providers that band together to improve
care, the provision of in-kind incentives
to patients to motivate them to meet
treatment goals, and broader flexibilities
for transportation arrangements under
the existing local transportation safe
harbor, which would meet an identified
need for patients in rural areas seeking
treatment. While not all such
arrangements implicate the fraud and
abuse statutes, arrangements involving
PO 00000
Frm 00109
Fmt 4701
Sfmt 4700
77791
community recovery support systems
such as clubhouses and peer-to-peer
focused support services would have
broader access to safe harbor protection
under the final rule.
With respect to nominal amounts of
cash or cash-equivalent remuneration
mentioned by the commenter, we
understand that some industry
stakeholders believe OIG’s guidance
permits cash and cash-equivalent
incentive payments up to $75. This is a
misunderstanding of OIG’s guidance.
The Conference Committee report
accompanying the enactment of the
Beneficiary Inducements CMP
expressed Congress’ intent that
inexpensive gifts of nominal value be
permitted.61 OIG has interpreted
inexpensive gifts of nominal value to
mean in-kind items and services with a
retail value of no more than $15 per
item or $75 in the aggregate per
beneficiary on an annual basis.62 Gifts
that implicate the Beneficiary
Inducements CMP that exceed these
dollar limits are not prohibited but are
analyzed on a case-by-case basis for
compliance under the statute. We
highlight, however, that this nominal
value guidance applies to the value of
in-kind items and services, not to the
value of incentive payments in the form
of cash or cash equivalents. In other
words, cash and cash-equivalent
payments under $75 would not be
covered by this guidance. Moreover, this
guidance applies only with respect to
the Beneficiary Inducements CMP and
not to the Federal anti-kickback statute.
Furthermore, we are aware that some
industry stakeholders may be under a
misimpression that OIG prohibits
contingency management program
incentives above $75. There is no OIGimposed $75 limitation on contingency
management program incentives.
Rather, the Federal anti-kickback statute
may constrain the ability of individuals
or entities to offer contingency
management program incentives of any
value to Federal health care program
beneficiaries, depending on the facts of
the arrangement. Moreover, in-kind
incentives above the $75 annual,
aggregate limit, and all cash or cashequivalent incentives regardless of the
amount, must be analyzed on the basis
61 See Joint Explanatory Statement of the
Committee of Conference, section 231 of HIPAA,
Public Law 104–191.
62 OIG, Office of Inspector General Policy
Statement Regarding Gifts of Nominal Value To
Medicare and Medicaid Beneficiaries (Dec. 7, 2016),
available at https://oig.hhs.gov/fraud/docs/
alertsandbulletins/OIG-Policy-Statement-Gifts-ofNominal-Value.pdf.
E:\FR\FM\02DER3.SGM
02DER3
77792
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
of their specific facts for compliance
with the Beneficiary Inducements CMP.
With respect to contingency
management program incentives and
other programs that offer incentives to
motivate healthy behaviors—whether
above or below $75 in value—we offer
the following observations. In-kind
remuneration in connection with such
programs can fit in the patient
engagement and support safe harbor if
all safe harbor conditions are met
(including the $500 annual cap). As
further explained in this section, the
final safe harbor protects certain
limited-use gift cards that advance one
or more of the enumerated goals at
paragraph 1001.952(hh)(3)(vi) and meet
other safe harbor conditions, including
that the remuneration must have a
direct connection to the coordination
and management of care of the target
patient population. To the extent that a
program involves salary payments to a
bona fide employee for services
furnished by the employee, the
payments might qualify under the
existing safe harbor for employees at
paragraph 1001.952(i).
If a contingency management
incentive that implicates the Federal
anti-kickback statute, Beneficiary
Inducements CMP, or both does not
satisfy an existing safe harbor or
exception (as applicable), that does not
mean that such incentive automatically
violates the statutes and is illegal.
Contingency management incentive
arrangements that do not comply with a
safe harbor must be analyzed on a caseby-case basis for compliance with the
Federal anti-kickback statute and
Beneficiary Inducements CMP. In
addition, incentives that are included in
a service covered by a Federal health
care program (i.e., the coverage includes
the incentive itself) would not implicate
the Federal anti-kickback statute or the
Beneficiary Inducements CMP, provided
that the applicable billing and coverage
rules are followed including collection
of any applicable patient cost-sharing
obligations. In addition, incentives
offered as part of a CMS-sponsored
model may qualify for protection under
the new safe harbor at paragraph
1001.952(ii). Further, we are aware that
some incentives may be provided
pursuant to or in connection with other
government-sponsored demonstrations
or other government-sponsored
programs (including studies initiated,
organized, funded, and managed by the
National Institutes of Health).
Participation in and adherence to the
requirements of such demonstrations or
programs would be a relevant factor in
assessing the intent of the parties and
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
the risk posed by the arrangement.63
Incentives offered to commercially
insured patients or uninsured patients
would not implicate the statutes.
Application of the statutes is discussed
in further detail in sections II.B and II.C
of this preamble.
With respect to incentives in the form
of cash or cash equivalents, we are
concerned about heightened fraud and
abuse risk. As noted in the OIG
Proposed Rule, OIG historically has had
significant concerns with allowing
providers and others to offer cash or
cash equivalents to patients, and our
oversight and enforcement experience
suggests that cash incentives can result
in medical identity theft and misuse of
patients’ Medicare numbers, lead to
inappropriate utilization (in the form of
medically unnecessary items and
services), and cause improper patient
steering (including patients selecting a
provider because the provider offers the
most valuable incentives and not
because of the quality of care the
provider furnishes).64
Moreover, in the area of substance use
disorder treatment, OIG and its law
enforcement partners have substantial
enforcement experience that
demonstrates the pervasiveness of fraud
in treatment programs that serve neither
the best interests of patients nor
taxpayers. For example, OIG has
participated in enforcement actions
resulting from allegations of significant
fraud by substance use disorder
treatment facilities, or ‘‘sober homes,’’
that take advantage of individuals with
substance abuse disorders.65
We preclude cash or cash equivalents
from protection under this safe harbor
in recognition of the critical need to
protect vulnerable patients from fraud.
That said, as stated above, arrangements
involving cash or cash equivalents used
to promote adherence or healthy
behavior modification do not
necessarily violate the Federal antikickback statute; they would need to be
63 See, e.g., OIG, OIG Adv. Op. No. 08–14 (Oct.
2, 2008), available at https://oig.hhs.gov/fraud/
docs/advisoryopinions/2008/AdvOpn08-14.pdf
(regarding a substance abuse treatment center’s use
of motivational incentives to reward a patient’s
achievement of certain treatment-related goals; in
this advisory opinion, Requestor’s program was
developed and refined in connection with National
Institute on Drug Abuse’s government-sponsored
research into implementation of motivational
incentives as a treatment option, a fact that OIG
viewed favorably).
64 84 FR 55275 (Oct. 17, 2019).
65 See, e.g., Press Release, U.S. Department of
Justice, National Health Care Fraud and Opioid
Takedown Results in Charges Against 345
Defendants Responsible for More than $6 Billion in
Alleged Fraud Losses (Sept. 30, 2020), https://
www.justice.gov/criminal-fraud/hcf-2020takedown/press-release.
PO 00000
Frm 00110
Fmt 4701
Sfmt 4700
evaluated under the anti-kickback
statute on a case-by-case basis,
including the intent of the parties.
Parties may seek an OIG advisory
opinion if they want assurance that their
arrangement(s) comply with the statutes
or would not be subject to OIG
administrative enforcement sanctions,
but having an advisory opinion is not
mandatory. Declining to seek an OIG
advisory opinion is not evidence that
parties have improper intent under the
Federal anti-kickback statute.
As stated above, in-kind incentives in
connection with contingency
management or other motivational
programs can fit in the final safe harbor
if all conditions are met. We note that
offering incentives to patients as a
reward for accessing care may not
satisfy the prohibition on marketing and
patient recruitment at paragraph
1001.952(hh)(6), depending on the facts
and circumstances. We also emphasize
that remuneration offered as a reward or
incentive is not protected if it results in
a beneficiary being furnished medically
unnecessary care or inappropriate items
or services reimbursed by a Federal
health program, pursuant to the
condition at paragraph
1001.952(hh)(3)(iv).
Finally, to the extent that existing safe
harbors might not address all facets of
contingency management incentive
programs, we are considering
addressing them in future rulemaking.
Comment: A commenter urged OIG to
consider extending safe harbor
protection to benefits such as direct
payments from a provider to utility
companies and the direct provision of
technology (e.g., electronic scales and
tablets to provide continuing conditionspecific education).
Response: Because the beneficiary
does not directly receive cash or cashequivalent remuneration, we consider
the specific examples provided by the
commenter to be in-kind remuneration,
which may be protected by this safe
harbor if the other conditions of the safe
harbor are satisfied.
Comment: A commenter observed that
Congress has recognized the value of
providing incentive payments to
patients in allowing Accountable Care
Organizations (ACOs) participating in
the Medicare Shared Savings Program to
make payments to patients who receive
qualifying primary care services from
providers participating in those ACOs.
Response: We recognize that the ACO
Beneficiary Incentive Program, which is
administered by CMS as part of the
Medicare Shared Savings Program,
allows an ACO to make incentive
payments to beneficiaries of up to $20
per qualifying service as an incentive to
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
encourage utilization of medically
necessary primary care services if
certain eligibility, recordkeeping, and
notification requirements are met.
Nothing in the new patient engagement
and support safe harbor would prevent
ACOs from continuing to participate in
that program or from structuring ACO
Beneficiary Incentive Payment programs
to satisfy the requirements of the new
safe harbor set forth at paragraph
1001.952(kk), which protects payments
under the ACO Beneficiary Incentive
Program. Although we are not
protecting similar incentives in this safe
harbor, this decision does not reflect the
programmatic value of the ACO
Beneficiary Incentives.
The patient engagement and support
safe harbor will protect tools and
supports furnished outside of the
context of a program administered and
monitored by CMS. Without that
programmatic oversight, we believe the
safeguards in this final rule, including
limiting safe harbor protection to inkind remuneration, are appropriate and
necessary to protect Federal health care
programs and beneficiaries from harms
associated with fraud and abuse.
Comment: A commenter urged OIG to
update its 2016 Policy Statement
Regarding Gifts of Nominal Value to
Medicare and Medicaid Beneficiaries to
revise its interpretation of ‘‘nominal
value’’ from $15 per instance to $20 per
instance, and from $75 in the aggregate
per year to $100 in the aggregate per
year.
Response: We decline commenter’s
request to update our guidance on
‘‘nominal value’’ 66 in this rulemaking.
We note that our nominal value
guidance focuses only on OIG’s
Beneficiary Inducements CMP
authorities, and not the anti-kickback
statute.
iii. Waiver or Reduction of Cost-Sharing
Obligations
Summary of OIG Proposed Rule: In
the OIG Proposed Rule, we sought
comments on a variety of issues relating
to potential safe harbor protection for
waivers or reductions of patient costsharing obligations in different
circumstances, including waivers or
reductions of patient cost-sharing in the
context of the proposed value-based
framework. We also noted that the
requirements related to cost-sharing in
the Medicare and Medicaid programs
are a programmatic matter; cost-sharing
66 See OIG, Office of Inspector General Policy
Statement Regarding Gifts of Nominal Value to
Medicare and Medicaid Beneficiaries (Dec. 7, 2016),
available at https://oig.hhs.gov/fraud/docs/
alertsandbulletins/OIG-Policy-Statement-Gifts-ofNominal-Value.pdf.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
is required pursuant to statute,
regulations, and other rules set forth by
CMS and state Medicaid programs.
Summary of Final Rule: We are not
finalizing a condition to protect costsharing waivers or reductions under this
safe harbor.
Comment: Many commenters
expressed support for protecting
waivers of beneficiary cost-sharing
obligations for remote patient
monitoring, chronic care management,
digital technologies that include care
coordination functionality, and other
care coordination services. A
commenter argued that both patients
and Federal health care programs
benefit from waiving cost-sharing
requirements for these items and
services because reducing barriers to
accessing preventive care can improve
health outcomes for patients while also
ensuring efficient use of taxpayer
resources. Commenters also asserted
that cost-sharing obligations can serve
as a significant barrier to patient access
for these and other care coordination
items and services, and that providers’
concerns regarding patients’ fulfilling
cost-sharing obligations could
discourage providers from even offering
these services. A commenter pointed
out that protecting cost-sharing waivers
could give flexibility to certain
manufacturers to structure rewards
programs that could incentivize patient
behavior that may improve health
outcomes, such as treatment adherence.
One commenter noted that waivers of
cost-sharing obligations are less prone to
abuse than providing cash to patients
but posited that waivers can still lead to
undesirable effects such as cherrypicking and patient steering.
Commenters also noted that collecting
cost-sharing amounts may be
administratively burdensome for
providers, and for certain items and
services the cost of collection often
exceeds the cost-sharing amount to be
collected. In order to address this issue,
a commenter recommended that OIG
protect waivers of cost-sharing amounts
when the amount owed by the
beneficiary is nominal, similar to OIG’s
Policy Statement Regarding Gifts of
Nominal Value to Medicare and
Medicaid Beneficiaries, or that OIG
amend its interpretation of ‘‘reasonable
collection efforts’’ under section
1128A(i)(6)(A)(iii)(II) of the Act so that
these collection efforts do not include
situations where the cost of collection
by the provider exceeds the cost-sharing
amount that the provider would
potentially collect.
Commenters also urged OIG to
implement safe harbor protection for
waivers or reductions of other types of
PO 00000
Frm 00111
Fmt 4701
Sfmt 4700
77793
cost-sharing obligations, including costsharing for services furnished through
patient-centered medical homes and
patient-centered specialty practices,
such as visits that promote medication
adherence, preventive care, and kidney
disease education. A commenter
suggested that OIG should protect full or
partial cost-sharing waivers where care
coordination arrangements result in cost
savings to the health care system, which
would allow patients to share in savings
resulting from compliance with disease
management or treatment programs.
A number of commenters urged OIG
to protect waivers of IHS beneficiaries’
cost-sharing obligations for items and
services furnished by Indian health
programs, noting that the imposition of
cost-sharing obligations can be a barrier
to care coordination for those patients.
Response: Cost-sharing waivers, or
other tools and supports designed to
effectuate a waiver of beneficiary costsharing, are not protected under the
final patient engagement and support
safe harbor. We appreciate commenters’
suggestions regarding potential safe
harbor protection for waivers or
reductions of certain cost-sharing
obligations, particularly in the context
of value-based care and coordination of
care. However, for a number of reasons
we are not convinced that a safe harbor
promulgated by OIG through regulation
would be the appropriate mechanism to
protect the waiver or reduction of a
programmatic requirement. As we stated
in the OIG Proposed Rule, beneficiary
cost-sharing obligations are a
programmatic requirement, and we do
not believe it would be appropriate to
broadly protect cost-sharing waivers
that could obviate a programmatic
requirement created by statute to the
extent requested by commenters. On
several occasions, Congress has enacted
limited and individualized statutory
protection for cost-sharing waivers. For
example, Congress enacted an exception
to the anti-kickback statute that allows
pharmacies to waive Medicare Part D
cost-sharing under certain conditions,
and we have promulgated
corresponding, implementing
regulations.67
In addition, commenters requested
OIG provide safe harbor protection for
the waiver of beneficiary cost-sharing
for certain items and services (e.g.,
remote patient monitoring, chronic care
management, digital technologies that
include care coordination functionality,
and other care coordination services).
We do not think it would be appropriate
or feasible for this rule to make
67 Section 1128B(b)(3)(G) of the Act; 42 CFR
1001.952(k)(3).
E:\FR\FM\02DER3.SGM
02DER3
77794
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
distinctions regarding cost-sharing
waivers based on particular categories of
services. We do not discern a reasonable
basis for making such distinctions. We
note that longstanding OIG guidance
allows for waivers of cost-sharing
amounts based on individualized, good
faith determinations of financial need.
In the OIG Proposed Rule, we stated
that we were considering protecting
cost-sharing waivers for certain
specified services (e.g., care
management services). We are not
adopting the commenter’s
recommendation to waive nominal cost
sharing amounts. As discussed above,
we do not view a safe harbor to the
Federal anti-kickback statute as an
appropriate vehicle to address
programmatic rules related to
beneficiary cost sharing.
In addition, we did not propose to
amend our interpretation of ‘‘reasonable
collection efforts’’ under section
1128A(i)(6)(A)(iii)(II) of the Act and
decline to do so in this final rule.
iv. Social Determinants of Health
Summary of OIG Proposed Rule: For
reasons described in the OIG Proposed
Rule, including the connection of social
determinants to health outcomes and
costs,68 we proposed to protect at
paragraph 1001.952(hh)(3)(i) an in-kind
item, good, or service such as, among
others, supports or services designed to
identify and address a patient’s social
determinants of health. In the OIG
Proposed Rule, we cited the existence of
substantial evidence that ‘‘unmet social
needs’’ related to social determinants of
health such as transportation, nutrition,
and safe housing play a critical role in
health outcomes and expenditures,69
two key policy goals of this rulemaking.
We sought comment on which social
determinants are most crucial to
improving care coordination and
transitioning to value-based care and
payment.70 We also sought comments
on how or whether to protect tools and
supports designed to address social
determinants of health, including
whether to make distinctions among
various categories of social determinants
or to list specific permissible tools and
supports.
Summary of Final Rule: We are
finalizing, with modifications,
paragraph 1001.952(hh)(3)(i). The
modifications remove the illustrative
example related to social determinants
of health from paragraph
1001.952(hh)(3)(i). Notwithstanding, the
final rule at paragraph 1001.952(hh)
68 84
FR 55723 (Oct. 17, 2019).
FR 55723 (Oct. 17, 2019).
70 84 FR 55724 (Oct. 17, 2019).
69 84
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
protects in-kind tools and supports that
identify and address a patient’s social
determinants of health, provided that
the tools and supports otherwise meet
all applicable safe harbor conditions,
including, among others, the $500
annual cap, the requirement for a direct
connection to the coordination and
management of the care of the target
patient population, the requirement that
the tool or support is recommended by
the patient’s licensed health care
professional, and the requirement that
the tool or support advances at least one
of the enumerated goals set forth at
paragraph (hh)(3)(vi) of the final rule.
The five enumerated goals ensure that
protected tools and supports have a
close nexus to care coordination, quality
of care, and health outcomes for
patients.
As with health-related technology and
patient health-related monitoring tools
and services, we are no longer including
the specific example of tools and
supports that identify and address social
determinants of health in the final
paragraph 1001.952(hh)(3)(i). Explicitly
listing illustrative categories of
protected remuneration is not necessary
to effectuate the policy set out in the
proposed rule that these categories and
other types of tools and supports can be
protected if all safe harbor conditions
are met. This change ensures the final
rule does not inappropriately limit the
type or range of in-kind tools and
supports that could be protected by this
safe harbor. This will allow the licensed
health care professional to determine
the specific type of tool or support that
works best for the patient, as long as all
conditions of the safe harbor are met.
Comment: Numerous commenters
urged us to extend explicit safe harbor
protection to address various social
determinants of health, focusing
primarily on tools and supports to
address food insecurity, housing
instability, and transportation needs.
Commenters also noted that identifying
and addressing patients’ social
determinants of health through patient
engagement tools and preventive care
items will allow entities to improve
patient outcomes while also reducing
health care costs.
Response: We agree that these types of
tools and supports have the potential to
improve patient outcomes while
producing savings to Federal health care
programs and patients. Tools and
supports to address the categories of
social determinants cited by the
commenters may be eligible for safe
harbor protection if they meet all safe
harbor conditions including, among
others, one of the safe harbor’s
enumerated goals at paragraph
PO 00000
Frm 00112
Fmt 4701
Sfmt 4700
1001.952(hh)(3)(vi). For examples of
how the safe harbor could protect tools
and supports that identify and address
social determinants of health, we refer
readers to the response directly below.
We are finalizing this safe harbor
without including tools and supports
designed to identify and address social
determinants of health as an example of
protected remuneration in the
regulatory text. This change will ensure
the final rule avoids inadvertently
constraining the types or categories of
in-kind tools and supports protected by
this safe harbor in order to foster
beneficial innovation.
Comment: We received a number of
comments addressing the question of
how to define social determinants of
health and related tools and supports for
the purpose of this new safe harbor.
Many commenters urged us not to
specify permissible tools and supports,
but instead to adopt a flexible approach.
Other commenters requested OIG
provide a nonexclusive and
nonexhaustive list illustrative of the
types of permissible tools and supports
that could receive protection under the
safe harbor, indicating that such a list
would provide clarity to the industry
regarding the scope of tools and
supports this safe harbor would protect
without limiting flexibility and
innovation. Another commenter sought
clarification regarding how to interpret
our proposed protection for tools and
supports that address social
determinants of health and other items
and services such as preventive care
items and services and health-related
technology, including how to interpret
the list of illustrative examples we
provided in the preamble.
Commenters provided examples of a
wide range of categories of social
determinants of health and the tools and
supports that commenters argued
should be protected under this safe
harbor, which they consider most
crucial to improving coordination and
management of care and transitioning to
value-based care and payment. The
social determinants of health—and tools
and supports to address such social
determinants of health—cited by
commenters include food insecurity,
housing instability, transportation,
nutrition education, supervised
exercise, fitness training programs,
household or vehicle modifications to
promote mobility and independence,
addiction recovery programs, mental
health programs, payment of utility
bills, and supports related to
interpersonal violence.
Some commenters offered extensive
lists of social determinants of health
relevant to specific health issues, such
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
as determinants that impact
musculoskeletal care or chronic
diseases. Another commenter urged OIG
to use the framework developed by the
Kaiser Family Foundation to make
distinctions among categories of social
determinants using the following
categories: (i) Economic stability; (ii)
neighborhood and physical
environment; (iii) food; (iv) community
and social context; and (v) health care
system. Another commenter suggested
OIG reference services offered as
supplemental benefits within Medicare
Advantage as well as the special
supplemental benefits for the
chronically ill included in the Creating
High-Quality Results and Outcomes
Necessary to Improve Chronic
(CHRONIC) Care Act.
Response: We appreciate commenters’
suggestions regarding how best to
identify and protect categories of social
determinants of health and related tools
and supports that should be protected
under this safe harbor. We agree with
the concern that an exclusive list of
protected tools or supports in regulatory
text could inappropriately constrain
entities from offering the most useful
types of tools and supports, and a rigid
definition of social determinants of
health could limit innovation related to
tools and supports that may be
protected by this final rule, if all
conditions of the safe harbor are met.
We are not providing a specific
definition of ‘‘social determinants of
health’’ for the purpose of this final rule,
as one is not needed, nor are we
providing an exclusive list of the types
of tools and support that will receive
safe harbor protection. We agree with
the commenters that recommended
flexibility.
We offer below illustrative, but not
exhaustive, examples of tools and
supports related to identifying and
addressing patients’ needs related to
social determinants of health that may
qualify under the safe harbor if all safe
harbor conditions are met. We provide
this list of representative tools and
supports to readers to explain our
interpretation of the safe harbor; we
emphasize that this list is neither
exhaustive nor does it point to the
Government’s view of the effectiveness
of the listed examples. Furthermore, we
remind readers that the safe harbor is
specifically focused on the coordination
and management of patient care. There
are other important aspects of
addressing social determinants of health
that are not covered by this rulemaking
because they do not relate to the
coordination and management of patient
care. In some cases, other safe harbors
such as the local transportation safe
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
harbor, or other exceptions to the
Beneficiary Inducements CMP, such as
the financial-need-based exception and
the promote access to care exception
(both found at paragraph 1003.110), may
be available for incentives that address
patients’ needs related to social
determinants of health.71 OIG’s advisory
opinion process is also available, and
OIG has issued several advisory
opinions addressing areas such as
nutrition, lodging, and transportation.
Illustrative examples of tools and
supports related to social determinants
of care that could be structured to fit in
the safe harbor, depending on the facts
and circumstances, include the
following: Provision of in-kind
transportation, such as transit vouchers
or rideshares organized by the VBE
participant; home modifications such as
grab bars, air filters or purifiers, and
other physical or structural
modifications that allow patients to live
safely at home; temporary housing for
an individual experiencing
homelessness or living far from a
hospital following a surgical discharge;
providing broadband access to a patient
to enable remote patient monitoring or
virtual care; grocery or meal delivery
services, nutrition supplements, and
nutrition education; exercise or fitness
programs or equipment; vehicle
modifications; incentives as part of
addiction recovery programs, including
peer-to-peer programs and contingency
management programs; incentives as
part of mental health programs; and
supports related to interpersonal
violence. For each of the preceding
examples, all safe harbor conditions
would need to be met, including that
the tool or support advances one of the
goals enumerated in paragraph
1001.952(hh)(3)(vi).
In contrast, some tools and supports
that could help address needs related to
social determinants of health would be
very unlikely to fit in the safe harbor.
For example, tools and supports related
to finding employment or housingrelated tools and supports of a routine
nature, such as routine or ongoing rent
or utility payments, are unlikely to meet
the requirements that they be directly
related to coordination and management
of patient care, be recommended by the
patient’s licensed health care
professional, and advance an
71 We remind readers that exceptions to the
definition of ‘‘remuneration’’ under the Beneficiary
Inducements CMP apply only for the purposes of
the definition of ‘‘remuneration’’ applicable to
section 1128A of the Act (the Beneficiary
Inducements CMP); they do not apply for purposes
of section 1128B(b) of the Act (the Federal antikickback statute).
PO 00000
Frm 00113
Fmt 4701
Sfmt 4700
77795
enumerated goal at paragraph
1001.952(hh)(3)(vi).
We emphasize that the changes to the
regulatory text ensure this final rule is
agnostic about the specific types of inkind tools or supports protected by this
safe harbor. This will give licensed
health care professionals flexibility to
determine and recommend the tool or
support that would best address a
patient’s social determinants of health
to foster coordination and management
of patient care.
Comment: A commenter urged OIG to
identify an additional goal under
paragraph 1001.952(hh)(3)(vi) for
‘‘management of activities of daily
living,’’ to clarify that tools and
supports may be protected if used to
address social determinants of health.
Response: We are not adopting this
suggestion. As explained above, in-kind
tools and supports used to address
social determinants of health may be
protected by the safe harbor if they meet
all safe harbor conditions. Depending on
the specific facts and circumstances, inkind tools and supports for the
management of activities of daily living
could meet several of the enumerated
goals in paragraph (hh)(3)(vi) including,
for example, goals related to adherence
to a followup treatment plan, prevention
or management of a disease or
condition, and ensuring patient safety.
Such tools and supports would need to
meet all other safe harbor conditions as
well. The goals proposed in the OIG
Proposed Rule and finalized in
paragraph 1001.952(hh)(3)(vi) are
intended to have a close nexus to the
coordination and management of patient
care. Ensuring that beneficiaries have
the support they need to manage
activities of daily living is critically
important. However, for purposes of this
safe harbor, a separate goal related to
‘‘management of activities of daily
living’’ would not have the same close
nexus.
We note that nothing in this rule
alters any existing program rules or
benefits available to support activities of
daily living.
In particular, some health care
benefits, such as long-term care services
covered by Medicaid, utilize
assessments of activities of daily living
to determine the appropriate level of
care for a patient. This safe harbor does
not affect those rules. Additionally,
some long-term care benefits may also
provide coverage for items or services to
help manage a patient’s activities of
daily living that are similar or the same
as the tools and supports protected by
this safe harbor. Consistent with the
discussion in section III.B.6.l on costshifting, if a provider furnishes covered
E:\FR\FM\02DER3.SGM
02DER3
77796
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
items or services that are covered by a
Federal health care program and billed
following normal rules, the provision of
those items or services alone would not
implicate the Federal anti-kickback
statute.
v. Health-Related Technology and
Patient Monitoring
Summary of OIG Proposed Rule:
Proposed paragraph 1001.952(hh)(3)(i)
included health-related technology and
patient health-related monitoring tools
and services as examples of permissible
tools and supports.
Summary of Final Rule: We are not
finalizing our proposal to include these
examples in regulatory text. Paragraph
1001.952(hh)(3)(i) simply requires an inkind item, good, or service, without
qualifiers or examples. We confirm that
health-related technology and patient
health-related monitoring tools and
supports can be protected remuneration
if all safe harbor conditions are met.
Comment: Commenters were
encouraged that the OIG Proposed Rule
recognized wearable monitoring devices
as ‘‘health-related technology and
patient health-related monitoring tools
and services’’ that were potentially
protected tools and supports, noting the
power of such technologies in managing
chronic illness and promoting patient
adherence. A commenter asked OIG to
consider how to ensure that the safe
harbor does not stifle innovative health
care provider arrangements for care
coordination implemented via remote
patient monitoring. The same
commenter urged OIG to reexamine
what constitutes an inducement and
help health care stakeholders better
understand these regulations by offering
FAQs, guidance, or web-based access to
additional information.
Response: As noted above in the
discussion relating to preventive care,
we have simplified the safe harbor
language to reflect the breadth of
protected categories of remuneration.
Accordingly, the safe harbor no longer
specifically references health-related
monitoring tools and services but
instead requires that tools or supports
are in the form of an in-kind item, good,
or service that meets the other
requirements of the safe harbor. This
revision is in no way intended to limit
the scope of remuneration protected by
the safe harbor to exclude or otherwise
limit health-related technology; rather,
we intend the new text at paragraph
1001.952(hh)(3)(i) to reflect the breadth
of tools and supports eligible for
protection under the safe harbor.
We believe the safe harbor, including
this broadened language, will expand
opportunities for innovation in how
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
industry stakeholders engage and
support patients, including
arrangements involving remote patient
monitoring. For instance, tools such as
connected scales or blood pressure
monitors that track and transmit data to
a patient’s licensed health care
professional, or applications that allow
a patient’s mobile devices to monitor
activity or other health data, could be
protected, if all other conditions of the
safe harbor are satisfied.
Comment: Commenters sought
clarification as to how telehealth tools
and supports fit within the category of
health-related technology. In particular,
a commenter asked whether the new
patient engagement and support safe
harbor may be used to protect the
provision of non-device-based
telehealth platforms and aggregators.
Another commenter urged OIG to clarify
that, as a general matter, multifunction
equipment could comply with the
Federal anti-kickback statute through a
safe harbor and exception to the
Beneficiary Inducements CMP.
Response: In-kind telehealth supports
can be protected under this safe harbor
if the provision of such supports
satisfies all of the safe harbor’s
conditions.72 For instance, a
smartphone that facilitates telehealth
services with a patient’s licensed health
care professional, or a platform or
software that facilitates telehealth
services, may be a protected form of
remuneration under this safe harbor if
all safe harbor conditions are satisfied.
The commenter’s request for additional
OIG guidance on whether the provision
of multifunctional equipment would
implicate the Federal anti-kickback
statute and Beneficiary Inducements
CMP is a fact-specific inquiry. Tools and
supports that may be protected by this
safe harbor could include
multifunctional equipment, as long as
72 We acknowledge that Federal health care
program coverage of telehealth services and other
care provided remotely has expanded and the
regulatory framework applicable to telehealth
services and other virtual care has shifted, at least
temporarily, since the publication of the OIG
Proposed Rule. In particular, in response to the
unique circumstances resulting from the outbreak of
COVID–19, the Secretary determined, pursuant to
section 319 of the Public Health Service Act, that
a public health emergency (PHE) exists and has
existed since January 27, 2020 (COVID–19
Declaration). See Department of Health and Human
Services, Determination that a Public Health
Emergency Exists (Jan. 31, 2020), available at
https://www.phe.gov/emergency/news/
healthactions/phe/Pages/2019-nCoV.aspx. As a
result of the PHE, various agencies have adopted
temporary rules and guidance designed to ease
access to telehealth services and other virtual care
during the PHE. See for example CMS, Interim
Final Rule with Comment Period, Medicare and
Medicaid Programs; Policy and Regulatory
Revisions in Response to the COVID–19 Public
Health Emergency, 85 FR 19230 (Apr. 6, 2020).
PO 00000
Frm 00114
Fmt 4701
Sfmt 4700
the tool or support advances one of the
enumerated goals at paragraph
1001.952(hh)(3)(vi).
Comment: A commenter urged that
patient communication and counseling
services are aligned with the spirit of
the proposed safe harbor and requested
confirmation that these services
constitute patient health-related
monitoring tools and services.
Response: We agree that patient
communication and counseling services
may qualify as protected in-kind
remuneration if the conditions of the
safe harbor are satisfied.
vi. Not Duplicative
Summary of OIG Proposed Rule: We
solicited comments on whether to
require the VBE participant to confirm
that the tool or support is not
duplicative of, or substantially the same
as, tools and services the patient already
has.
Summary of Final Rule: We are not
finalizing this condition.
Comment: A commenter supported
requiring the patient to confirm that the
tool or support is not duplicative of
something already owned by the
patient. A commenter stated that
restrictions related to providing
duplicative tools or services that the
patient already has are unnecessary in
light of the proposed safe harbor
requirement prohibiting the sale or
diversion of the item or service.
Moreover, some commenters stated that
this type of requirement would prove
difficult to implement because even if a
patient has a similar device or service,
it does not mean that it has enough or
the correct technology to accomplish the
VBE’s or VBE participant’s care
objectives and goals. Some commenters
stated that this condition would be
difficult to interpret and enforce, and
some commenters asserted that the
provision of duplicative tools and
supports would be unlikely to result in
patient inducement. Another
commenter highlighted concern related
to any such condition’s intersection
with providing updated or upgraded
tools and supports that might
technically duplicate tools and supports
to which a patient already has access. A
commenter asked what would be
considered duplicative or substantially
the same, asking specifically whether an
updated smartphone to support the use
of a monitoring application would be
duplicative if a patient already owns a
cell phone. The same commenter also
inquired whether providing other
updated technology—such as a newer
version of a patient’s glucose monitor—
would be considered duplicative.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
A commenter stated that OIG should
not require confirmation that the tools
and supports provided to a patient are
not duplicative of, or substantially the
same as, tools and supports the patient
already has, which the commenter
believed fails to recognize that VBE
participants may want to rely on the
safe harbor to test the effectiveness of a
particular tool or support.
Response: In this final rule, we are not
adopting a requirement that a VBE
participant confirm that a tool or
support is not duplicative of, or
substantially the same as, tools or
supports the patient already has. We
appreciate the concerns raised by
commenters regarding the practical
challenges in implementing this
requirement, including that it is difficult
to determine which tools or supports
would be considered duplicative.
However, tools or supports that are
duplicative of items or services that a
patient already owns or has access to
may not advance one of the goals listed
at paragraph 1001.952(hh)(3)(vi) and
therefore may not be eligible for safe
harbor protection. For example,
providing a patient with a new
smartphone would not necessarily
advance any of the enumerated goals if
the patient already has a cell phone
with sufficient functionality. For
instance, the licensed health care
professional’s recommendation of a
smartphone to transmit medication
adherence reminders may not advance
the patient’s adherence to a drug
regimen if the identified need for the
smartphone—to transmit medication
adherence reminders—is already
achievable with the patient’s existing
cell phone. On the other hand,
provision of a smartphone could
promote adherence to a treatment
regimen determined by the patient’s
licensed health care professional
(pursuant to the goal listed at paragraph
1001.952(hh)(3)(vi)(A)) if, for example,
the new smartphone adds functionality
needed for remote monitoring that is not
available on the patient’s existing cell
phone.
In response to the comment regarding
using the patient engagement and
support safe harbor to test the
effectiveness of tools or supports, the
safe harbor protects remuneration that
advances one or more of the enumerated
goals under paragraph
1001.952(hh)(3)(vi). While protection
under this safe harbor is not conditional
on achieving one or more of these
enumerated goals, a tool or support
would not be eligible for safe harbor
protection without a reasonable basis
that it would advance at least one of the
enumerated goals. The requirement to
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
advance one or more of the listed goals
means, at a minimum, that the VBE
participant reasonably expects the tool
or support to be effective in advancing
a goal.
g. Marketing and Patient Recruitment
Summary of OIG Proposed Rule: We
proposed a condition at proposed
paragraph 1001.952(hh)(3)(iv) that
would exclude from safe harbor
protection tools or supports used for
patient recruitment or marketing of
items or services to patients. Separately,
we sought comment on whether to
include a condition that would prohibit
advertising of the patient engagement
tools or supports offered by a VBE
participant. We solicited comments on
how best to preclude using tools and
supports as a marketing or advertising
strategy to recruit patients or otherwise
influence referral sources, patients or
otherwise, while still permitting
beneficial educational efforts and
activities that promote patient
awareness of care coordination activities
and available tools and supports.
Summary of Final Rule: We are
finalizing, with modifications, the
proposed condition at paragraph
1001.952(hh)(6). Under the final rule,
neither the VBE participant, nor an
eligible agent of the VBE participant,
may use the patient engagement tools or
supports to market other reimbursable
items or services or for patient
recruitment purposes. The final safe
harbor condition clarifies the limitation
on marketing and patient recruitment
consistent with our intent in the OIG
Proposed Rule to preclude protection of
tools and supports used solely for
patient recruitment purposes or used to
market other reimbursable items and
services to patients. The final condition
clarifies that the marketing prohibition
only applies with respect to the
marketing of items and services
reimbursable by Federal health care
programs. Providing remuneration to
patients in order to market items or
services not reimbursable by Federal
health care programs is unlikely to
implicate the anti-kickback statute and
therefore would not need safe harbor
protection. As discussed further below,
this condition does not preclude a VBE
participant from educating patients,
such as providing objective patient
educational materials to a patient or
engaging in objective patient
informational activities with respect to
patients in the target population.
Comment: Commenters generally
supported our proposed prohibitions on
marketing and patient recruitment but
urged OIG to clarify that certain
activities would not be prohibited, such
PO 00000
Frm 00115
Fmt 4701
Sfmt 4700
77797
as providing education and information
to established patients or members of
the target patient population about
available resources, tools, and supports.
For example, a commenter suggested
that a health care facility operating an
onsite food pantry should be able to
post basic information, such as the food
pantry’s hours of operation, to ensure
patient access. Another indicated that
providers should be able to educate
beneficiaries about how to access care
and to increase awareness and
utilization of services by describing
available tools and supports on a
provider’s website or by offering free
marketing items such as refrigerator
magnets, stickers, and notepads.
Other commenters opposed these
conditions altogether or requested that
we clarify the delineations between
prohibited marketing, advertising, and
patient recruitment as opposed to
permissible patient education and
awareness activities. Commenters
warned that dissemination of
information to patients and their
providers is necessary for patients to
achieve the health benefits intended by
a particular patient engagement
program. A commenter added that
restricting advertising requires
providers to determine which patients
may benefit from available resources,
rather than empowering patients to selfidentify whether they may benefit from
a given tool or support.
Response: We agree with the
commenters who supported conditions
relating to marketing and patient
recruitment, and we are finalizing these
concepts in a revised safe harbor
condition at paragraph 1001.952(hh)(6).
The patient engagement and support
safe harbor does not protect the
provision of tools or supports if the VBE
participant uses the tools or supports to
market other reimbursable items or
services or for patient recruitment
purposes. As noted in the proposed
rule, the proposed condition was
designed to preclude a VBE using a tool
or support to market other reimbursable
items and services, or using a tool for
patient recruitment while permitting
beneficial educational efforts and
activities that promote patient
awareness of care coordination activities
and available tools and supports. We do
not intend to protect tools or supports
that serve solely as patient recruitment
incentives.73
This condition does not preclude
providers from educating their patients
or otherwise providing information
about available tools and supports to
established patients. In other words, this
73 84
E:\FR\FM\02DER3.SGM
FR 55727 (Oct. 17, 2019).
02DER3
77798
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
condition does not limit providers from
offering objective information,
education, and reminders to their
patients, nor does it limit providers
from offering tools and supports
designed to educate patients and
increase awareness and utilization of
appropriate services.
As an example, the following activity
would not violate this condition: A
physician VBE participant informs a
patient with asthma that clean air in the
home is important for keeping asthma
symptoms under control. The physician
explains that clean air conditioning
filters and other air purifying machines
are important for keeping the air in a
home clean and healthy. The physician
informs the patient that the VBE has a
program to provide air filters, and the
patient may be eligible to receive free air
filters provided by the physician.
However, the safe harbor does not
protect a tool or support if used to
recruit patients or used to market other
reimbursable items or services. This
condition protects against abusive
marketing schemes where the patients
are inappropriately induced to select
providers or use items or services
because they are being provided with
free or low-cost tools and supports.
Importantly, the patient engagement and
support safe harbor protects the
provision of tools and supports to
patients; it does not protect any
marketing, advertising, or patient
recruitment arrangements.
As with the care coordination
arrangements safe harbor’s marketing
and patient recruitment provision
discussed in section III.B.3.j we use the
terms marketing (e.g., promoting or
selling something), recruitment (e.g.,
enlisting someone to do something), and
education (e.g., informing, instructing,
or teaching) in accordance with their
common sense meanings. Additionally,
we consider ‘‘advertising’’ to be a subset
of ‘‘marketing,’’ so the prohibition of
using tools or supports to market other
reimbursable items or services also
prohibits advertising. This approach
best allows flexibility for VBE
participants to engage in appropriate
educational efforts. We offer illustrative
examples in response to comments to
aid stakeholders in applying the safe
harbor provision.
For example, a VBE participant could
operate a non-billable diabetes remote
monitoring program to help patients
manage their diabetes and coordinate
their care. As part of the program, the
VBE participant offers patients with
diabetes a free tablet to facilitate the
remote monitoring program. Should the
VBE participant seek to protect the
tablet under this safe harbor, it would
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
need to satisfy the marketing and
patient recruitment condition at
paragraph 1001.952(hh)(6). To illustrate
the scope of this condition, we offer the
following examples of educational
activities that would comply with this
condition. First, the VBE participant
may counsel a patient with diabetes
about the benefits of the non-billable
remote monitoring program and explain
that such program includes a free tablet
to facilitate the program. Second, the
VBE may explain that the tablet is used
to convey information such as
nutritional information, recipes,
wellness tips, and appointment
reminders. In these illustrative
examples, the VBE participant is not
using the tablet to market other
reimbursable items or services or for
patient recruitment.
By contrast, if the VBE participant
uses the tablet to send patients text
messages and notifications to induce
them to obtain tests, equipment,
supplies, or other reimbursable items
and services, the condition at paragraph
1001.952(hh)(6) would not be satisfied;
the VBE participant is using the tool and
support (the tablet) to market other
reimbursable items and services.
Similarly, if the VBE participant
advertises that patients will receive a
free tablet if they register for the remote
monitoring program and receive
services, the VBE participant is using
the tool and support to recruit patients
and the provision of the tablet does not
qualify for safe harbor protection. It
would be the same result if the VBE
participant used the provision of the
tablet to market other reimbursable
services or recruit patients through
door-to-door marketing, telephone
solicitations, direct mailings, or through
sales pitches masquerading as
‘‘informational’’ sessions.
In response to commenters, we clarify
that notification to an entire target
patient population about the availability
of tools and supports does not
necessarily raise concerns under this
condition. Whether a notification to an
entire patient population satisfies this
condition would require a highly factspecific assessment. For example, if a
physician used an announcement to an
entire target patient population about
the availability of free air conditioning
filters if those patients come in for an
office visit (e.g., as an inducement to
attract patients to schedule an
appointment billable to a Federal health
care program), that would constitute
prohibited marketing or patient
recruitment, even if the announcement
also had an educational purpose. In
contrast, if the announcement provided
information on the need for asthma
PO 00000
Frm 00116
Fmt 4701
Sfmt 4700
patients to ensure the air in the home is
clean and to contact the physician for
further information, that type of
notification would not violate this
condition. Again, we highlight that
whether any particular communication
satisfies this marketing condition would
require a highly fact-specific
assessment.
Among the examples described by the
commenters, a hospital posting general
information such as the hours of
operation of its food pantry to make
patients aware of when the food pantry
is open and enhance patient access
would not run afoul of this condition.
Providing free marketing items as
described by a commenter such as
refrigerator magnets, stickers, and
notepads likely would not be protected
by this safe harbor for multiple reasons.
If provided for the purpose of marketing
or patient recruitment, such items
would not meet this condition.
Furthermore, these items are unlikely to
advance one of the enumerated goals at
paragraph 1001.952(hh)(3)(vi) or have a
direct connection to the coordination
and management of care of the target
patient population.74
In response to the commenter who
asserted that restricting advertising
requires providers to determine which
patients may benefit from available
resources, rather than empowering
patients to self-identify whether they
may benefit from a given tool or
support, we note that this condition is
intended to preserve patient choice and
protect vulnerable patients from the
undue influence of coercive marketing.
We also remind readers that any
protected tool or support must satisfy
the other conditions of the safe harbor
as well, including that the patient
engagement tool or support is
recommended by the patient’s licensed
health care professional and advances
one or more of the goals enumerated in
the safe harbor. The protections in the
safe harbor are designed to emphasize
the patient’s relationship with their
provider in developing plans for
treatment and care and the appropriate
provision of tools and supports.
74 We note, however, that such items may be
excluded from the definition of remuneration under
the Beneficiary Inducements CMP if they are of
nominal value. See for example 65 FR 24411 (Apr.
26, 2000), available at https://oig.hhs.gov/
authorities/docs/cmpfinal.pdf, and Special
Advisory Bulletin: Offering Gifts and Other
Inducements to Beneficiaries, August 2002,
available at https://oig.hhs.gov/fraud/docs/alertsand
bulletins/SABGiftsandInducements.pdf (Special
Advisory Bulletin); Office of Inspector General
Policy Statement Regarding Gifts of Nominal Value
to Medicare and Medicaid Beneficiaries (Dec. 7,
2016), available at https://oig.hhs.gov/fraud/docs/
alertsandbulletins/OIG-Policy-Statement-Gifts-ofNominal-Value.pdf.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Consequently, the final safe harbor
preserves patient choice and
empowerment by relying on close
communication and collaboration
between patient and provider.
A prohibition on marketing and
patient recruitment serves as an
important protection against
inappropriate patient steering and
overutilization of federally reimbursable
items and services. Our enforcement
experience demonstrates that using
tools and supports to recruit patients or
to otherwise market reimbursable items
and services presents a risk of harms
associated with fraud and abuse (e.g.,
overutilization, provision of
unnecessary services to patients, and
theft of patient’s medical identity
information).
We highlight that this prohibition
extends to eligible agents of the VBE
participant. More specifically, to qualify
for safe harbor protection, neither the
VBE participant nor any eligible agent
may exchange or use the patient
engagement tools or supports to market
other reimbursable items or services or
for patient recruitment purposes. Under
paragraph 1001.952(hh)(2), the patient
engagement tool or support may be
furnished directly to the patient (or the
patient’s caregiver, family member, or
other individual acting on the patient’s
behalf) by a VBE participant that is a
party to the value-based arrangement or
its eligible agent. The modification of
the marketing and patient recruitment
prohibition in paragraph
1001.952(hh)(6) reflects the changes to
paragraph 1001.952(hh)(2) related to
eligible agents. The marketing and
patient recruitment prohibition applies
equally to the VBE participant and to
the eligible agent that may be furnishing
the tool or support as an agent of the
VBE participant. For example, this final
rule precludes safe harbor protection for
tools and supports used by a patient
recruiter to induce or recruit
beneficiaries to receive items or services
reimbursed by a Federal health care
program.
Comment: A commenter warned that
an overly broad limit on advertising
could be a barrier to providers giving
basic information to patients. The
commenter noted that OIG recognized
this risk by limiting the scope of its
advertising prohibition in the local
transportation safe harbor, which
explicitly allows posting shuttle route
and schedule details.
Response: First, we remind readers
that arrangements need not have safe
harbor protection to be lawful, and we
observe that many health care entities
lawfully provide basic information to
patients (which may not even implicate
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
the Federal anti-kickback statute) and
even market services without the benefit
of a safe harbor. Second, we believe the
final prohibition on marketing and
patient recruitment is not overly broad.
It prohibits using patient engagement
tools and supports to market other
reimbursable items and services or for
patient recruitment. It does not limit
providers giving basic information
directly to their patients; indeed, as
explained above, many types of basic
information would not even implicate
the Federal anti-kickback statute (e.g.,
appointment reminders and mailings
explaining the best hygiene practices to
prevent influenza).
As the commenter states, the local
transportation safe harbor provides
protection for a shuttle service that is
not marketed or advertised (other than
posting necessary route and schedule
details). We do not believe a specific
exception, similar to the route and
schedule details exception included in
the shuttle services provision of the
local transportation safe harbor, is
needed in the patient engagement and
support safe harbor, nor would such an
exception be feasible to address the
wide range of tools and supports
potentially protected by this safe harbor.
The final safe harbor’s condition related
to marketing and patient recruitment
does not prohibit a VBE participant
from providing basic information
relating to available patient engagement
tools and supports to patients.
For example, a hospital that also runs
a food pantry could post the hours of
operation of a food pantry. In contrast,
should the hospital conduct a general
advertisement to the public indicating,
for example, that it has a free food
program available to patients with
diabetes (the target patient population)
who come to the hospital to receive
services, providing the support in the
form of the free food program would fail
to satisfy this condition and would not
be protected by this safe harbor.
We emphasize that the provision of
tools and supports to Federal health
care program beneficiaries by certain
entities (which could be VBE
participants consistent with revisions
made by this final rule)—such as a
social services agency that does not bill
Federal health care programs—would
not implicate the Federal anti-kickback
statute and, consequently, would not
require safe harbor protection.75
75 We recognize the possibility that a hospital or
other entity that bills Federal health care programs
could provide funding to an entity that does not bill
Federal health care programs in order to support the
provision of tools and supports to Federal health
care program beneficiaries. Such funding could
constitute an indirect financial relationship
PO 00000
Frm 00117
Fmt 4701
Sfmt 4700
77799
Therefore, such entities would not be
subject to this marketing and patient
recruitment condition.
Comment: A commenter urged OIG to
ensure that the safe harbor allows
sufficient flexibility to inform patients
of the types of interventions designed to
address social determinants of health
that the VBE participant offers to
support patients in achieving improved
health outcomes and to furnish the best
possible patient care. The commenter
highlighted that in the context of tools
and supports designed to address unmet
social needs, patients may be reticent to
self-identify absent appropriate outreach
and advertising due to potential social
stigmas associated with such needs. A
commenter stated that a safe harbor
condition prohibiting advertising could:
(i) Reduce the ability of patients and
providers to make fully informed
decisions; (ii) lower the number of
patients who have access to beneficial
tools and supports; and (iii) hinder the
ability to achieve the entity’s valuebased goals.
Response: The safe harbor condition
prohibiting use of the patient
engagement tools and supports to
market other reimbursable items and
services or for patient recruitment is not
intended to constrain a licensed health
care professional from informing
patients of the types of available tools
and supports. The safe harbor also
would not prohibit other types of VBE
participants from providing educational
information about available tools and
supports to patients in the target
population.
Comment: A commenter asserted that
a facility should be able to advertise the
patient engagement tools and supports it
offers, and if a patient elects a certain
facility on that basis, then the patient
has demonstrated active engagement in
their care options.
Response: We recognize the
importance of activated and engaged
patients and consumer choice. As
previously stated, potential donors may
provide educational information and
inform patients about the availability of
engagement tools and supports. This
condition prohibits only using tools and
supports to market other reimbursable
items and services or for patient
recruitment. This final condition is
designed to prevent VBE participants
from influencing patients’ decisionmaking regarding billable health care
items and services based on the offer of
free tools and supports. We are
between the funding source and the beneficiary that
could implicate the Federal anti-kickback statute
and, if so, that relationship would need to be
assessed separately.
E:\FR\FM\02DER3.SGM
02DER3
77800
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
concerned that patients might be
coerced into selecting items and
services that are not in their medical
best interests. We emphasize, however,
that nothing in this final rulemaking
constrains patient decision-making;
notably, patients are free to select (or
decline to select) providers based on
their participation in a VBE, on the care
coordination and management services
they furnish, or on the tools and
supports they offer.
Comment: A commenter noted that a
prohibition on advertising could
disproportionately impact skilled
nursing facilities and assisted living
facilities whose patients are more likely
to rely upon traditional advertising
methods to understand their treatment
options and alternatives.
Response: This condition restricts
VBE participants who wish to use the
safe harbor from using the tools and
supports to market other reimbursable
items or services (e.g., an advertisement
that offers to provide a free smartphone
after a patient receives a service) or
using such tools for patient recruitment.
It does not prohibit a VBE participant,
which could be a skilled nursing facility
or assisted living facility, from
otherwise advertising or marketing the
patient care items and services they
offer.
h. Direct Connection
Summary of OIG Proposed Rule: At
proposed paragraph (hh)(3)(ii), we
proposed that the tool or support
furnished to the patient must have a
‘‘direct connection’’ to the coordination
and management of care of the target
patient population. We proposed to
interpret ‘‘direct connection’’ to mean
that the VBE participant has a good faith
expectation that the tool or support will
further the coordination and
management of care for the patient. We
solicited comments on whether to
require a ‘‘reasonable connection’’
instead of a ‘‘direct connection.’’ We
also solicited comments on an
alternative proposal that would have
required the VBE participant to make a
bona fide determination that an
arrangement to provide tools and
supports is directly connected to the
coordination and management of care
for the patient. We solicited comments
on whether the ‘‘direct connection’’
should be to any of the four value-based
purposes described at proposed
paragraph 1001.952(ee)(12)(vii) instead
of requiring a direct connection to the
coordination and management of care
for the patient.
Summary of Final Rule: We are
finalizing the condition, without
modification, at paragraph
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
1001.952(hh)(3)(ii). Specifically, any
protected tool or support must have a
‘‘direct connection’’ to the coordination
and management of care of the target
patient population. We are not
finalizing any of the alternative
proposals considered in the OIG
Proposed Rule.
Comment: A number of commenters
supported our proposal to require that
any protected tool or support furnished
to a patient have a direct connection to
the coordination and management of
care.
Response: We are finalizing this
condition as proposed. As we explained
in the OIG Proposed Rule, we do not
believe it should be difficult for a VBE
participant providing the patient
engagement tool or support to clearly
articulate the nexus between the tool or
support and the coordination and
management of care.
Comment: We received several
comments recommending that we
require only a ‘‘reasonable connection’’
to coordination and management of
care, rather than a ‘‘direct connection.’’
Many commenters expressed a
preference for the ‘‘reasonable
connection’’ standard because it gives
entities greater flexibility in the
provision of patient engagement tools
and supports and is better aligned with
the standard that a VBE participant
must have a good faith expectation that
the tool or support will promote the
VBE’s objectives. A commenter opposed
the ‘‘reasonable connection’’ alternative
because it would weaken the
partnership between providers that are
collaborating to coordinate and manage
a patient’s care.
Response: We decline to modify the
condition to require only a ‘‘reasonable
connection.’’ The safe harbor protects
the provision of potentially valuable inkind remuneration furnished to
patients. It is appropriate for the offerors
of potentially valuable remuneration to
carefully evaluate the nexus between
the tool or support and the coordination
and management of patient care. In the
final rule, we opted for the ‘‘direct
connection’’ standard, which will
ensure that the remuneration is closely
linked to the goals of the Regulatory
Sprint, including promoting care
coordination and value-based care. In
particular, the final safe harbor is
designed to protect tools and supports
that are designed to result in higher
value and better coordinated care. The
‘‘direct connection’’ standard will help
ensure that protected remuneration
specifically and intentionally advances
the goals of the Regulatory Sprint over
other possible objectives.
PO 00000
Frm 00118
Fmt 4701
Sfmt 4700
Comment: One commenter supported
a condition requiring the VBE to make
a bona fide determination that tools or
supports have a direct connection to the
coordination and management of care
for a patient. However, numerous other
commenters urged OIG not to adopt
such a requirement, warning that it
would be unduly burdensome and
create administrative hurdles that
would unnecessarily duplicate the
determination made by a VBE in
establishing value-based activities of the
VBE and the role of the VBE
participants in carrying out those
activities.
Response: To avoid introducing
unnecessary administrative burdens,
and because we believe the other
safeguards sufficiently mitigate the risk
of patient harm and program integrity
concerns, we are not finalizing a
requirement—considered in the
preamble to the OIG Proposed Rule—
that the VBE make a bona fide
determination that the tool or support
has a direct connection to the
coordination and management of care.
We note, however, that while safe
harbors are voluntary, parties that seek
protection for tools and supports under
this safe harbor must strictly satisfy
each of the safe harbor’s conditions,
including the requirement that the tool
or support has a direct connection to the
coordination and management of care.
The VBE and VBE participants may
establish satisfaction of this condition in
a variety of ways without such a bona
fide determination; of course, making
such a bona fide determination could
support satisfaction of this safe harbor
condition.
Comment: Several commenters
suggested that OIG broaden the safe
harbor to protect tools and supports that
are directly connected to any of the four
value-based purposes articulated in
proposed paragraph
1001.952(ee)(12)(vii), rather than
requiring a direct connection to a single
value-based purpose, that is,
coordination and management of patient
care. Commenters suggested that this
would provide greater flexibility for
entities to offer tools and supports
connected to the other three value-based
purposes.
Response: We appreciate the
commenters’ input. However, we
respectfully decline to adopt the
commenters’ suggestion. We believe the
safe harbor is appropriately limited to
the protection of tools and supports that
are directly connected to the
coordination and management of care,
which empowers patients to fully
participate in the care coordination
activities that are the spirit of the
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Regulatory Sprint. The other three
value-based purposes described in
paragraph 1001.952(ee)—improving the
quality of care; appropriately reducing
the costs to, or growth in expenditures
of, payors without reducing the quality
of care; and transitioning the health care
delivery and payment systems to valuebased care—are purposes that the
applicable VBE participants, not
patients, are in the best position to
deliver.
In contrast, the coordination and
management of care more directly
relates to the patient engagement goals
of this safe harbor. At paragraph
1001.952(ee)(14)(i)), this final rule
defines ‘‘coordination and management
of care’’ to mean the deliberate
organization of patient care activities
and sharing of information between two
or more VBE participants, one or more
VBE participants and the VBE, or one or
more VBE participants and patients, that
is designed to achieve safer, more
effective, or more efficient care to
improve the health outcomes of the
target patient population. This
definition provides sufficient flexibility
in designing arrangements for patient
engagement that would be protected by
this safe harbor because a broad range
of tools and supports could be tailored
to improving health outcomes and
achieving safer and more effective care,
while advancing one of the five
enumerated goals at paragraph
1001.952(hh)(3)(vi). For instance, a
program to provide grab bars or
handrails to patients recovering from
knee surgery to prevent falls at home
could be properly tailored to improving
health outcomes for these patients and
designed to achieve safer, more effective
care for this population.
Comment: A commenter sought
clarification regarding when an item has
a direct connection to coordination and
management of care, specifically
requesting a list of scenarios that would
qualify. Another commenter suggested
that we not finalize a description of
specific tools or supports that would be
considered to have a direct connection
to the coordination and management of
care because doing so could frustrate the
goals of fostering flexibility,
adaptability, and innovation.
Response: We agree with the
commenter who suggested that we not
finalize a description of specific tools or
supports that would be considered to
have a direct connection to the
coordination and management of care.
Consequently, we decline to provide a
list of scenarios linking which tools and
supports would qualify as having a
direct connection to the coordination
and management of a patient’s care. In
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
taking this approach, we hope to foster
innovation and allow VBEs and VBE
participants flexibility in appropriately
identifying the nexus between the tool
or support and the coordination and
management of care. Revisiting our
example of providing grab bars to
patients recovering from knee surgery,
the tool or support in that example has
a direct connection to the coordination
and management of care because it is
intended to prevent falls and therefore
provides safer and more effective care
for the target patient population (knee
surgery patients).
i. Medical Necessity
Summary of OIG Proposed Rule: In
the OIG Proposed Rule’s paragraph
1001.952(hh)(3)(v), we proposed that
the tool or support must not result in
medically unnecessary or inappropriate
items or services reimbursed in whole
or in part by a Federal health care
program.
Summary of Final Rule: We are
finalizing, without modification, this
condition and relocating it to paragraph
1001.952(hh)(3)(iv).
Comment: A hospital association
supported our proposal to protect only
tools and supports that do not result in
medically unnecessary or inappropriate
items or services reimbursed by Federal
health care programs.
Response: We are finalizing this
safeguard as proposed at paragraph
1001.952(hh)(3)(iv).
Comment: A commenter stated that
any incentives protected by the final
safe harbor should not be limited to
incentives furnished to patients for
attendance at medically necessary
primary care or other clinically
appropriate medical appointments, but
also expanded to incentives for
participating in community-based
services that could impact clinical
outcomes through addressing patients’
social determinants of health.
Response: This safe harbor protects
tools and supports that advance one or
more enumerated goals set out at
paragraph 1001.952(hh)(3)(vi), which
include goals related to adherence to
treatment regimens and followup care
plans, and prevention and management
of diseases and conditions. For a
specific discussion of our treatment of
tools and supports that address social
determinants of health, please see the
discussion at III.B.6.f.iv. of this
preamble. To qualify for protection
under the safe harbor, any incentives for
participation in community-based
services also would need to meet all
other safe harbor conditions, including
the condition that the remuneration
cannot result in medically unnecessary
PO 00000
Frm 00119
Fmt 4701
Sfmt 4700
77801
or inappropriate items or services
reimbursed in whole or in part by a
Federal health care program. We also
note that such community-based
services would need to be
recommended by the patient’s licensed
health care professional (per the
condition at paragraph
1001.952(hh)(3)(v)) and have a direct
connection to the coordination and
management of care of the target
population (per the condition at
paragraph 1001.952(hh)(3)(ii)).
j. Licensed Health Care Professional
Recommendation
Summary of OIG Proposed Rule: We
proposed a safe harbor condition at
proposed paragraph 1001.952(hh)(3)(vi)
that would provide safe harbor
protection only for tools or supports
recommended by the patient’s licensed
health care provider. Relatedly, we
sought comments on whether to require
a written certification, under 18 U.S.C.
1001 and 1519, from a patient’s licensed
health care provider certifying that the
particular tool or support is
recommended solely to treat a
documented chronic condition of a
patient in a target patient population.
Summary of Final Rule: We are
finalizing, with modification, this
condition at paragraph
1001.952(hh)(3)(v). Based on public
comment, we are revising the language
to clarify that the tool or support must
be recommended by the patient’s
licensed health care ‘‘professional’’
rather than ‘‘provider.’’ The term
‘‘provider’’ is often used to mean a
hospital or other entity that furnishes
institutional health care services. We
believe ‘‘professional’’ is a clearer
description of our intent in the OIG
Proposed Rule that this requirement
emphasizes the importance of a health
care professional’s medical judgment, as
well as the patient’s relationship with a
health care professional. We have made
conforming changes in each enumerated
goal in paragraph 1001.952(hh)(3)(vi)
that referenced a licensed health care
provider. We are not finalizing the
written certification requirement.
Comment: A trade association
representing physicians supported the
proposal to require that a tool or support
must be recommended by the patient’s
licensed health care provider. Another
commenter stated that this requirement
is a key fraud and abuse protection to
ensure that the safe harbor is not used
for improper purposes such as
marketing or patient recruitment, or to
steer patients to particular treatments. A
commenter also noted that this
requirement helps ensure the centrality
of the patient-provider relationship.
E:\FR\FM\02DER3.SGM
02DER3
77802
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Another commenter expressed
concern that a safe harbor condition
requiring a licensed health care
provider’s recommendation would lead
to underutilization of valuable tools and
supports to treat social comorbidities.
The commenter stated that many tools
and supports that address social
comorbidities do not stem from a single
condition in isolation and, therefore,
may not be evident to a treating
clinician. Another commenter warned
that this requirement could deter use of
the new safe harbor because physicians
do not typically recommend the types of
tools and supports that would be most
beneficial to patients. More often,
according to the commenter, social
workers, case workers, or others who
may not be licensed clinicians would be
in a better position to recommend such
patient tools, including those that
would address social determinants of
health.
A commenter also urged OIG to
include a requirement that clinicians
offering any patient engagement tools
and supports instruct patients on how to
use them appropriately.
Response: We agree with commenters
who support the condition because it
protects against harms resulting from
fraud and abuse and supports the
centrality of the patient-provider
relationship. As we explained in the
preamble to the OIG Proposed Rule, this
condition is designed to ensure that the
remuneration is specifically focused on
patient care and to underscore the
importance of quality of care, the health
care provider’s medical judgment, and
the patient’s relationship with their
provider in developing plans for
treatment and care. The condition also
ensures that the professional
recommending the tool or support has
undergone some degree of review and is
subject to some level of oversight by a
licensing body.
In response to the assertion that this
condition would lead to
underutilization of valuable services to
treat social comorbidities, we believe
the patient’s licensed health care
professional is in the best position to
determine whether the tool or support is
directly connected to the coordination
and management of the patient’s care,
advances an enumerated goal at
paragraph 1001.952(hh)(3)(vi), and will
not result in medically unnecessary or
inappropriate reimbursable items and
services, as required by the safe harbor.
The licensed health care professional
recommending the tool or support can
be any type of licensed health care
professional, which should be
sufficiently broad to ensure this safe
harbor protects beneficial patient
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
engagement tools and supports,
including those cited by commenters in
various submissions. We recognize that
social workers, case workers, and others
who may not be licensed clinicians play
an important role in patient care and are
often well-positioned to recommend
patient tools, including those that
would address social determinants of
health. However, for purposes of this
safe harbor, we are requiring a
recommendation by a licensed health
care professional for the reasons noted
above.
We did not propose a definition of
‘‘licensed health care provider’’ or
‘‘licensed health care professional.’’ We
intended to require the recommendation
of a licensed health care professional,
who would be a person chosen by the
patient. The term ‘‘licensed health care
professional’’ could include, for
example, the following health care
professionals, assuming they are
appropriately licensed by an
appropriate State licensing body for
each respective profession: Physicians
(including doctors of medicine,
osteopathy, dental surgery, dental
medicine, podiatric medicine, and
optometry); osteopathic practitioners;
chiropractors; physician assistants;
nurse practitioners; clinical nurse
specialists; certified registered nurse
anesthetists; physical therapists;
occupational therapists; clinical
psychologists; qualified speechlanguage pathologists; qualified
audiologists; and registered dietitians or
nutrition professionals.76
Comment: A commenter warned that
requiring a licensed provider’s
recommendation could incentivize a
provider to recommend a tool or
support for which the provider can
subsequently receive remuneration.
Response: To the extent the tool or
support is a billable item or service, we
would expect the provider to bill
appropriately. The tool or support
would not require safe harbor protection
because it would be furnished by the
provider as a covered service. If the
provider were to waive any beneficiary
cost-sharing, such cost-sharing waiver
would not be protected by this safe
harbor.
Comment: We solicited comments on
whether to require a written
certification, under 18 U.S.C. 1001 and
1519, from a patient’s licensed health
care provider certifying that the
particular tool or support is
recommended solely to treat a
76 This illustrative list of health care professionals
includes professionals eligible as of 2020 to
participate in the Merit-based Incentive Payment
System (MIPS), available at https://qpp.cms.gov/
mips/how-eligibility-is-determined.
PO 00000
Frm 00120
Fmt 4701
Sfmt 4700
documented chronic condition of a
patient in a target patient population. A
commenter opined that requiring a
licensed health care provider to
document in writing their
recommendation of the tool or support
along with the justification, and
requiring the offeror to maintain this
documentation, is a reasonable
safeguard. The commenter surmised
that such documentation need not be in
the form of a prescription or physician
referral but could take the form of a
recommendation that is documented in
the care plan or approved by the care
team. A commenter supportive of the
certification requirement recommended
that it be enforced through
administrative or civil penalties, rather
than potential criminal liability under
18 U.S.C. 1001 and 1519. Other
commenters warned that imposing a
certification requirement would be
overly burdensome and could have a
chilling effect on provider
recommendations, even where the
benefits of the tool or support are clear.
A commenter warned that requiring
physicians to certify that a tool or
support is used to treat a documented
chronic condition could lead to a
fragmented approach that looks at each
condition in isolation, rather than
offering coordinated support for all of a
patient’s health care needs.
Response: We are not finalizing a
requirement that the patient’s licensed
health care professional certify that the
tool or support is recommended solely
to treat a documented chronic
condition. The final safe harbor
includes a number of other conditions
designed in combination to safeguard
against the risk of harms resulting from
fraud and abuse including, among other
conditions in the safe harbor, that the
patient engagement tool or support must
have a direct connection to the
coordination and management of care,
be recommended by the patient’s
licensed health care professional, and
advance one or more enumerated goals.
Comment: Commenters also noted
that the proposed certification
requirement, especially with criminal
penalties attached, would create a
significant barrier to providing patient
engagement tools and supports under
this safe harbor. In addition,
commenters cited concerns that a focus
on documented chronic conditions
would inappropriately narrow the
protections afforded by this safe harbor.
Response: As stated above, we are not
finalizing a requirement that the
patient’s licensed health care
professional certify that the tool or
support is recommended solely to treat
a documented chronic condition. We
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
believe the other safeguards are
sufficient to allow innovative tools and
supports for a wide array of enumerated
goals while safeguarding against the
harms resulting from fraud and abuse.
k. Advances Specified Goals
Summary of OIG Proposed Rule:
Under the proposed condition at
paragraph 1001.952(hh)(3)(vii), the tools
and supports must advance one or more
of the following enumerated goals: (i)
Adherence to a treatment regimen as
determined by the patient’s licensed
health care provider; (ii) adherence to a
drug regimen determined by the
patient’s licensed health care provider;
(iii) adherence to a followup care plan
established by the patient’s licensed
health care provider; (iv) management of
a disease or condition as directed by the
patient’s licensed health care provider;
(v) improvement in measurable
evidence-based health outcomes for the
patient or the target patient population;
or (vi) ensuring patient safety.
Summary of Final Rule: We are
finalizing, with modifications, the
requirement at paragraph
1001.952(hh)(3)(vi). Specifically, we are
not finalizing the proposed goal relating
to improvement in measurable
evidence-based health outcomes for the
patient or for the target patient
population because it is largely captured
by the other goals. The final rule revises
the goal of ‘‘management of a disease or
condition’’ to read ‘‘prevention or
management of a disease or condition’’
to incorporate the element of prevention
that was included at proposed
paragraph 1001.952(hh)(3)(i). We are
replacing references in this section to
‘‘licensed health care providers’’ with
‘‘licensed health care professionals’’
consistent with the preamble discussion
in the previous section regarding this
terminology.
Comment: Several commenters
supported protection for these
enumerated goals and appreciated that
we did not specify which tools and
supports would advance the specific
goals to allow flexibility for VBE
participants and promote innovation in
patient engagement mechanisms, tools,
and supports, particularly with respect
to rapidly evolving technologies. A
commenter requested that OIG add
protection for adherence to a
‘‘prevention regimen’’ and prevention of
a disease to the safe harbor’s list of
specified goals. Another commenter
noted that the enumerated goals
proposed could limit the offering of
innovative tools and supports designed
to address social determinants of health
because such tools and supports may
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
not directly link to the goals set forth in
the OIG Proposed Rule.
Response: We are finalizing these
goals as proposed, with the omission of
the proposed goal relating to evidencebased health outcomes and
modifications to include prevention of a
disease or condition and to use the term
licensed health care professionals. To
avoid inadvertently limiting which tools
and supports advance specified goals
and provide VBE participants flexibility
and the opportunity to innovate, we are
not providing an exhaustive list of tools
and supports. Indeed, one particular
patient engagement tool may satisfy a
number of these enumerated goals. For
instance, a device or program that
reminds a patient to take a medication
or attend a scheduled office visit might
advance the goals related to adherence
to a treatment regimen, drug regimen, or
follow-up care plan, or advance goals
related to prevention or management of
a disease or ensuring patient safety
depending, in part, on the functionality
and purposes of the device or program.
In response to a commenter’s
suggestion, we revised the goal at
paragraph 1001.952(hh)(3)(vi)(D) to read
‘‘the prevention or management of a
disease or condition’’ so that this safe
harbor is available to protect preventive
items, goods, or services that meet the
other safe harbor conditions. Adding a
specific goal relating to preventive items
and services also effectuates a change
discussed above, in section III.B.6.e.i, in
which we removed the reference to
preventive items, goods, or services that
had appeared in proposed paragraph
1001.952(hh)(3)(i). Furthermore, we
note that this change is consistent with
section 1128A(i)(6)(D) of the Act, which
excepts certain remuneration given to
individuals to promote the delivery of
preventive care from the definition of
‘‘remuneration’’ for purposes of the
Beneficiary Inducements CMP, as
further interpreted in the regulatory
exception at paragraph 1003.101.
l. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We
sought comments on whether the final
rule should include a safe harbor
condition that would prohibit VBE
participants that furnish patient
engagement tools and supports from: (i)
Billing Federal health care programs,
other payors, or individuals for those
tools or supports; (ii) claiming the value
of a tool or support as a bad debt for
payment purposes under a Federal
health care program; or (iii) otherwise
shifting the burden of the value of a tool
or support on a Federal health care
program, other payors, or individuals.
PO 00000
Frm 00121
Fmt 4701
Sfmt 4700
77803
Summary of Final Rule: We are not
finalizing this proposed condition.
Comment: Several commenters
supported this proposed condition. A
commenter agreed that entities offering
tools and supports should not receive
payment for the value of those items or
services, but the commenter asserted
that an explicit safe harbor condition
prohibiting receiving payment for tools
and supports is unnecessary.
Other commenters suggested different
variations on this prohibition, urging
that any safe harbor condition related to
billing for tools and supports should
permit entities to bill commercial
payors for tools and supports when, for
example, a provider has negotiated
reimbursement terms that permit certain
costs to be passed on to third-party
payors. Another commenter urged that
OIG prohibit all direct billing of any
costs related to protected tools and
supports to patients but otherwise allow
direct billing for tools and supports to
nonpatient third parties. One
commenter opposed this cost-shifting
prohibition altogether, arguing that
because tools and supports could result
in overall cost savings to payors, those
items and services should be
reimbursable.
Response: We are not finalizing this
condition. In light of the combination of
safeguards in the final rule, we do not
believe the addition of a cost-shifting
prohibition would add appreciable
additional protection for programs or
patients. We acknowledge that VBE
participants may have a variety of
arrangements with payors, including
reimbursement terms that permit certain
costs to be passed on to third-party
payors, and we do not want to foreclose
safe harbor protection for such VBE
participants. With respect to direct
billing of payors or individuals for tools
and supports, if the tool or support is a
covered item or service under a Federal
health care program and a VBE
participant appropriately obtains full
payment for such tools or supports in
accordance with applicable coverage
and billing rules, then the VBE
participant has not transferred any
remuneration to a beneficiary, and the
arrangement would not implicate the
Federal anti-kickback statute. In other
words, if a provider or supplier
furnishes items or services that are
covered items or services under a
Federal health care program, the
provision of those items or services
alone would not implicate the Federal
anti-kickback statute.
However, we would note there could
be circumstances under which a VBE
participant, when furnishing a covered
item or service, does give a Federal
E:\FR\FM\02DER3.SGM
02DER3
77804
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
health care program beneficiary
something of value, thereby implicating
the Federal anti-kickback statute. For
example, the Federal anti-kickback
statute would be implicated by a
provider waiving or reducing any
required cost-sharing obligations for the
covered item or service incurred by a
Federal health care program beneficiary
or providing extra items and services—
those that are not part of the covered
item or service—for free. Furthermore,
nothing in this rule exempts parties
from responsibility for compliance with
all applicable coverage and billing rules.
In addition, nothing in this safe harbor
transforms an item or service—which is
not otherwise billable or allowable
under the relevant cost-reporting rules—
into a billable or allowable item or
service.
Comment: Several commenters
warned that the proposed prohibition
on billing Federal health care programs
would render Indian health care
providers ineligible for protection under
this new safe harbor because they are
federally funded.
Response: As noted, we are not
finalizing this condition.
m. No Selection Based on Payor
Summary of OIG Proposed Rule: In
the OIG Proposed Rule, we stated that
we were considering and solicited
comments on whether to include a
‘‘consistent provision’’ condition, which
would require VBE participants to
provide the same patient engagement
tools or supports to an entire target
patient population or otherwise
consistently offer tools or supports to all
patients who satisfy specified, uniform
criteria.77 We noted that such condition
would protect against a VBE participant
targeting certain patients to receive tools
and supports based on, for example, the
patient’s insurance or health status,
resulting in targeting of particularly
lucrative patients to receive tools and
supports (cherry-picking) while
avoiding high-cost patients (lemondropping). We solicited comments
regarding: (i) Whether such a provision
would limit certain VBE participants’
ability to offer tools and supports due to
financial constraints; and (ii) why
offering tools and supports to a smaller
subset of a target patient population
would be appropriate and not elevate
fraud and abuse risks, including cherrypicking and lemon-dropping.
Summary of Final Rule: We are
finalizing a condition at paragraph
1001.952(hh)(8) that the availability of
patient engagement tools and supports
cannot be determined in a manner that
77 84
FR 55729 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
takes into account the type of insurance
coverage of the patient.
Comment: A number of commenters
expressed concern that a consistent
provision requirement could result in
requiring VBE participants to provide
tools and supports to an overly broad
population, including patients for
whom such tools or supports are not
clinically appropriate or who do not
want the tools or supports. Some
commenters posited that VBE
participants need flexibility to tailor the
types of tools or supports to the
particular patient and recommended
that we protect remuneration directed at
particular subsets or subpopulations of
target patient populations of a VBE,
such as higher-risk or higher-cost
patients, or only those patients within
the target patient population who
achieve a certain goal. Other
commenters suggested that because not
all patients within the target patient
population may benefit from any tool or
support, offerors should be permitted to
establish in advance specified criteria
by which to evaluate patients for the
appropriateness of any tool or support.
For instance, a commenter suggested
that it would be appropriate to limit the
provision of particular tools and
supports to subpopulations (e.g., it
would be appropriate to exclude
patients residing in an assisted living
facility who receive significant support
with their activities of daily living when
furnishing a support such as installing
grab bars in patients’ homes to prevent
falls). A commenter also noted that
some patients may refuse tools and
supports, which could undermine
compliance with a consistent provision
requirement.
Response: We acknowledge
commenters’ concerns regarding the
practical challenges of including a
consistent provision requirement for
safe harbor protection. We have instead
adopted a condition that the availability
of patient engagement tools and
supports cannot be determined in a
manner that takes into account the type
of insurance coverage of the patient,
which largely addresses the concerns
that caused us to consider a consistent
provision requirement, with fewer
practical challenges. Under this
condition, VBE participants offering
protected tools or supports must do so
without regard to the patient’s payor
type, but nothing in this safe harbor
would require a VBE participant to offer
tools or supports when they cannot be
used or accepted, nor would it require
patients to accept unwanted tools or
supports in order for the safe harbor to
apply. As a practical matter, this
condition also would prevent a VBE—
PO 00000
Frm 00122
Fmt 4701
Sfmt 4700
assuming at least one VBE participant
intends to provide protected tools and
supports to patients—from defining its
target patient population in a manner
that takes into account patients’ payor
type.
This requirement addresses the
concern we expressed in the OIG
Proposed Rule related to the possibility
of discriminatory provision of tools and
supports based on a patient’s payor
type, but without some of the
complications highlighted by
commenters, including concerns
regarding cost. It is possible that a
particular tool or support if offered on
a neutral basis unrelated to payor type
could result in the provision of tools
and supports primarily to Federal health
care program beneficiaries. Such
remuneration would still be protected
under the safe harbor as long as the
decision to offer tools and supports was
based on a patient’s individual need
rather than the patient’s payor type, and
assuming the remuneration otherwise
meets the requirements of the safe
harbor. More specifically, offering or
furnishing tools and supports to patients
based on clinical characteristics, such as
presence of a specified chronic
condition, or geographical
considerations, such as a common ZIP
Code, would not be precluded even if
the patient population receiving the
tools and supports disproportionally has
the same insurance. By way of further
illustration, in the case of a geriatric
practice providing tools and supports to
patients above a certain age or with a
particular illness, it is possible that all
or virtually all patients would be
Medicare beneficiaries. However, so
long as patients receiving the tools and
supports are not selected based on their
Medicare insurance status, the
requirement would not be violated.
Stated another way, for purposes of this
safe harbor, we would not view a VBE
participant offering or furnishing tools
and supports to a population
disproportionately comprised of
Medicare beneficiaries to run afoul of
this condition provided that the
decision to offer tools or supports is not
based upon the patient’s Medicare
insurance status. As another further
example, a VBE could define its target
patient population—and therefore limit
the scope of potential recipients of tools
and supports—based on individual or
family income, which might overlap
substantially with Medicaid or dualeligible populations but would not be
strictly determined based on an
individual’s enrollment in Medicaid or
as dually eligible for both Medicare and
Medicaid.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
This condition ensures that a
potential donor uses actual needs or
related characteristics outside of payor
status to determine the appropriate
target patient population rather than the
potential value of future Federally
reimbursable items and services
provided to such population. In
addition, nothing in this condition
would prevent a VBE participant from
offering protected tools and supports
only to a population of uninsured
individuals, which we would not
consider to be a determination based on
the type of insurance coverage (indeed,
as a preliminary matter, such
remuneration would be unlikely to
implicate the Federal anti-kickback
statute or Beneficiary Inducements
CMP).
Comment: A commenter posited that
requiring consistent provision across the
entire target patient population
undercuts the requirement that the tool
or support be recommended by the
patient’s licensed health care
practitioner, which includes clinical
judgment of the clinician and avoids
unnecessary waste and other fraud and
abuse concerns. The commenter also
noted that VBEs would be forced to
create many iterations of the target
patient population with minute
differences to avoid these concerns,
which it described as unfeasible.
Response: We believe the final safe
harbor does not raise the risks identified
by the commenter because the condition
in its final form does not require
consistent provision of tools or supports
to every patient in an entire target
patient population specified by the VBE
participant. The final safe harbor also
would not require VBE participants to
establish different target patient
populations merely to satisfy a
consistent provision requirement. The
commenter is correct that the condition
requiring a licensed health care
professional’s recommendation is
designed to preclude from safe harbor
protection tools and supports provided
to patients who do not need them to
advance one of the enumerated goals of
this safe harbor.
Comment: Several commenters
suggested that providers should have
the ability to test the effectiveness of the
tool or support before committing to
widespread provision, noting that VBE
participants are in the best position to
make determinations regarding how to
allocate limited resources, including
whether to offer tools and supports to
patients. Other commenters highlighted
that small practices may be unable to
offer any tools or supports due to
financial constraints if they were
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
required to provide them consistently
across a population.
Response: We appreciate these
comments regarding potential
challenges associated with requiring
consistent provision of tools and
supports across a target patient
population. The condition limiting
selection based on payor, as finalized,
largely accomplishes the goals of a
consistent provision requirement
without triggering the types of
limitations highlighted by these and
other commenters. In addition, we agree
that VBE participants in collaboration
with any applicable VBE are in the best
position to make a determination
regarding whether to offer and provide
a tool or support to patients and
emphasize that this determination
remains solely at the discretion of a VBE
participant (in collaboration with the
VBE(s) in which the VBE participant
participates).
We are confident the final safe harbor
affords VBE participants sufficient
flexibility to furnish protected tools and
supports and assess their effectiveness,
as long as all conditions of the safe
harbor are met. For example, a VBE
participant may wish to initially
establish a narrowly construed target
patient population based on specific
criteria that limits the size and scope of
the patients to whom the VBE
participant offers or provides certain
tools and supports. After engaging with
that limited target patient population,
the VBE participant could then identify
a new, broader target patient population
to whom it offers or provides the same
tools and supports. This type of
assessment period—and subsequent
expansion to a larger, more broadly
construed target patient population—
could be protected if all conditions of
the safe harbor are met, including that
the tool or support advances one of the
safe harbor’s enumerated goals. The
requirement to advance one or more of
the listed goals means, at a minimum,
that the VBE participant reasonably
expects the tool or support to be
effective in advancing a goal.
We reiterate that safe harbors are
voluntary and that this safe harbor does
not require any individual or entity to
offer free or reduced-cost tools or
supports to patients; it sets forth
conditions and limitations to ensure
safe harbor protection for the provision
of such tools or supports. VBE
participants are free to evaluate the
costs and overall cost savings associated
with the provision of patient
engagement tools and supports, and to
structure such arrangements in
economically viable ways as long as
PO 00000
Frm 00123
Fmt 4701
Sfmt 4700
77805
such structure does not directly take
into account a patient’s payor status.
Comment: A commenter supported a
prohibition on discriminating based on
insurance or payor type to avoid lemondropping or cherry-picking.
Response: We appreciate the
comment and note that we have adopted
a condition designed to prevent lemondropping or cherry-picking as it relates
to payor type or lack of insurance. In
addition, requirements for selecting a
target patient population and for
involvement of the patient’s licensed
health care professional provide
additional protections against selecting
only lucrative patients (cherry-picking)
or selectively refusing tools and
supports for expensive patients (lemondropping).
n. Monitoring Effectiveness
Summary of OIG Proposed Rule: We
solicited comments on whether to add
a condition requiring offerors to use
reasonable efforts to monitor the
effectiveness of the tool or support in
achieving the intended coordination
and management of care for the patient.
We also solicited comments on whether
to add a safeguard that would require
monitoring to ensure that the tool or
support does not result in diminished
quality of care or patient harm.
Summary of Final Rule: We are not
finalizing these conditions because they
are not necessary in light of the totality
of other conditions we are finalizing in
this rule.
Comment: Some commenters
supported our proposal to require
offerors to use reasonable efforts to
monitor: (i) The effectiveness of the tool
or support in achieving its intended
purpose; and (ii) to ensure the tool or
support does not result in diminished
care or patient harm. Other commenters
opposed this proposal, warning that it
would impose an administrative burden
that could negatively impact the ability
of small, rural, and underserved
practices to offer tools and supports.
Another commenter noted that it can
take a substantial period of time to
realize the effects of any intervention
and the measurement of these effects
often utilize outcome measures that may
be unreliable. Some commenters stated
that it would be reasonable for the safe
harbor to require the offeror of a
particular tool or support to document
and demonstrate outcomes associated
with the tool or support, and monitor
use, impact, and quality of such tools
and supports. A commenter
recommended that if OIG adopts a
monitoring requirement, it should allow
flexibility to entities in designing a
monitoring program in acknowledgment
E:\FR\FM\02DER3.SGM
02DER3
77806
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
of the good faith monitoring efforts
undertaken.
Response: We acknowledge the
concerns raised by commenters, and we
are not finalizing a monitoring
requirement in this final rule. We note
that the safe harbor separately requires
that tools and supports must advance
one or more of the specific goals
articulated at paragraph
1001.952(hh)(3)(vi). Although the final
safe harbor does not contain a
prospective monitoring requirement, the
requirement to advance one or more of
the listed goals means, at a minimum,
that the VBE participant reasonably
expects the tool or support to be
effective in advancing a goal.
o. Retrieval of Items and Goods
Summary of OIG Proposed Rule: We
solicited comments on whether to
include a condition requiring the offeror
to make a reasonable effort to retrieve
the tool or support in certain
circumstances, such as when the patient
is no longer in the target patient
population or the offeror is no longer a
VBE participant. We also solicited
comments on whether a minimum value
should trigger any retrieval requirement
and other issues related to the
practicality of retrieval.
Summary of Final Rule: We are not
finalizing a retrieval requirement in the
final safe harbor.
Comment: Some commenters
supported the proposal to require a
reasonable effort to retrieve the tool or
support if certain conditions are met,
such as when the patient is no longer
within the target patient population or
when the tool or support is valued
above a certain threshold (applying
appropriate depreciation). Others
requested that we clarify that any
required retrieval efforts would only
need to be reasonable and not hold
offerors to unrealistic requirements to
retrieve tools or disable software.
One commenter suggested that in
order to ensure that an offeror’s decision
to cease retrieval is not driven by an
attempt to inappropriately influence
beneficiaries, we could require that
decisions regarding whether and how to
retrieve items be reviewed and
approved by the VBE’s accountable
body or person responsible for the
financial and operational oversight of
the VBE.
Other commenters stated that a
retrieval requirement would be
administratively burdensome,
impossible or wasteful for
nontransferable consumables, counter to
clinical recommendations where a
patient still benefits from the tool or
support and may prevent potential
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
offerors from providing tools and
supports or discourage patients from
accepting them. Some commenters
noted that the reduced value or
obsolescence of the tool or support
could render recovery unnecessary,
futile, or disproportionate in cost to the
value of the tool or support. Another
commenter noted that retrieval could be
impractical or insensitive following a
patient’s death and urged us not to
finalize the requirement for that reason.
Other commenters recommended that if
we do finalize this requirement, we
include exceptions for patient harm and
death and consider only two written
attempts at retrieval to be reasonable.
One commenter noted that offerors
may have limited legal right to tools and
may be unable to retrieve them.
Commenters asked us to clarify that if
retrieval is not required, offerors still
retain the right to recover tools and
supports if they deem it reasonable and
necessary or otherwise make a business
decision to retrieve the tool or support.
Response: We agree with commenters
who highlighted the administrative
burdens and other challenges associated
with any retrieval requirement, and we
are not finalizing this requirement. We
note, however, that offerors are free to
make retrieval efforts or require the
return of tools and supports where it
would not harm the patient, as long as
the decision to retrieve or the extent to
which retrieval policies are applied is
consistent and not undertaken in a
manner that takes into account the
volume or value of referrals of Federal
health care program business. We
further note that the safe harbor
separately requires that tools and
supports must advance one or more of
the specific goals articulated at
paragraph 1001.952(hh)(3)(vi). Although
the final safe harbor does not contain a
retrieval requirement, the requirement
to advance one or more of the listed
goals means that the VBE participants
should cease providing tools or supports
they find to be ineffective. In addition,
we note that the structure of the safe
harbor would necessitate termination of
ongoing services (e.g., recurring
monthly fees associated with a fitness
center membership) if the individual is
no longer part of the target patient
population or the entity is no longer a
VBE participant.
p. Monetary Cap
Summary of OIG Proposed Rule: We
proposed a monetary cap on the tools
and supports protected under this safe
harbor. Specifically, at proposed
paragraph 1001.952(hh)(5), we proposed
that the aggregate retail value of
protected tools or supports furnished to
PO 00000
Frm 00124
Fmt 4701
Sfmt 4700
a patient by a VBE participant may not
exceed $500 per year unless the tools
and supports are furnished to a patient
based on a good faith, individualized
determination of the patient’s financial
need. We solicited comments on
whether this figure strikes the right
balance between: (i) Flexibility for
beneficial tools and supports; and (ii) a
limit on the amount of protected
remuneration to shield patients from
being improperly influenced by
valuable gifts and to protect Federal
health care programs from
overutilization or inappropriate
utilization. We asked whether $500 was
too high or too low, and whether a
number of other safeguards or
alternatives would be more appropriate.
Summary of Final Rule: We are
finalizing, with modifications, an
annual $500 monetary cap at paragraph
1001.952(hh)(5). The final rule does not
include an exception to the cap
requirement that would permit
exceeding the monetary cap for patients
with demonstrated financial need.
Based on public comments, we are
including an inflation adjuster.
Comment: Several commenters
supported a monetary cap for many
reasons, including that it provides a
bright-line safeguard for program
integrity purposes. Other commenters
disagreed with any monetary cap for
several reasons, such as finding it
unnecessary due to the combination of
other proposed conditions or asserting
that any monetary cap would be
unreasonable because the delivery of
care—and tools and supports related to
such care—depends on each patient’s
particular needs. Many commenters
supported an exception to the proposed
cap based on financial need, while some
were concerned with the administrative
burden associated with administering a
financial need policy, which would
require individualized determinations
of financial need rather than bright-line
limits. A commenter suggested that OIG
define financial need using a validated
social need screening tool, such as the
Hunger Vital Sign, a validated, twoquestion tool used by health care
providers and community-based
organizations to identify risk for food
insecurity among youth, adolescents,
and adults.
Response: We agree with commenters
who stated that a monetary cap provides
bright-line guidance to VBE participants
on the value of acceptable tools and
supports. To this end, we are finalizing
a straightforward annual, aggregate $500
cap, subject to an inflation adjuster. The
final rule does not include the proposed
condition that would have allowed the
cap to be exceeded, without limitation
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
on amount, in instances of good faith,
individualized determination of a
patient’s financial need. Because we are
not finalizing this condition, we do not
need to define financial need.
OIG is mindful that different patients
may have different needs and for some
patients tools and supports exceeding a
retail value of $500 in the aggregate per
year could help improve coordination of
their care, improve health outcomes,
and have other beneficial impacts,
particularly for patients with financial
need. Nothing in this final rule makes
it necessarily unlawful, in individual
cases, for a provider or other party to
furnish for free or below fair market
value tools and supports that exceed
$500 per year (nor does this rule make
remuneration under $500 automatically
immune from sanctions under the
Federal anti-kickback statute and
Beneficiary Inducements CMP unless it
meets all safe harbor conditions). Such
arrangements would be evaluated on a
case-by-case basis under the statutes,
including with respect to the intent of
the parties. We note that there may be
lawful avenues for providers to offer
tools and supports to patients who need
tools and supports that exceed an
aggregate of $500 annually, particularly
those experiencing financial need. For
example, the local transportation safe
harbor, found at paragraph
1001.952(bb), remains available to
protect certain local transportation
furnished to patients, provided that the
local transportation satisfies the
requirements of the safe harbor. With
respect specifically to the Beneficiary
Inducements CMP, exceptions exist for
remuneration that promotes access to
care and poses a low risk of harm and
for renumeration offered to patients
experiencing financial need; the
requirements for these exceptions are
found at paragraph 1003.110.78
In addition, for arrangements
involving tools and supports that may
exceed the monetary cap, that implicate
the Federal anti-kickback statute,
Beneficiary Inducements CMP or both,
and do not meet any other safe harbor
to the Federal anti-kickback statute or
exception to the Beneficiary
Inducements CMP, the advisory opinion
process remains available. OIG has
previously issued favorable advisory
opinions to health care industry
stakeholders seeking to furnish free or
78 We remind readers that exceptions to the
definition of ‘‘remuneration’’ under the Beneficiary
Inducements CMP apply only for the purposes of
the definition of ‘‘remuneration’’ applicable to
section 1128A of the Act (the Beneficiary
Inducements CMP); they do not apply for purposes
of section 1128B(b) of the Act (the Federal antikickback statute).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
below fair market value tools and
supports to patients when such tools
and supports do not squarely satisfy a
safe harbor to the Federal anti-kickback
statute, an exception to the Beneficiary
Inducements CMP, or both.79
Comment: Several commenters asked
for clarity regarding how to calculate the
‘‘retail value’’ of the tools or supports.
A commenter asked OIG to define retail
value as the commercial value of the
tool or support to the recipient instead
of its fair market value. Several
commenters agreed that if OIG finalized
any cap to the annual aggregate value of
protected tools and supports, the cap
should apply separately to each VBE
participant, rather than at the VBE level
or the value-based arrangement level,
citing the administrative burden
associated with tracking caps for
patients receiving tools and supports
from different VBE participants. Others
suggested that the cap should adjust for
inflation over time automatically or
through other mechanisms.
Response: The aggregate retail value
of patient engagement tools and
supports furnished by a VBE participant
to a patient may not exceed $500 on an
annual basis. The retail value of the
tools and supports should be measured
at the time they are provided to the
patient. Specifically, for purposes of this
safe harbor, the retail value is the
commercial cost the patient would have
incurred at the time the VBE participant
provides the tool or support if the
patient had procured the tool or support
on the open market on their own. We
note that, as proposed, this cap applies
per VBE participant and per patient, not
at the VBE level or the value-based
arrangement level. A patient may
receive a number of tools and supports
from a number of VBE participants (in
one or more VBE) through the course of
a year, as long as no single VBE
participant individually provides more
than $500 in aggregate value to the
patient per year. The VBE participant
providing the tool or support is
responsible for tracking the aggregate
retail value of the tools or supports that
it—and only it—provides to the patient
through the course of a year.
79 See, e.g., OIG, OIG Adv. Op. No. 17–01,
available at https://oig.hhs.gov/fraud/docs/
advisoryopinions/2017/AdvOpn17-01.pdf (Mar. 10,
2017) (regarding a hospital system’s proposal to
provide free or reduced-cost lodging and meals to
certain financially needy patients); OIG, OIG Adv.
Op. No. 19–03 (Mar. 6, 2019), available at https://
oig.hhs.gov/fraud/docs/advisoryopinions/2019/
AdvOpn19-03.pdf (regarding a program offered by
a medical center that provides free, in-home
followup care to eligible individuals with
congestive heart failure and the proposed expansion
of this program to include certain individuals with
chronic obstructive pulmonary disease).
PO 00000
Frm 00125
Fmt 4701
Sfmt 4700
77807
VBE participants are not required to
monitor the value of tools and supports
provided by other parties—even within
the same VBE—to a particular patient.
This should ease any burden of tracking
the value of tools in connection with the
aggregate, annual cap. Finally, in
response to commenters’ suggestions,
we are finalizing an annual adjustment
to the monetary cap to account for
inflation. Under this provision, the
monetary cap will be adjusted for
inflation to the nearest whole dollar
effective January 1 of each calendar year
using the Consumer Price Index-Urban
All Items (CPI–U) for the 12-month
period ending the preceding September
30. OIG will publish an announcement
on its website after September 30 of
each year reflecting the increase in the
CPI–U for the 12-month period ending
September 30, and the new monetary
cap applicable for the following
calendar year.
Comment: A number of commenters
suggested increasing the dollar limit of
the cap for all tools and supports. Some
commenters suggested alternatives, such
as per-occurrence limitations on value,
coupled with a higher cap. Others
proposed increasing the cap or adding
additional exceptions to the cap for
categories of tools and supports or
specific tools and supports such as
disposable and nondurable items and
supplies; recurring services; ongoing
costs for the tool or support (e.g.,
batteries and software upgrades);
transportation; housing and home safety
items and services; certain digital or
other health-related technologies; home
monitoring devices; tools and supports
that address chronic or complex disease
management; tools and supports for the
seriously injured; harm-reduction items
(e.g., helmets and medication
lockboxes); and other tools and supports
that address a patient’s social
determinants of health. Several
commenters asked OIG to consider
increasing the cap to account for
changes in technology or care
innovation over time. Some commenters
recommended permitting a higher cap
when the VBE’s accountable body or
responsible person determines the
circumstances support it. Others
recommended a tiered cap system based
on outcomes or on the amount of risk
a VBE participant bears.
Response: The generally applicable
$500 cap establishes a bright-line
limitation for VBE participants seeking
protection under this safe harbor. We
believe the safe harbor conditions,
including the monetary cap, strike an
appropriate balance between giving
flexibility to VBE participants to
provide beneficial tools and supports to
E:\FR\FM\02DER3.SGM
02DER3
77808
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
patients and protecting programs and
patients from the improper influence of
valuable remuneration. We are not
finalizing exceptions to the $500 cap
because we believe exceptions would
add complexity to this safe harbor and
would raise compliance challenges.
Further, tools and supports of higher
value could improperly influence
patients to select treatments or
providers not in their best interests,
potentially leading to the harms against
which the Federal anti-kickback statute
is designed to protect.
q. Diversion or Resale
Summary of Proposed Rule: We
proposed, at proposed paragraph
1001.952(hh)(4), a condition that would
have excluded from safe harbor
protection tools or supports if the
offeror knew, or should have known,
that the tool or support was likely to be
diverted, sold, or utilized by the patient
other than for the express purpose for
which the tool or support was provided.
Summary of Final Rule: We are not
finalizing this proposed condition.
Comment: Several commenters
supported this condition, while another
urged us to consider how such
limitation may inadvertently restrict
access to these tools. A commenter
posited that it is not feasible for a VBE
participant to determine the likelihood
of diversion and proposed instead
limitations on categories of tools and
supports that are likely to be abused,
such as cell phones. The commenter
suggested protection only for tools and
supports that are not likely to be abused
or those likely to improve health, such
as helmets, car seats, and medication
lockboxes.
Response: We agree with the
commenter who questioned the
feasibility of a VBE participant
determining the likelihood of diversion.
We are not finalizing this provision.
Other safeguards we are finalizing in
this safe harbor adequately address the
concern that a recipient of a tool or
support is receiving it for appropriate
purposes. For instance, the requirement
that a licensed health care professional
recommend the tool or support and that
it be directly connected to the
coordination and management of care
should mitigate the risk that a tool or
support is likely to be diverted or
resold. Similarly, the monetary cap, the
requirement that a tool or support
advance an enumerated goal, and the
restriction on marketing and patient
recruitment further limit the risk of
diversion or resale.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
r. Materials and Records
Summary of Final Rule: We proposed
at proposed paragraph 1001.952(hh)(6)
that VBE participants providing tools
and supports under this safe harbor
make available to the Secretary, upon
request, all materials and records
sufficient to establish that the tool or
support was distributed in compliance
with the conditions of the safe harbor.
We noted that we were considering a
requirement that VBE participants retain
materials and records sufficient to
establish compliance with the safe
harbor for a set period of time, such as
6 or 10 years. We did not propose
specific parameters regarding the
creation or maintenance of
documentation in order to allow for
flexibility. We solicited comments on
several alternative safeguards.
Summary of Final Rule: We are
finalizing, with modification, a
requirement at paragraph
1001.952(hh)(7) that materials and
records sufficient to establish
compliance with the safe harbor be
made available to the Secretary,
including that those records be kept for
a period of at least 6 years.
Comment: One commenter stated that
a rigid documentation requirement
would make clinicians hesitant to use
the safe harbor. Another commenter
questioned the need for the proposed
condition, noting that such
documentation is already part of the
existing compliance programs. The
same commenter further questioned
whether OIG would bring an
investigation or pursue a Federal antikickback case based solely on the failure
to satisfy a documentation requirement
rather than underlying substantive
safeguards. A commenter found
documentation—particularly regarding
the goals proposed at paragraph
1001.952(hh)(3)(vii)—to be excessive or
impractical. Another commenter
suggested that it would be appropriate
for offerors to retain documentation
under this condition for a period of 6
years.
Response: We disagree with the
characterization of this documentation
requirement as rigid. The condition
does not require a signed writing in
advance of the provision of tools and
supports to a patient, nor does it
propose any specific parameters on the
type or form of documentation. It
simply requires that parties make
available, on request, documentation
sufficient to show that tools or supports
were provided in accordance with the
safe harbor’s conditions. Safe harbors
offer voluntary protection from liability
under the Federal anti-kickback statute
PO 00000
Frm 00126
Fmt 4701
Sfmt 4700
for specified arrangements, and no
entity or individual is required to fit
within a safe harbor. Failure to fit
within a safe harbor does not mean a
party has violated—or even
implicated—the Federal anti-kickback
statute; it simply means the party may
not look to the safe harbor for protection
for that arrangement. It would be
prudent for any party relying on a safe
harbor to protect certain arrangements
to document compliance with that safe
harbor in some form. For purposes of
this safe harbor, we are requiring VBE
participants to retain relevant
documentation for a minimum of 6
years. This retention period was
recommended by a number of
commenters and it is consistent with the
retention period required by the valuebased safe harbors finalized in this rule.
In addition, because a 6-year retention
requirement is already present in
several existing CMS regulations, we
expect that many parties are familiar
with this retention period and that the
maintenance of records is part of their
routine business practices.
s. Notice to Patients
Summary of OIG Proposed Rule: We
solicited comments on whether to
require the VBE to provide a patient
receiving a tool or support with written
notice identifying the VBE participant
and describing the nature and purpose
of the tool or support.
Summary of Final Rule: We are not
finalizing this requirement.
Comment: A commenter suggested
that verbal, not written, notice should
suffice. Another commenter stated that
if such notice is required, OIG should
develop consumer-tested templates to
convey the information in an objective,
easily understood way that will not
mislead beneficiaries or create false
expectations or reliance on protected
tools and supports. Another commenter
objected to any notice requirement as
burdensome and questioned whether
OIG would use investigative resources
based on a claim of deficient notice.
Response: We are not finalizing this
requirement. We believe that the
appropriate time for the patient to
understand the purpose of the tool or
support is at the time a licensed health
care professional is recommending it for
the individual patient. While we are not
requiring any formal notice to a patient
in this final rule, we expect providers
will naturally communicate the purpose
of the tool or support to the patient at
the time it is recommended in
furtherance of the coordination and
management of care.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
t. Other Comments
Comment: A commenter asked OIG to
clarify that its proposed rule does not
mean that certain existing or
hypothetical practices involving tools
and supports to beneficiaries implicate,
or constitute violations of, the Federal
anti-kickback statute, such as certain
group education or certain types of gift
cards. Other commenters requested that
OIG clarify, in the context of valuebased arrangements or otherwise, that
the safe harbor protects remote
physiologic monitoring tools and
services at no or low cost, and
furthermore that providing access to
software-based platforms for patientgenerated health data analytics or
telemedicine at no or low cost does not
violate the Federal anti-kickback statute.
Response: We decline to provide
further guidance related to the various
comments summarized above because
any analysis of whether any of the
various practices and conduct implicate
the Federal anti-kickback statute or
would be protected by this safe harbor
would depend on the facts and
circumstances specific to the practice or
conduct. We note, however, that the
provision of at least some of the tools
and supports described above (e.g., tools
that facilitate remote monitoring) could
be protected by this safe harbor. Parties
may seek an OIG advisory opinion for
a determination regarding a proposed or
existing arrangement.
Comment: A commenter requested
clarification regarding the intersection
of the proposed safe harbor and the
existing safe harbors or exceptions to
the definition of ‘‘remuneration’’ under
the Beneficiary Inducement CMP.
Another commenter asked whether an
entity is precluded from using the socalled ‘‘promotes access to care
exception’’ 80 if it becomes a VBE.
Furthermore, the commenters asked
whether an entity that is a VBE can use
both the new safe harbor and the
existing exception with the same
patients. A commenter asked that we
adopt a CMP exception corresponding
to the patient engagement and support
safe harbor.
Response: The Federal anti-kickback
statute and Beneficiary Inducements
CMP are separate statutes with separate
safe harbors and exceptions,
respectively. Any remuneration
implicating the Federal anti-kickback
statute need only satisfy one safe harbor
to be protected under the statute.
Similarly, any remuneration implicating
the Beneficiary Inducements CMP need
only satisfy one exception under that
80 Section 1128A(i)(6)(F) of the Act; 42 CFR
1003.110.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
statute to be protected. As a matter of
law, arrangements that fit in an antikickback safe harbor are also protected
under the Beneficiary Inducements
CMP.81 This means that the final safe
harbor for patient engagement and
support offers protection under the
Beneficiary Inducements CMP as well as
the Federal anti-kickback statute. The
converse is not true, however.
Arrangements that fit in an exception to
the Beneficiary Inducements CMP are
not automatically protected under the
anti-kickback safe harbor. A party that is
a VBE participant can use any exception
under the Beneficiary Inducements CMP
for which its arrangement qualifies. In
some cases, an arrangement that does
not fit in the new safe harbor for patient
engagement and support might qualify
for protection under the ‘‘promotes
access to care exception’’ or another
CMP exception; this protection would
not apply to the anti-kickback statute.
Comment: A commenter noted that
this safe harbor does not have a
corresponding exception under the
physician self-referral law.
Response: The commenter is correct.
The physician self-referral law, section
1877 of the Act, does not prohibit
remuneration exchanged between
physicians or entities and patients, so a
corresponding exception would not be
necessary.
7. CMS-Sponsored Model Arrangements
and CMS-Sponsored Model Patient
Incentives (42 CFR 1001.952(ii))
Summary of OIG Proposed Rule: We
proposed to create a new safe harbor at
paragraph 1001.952(ii) to: (i) Permit
remuneration between and among
parties to arrangements (e.g.,
distribution of capitated payments,
shared savings or losses distributions)
under a model or other initiative being
tested or expanded by the Innovation
Center under section 1115A of the Act
or under the Medicare Shared Savings
Program under section 1899 of the Act
(collectively ‘‘CMS-sponsored models’’);
and (ii) permit remuneration in the form
of incentives provided by CMSsponsored model participants and their
agents under a CMS-sponsored model to
patients covered by the CMS-sponsored
model. We proposed certain additional
conditions, including a requirement that
patient incentives have a direct
connection to the patient’s health care.
Summary of Final Rule: We are
finalizing, with modifications, the safe
harbor as proposed at paragraph
81 A practice permissible under the Federal antikickback statute, whether through statutory
exception or regulations issued by the Secretary, is
also excepted from the Beneficiary Inducements
CMP. Section 1128A(i)(6)(B) of the Act.
PO 00000
Frm 00127
Fmt 4701
Sfmt 4700
77809
1001.952(ii). We are revising the
introductory text of paragraphs
1001.952(ii)(1) and (2) to clarify that
CMS determines the specific types of
financial arrangements and incentives to
which safe harbor protection will apply;
safe harbor protection will not
necessarily apply to every possible
financial arrangement or incentive that
CMS-sponsored model parties may wish
to implement as they participate in the
Medicare Shared Savings Program or an
Innovation Center model. We are
finalizing without substantive change
the remainder of proposed paragraph
1001.952(ii)(1) regarding the conditions
for safe harbor protection of financial
arrangements under a CMS-sponsored
model.
We are finalizing with some
modification the conditions for safe
harbor protection of CMS-sponsored
model patient incentives at paragraph
1001.952(ii)(2). First, this final rule
specifies at paragraph 1001.952(ii)(2)(ii)
that the patient incentive must have a
direct connection to the patient’s health
care unless the participation
documentation expressly specifies a
different standard, in which case that
standard must be met. Second, as
explained more fully below, we are
moving certain language from the
proposed definition of ‘‘CMS-sponsored
model patient incentive’’ in paragraph
1001.952(ii)(3) to the conditions of safe
harbor protection in paragraph
1001.952(ii)(2). Third, we are modifying
the safe harbor to provide at paragraph
1001.952(ii)(2)(iii) that an individual
other than the CMS-sponsored model
participant or its agent may furnish an
incentive to a patient under a CMSsponsored model if that is specified by
the participation documentation.
Finally, we are relocating the general
substance of the provision that permits
patients to retain incentives they
received under the CMS-sponsored
model from paragraph 1001.952(ii)(2)(v)
to new paragraph 1001.952(ii)(4)(iii).
We are finalizing the safe harbor
definitions at paragraph 1001.952(ii)(3)
largely as proposed. As noted above, we
are relocating a portion of the definition
of ‘‘CMS-sponsored model patient
incentive’’ to the conditions of safe
harbor protection in paragraph
1001.952(ii)(2). In addition, we are
clarifying the definition of ‘‘CMSsponsored model arrangement’’ to refer
to ‘‘a financial arrangement,’’ which is
consistent with our discussion of the
definition in the OIG Proposed Rule.82
Last, we made two minor technical
82 84
E:\FR\FM\02DER3.SGM
FR 55731 (Oct. 17, 2019).
02DER3
77810
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
revisions to the definition of ‘‘CMSsponsored model party.’’
We are addressing the duration of safe
harbor protection at new paragraph
1001.952(ii)(4). We are making a
technical edit to the introductory
language in proposed paragraph
1001.952(ii)(2) to replace the phrase ‘‘if
all of the conditions of paragraph
(ii)(2)(i) through (v) are met of this
section’’ with ‘‘if all of the following
conditions are met.’’
Modifications to the scope of the safe
harbor, conditions of protection, and its
duration are summarized and explained
in the preamble sections that follow.
a. General Comments
Comment: We received several
comments that generally supported
finalizing a safe harbor for CMSsponsored models and agreed with the
goals set forth in the OIG Proposed Rule.
For example, a commenter posited that
the safe harbor could encourage greater
voluntary participation in new CMSsponsored models. Commenters also
expressed support for a simplified and
standardized approach rather than
disparate OIG waivers, with tailored
conditions, for CMS-sponsored models.
Some commenters expressed concern
about the impact of any safe harbor on
existing waivers of the fraud and abuse
laws issued by OIG that currently apply
to CMS-sponsored models, and about
our ability or willingness to issue future
waivers. For example, a commenter
noted that there are benefits to modelspecific waivers that may not be
realized in a safe harbor.
Response: A goal of this safe harbor is
to provide uniformity and predictability
for those participating in CMSsponsored models, which are testing
innovations to improve quality and
lower cost. As we stated in the OIG
Proposed Rule, this safe harbor does not
supersede OIG’s existing fraud and
abuse waivers for CMS-sponsored
models. Existing model waivers will
continue in effect in accordance with
the waiver terms. A CMS-sponsored
model party may structure arrangements
that might otherwise implicate the
Federal anti-kickback statute,
Beneficiary Inducements CMP, or both
to meet the terms of an applicable fraud
and abuse waiver or any applicable safe
harbor. In addition, the promulgation of
this safe harbor does not preclude OIG
from issuing model-specific waivers in
the future. We note, however, that we
would expect OIG’s issuance of modelspecific waivers in the future to be
infrequent. We expect that model
participants in new CMS-sponsored
models will be able to use this new safe
harbor.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
b. Scope of the Safe Harbor and
Definitions
Summary of OIG Proposed Rule: We
proposed to create a new safe harbor at
paragraph 1001.952(ii) to protect certain
financial arrangements and patient
incentives related to the Medicare
Shared Savings Program under section
1899 of the Act and models established
and tested by CMS under section 1115A
of the Act. At proposed paragraph
1001.952(ii)(3), we proposed to define
the following terms that shape the scope
of the safe harbor: ‘‘CMS-sponsored
model, ‘‘CMS-sponsored model
arrangement,’’ ‘‘CMS-sponsored model
participant,’’ ‘‘CMS-sponsored model
party,’’ ‘‘CMS-sponsored model patient
incentive,’’ and ‘‘participation
documentation.’’
Summary of Final Rule: We are
finalizing, with modifications, the
defined terms. We have modified the
definition of ‘‘participation
documentation’’ by removing the phrase
‘‘is currently in effect.’’ This phrase is
unnecessary in the context of a
definition. Temporal language is more
appropriate in the new paragraph
1001.952(ii)(4) that specifies the
duration of safe harbor protection. In
addition, we have modified the
definition of ‘‘participation
documentation’’ by replacing the
reference to ‘‘cooperative agreement’’
with the phrase ‘‘legal instrument
setting forth the terms and conditions of
a grant or cooperative agreement.’’ The
purpose of this change is to
accommodate future CMS-sponsored
models that may be implemented by a
type of grant that is not a cooperative
agreement and to accurately
characterize the relevant documentation
for such forms of Federal funding.
Comment: We received several
comments recommending that we
expand the safe harbor beyond ‘‘CMSsponsored models,’’ as we proposed to
define that term. For example, some
commenters requested protection for
arrangements and patient incentives
related to other waivers,
demonstrations, value-based
arrangements, and commercial payors
such as: (i) Arrangements under State
Innovation Waivers granted pursuant to
section 1332 of the Affordable Care Act;
(ii) arrangements involving
commercially insured patients that
operate ‘‘alongside’’ an arrangement
related to the CMS-sponsored model if
the commercial arrangement is identical
in all respects to the CMS-sponsored
model arrangement; (iii) arrangements
needed to support CMS-approved
Medicaid Alternative Payment Models
and delivery system initiatives; (iv)
PO 00000
Frm 00128
Fmt 4701
Sfmt 4700
arrangements established in the
Medicare Physician Fee Schedule and
Merit-based Incentive Payment System
(MIPS); and (v) arrangements between
organizations participating in any CMSled or CMS-supported demonstration
authorized by statute.
Some commenters also sought to have
the safe harbor protect tools and
supports furnished to patients who are:
(i) Approved by CMS through a
Medicaid section 1115 waiver; (ii)
approved by CMS as a State Plan
Amendment; or (iii) allowed through
Supplemental Benefit for Chronically Ill
Enrollees in the Medicare Advantage
program. Another commenter
recommended that the safe harbor
protect arrangements under any model
where the Secretary has sufficient
authority to waive the Federal fraud and
abuse laws.
In contrast, we received support for
limiting the scope of protection to what
we set forth in the OIG Proposed Rule,
with some commenters opposing
broadening the safe harbor to protect
remuneration for models or
demonstrations under other sections of
the Act. For example, a commenter
opposed broadening the scope of the
safe harbor, suggesting that it is
appropriate for the Federal antikickback statute to serve as ‘‘backstop.’’
Response: We have carefully
considered the comments requesting
expansion of this safe harbor beyond
CMS-sponsored models, as that term is
as defined in the OIG Proposed Rule.
We are finalizing the scope of the safe
harbor as proposed. This safe harbor is
designed to work in tandem with the
Innovation Center’s models under
section 1115A of the Act and the
Medicare Shared Savings Program
under section 1899 of the Act. It permits
a certain amount of flexibility, which is
sufficiently low risk because CMS
includes program integrity safeguards in
the Medicare Shared Savings Program
and the Innovation Center models.
There may be variation in program
integrity safeguards and oversight in
other initiatives, even if the authorizing
statute permits the waiver of fraud and
abuse laws.
We are tailoring the scope of the safe
harbor to include the Medicare Shared
Savings Program under section 1899 of
the Act and models established and
tested by CMS under sections 1115A
and of the Act. Both the Medicare
Shared Savings Program and Innovation
Center models are: (i) Designed to
coordinate and redesign care; and (ii)
contain program integrity oversight and
safeguards. In addition, the Innovation
Center oversees the development,
testing, and monitoring of models.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Furthermore, CMS-sponsored model
participants may undergo certain
screening to participate in a model or
the Medicare Shared Savings Program
and may be subject to documentation
and reporting requirements to promote
transparency in the model or program.
This level of CMS involvement and
oversight may not be present in many of
the programs, waivers, and
demonstrations cited by the
commenters. To the extent that the
Department has the authority to issue
fraud and abuse waivers for the
Medicare Shared Savings Program or
Innovation Center models, the issuance
of any such waivers remains an option
to protect certain arrangements in those
programs. In addition, other safe harbors
may protect many arrangements that
may otherwise implicate the Federal
anti-kickback statute and Beneficiary
Inducements CMP, and that participants
in the types of programs described
above may desire to implement.
Comment: A commenter asked that
this safe harbor protect a broad range of
incentives given to patients such as
transportation, nutrition support, home
monitoring technology, and gift cards.
Response: This safe harbor protects
patient incentives for which CMS has
determined that this safe harbor is
available. Thus, CMS defines in the
participation documentation the scope
of the model or program and the
arrangements or incentives permitted
under the model or program. Depending
on the particular CMS-sponsored
model’s parameters, the safe harbor
could protect a broad range of
incentives, including those cited by the
commenter. If the CMS-sponsored
model prohibits a particular type of
incentive, then it would not be
protected by this safe harbor. Similarly,
we note that CMS defines which entities
may provide an incentive. For example,
if the CMS-sponsored model is a Statebased model where the State or State
Medicaid agency implements the model
through care-delivery partners in a
State, the Innovation Center may
expressly specify that such State
partners may provide CMS-sponsored
model patient incentives under the
model on behalf of the State.
We are modifying the proposed
definition of ‘‘CMS-sponsored model
patient incentive’’ at paragraph
1001.952(ii)(3)(v) for simplicity and to
consolidate at paragraph 1001.952(ii)(2)
language regarding the conditions of
safe harbor protection.
We proposed to define ‘‘CMSsponsored model patient incentive’’ to
mean remuneration not of a type
prohibited by the participation
documentation and is furnished
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
consistent with the CMS-sponsored
model by a CMS-sponsored model
participant (or by an agent of the CMSsponsored model participant under the
CMS-sponsored model participant’s
direction and control) directly to a
patient under the CMS-sponsored
model. We are moving the phrase
‘‘furnished consistent with the CMSsponsored model’’ to paragraph
1001.952(2)(v), and we are moving the
requirement regarding who may furnish
the patient incentive to paragraph
1001.952(2)(iii). We are relocating the
language so it will appear where the
other conditions for patient incentives
are enumerated under paragraph
1001.952(ii)(2), rather than including
these requirements within the definition
of ‘‘CMS-sponsored model patient
incentive.’’ We do not intend for this to
be a substantive change.
Comment: A commenter
recommended expanding the safe
harbor to include incentives given to
patients who the CMS-sponsored model
participant believes in good faith are
covered, or within a reasonable period
will be covered, by a CMS-sponsored
model. The commenter noted as an
example that the Comprehensive ESRD
Care Model has shown that 120 or more
days may elapse between the time when
a Medicare beneficiary commences
dialysis treatment and the time by
which the ESRD Seamless Care
Organization receives confirmation of
beneficiary alignment.
Response: As with the scope of
permissible types of incentives, the
Innovation Center defines the scope of
patients who may be eligible to receive
such incentives. We recognize that,
depending on how the Innovation
Center has designed the model, a CMSsponsored model participant may not
know exactly which beneficiaries are in
the model or aligned to the model
participant at the time the beneficiary
could benefit from a patient incentive.
By definition, a ‘‘CMS-sponsored model
patient incentive’’ is remuneration that
is not of a type that is prohibited by the
participation documentation. Also, as a
condition of safe harbor protection, the
incentive must be furnished consistent
with the CMS-sponsored model. To the
extent that the Innovation Center
intends for incentives to be furnished
before any beneficiary alignment is
finalized, and the participation
documentation or programmatic
requirements do not prohibit such
incentives, an incentive given before
final alignment could still meet the
condition set forth in paragraph
1001.952(ii)(2)(v) and qualify for safe
harbor protection if all other terms of
the safe harbor are met.
PO 00000
Frm 00129
Fmt 4701
Sfmt 4700
77811
Comment: A commenter noted that
we proposed to define ‘‘CMS-sponsored
model’’ to include a model expanded
under section 1115A(c) of the Act and
requested further clarity on how this
safe harbor would apply to ‘‘Phase II’’
testing of an Innovation Center model.
The commenter noted that risks and
benefits of financial arrangements and
patient incentives under a model may
change within a given model’s design
due to a change in scope.
Response: The safe harbor would
protect arrangements and incentives
consistent with the CMS-sponsored
model regardless of the model’s phase of
testing. We agree with the commenter
that risks and benefits of financial
arrangements and patient incentives
under such models may change, but the
Innovation Center would continue to set
the parameters of what is being tested.
If a CMS-sponsored model participant’s
arrangements or incentives meet the
terms of the safe harbor, which
incorporates elements of the model
design, then the arrangements or
incentives would be protected.
c. Conditions for Safe Harbor Protection
Summary of OIG Proposed Rule: We
proposed safeguards to ensure that
arrangements protected by this safe
harbor operate as intended by CMS,
including requirements that: The
remuneration not induce the furnishing
of medically unnecessary services or
reduce or limit medically necessary care
(proposed at paragraph
1001.952(ii)(1)(ii)); the remuneration not
induce referrals of patients outside the
CMS-sponsored model (proposed at
paragraph 1001.952(ii)(1)(iii)); the
parties make materials and records
available to the Secretary upon request
(proposed at paragraphs
1001.952(ii)(1)(v) and
1001.952(ii)(2)(iii)); the parties satisfy
programmatic requirements imposed by
CMS (proposed at paragraphs
1001.952(ii)(1)(vi) and
1001.952(ii)(2)(iv)); and a patient
incentive offered under the safe harbor
have a direct connection to patient care
(proposed at paragraph
1001.952(ii)(2)(ii)).
Summary of Final Rule: We are
finalizing, with modifications, the
conditions of this safe harbor.
Specifically, paragraph
1001.952(ii)(2)(ii) is finalized with a
modification to provide that the CMSsponsored model patient incentive must
have a direct connection to the patient’s
health care, unless the participation
documentation specifies a different
standard. We are liberalizing and
relocating to paragraph
1001.952(ii)(2)(iii) language regarding
E:\FR\FM\02DER3.SGM
02DER3
77812
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
who may furnish a CMS-sponsored
model patient incentive. Specifically, a
CMS-sponsored model patient incentive
must be furnished by a CMS-sponsored
model participant (or by an agent of the
CMS-sponsored model participant
under the CMS-sponsored model
participant’s direction and control),
unless otherwise specified by the
participation documentation. We also
are moving to paragraph
1001.952(ii)(2)(v) the proposed language
specifying that a CMS-sponsored model
patient incentive must be ‘‘furnished
consistent with the CMS-sponsored
model.’’ As proposed, the relocated
provisions were essentially conditions
of safe harbor protection. To improve
the clarity of the final rule, we are
moving the provisions to appear with
the other conditions for protecting CMSsponsored model patient incentives.
Comment: A commenter suggested
that safe harbor protection should apply
as long as the remuneration at issue
meets all programmatic requirements
and the terms of the model participation
agreements or other participation
documentation. The commenter
expressed concern that incorporating
additional substantive requirements in
the safe harbor beyond the model’s
contractual and programmatic
requirements could: (i) Limit the ability
to tailor program integrity requirements
for specific models; and (ii) potentially
lead to inconsistent or conflicting
formulations of similar concepts such as
between the safe harbor and the model’s
contractual and programmatic
requirements. The commenter
illustrated this concern by explaining
that the Innovation Center may test a
model that allows for the provision of
patient incentives that have no direct
connection to the patient’s health care
and instead includes a different
safeguard. Another commenter, while
supporting the all-encompassing
approach to the safe harbor, stated that
the specific requirements regarding
protected parties are redundant because
they are already currently embedded
within most of the Innovation Center
model participation requirements.
Another commenter urged OIG to look
carefully at the safe harbor conditions
and modify any conditions that impose
an undue burden or that are unclear.
Response: We appreciate the desire to
streamline the safe harbor’s conditions
as much as possible. However, if we
were to add a condition requiring
satisfaction of all programmatic
requirements and all terms of the model
participation agreements and other
participation documentation to ensure
safe harbor protection, then some
arrangements or incentives might not be
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
protected due to potentially inadvertent
failures to satisfy model requirements
that may not bear on the particular
financial arrangement or patient
incentive. We recognize that
implementing a safe harbor rather than
continuing with model-by-model fraud
and abuse waivers may result in an
approach less tailored to the specific
model. Similarly, in an effort to
encompass an array of possible models,
we may have introduced some
redundancy through defined terms or
safe harbor conditions that also could
appear in programmatic requirements
for a particular CMS-sponsored model.
However, we believe the benefits of
having a safe harbor available that
provides consistency and certainty to
parties considering participation in a
CMS-sponsored model outweigh the
concerns related to any possible
redundancy.
The conditions we are finalizing
generally either rely on parameters CMS
will specify as part of the CMSsponsored model or address important
program integrity concerns and
resemble conditions previously
included in model-specific waivers (e.g.,
the condition prohibiting parties from
offering, paying, soliciting, or receiving
remuneration in return for, or to induce
or reward, any Federal health care
program referrals or other Federal health
care program business generated outside
of the CMS-sponsored model). CMS
defines the parameters of the model,
which includes the types of financial
arrangements and incentives that could
receive safe harbor protection. Finally,
as we noted in the OIG Proposed Rule,
the condition requiring that the patient
incentive have a direct connection to
the patient’s health care is consistent
with the design of all CMS-sponsored
models contemplated as part of this safe
harbor.
However, to provide additional
flexibility for the Innovation Center to
design future models and in response to
commenters, we are modifying the
condition such that CMS may specify in
the participation documentation a
standard other than ‘‘direct connection
to the patient’s health care.’’ If CMS
does not specify a particular standard
that would contrast with a ‘‘direct
connection to the patient’s health care,’’
then this standard remains. In other
words, if CMS does not specify any
particular standard to which the
incentive must relate, then the standard
is that it must directly relate to the
patient’s health care. If, for example, a
CMS-sponsored model permitted
incentives related to social determinants
that might not ‘‘directly’’ relate to a
patient’s health, and the participation
PO 00000
Frm 00130
Fmt 4701
Sfmt 4700
documentation specified that the
incentive must bear a ‘‘reasonable’’
connection to the patient’s health, then
compliance with the ‘‘reasonable
connection’’ standard would satisfy the
safe harbor condition.
As we stated in the OIG Proposed
Rule, to reduce administrative burden,
parties under a CMS-sponsored model
would have flexibility to determine
which type of documentation would
best memorialize the arrangement such
that they could demonstrate safe harbor
compliance, including through a
collection of documents as opposed to
one agreement.83
Comment: A commenter expressed
concern that the safe harbor condition
requiring an arrangement to satisfy
‘‘other programmatic requirements’’
would leave the protection for these
arrangements significantly uncertain.
Response: The regulatory text that we
proposed and are finalizing requires that
the CMS-sponsored model participant
satisfies (or CMS-sponsored model
parties satisfy) such programmatic
requirements as may be imposed by
CMS in connection with the use of this
safe harbor. The phrase ‘‘other
programmatic requirements’’ appeared
in the preamble of the OIG Proposed
Rule 84 and needed to be considered in
the context of the totality of the
condition. The programmatic
requirements that parties would have to
satisfy to qualify for safe harbor
protection would be set out in the CMSsponsored model’s participation
documentation or would be otherwise
publicly available. Therefore, we
disagree with the commenter that the
protection would be uncertain, since
any programmatic requirements
specified by the Innovation Center and
incorporated into the safe harbor by
reference in this condition would be in
participation documentation or
otherwise would be publicly available.
Comment: A commenter
recommended that OIG specify that the
safe harbor is automatically applicable
to CMS-sponsored models absent any
affirmative exclusion of a CMSsponsored model from protection by the
safe harbor by OIG, rather than requiring
the Innovation Center to specify that the
safe harbor applies to a particular
model.
Response: We did not propose and are
not adopting this recommendation
because safe harbor protection may not
be necessary to test all models or for
every arrangement within a model that
the Innovation Center may test under
section 1115A of the Act. This approach
83 84
FR 55732 (Oct. 17, 2019).
84 Id.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
allows the Innovation Center to evaluate
each model and determine whether
waivers are necessary for parties to enter
into certain arrangements to effectuate
the purposes of the particular model.
CMS has broad authority to develop and
define the Innovation Center models,
what the models are testing, and the
scope of participation in the models. It
is important, therefore, that CMS
affirmatively state that the safe harbor
would be available for specific CMSsponsored model arrangements and
CMS-sponsored model patient
incentives within a particular model or
initiative. As we stated in the OIG
Proposed Rule, CMS would determine
whether the safe harbor protection
would be available for arrangements or
patient incentives under the particular
CMS-sponsored model.85 We also
explained that we would expect CMS to
notify CMS-sponsored model
participants, through participation
documentation, or other public means
as determined by CMS, when CMSsponsored model participants may use
this safe harbor under a CMS-sponsored
model.86 To ensure that it is clear that
CMS determines the arrangements or
incentives (and not just the models, in
general) for which safe harbor
protection is available, this final rule
makes a technical correction to the
proposed regulatory text to remove ‘‘in
a model’’ in paragraph 1001.952(ii)(1)
and ‘‘under a model’’ in paragraph
1001.952(ii)(2).
Because this safe harbor was not
available when existing models began,
we recognize that the applicable
participation documentation would not
affirmatively reference that this safe
harbor is available for particular
arrangements or incentives as required
by paragraphs 1001.952(ii)(1) and (2).
Consequently, we clarify that for the
Medicare Shared Savings Program and
any existing model that has a fraud and
abuse waiver issued by OIG, CMS may
determine that this safe harbor is
available for specific CMS-sponsored
model arrangements and CMSsponsored model patient incentives that
began prior to issuance of this final rule.
To do so, CMS would at its discretion
issue a public notice or notice to
individual CMS-sponsored model
participants that such parties can seek
protection for such arrangements under
this safe harbor as of the effective date
of that notice. For example, if a
particular CMS-sponsored model has a
waiver for patient engagement
incentives, the parties may rely either
on the fraud and abuse waiver or,
85 84
FR 55731 (Oct. 17, 2019).
86 Id.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
following notice from CMS that this safe
harbor may be available for protection of
future incentives, this safe harbor
provided all of the waiver’s or safe
harbor’s conditions, as applicable, are
met.
d. Duration
Summary of OIG Proposed Rule: We
proposed that the duration of safe
harbor protection would align with the
duration of the participation
documentation under a CMS-sponsored
model, including a period of time after
that model ends to allow for
reconciliation.87 We indicated that we
might finalize one or a combination of
the following options: (i) Terminating
protection after the end of the
performance period or within a certain
time period after the end of a
performance period; (ii) terminating
protection upon termination of the
CMS-sponsored model participation
documentation or within a certain
period of time after that; and (iii)
terminating protection after the last
payment or exchange of anything of
value made by a CMS-sponsored model
party under a CMS-sponsored model
occurs, even if the model has otherwise
terminated. We also solicited comments
on whether a CMS-sponsored model
participant should be able to continue to
provide the outstanding portion of any
service to a patient if the service was
initiated before its participation
documentation terminated or expired.
Summary of Final Rule: We are
adding a new paragraph 1001.952(ii)(4)
that specifies timeframes for when safe
harbor protection begins and ends. The
details of each timeframe are explained
in greater detail below.
Comment: While generally agreeing
with our proposal that most safe harbor
protections should end at the
conclusion of the model, a commenter
suggested that there are some instances
when OIG should consider extended
safe harbor protection for CMSsponsored model patient incentives. For
example, a commenter recommended
that OIG continue safe harbor protection
if ceasing protection would affect
continuity of care for patients or if the
protected incentives promoted positive
outcomes for the patient. Similarly,
another commenter recommended that
patients be allowed to retain any
incentives received prior to the
87 Specifically, the OIG Proposed Rule stated that
the ‘‘safe harbor would protect the last payment or
exchange of value made by or received by a CMSsponsored model party following the final
performance period that the CMS-sponsored model
participant that is a party to the arrangement
participates in the CMS-sponsored model.’’ 84 FR
55733 (Oct. 17, 2019).
PO 00000
Frm 00131
Fmt 4701
Sfmt 4700
77813
termination or expiration of the
participation documentation of the
CMS-sponsored model participant.
Furthermore, the commenter also
recommended protecting participants
who continue to provide the same
service to a patient for a terminated
model if the service was initiated before
the model was terminated or expired.
Response: We agree with commenters,
in part. The proposed regulatory text at
paragraph 1001.952(ii)(2)(v) stated that
patients would be permitted to retain
any incentives received prior to the
termination or expiration of the
participation documentation of the
CMS-sponsored model participant. We
are finalizing that proposed provision in
this final rule, but it is now included in
paragraph 1001.952(ii)(4)(iii).
We also agree that there are
circumstances where it may be
appropriate to continue protection for
patient incentives given after the date
on which the model concludes.
However, this safe harbor protects only
patient incentives that are furnished
consistent with the CMS-sponsored
model. In the OIG fraud and abuse
waiver context, we have protected
patient incentives that continued past
expiration or termination of an
agreement for a certain period of time.
For example, in connection with the
Bundled Payments for Care
Improvement (BPCI) Advanced Model,
we indicated that the waiver for
beneficiary incentives would continue
to apply for patients who were in a
‘‘clinical episode’’ that began during an
‘‘Agreement Performance Period,’’ as
those terms were defined in the
Participation Agreement for that
particular model, recognizing that the
clinical episode might not conclude
before the end of the Agreement
Performance Period.88 However, not all
models may be tied to particular clinical
episodes. If a model ends, or a particular
CMS-sponsored model participant’s
participation documentation terminates,
the safe harbor would not protect
patient incentives indefinitely, even if
the incentive benefits or improves
outcomes for a particular patient. More
specifically, we are providing at new
paragraph 1001.952(ii)(4)(iii) that safe
harbor protection would continue for
incentives given on or after the first day
on which patient care services may be
furnished under the CMS-sponsored
model as specified by CMS in the
88 See Notice of Amended Waivers of Certain
Fraud and Abuse Laws in Connection With the
Bundled Payments for Care Improvement Advanced
Model (Jan. 1, 2020), available at https://
www.cms.gov/files/document/notice-amendedwaivers-certain-fraud-and-abuse-laws-connectionbundled-payments-care-improvement.pdf.
E:\FR\FM\02DER3.SGM
02DER3
77814
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
participation documentation and no
later than the last day on which patient
care services may be furnished under
the CMS-sponsored model, unless a
different timeframe is established in the
participation documentation (e.g., a
clinical episode if such a concept is
incorporated into a model). Thus, if the
participation documentation expressly
specifies a period of time beyond the
end of a final performance period or
other termination event during which a
CMS-sponsored model patient incentive
may be given, then that incentive would
be protected during that extended
timeframe, assuming all other safe
harbor conditions are met. If the
participation documentation does not
specify an extended timeframe, then
this safe harbor protects only incentives
furnished until the last day on which
patient care services may be furnished
under the CMS-sponsored model (e.g.,
the last day of the final performance
period). In addition, for clarity, we are
specifying that protection for CMSsponsored model patient incentives
begins on or after the first day on which
patient care services may be furnished
under the CMS-sponsored model as
specified by CMS in the participation
documentation. In general, this would
be the first day of the first performance
period during the model.
This approach is generally consistent
with timeframes incorporated into fraud
and abuse waivers for existing models.
We further note that some arrangements
that cease to meet the requirements of
this safe harbor could be structured to
fit into the safe harbor for patient
engagement and support at paragraph
1001.952(hh).
Comment: With respect to CMSsponsored model arrangements, a
commenter recommended that the safe
harbor protect the last payment or
exchange of value made or received by
a CMS-sponsored model party following
the final performance period in which
the CMS-sponsored model participant
that is a party to the arrangement
participates, even if the model has
otherwise terminated.
Response: We agree, and it was our
intent in the OIG Proposed Rule that the
safe harbor protect remuneration
exchanged pursuant to CMS-sponsored
model arrangements for a limited period
of time after the CMS-sponsored model
expires or is terminated to allow for
necessary reconciliation. We are
addressing the duration of safe harbor
protection in new paragraph
1001.952(ii)(4), which provides greater
clarity than addressing the issue in
certain defined terms. We address both
the start date and end date for
protection in a manner that aligns with
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
the particular CMS-sponsored model.
The start or end date for protection may
differ depending on whether the CMSsponsored model is governed by
participation documentation in the form
of a legal instrument setting forth the
terms and conditions of a grant or a
cooperative agreement. For
remuneration provided in connection
with arrangements under a CMSsponsored model governed by
participation documentation other than
a legal instrument setting forth the terms
and conditions of a grant or cooperative
agreement, the safe harbor protects the
exchange of remuneration between
CMS-sponsored model parties that
occurs on or after the first day on which
services under the CMS-sponsored
model begin and no later than six
months after the final payment
determination made by CMS. The first
day on which services begin is often the
first day of the first performance period
of a model, which may be referred to in
the participation documentation as the
‘‘Start Date.’’ If a CMS-sponsored model
has an ‘‘implementation period’’
included in the participation
documentation, the first day on which
‘‘services under the CMS-sponsored
model begin’’ would be the first day of
the implementation period, unless
otherwise specified by CMS in the
participation documentation. For a
CMS-sponsored model governed by a
legal instrument setting forth the terms
and conditions of a grant or cooperative
agreement, the safe harbor protects the
exchange of remuneration between
CMS-sponsored model parties that
occurs on or after the first day of the
period of performance (as defined at 45
CFR 75.2), which is specified in the
Notice of Award, or such other date
specified in the participation
documentation and no later than six
months after closeout occurs pursuant
to 45 CFR 75.381.
We emphasize, however, that the safe
harbor protects only remuneration
between or among CMS-sponsored
model parties under a CMS-sponsored
model arrangement for which CMS has
determined that this safe harbor is
available, and that a ‘‘CMS-sponsored
model arrangement’’ includes only ‘‘a
financial arrangement between or
among CMS-sponsored model parties to
engage in activities under the CMSsponsored model . . . .’’ Therefore, the
safe harbor does not protect
remuneration exchanged between CMSsponsored model parties for activities
such as care coordination or other
patient-care activities that occur before
the model begins or beyond the
termination or expiration of the model.
PO 00000
Frm 00132
Fmt 4701
Sfmt 4700
Any such activities that are undertaken
after the model expires or is terminated
are not ‘‘activities under the model.’’ 89
Payment that is made within the
specified timeframe in paragraph
1001.952(ii)(4)(i) or (ii) for such services
that were completed prior to
termination or expiration of the final
model performance period can be
protected, similar to reconciliation
payments that would necessarily be
completed after expiration or
termination of the final model
performance period. In addition, CMS
may specify that no remuneration may
be exchanged after termination of the
participation documentation if a
participant is terminated from the CMSsponsored model for cause. Any such
remuneration would be prohibited by
the model and thus not protected by the
safe harbor. We also recognize that some
CMS-sponsored model participants
might want protection for certain
arrangements that begin before a model
starts (‘‘pre-participation’’). This safe
harbor protects only financial
arrangements among, and patient
incentives furnished by, parties
participating in the CMS-sponsored
model. Any pre-participation
arrangements not governed by
participation documentation (in contrast
to arrangements in an implementation
period that is part of a CMS-sponsored
model, as explained above) would need
to comply with existing law, including
another safe harbor, or CMS could
request a fraud and abuse waiver be
issued to cover activities in the preparticipation time period.
8. Cybersecurity Technology and
Related Services (42 CFR 1001.952(jj))
Summary of OIG Proposed Rule: We
proposed to establish a new safe harbor
at paragraph 1001.952(jj) to protect
nonmonetary donations of certain
cybersecurity technology and related
services to help improve the
cybersecurity posture of the health care
industry. We proposed to define
‘‘cybersecurity’’ as the process of
protecting information by preventing,
detecting, and responding to
cyberattacks, and we proposed to
include within the scope of covered
technology any software or other types
of information technology, other than
hardware. In an effort to foster
89 In contrast, some CMS-sponsored models may
require various administrative or analytical services
that can occur only after a model terminates or
expires (e.g., data or financial analysis, including
services related to the reconciliation process).
Remuneration related to those required activities,
which would be described in the participation
documentation, would be protected by this safe
harbor, if all conditions are met.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
beneficial cybersecurity donation
arrangements without permitting
arrangements that might negatively
impact beneficiaries or Federal health
care programs, we proposed a number of
conditions on cybersecurity donations
protected by the safe harbor. We also
included an alternative proposal to
protect donations of cybersecurity
hardware in more limited
circumstances. These proposals are
summarized in more detail in following
sections of this preamble.
Summary of Final Rule: We are
finalizing, with modifications, the safe
harbor at paragraph 1001.952(jj). The
modifications are summarized in more
detail in following sections. This safe
harbor will protect arrangements
intended to address the growing threat
of cyberattacks impacting the health
care ecosystem. In addition to software
and other types of information
technology, the final safe harbor will
protect certain cybersecurity hardware
donations that meet conditions in the
safe harbor. We are not finalizing our
alternative proposal to require parties to
conduct a risk assessment prior to
donating hardware.
a. General Comments
Comment: Most commenters generally
supported OIG’s proposed cybersecurity
technology and related services safe
harbor, with several commenters
supporting the safe harbor as proposed.
Some commenters highlighted that
patients and providers of all sizes
benefit when small and under-resourced
providers can better protect themselves
against cybersecurity threats. For
example, a commenter stated that the
safe harbor would significantly benefit
small and rural provider groups that
lack the required resources to install
needed cybersecurity measures. Another
commenter stated that four in five
physicians in the United States
currently have experienced some form
of cybersecurity attack compromising
patient privacy.90 According to a
commenter, with the growing cost of
cybersecurity software, it is essential
that stakeholders be able to donate
cybersecurity software to entities with
which they interact that may not be able
to afford the software. This commenter
highlighted the threat that infiltrated
data systems could lead to the
corruption of health records, while
another commenter explained that
patient safety is the most critical
90 See
Healthcare and Public Health Sector
Coordinating Councils, Health Industry
Cybersecurity Practices: Managing Threats and
Protecting Patients, available at https://
www.phe.gov/Preparedness/planning/405d/
Documents/HICP-Main-508.pdf.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
concern when cyberattacks occur,
especially when they impact a patient’s
electronic health records or medical
devices. At least one of these
commenters noted that cyberattacks
could result in disclosure of sensitive
patient information and could alter the
treatment that a patient is prescribed,
among other negative consequences.
Response: We agree that there is an
urgent need to improve cybersecurity
hygiene in the health care industry to
protect patients and the health care
ecosystem overall. As discussed in more
detail below, we are finalizing the safe
harbor, with several modifications.
Comment: A small number of
commenters expressed general concerns
about the proposal. One commenter
warned that the safe harbor should not
be used to further intentional or
unintentional anticompetitive behavior,
while another commenter stated that a
safe harbor of this kind is bound to be
abused, regardless of the types of
safeguards OIG implements. Another
commenter asked OIG to reconsider this
safe harbor and whether cybersecurity
protection and any donations related to
the same are understood sufficiently at
this time to warrant a safe harbor.
Response: While we appreciate the
concerns expressed by these
commenters, we believe that this safe
harbor can be an important tool to help
the health care industry address the
prevalent and increasing cybersecurity
threats facing the industry, which can
negatively impact the quality of care
delivered to beneficiaries, among other
things.91 Any donation of valuable
technology or services to physicians or
other sources of Federal health care
program referrals may pose the risk of
harms associated with fraud and abuse,
and such risk may increase as the value
of the donated technology or services
increases. Similarly, any time a health
care industry stakeholder is permitted to
give something for free or at a reduced
cost to actual or potential referral
sources, there is a risk that such
donation or discount will affect
competition because entities with
greater financial resources may be in a
better position to provide the donation
or discount or a more valuable donation
or discount. However, we believe that
the combination of safeguards in the
safe harbor, as finalized, appropriately
balances the risks against the potential
benefits of properly structured
91 See for example Health Care Industry
Cybersecurity Task Force, Report on Improving
Cybersecurity in the Health Care Industry, June
2017 (HCIC Task Force Report), available at https://
www.phe.gov/preparedness/planning/cybertf/
documents/report2017.pdf (recommending safe
harbor protection for cybersecurity donations).
PO 00000
Frm 00133
Fmt 4701
Sfmt 4700
77815
donations to help address the critical
cybersecurity needs of the health care
industry.
b. Purpose of Donation
Summary of OIG Proposed Rule: We
proposed in proposed paragraph
1001.952(jj)(1) to limit safe harbor
protection to donated technology and
services that are necessary and used
predominantly to implement and
maintain effective cybersecurity. We
solicited comments on the breadth of
protected technology and services,
particularly surrounding
multifunctional technologies and
services that might have use or value to
a recipient beyond implementing and
maintaining effective cybersecurity,
such as donations that are otherwise
used in the normal course of a
recipient’s business, which we did not
propose to protect.
Summary of Final Rule: We are
finalizing, with modifications, our
proposal to limit the applicability of the
cybersecurity safe harbor to technology
and services that are necessary and used
predominantly to implement, maintain,
or reestablish cybersecurity. However,
in the final cybersecurity safe harbor as
established here, this limitation will be
placed in the introductory paragraph of
1001.952(jj), instead of a condition in
1001.952(jj)(1). (The remaining
conditions of the safe harbor will be
finalized with redesignated numbering
to account for this organizational
change; for example, proposed
paragraph 1001.952(jj)(2)(i) will be
finalized at paragraph 1001.952(jj)(1)(i),
and so forth). We are also removing the
phrase ‘‘certain types of’’ before
‘‘cybersecurity technology and services’’
from the introductory paragraph to
avoid ambiguity regarding the scope of
the safe harbor. As finalized, the
cybersecurity safe harbor introductory
paragraph will read as follows: As used
in section 1128B of the Act,
‘remuneration’ does not include
nonmonetary remuneration (consisting
of cybersecurity technology and
services) that is necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity, if
all of the conditions in paragraphs (jj)(1)
through (4) of this section are met.
This organizational change does not
alter the scope of remuneration
protected by the safe harbor. This
reorganization of the final cybersecurity
safe harbor is intended to ensure
consistency with the EHR safe harbor,
without altering or affecting the
substance of the ‘‘necessary and used
predominantly’’ standard as discussed
in the proposed rule. As finalized, the
introductory paragraph of the
E:\FR\FM\02DER3.SGM
02DER3
77816
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
cybersecurity safe harbor mirrors the
introductory paragraph in the EHR safe
harbor at paragraph 1001.952(y), which
provides that donated items or services
must be necessary and used
predominantly to create, maintain,
transmit, receive, or protect electronic
health records. We believe this
consistency is especially important
insofar as certain cybersecurity software
may be donated under both safe harbors.
Comment: A number of commenters
supported the ‘‘necessary and used
predominantly’’ standard. A commenter
noted that this provision would ensure
the legitimacy of donations and help
differentiate the technology and services
that may have multiple uses beyond
cybersecurity. Another commenter
urged OIG to require a clear nexus
between the cybersecurity donation and
the business relationship. The
commenter explained that the
cybersecurity technology should be
necessary for the provision of the
services involved, such as when a
hospital donates cybersecurity
technology to a physician to ensure the
secure transfer of personal health
information and thus improve care
coordination for shared patients. The
commenter stated that this safe harbor
should not protect cybersecurity
technology donations that are used as a
way to entice new business.
Response: The goal of this condition
is to ensure that donations are made to
address the legitimate cybersecurity
needs of donors and recipients, not to
induce new Federal health care program
business. We decline to adopt the ‘‘clear
nexus’’ standard suggested by the
commenter, and we reiterate that the
donation must be ‘‘necessary’’ under
this condition. It is unlikely that a
donation would be necessary for the
donor or recipient to implement,
maintain, or reestablish effective
cybersecurity if it is not connected to
the underlying services furnished by
either party (e.g., ensuring the secure
transfer of information between the
parties).
We explained in the OIG Proposed
Rule that the core function of the
donated technology or service must be
to protect information by preventing,
detecting, and responding to
cyberattacks. We also provided a
nonexhaustive list of examples of
technology and services that we
believed would be necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity.92
92 These examples included any services
associated with developing, installing, and
updating cybersecurity software; any kind of
cybersecurity training services, such as training
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
We are not finalizing a risk
assessment condition (described in
more detail in section III.B.8.g), but
parties remain free and are encouraged
as a general matter to obtain a risk
assessment to evaluate their
cybersecurity needs. We are finalizing a
condition whereby donors may not
directly take into account the volume or
value of referrals or other business
generated between the parties when
determining the eligibility of a potential
recipient for donated technology or
services, or the amount or nature of the
technology or services to be donated.
This should address the concern
regarding parties that improperly use
the safe harbor for donations to entice
new business.
Comment: Another commenter
suggested that in cases where
cybersecurity is built into software that
gives physicians access to a hospital’s
computer system, the technology and
services should be deemed to be
necessary and used predominantly to
implement and maintain cybersecurity.
Response: Software that gives
physicians access to a hospital’s
computer system may be protected if it
meets all conditions of the safe harbor.
However, software that has multiple
functions, one of which is cybersecurity,
would not meet the necessary and
predominant use standard in the
introductory paragraph at 1001.952(jj).
Conversely, if software has multiple
functions but cybersecurity is the
predominant function, then that
software may be eligible for protection
under this safe harbor. Available safe
harbor protection of specific software
would require an analysis of the facts
and circumstances specific to particular
arrangement. The advisory opinion
process remains available for parties
that seek an individualized
determination from our office.
Comment: A commenter representing
the dental industry urged OIG to permit,
with appropriate safeguards, both
nonmonetary donations and monetary
remuneration for the purchase of
cybersecurity technologies and services.
The commenter suggested that
permitting monetary remuneration in
appropriate circumstances could help
alleviate the final rule’s unintended
adverse effects on competition, such as
when a donor wishes to supply
recipients how to use cybersecurity technology,
how to prevent, detect, and respond to cyber
threats, and how to troubleshoot problems with the
cybersecurity technology (e.g., ‘‘help desk’’ services
specific to cybersecurity); and any kind of
cybersecurity services for business continuity and
data recovery services to ensure the recipient’s
operations can continue during and after a
cyberattack. 84 FR 55735–55736 (Oct. 17, 2019).
Additional examples are in this final rule.
PO 00000
Frm 00134
Fmt 4701
Sfmt 4700
cybersecurity technology to two
competing small providers, and one of
the small providers has already
purchased the technology but the other
has not. The commenter asserted that
protecting monetary reimbursement to
the first provider and an in-kind
donation to the second provider would
be fairer than protecting a donation to
one competitor and not the other.
Response: We respectfully disagree
with the suggestion to protect monetary
remuneration or reimbursement for
cybersecurity technology and services.
As explained elsewhere in this final
rule, we view cash and cash-equivalent
remuneration to potential referral
sources as inherently higher risk under
the Federal anti-kickback statute and the
Beneficiary Inducements CMP. We also
highlight that the example provided by
the commenter likely would not satisfy
the other conditions of this safe harbor
even if it protected monetary
remuneration in the form of
reimbursement. For instance,
reimbursing a provider for technology
and services already obtained by a
provider would not satisfy the condition
that the donation be necessary and
predominantly used to implement,
maintain, or reestablish effective
cybersecurity. In particular, if the
recipient already has an effective
cybersecurity program, any monetary
reimbursement likely would be viewed
as duplicative and not used to
implement, maintain, or reestablish
effective cybersecurity, in addition to
being outside the scope of remuneration
protected by this safe harbor, which is
limited to in-kind remuneration.
Comment: A commenter suggested
that the scope of permissible
cybersecurity services under paragraph
1001.952(jj)(1) should be broad and
varied, provided that the donated
services substantially further the
interests of strengthening cybersecurity
for the end user. The commenter agreed
with our proposal that donors should
have the discretion to choose the level
of cybersecurity technology and services
they donate to physicians (or other
health care providers) based on a risk
assessment of the potential recipient or
based on the risks associated with the
type of interface between the parties.
Response: We are not adopting the
commenter’s suggestion. Requiring the
donation to be necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity is
an appropriate safeguard that limits safe
harbor protection to the legitimate
cybersecurity needs of donors and
recipients.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
a. Protected Donors
Summary of OIG Proposed Rule: We
did not propose in regulatory text to
restrict the types of individuals and
entities that may qualify for protection
under this safe harbor as donors, but we
indicated that we were considering
some restrictions. We solicited
comments on whether particular types
of individuals and entities should be
ineligible for protection under the safe
harbor.
Summary of Final Rule: We are
finalizing a policy to protect all donors,
without any limitations on the type of
individual or entity donating
cybersecurity technology and services,
as long as the other conditions of the
safe harbor are satisfied.
Comment: A number of commenters
recommended that the safe harbor
protect a broad range of donors, with
commenters suggesting that limitations
on donors could stifle advances in care
coordination, health information
security, or both. Commenters stated
that other conditions of the safe harbor,
including the written agreement
requirement and restrictions on taking
into account referrals, would effectively
safeguard against potential abuses.
Commenters provided a number of
examples of entities encompassing a
range of stakeholder types that desire to
make cybersecurity donations. A
commenter highlighted potential
industry confusion regarding whether
the proposed safe harbor would protect
donations by cybersecurity vendor firms
to patients and requested clarification
that such donations do not implicate the
Federal anti-kickback statute.
Response: We agree with the
commenters who urged protection for a
broad range of donor entities and
individuals, and we are finalizing an
agnostic approach to the types of
individuals and entities that may donate
technology and services protected by
this safe harbor. The need to improve
the cybersecurity posture of the health
care industry is paramount to
restrictions on donors traditionally
found in other safe harbors, such as
paragraph 1001.952(y). Donations of
cybersecurity technology and services
are self-protective measures the industry
can take because a cybersecurity breach
to a recipient’s system can have a
devastating impact on the donor and
others connected to its system.
As we stated in the OIG Proposed
Rule, the donor-type restrictions
included in the EHR safe harbor at
paragraph 1001.952(y) are necessary in
that safe harbor and distinguishable
from the cybersecurity safe harbor
because donations under the EHR safe
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
harbor facilitate the exchange of clinical
information between a recipient referral
source and the donor, and present a
greater risk that the donation is for the
donor to secure additional referrals from
the recipient or otherwise influence
referrals or other business generated. We
are confident that the other safeguards
in this safe harbor appropriately address
the risks associated with permitting
parties to donate valuable technology
and services to potential referral sources
such that a limitation on the scope of
protected donors is not necessary.
In response to the comment inquiring
about donations from cybersecurity
vendor firms, such donations may not
implicate the Federal anti-kickback
statute or the Beneficiary Inducements
CMP (e.g., when the donor is not in a
position to induce, influence, or even
receive referrals of Federal health care
program business or to influence a
beneficiary’s selection of a particular
practitioner, provider, or supplier). Any
analysis of donations by cybersecurity
vendor firms would require an
evaluation of the facts and
circumstances to determine whether the
Federal anti-kickback statute or the
Beneficiary Inducements CMP is
implicated.
Comment: Several organizations
representing individuals and entities in
the laboratory industry recommended
making laboratories ineligible as
protected donors. For example, a
commenter stated that the same
concerns surrounding inclusion of
pathology practices and laboratories
under the EHR safe harbor apply to
cybersecurity donations. According to a
commenter, when laboratories were
protected donors under the EHR safe
harbor, physicians implicitly or
explicitly conditioned referrals on EHR
donations, and EHR vendors encouraged
physicians to request more costly EHR
software and services from laboratories,
putting laboratories in an untenable
position. The commenter expressed
concern that the same could happen
with cybersecurity donations if
laboratories were protected under this
safe harbor. Another commenter added
that protecting laboratories and
pathology practices under the safe
harbor could negatively affect access to
health care services, quality,
competition, costs to Federal health care
programs, and utilization, and that the
proposed condition related to the
volume and value of referrals would not
sufficiently curb the risk of abuse.
Response: We appreciate the concerns
raised by commenters representing the
laboratory industry, particularly in light
of the industry’s experience with the
EHR safe harbor. As finalized, the
PO 00000
Frm 00135
Fmt 4701
Sfmt 4700
77817
cybersecurity safe harbor does not
contain any limitations on the type of
individual or entity eligible for
protection. All individuals and entities,
including laboratories, play a role in
protecting the health care ecosystem
from cybersecurity threats. The
promulgation of this regulation,
however, does not require laboratories
to donate cybersecurity technology or
services, nor does it restrict laboratories
from charging fair market value for any
cybersecurity technology and services
furnished.
To address the concerns about
potential recipients conditioning
referrals on donations, we are finalizing
a condition at paragraph
1001.952(jj)(1)(ii) that prohibits
recipients from conditioning referrals
and future business on a cybersecurity
donation. Donations or solicitations of
cybersecurity technology and services
conditioned on business or in exchange
for Federal health care program referrals
would not be protected by this new safe
harbor and would be highly suspect
under the Federal anti-kickback statute.
b. Permitted Recipients
Summary of OIG Proposed Rule: The
proposed safe harbor would protect
donations of cybersecurity technology
and related services to any individual or
entity without limitation, including
when the recipient is a patient. We
indicated that we were considering
whether additional or different
safeguards would be appropriate,
particularly when the recipient is a
patient, and solicited comments on this
topic.
Summary of Final Rule: We are
finalizing, without modification, our
proposal to protect donations of
cybersecurity technology and related
services to any individual or entity
without limitation and without any
additional or different safeguards for
any recipient.
Comment: A number of commenters
agreed with the proposal to protect all
potential recipients of cybersecurity
donations, including patients. A
commenter stated that it is valuable to
provide patients with a limited amount
of cybersecurity protection to protect
patient medical records, particularly as
patients and providers become more
interconnected. Another commenter
recommended protecting donations to
patients to facilitate secure transmission
of data from devices prescribed to
patients and secure communication
between the patient and the health care
provider. A commenter noted that with
the expected increase of patientgenerated health data there will be an
increased need to ensure that all data
E:\FR\FM\02DER3.SGM
02DER3
77818
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
sources and endpoints, including
remote monitoring systems used by
patients, use good cybersecurity
practices.
Response: We agree with commenters
that the scope of protected recipients
should be unrestricted and should
include patients; in particular,
cybersecurity donations to patients can
serve as a valuable tool in protecting
health information, devices, and
communications in an increasingly
interconnected environment.
Comment: Commenters suggested
additional safeguards to ensure
prevention of fraud and abuse with
respect to donations to patients
including: (i) A monetary limit on the
donation; (ii) measures that would limit
the donation to something the patient
does not already possess; and (iii)
restrictions against any type of
multifunctional software or device.
Another commenter perceived, with the
growth of application programming
interface (API) connections, a need to
use techniques such as those outlined
by the Open Web Application Security
Project (OWASP) to protect the
confidentiality and integrity of the
patient’s health record. Conversely,
another commenter suggested that it is
unlikely that a patient would be
incentivized to seek treatment from a
provider solely because of the offer of
cybersecurity protection due to the
limited nature of these cybersecurity
donations.
Response: We believe that the final
rule has appropriate safeguards against
fraud and abuse with respect to
donations to patients without the
addition of conditions specific to such
donations. For example, we are
finalizing the restrictions against donors
and recipients conditioning referrals
and other business on cybersecurity
donations. We also are finalizing the
requirement in the introduction
paragraph to 1001.952(jj) that a donation
be necessary and used predominantly
for cybersecurity purposes, as explained
in more detail section III.B.8.b.
If a patient already possesses
appropriate technology and services, a
donation of duplicative or equivalent
technology and services likely is
unnecessary for cybersecurity purposes,
and multifunctional donations are
unlikely to satisfy the predominant use
standard. There may be specific facts
and circumstances in which the safe
harbor would protect replacement
cybersecurity technology. For example,
if a potential recipient’s technology is
outdated and poses a security risk,
replacement cybersecurity technology
would likely be necessary depending on
the specific facts and circumstances.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
We have designed this safe harbor
while recognizing the critical need to
protect patient data and privacy from
cyberattacks. The safe harbor
conditions, as finalized, help ensure
that cybersecurity donations to patients
address that critical need and mitigate
the risk of fraud or abuse stemming from
such donations. Additional safeguards
specific to donations to patients are not
needed. This safe harbor also does not
change other laws, regulations, or other
requirements related to the privacy and
security of patient data. Parties seeking
to donate cybersecurity technology to a
patient may have other obligations
under other laws to safeguard patient
data.
The safe harbor does not require
donations to meet specific standards to
protect patient data from cyberattacks or
other cybersecurity threats. Parties are
free to choose the cybersecurity
technology or services that best meet
their needs and achieve cybersecurity
goals as long as the donation meets all
conditions of the safe harbor. For
example, while not required for safe
harbor protection, parties could elect to
agree that any donated technology must
satisfy certain third-party standards, is
certified by a third party, or is certified
or approved through another method to
ensure the donation can provide
necessary cybersecurity safeguards.
Voluntarily meeting a third-party
standard does not mean the donation is
protected by this safe harbor. To receive
safe harbor protection, donated
technology or services must otherwise
satisfy the conditions of the safe harbor.
Comment: A commenter
recommended that OIG consider
limiting recipients to those entities with
an ‘‘established relationship’’ with the
donor, such that there is evidence that
the donor and recipient interface. The
commenter offered as an example a
requirement that a physician practice
has to have providers who are members
of a health system’s medical staff in
order for such practice to receive a
protected donation from the health
system. For a protected donation by a
physician practice to a patient, the
commenter suggested requiring the
patient be an ‘‘established patient’’ of
the practice.
Response: For this cybersecurity safe
harbor, we are not adopting the
commenter’s recommendation to require
an established relationship between the
donor and the recipient. Although we
have incorporated a similar ‘‘established
patient’’ concept in the local
transportation safe harbor at paragraph
1001.952(bb), we believe such limitation
might work against the stated goal of
this safe harbor to enable widespread
PO 00000
Frm 00136
Fmt 4701
Sfmt 4700
improvements to the cybersecurity of
the connected health care ecosystem
through appropriate donations. We note
that other safeguards included in the
final safe harbor, such as the
requirement in the introduction
paragraph to 1001.952(jj) that the
donation be necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity, as
well as restrictions against marketing or
related to the volume and value of
referrals and other business generated,
serve to protect against the concerns
addressed by the ‘‘established patient’’
concept in other safe harbors, such as
the local transportation safe harbor, and
are more workable for this safe harbor.
Comment: A commenter stated that
donations of technology to a patient
may need to be treated differently from
donations to a practice or provider
because any donation to a patient would
rely on a single software use license,
which is difficult to implement and
manage. Furthermore, the commenter
stated that a donation to a patient may
require additional services to implement
such technology on patients’ devices,
which is not practical to offer on a large
scale. According to the commenter,
providers donating such technology
may not have the resources to provide
support services to patients and may
wish to donate technical support
services via third parties. But the
commenter highlighted that using third
parties to provide such services may
create additional risks for providers and
confusion for patients.
Response: We appreciate that
cybersecurity technology and services
donations to patients involve different
considerations, and we anticipate that
donors will evaluate those
considerations before making donations
to patients. Safe harbors are voluntary,
and providers are under no obligation to
donate cybersecurity technology and
services to patients or to structure
arrangements to satisfy the conditions of
the safe harbor finalized here. As we
stated in the OIG Proposed Rule,
protected donations may include
services associated with installing and
updating cybersecurity software as well
as cybersecurity training services, such
as training recipients on how to use the
technology and troubleshoot problems
with the cybersecurity technology. The
donor could furnish such donated
services on its own or contract with a
third party to furnish such services.
We reiterate that a donation to
patients also must be necessary. The
determination of which cybersecurity
technology and services are necessary
for patients likely will look much
different than such determination with
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
respect to health care entities. Patients’
interaction with or access to a health
care provider’s system or network is
often more limited than another health
care provider’s interaction or access. For
example, patients may interact or access
a health care provider’s system through
a patient portal or by authorizing a third
party to access their electronic health
data through a mobile application. In
those instances, cybersecurity likely is
built into the patient portal, the
authentication mechanism, or the API
services used by the mobile application.
We expect that providers evaluating
potential donations to patients would
take into account existing cybersecurity
measures and the nature of the patient’s
interaction with or access to systems
when determining whether any
donation to the patient is necessary.
e. Definition of ‘‘Cybersecurity’’
Summary of OIG Proposed Rule: We
proposed to define ‘‘cybersecurity’’ as
the process of protecting information by
preventing, detecting, and responding to
cyberattacks. The proposed definition
was derived from the National Institute
for Standards and Technology (NIST)
‘‘Framework for Improving Critical
Infrastructure Cybersecurity’’ (NIST
CSF).93 We intended to define
cybersecurity broadly to avoid
unintentionally limiting donations.
Summary of Final Rule: We are
finalizing this definition with certain
clarifications at paragraph
1001.952(jj)(5)(i).
Comment: Several commenters agreed
with the proposed definition of
‘‘cybersecurity,’’ derived from the NIST
CSF, and commenters generally agreed
that the final rule should include a
broad definition to provide sufficient
flexibility. A commenter was generally
supportive of the definition of
‘‘cybersecurity’’ but believed it should
include the process of protecting
information through ‘‘identifying’’ and
‘‘recovering’’ from cyberattacks, to
account for the entire lifecycle of a
cyberattack. The commenter surmised
that the addition of ‘‘recovering’’ would
protect ‘‘backup services’’ that support
reestablishing cybersecurity and reduce
the impact of ransomware extortion.
Relatedly, several commenters noted
that the OIG Proposed Rule omitted the
word ‘‘reestablish’’ in the first condition
at paragraph 1001.952(jj)(1), making it
inconsistent with the parallel exception
to the physician self-referral law as
proposed by CMS.
93 See NIST CSF, Version 1.1 (Apr. 2018),
available at https://nvlpubs.nist.gov/nistpubs/
CSWP/NIST.CSWP.04162018.pdf.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Commenters urged OIG to adopt text
that includes ‘‘reestablish’’ in the first
condition at paragraph 1001.952(jj)(1).
Specifically, several commenters
recommended that paragraph
1001.952(jj)(1) read, ‘‘[t]he technology
and services are necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity’’
(emphasis added). Commenters asserted
that the inclusion of ‘‘reestablish’’ in the
safe harbor would make explicit that the
safe harbor protects post-incident
activities, such as the donation of a
consultant’s time to assist with
conducting root cause analyses and
identifying needed procedural
improvements.
Response: We agree that we should
rely on the NIST CSF as a basis to define
‘‘cybersecurity’’ and believe that this
definition, as finalized, provides
sufficient flexibility while also
providing an appropriately defined
scope of what is protected under the
safe harbor consistent with the goals of
the safe harbor. As explained in the OIG
Proposed Rule, the goal of this
definition is to broadly define
cybersecurity and avoid unintentionally
limiting the scope of donations. For this
reason, we also removed the phrase
‘‘certain types of’’ before ‘‘cybersecurity
technology and services’’ from the
initial paragraph at 1001.952(jj) to avoid
ambiguity; cybersecurity technology and
services that meet all conditions of the
safe harbor are protected.
We are not adding additional terms to
the definition because the definition of
‘‘cybersecurity’’ is derived from the
NIST CSF glossary.94 We believe the use
of the NIST CSF definition, in
combination with the conditions of this
safe harbor, provides donors and
recipients needed flexibility while also
mitigating the risks of fraud and abuse.
The NIST CSF is widely accepted across
public and private sectors, all types of
industries, and international
organizations. It provides a commonly
understood language for donors and
recipients seeking to use this safe harbor
to improve their cybersecurity posture.
While this safe harbor does not
condition protection of donations on
compliance with the NIST CSF, we
encourage potential donors and
recipients to ensure a comprehensive,
systematic approach to identifying,
assessing, and managing cybersecurity
risks.
The additional terms suggested by
commenters, such as ‘‘identifying’’ and
‘‘recovering,’’ also appear in the NIST
CSF. The NIST CSF organizes basic
‘‘cybersecurity activities’’ into five
functions: Identify, protect, detect,
respond, and recover.95 The definition
of ‘‘cybersecurity’’ in this safe harbor
likely would apply to donations of
cybersecurity technology and services
that are used predominantly and are
necessary for these five functions and
the related subfunctions and
cybersecurity outcomes that are part of
the NIST CSF. We have not been
persuaded to adopt a more specific
definition of cybersecurity by
incorporating specific terminology from
the NIST CSF and we are finalizing the
definition as proposed for the policy
reasons explained above.
In response to commenters who said
that the term ‘‘reestablish’’ was not in
the first condition at paragraph
1001.952(jj)(1), we are finalizing a
clarification to extend protection to
donations that are necessary and used
predominantly to implement, maintain
or reestablish effective cybersecurity.
This change is reflected in the final
version of the initial paragraph for
1001.952(jj). As we noted in the
preamble to the OIG Proposed Rule,
protected donations would include
business continuity software that
mitigates the effects of a cyberattack and
data recovery services to ensure that the
recipient’s operations can continue
during and after a cyberattack.
Additionally, as we stated in the OIG
Proposed Rule, we intend to align
closely with the corresponding CMS
exception where appropriate.96
We note that the safe harbor does not,
however, protect payments of any
ransom to or on behalf of a recipient in
response to a cyberattack, which we
would not view as ‘‘reestablishing’’
effective cybersecurity (nor would we
view it as nonmonetary remuneration,
as required for protection under the safe
harbor). Although we believe the
proposal sufficiently included this
concept, for the reasons stated above we
have added the word ‘‘reestablish’’ in
the final version of the introductory
paragraph to 1001.952(jj) to provide
clarity and to align with CMS’s
corresponding physician self-referral
law exception for cybersecurity
donations.
Comment: A commenter applauded
the definition of ‘‘cybersecurity’’ for
being fairly broad and including
donations of APIs. The commenter
requested, however, that the definition
be modified to account for the so-called
three pillars of information security:
Confidentiality of information, integrity
of information, and availability of
information.
95 Id.
94 Id.
PO 00000
at 45.
Frm 00137
96 84
Fmt 4701
Sfmt 4700
77819
E:\FR\FM\02DER3.SGM
at 6.
FR 55734 (Oct. 17, 2019).
02DER3
77820
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Response: We are not modifying the
definition of cybersecurity. As
discussed previously, our intention was
to broadly define ‘‘cybersecurity’’ and
use terminology within an industryrecognized standard. We believe the
NIST CSF definition of cybersecurity
meets those policy goals.
We recognize, however, that the three
pillars of confidentiality, integrity, and
availability of information are
fundamental concepts to cybersecurity.
The NIST CSF similarly recognizes
these pillars. An outcome category
under the ‘‘protect’’ function includes
that data ‘‘are managed consistent with
the organization’s risk strategy to protect
the confidentiality, integrity, and
availability of information.’’ 97
Therefore, the definition of
‘‘cybersecurity,’’ which includes ‘‘the
process of protecting information,’’
accounts for these principles while also
providing flexibility and certainty to
donors as to the scope of protected
cybersecurity donations.
Comment: A commenter stated that
the proposed definition of cybersecurity
seems oversimplified and is not
comprehensive. The commenter
suggested that the definition of
‘‘cybersecurity’’ should be inclusive of
any unauthorized use, even without
deliberate criminal activity or a specific
cyberattack, and recommended
broadening the definition accordingly.
Another commenter noted that the
proposed definition of ‘‘cybersecurity’’
includes the term ‘‘cyberattack,’’ which
the commenter found both vague and
representative of only one type of threat
to electronic data. The commenter
encouraged OIG to adopt the definition
found on the Department of Homeland
Security (DHS) website, which describes
cybersecurity as ‘‘the process of
protecting networks, devices, and data
from unauthorized access or use and the
practice of ensuring confidentiality,
integrity, and availability of
information.’’ The commenter requested
that any change to the definition be
employed consistently across other
relevant safe harbors (e.g., paragraph
1001.952(y)).
Response: We decline to modify the
definition. First, the safe harbor
definition of ‘‘cybersecurity’’ does not
limit donations of cybersecurity
technology and services to those that
prevent only criminal misconduct. The
definition of ‘‘cybersecurity’’ is agnostic
to the intent—criminal or otherwise—of
an ‘‘unauthorized user.’’ We also believe
the definition used in this final rule,
97 See NIST CSF, Version 1.1, pg. 32 (Apr. 16,
2018) available at https://nvlpubs.nist.gov/nistpubs/
CSWP/NIST.CSWP.04162018.pdf.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
derived from the NIST CSF, is broad
enough to address the commenter’s
concerns about ‘‘unauthorized users’’ as
well as the definition from the DHS
website. Specifically, our final
regulatory definition of ‘‘cybersecurity’’
is broad enough to result in safe harbor
protection for technology and services
that protect networks, devices, and data
from unauthorized access or use,
including those that ensure the
confidentiality, integrity, and
availability of information.
Comment: One commenter stated that
the proposed definition of
‘‘cybersecurity’’ fails to capture all
aspects of security controls relevant to
patient information, systems processing,
or retention of patient information. The
commenter recommended the following
definition for cybersecurity:
‘‘[p]revention of damage to, protection
of, and restoration of computers,
electronic communications systems,
electronic communications services,
wire communication, and electronic
communication, including information
contained therein, to ensure its
availability, integrity, authentication,
confidentiality, and nonrepudiation; or
the prevention of damage to,
unauthorized use of, exploitation of,
and—if needed—restoration of
electronic information and
communications systems, and the
information they contain, in order to
strengthen the confidentiality, integrity,
and availability of these systems; or the
process of protecting information by
preventing, detecting, and responding to
attacks.’’
Response: We are not adopting this
suggestion. Notwithstanding, we believe
that the principles underlying the
commenter’s definition, which are
derived from NIST and other Federal
Government sources, generally are
included in the definition of
‘‘cybersecurity.’’ Further, we are not
modifying the definition of
cybersecurity as suggested by the
commenter because some of the
commenter’s proposed additions to
regulatory text could be misread to
protect multifunctional equipment. For
example, ‘‘restoration of computers,
electronic communications systems,
electronic communications services,
wire communication, and electronic
communication,’’ could be misread by
donors to protect donations of
multifunctional hardware and other
multifunctional donations (e.g.,
computers or entire communications
systems) as part of restoration efforts,
which are not protected by this safe
harbor. The safe harbor protects
donations of cybersecurity technology
and services that are necessary and used
PO 00000
Frm 00138
Fmt 4701
Sfmt 4700
predominantly to implement, maintain,
or reestablish effective cybersecurity.
Comment: Several commenters
suggested that OIG finalize a broad and
industry-neutral definition of
‘‘cybersecurity’’ to permit flexibility for
future changes, adaptions, and
variations in the dynamic world of
cybersecurity. A commenter stated that
the proposed safe harbor is shortsighted
and should include a more
comprehensive definition of potential
technology solutions for cybersecurity
attacks.
Response: We agree with commenters
that the cybersecurity safe harbor
should be broad and rely on an
industry-neutral definition.
Consequently, we are finalizing a
definition derived from the NIST CSF.
The NIST CSF is industry agnostic and
applies to any critical infrastructure in
the United States, which includes
health care. We are not using a
definition that would incorporate
specific technology solutions for
cyberattacks. Such an approach could
make the safe harbor definition obsolete
as new cybersecurity technologies are
developed and implemented. We
believe the broad, neutral definition
finalized here allows donors and
recipients the flexibility to determine
which cybersecurity technology and
services are necessary and
predominantly used to implement,
maintain, or reestablish effective
cybersecurity. Additionally, we note
that effective cybersecurity is broader
than technology solutions. Protected
donations of cybersecurity technology
and services are just one component of
cybersecurity. Regardless of the
conditions of this safe harbor, we
encourage parties to consult
cybersecurity industry standards such
as the NIST CSF to ensure a
comprehensive, systematic approach to
identifying, assessing, and managing
cybersecurity risks.
f. Definitions of ‘‘Technology’’ and
Protection of Hardware
Summary of OIG Proposed Rule: We
proposed at proposed paragraph
1001.952(jj)(6) to define ‘‘technology’’ as
any software or other type of
information technology, other than
hardware. In the preamble to the OIG
Proposed Rule, we noted our concern
about donations of valuable,
multifunctional hardware being
disguised as payments for referrals, but
also recognized that some hardware may
in fact be limited to cybersecurity
functionality, such as two-factor
authentication dongles, and indicated
that we were considering including
such hardware in the safe harbor.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Summary of Final Rule: We are
finalizing, with modification, our
proposed definition at paragraph
1001.952(jj)(5)(ii). Based on public
comments, the modified final rule
provides that donations of certain
hardware will be permitted under the
exception as long as the donation
satisfies the other conditions of the safe
harbor. In particular, we highlight that
the introductory paragraph for
1001.952(jj) requires that donations be
necessary and used predominantly for
effective cybersecurity. In most cases,
multifunctional hardware would not be
used predominantly for effective
cybersecurity and thus would fall
outside the scope of protection of this
safe harbor.
Comment: Some commenters agreed
with using the NIST CSF as a basis for
the definition of ‘‘technology’’ and
recommended that any final regulation
allow sufficient latitude for various
types of technology classifications
(software and certain hardware
components) and not be limited to a
one-size-fits-all paradigm. Some
commenters agreed with excluding
hardware from the definition of
‘‘technology’’ and, therefore, from
protection under this safe harbor, citing
program integrity risks. A large number
of commenters objected to the exclusion
of hardware from the definition of
‘‘technology.’’ Many commenters
highlighted that the line between
hardware, software, services, and other
technology that is neither hardware,
software, nor a service, is increasingly
blurred and such technologies are often
packaged together as a bundle. Others
suggested that hardware donations are a
foundational requirement to
operationalize cybersecurity best
practices. Some commenters noted that
certain cybersecurity software requires
specific hardware and sought protection
for such hardware. For example, a
commenter noted that firewalls involve
the use of both hardware and software
and suggested that many clinicians
would not have the technical knowledge
to configure the firewalls. A commenter
recommended permitting donation of
low-cost hardware and possibly adding
a dollar threshold that could not be
exceeded for the total donation.
Other commenters highlighted that
failing to extend safe harbor protection
to multifunctional cybersecurity
hardware (or software) would limit the
utility of the safe harbor because
cybersecurity technology often is not
standalone in nature. Commenters
provided examples of multifunctional
hardware they deemed beneficial to
cybersecurity hygiene, such as
encrypted servers, encrypted drives,
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
upgraded wiring, physical security
systems, fire retardant or warning
technology, and high-security doors.
Response: Consistent with our
solicitation of comments in the OIG
Proposed Rule and in careful
consideration of the responses from
commenters, this final rule expands the
definition to include certain hardware.
To receive safe harbor protection,
donations of such hardware must satisfy
all of the conditions of the safe harbor,
and specifically the requirement that the
hardware be necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity.
We intend this condition to make
donations of multifunctional hardware
ineligible for safe harbor protection in
most cases, even if such hardware is
low-cost, because such donations likely
would not satisfy the predominant use
condition. For instance, some of the
examples provided by commenters
would not satisfy the predominant use
standard because by design they have
functions that extend well beyond
cybersecurity, including servers, drives,
upgraded wiring, physical security
systems, fire retardant or warning
technology, and high-security doors. For
example, although the donation of an
encrypted server might improve the
recipient’s cybersecurity, the server
likely would not be used predominantly
for effective cybersecurity because the
recipient is likely to use it
predominately for other purposes, such
as hosting its computing infrastructure.
We note, however, that the safe harbor
protects services, including installing
cybersecurity software. Therefore, if an
entity donates cybersecurity software, it
can also install and configure such
software on a recipient’s system. We do
not believe a monetary cap is necessary
for this safe harbor.
Comment: A number of commenters
urged OIG to expand protection for
single-function hardware technologies
that have limited or no functionality
outside of cybersecurity, such as
computer privacy screens, two-factor
authentication dongles and security
tokens, facial-recognition cameras for
secure access, biometric authentication,
secure identification card and device
readers, intrusion detection systems,
data backup systems, and data recovery
systems. Some commenters opposed
any such expansion.
Response: We agree with commenters
that certain hardware is limited to
cybersecurity uses and, as stated above,
have finalized the definition of
‘‘technology’’ so that safe harbor
protection includes such hardware.
However, in order to receive safe harbor
protection, donations of hardware must
PO 00000
Frm 00139
Fmt 4701
Sfmt 4700
77821
satisfy all of the conditions of the safe
harbor and, specifically, the
predominant use requirement in the
initial paragraph to 1001.952(jj). Some
of the examples provided by these
commenters including computer
privacy screens, two-factor
authentication dongles, security tokens,
facial-recognition cameras for secure
access, biometric authentication, secure
identification card and device readers,
intrusion detection systems, data
backup, and data recovery systems
could be protected by the safe harbor if
all conditions of the safe harbor are
satisfied because their functionality
could be predominantly for effective
cybersecurity.
We are not finalizing the additional
proposed condition that would have
required donors and recipients to
conduct a risk assessment prior to
donating hardware as a means of
attaining safe harbor protection for
hardware. As finalized, the safe harbor
protects hardware donations the same
way that software and service donations
are protected, that is by meeting all
conditions of the safe harbor.
Comment: A commenter explained
that it is important for OIG to recognize
and make clear that typically it is not
the actual software that is purchased by
providers because the software is owned
by the vendor. Instead, providers
purchase the rights to use the software,
which is accomplished through
licensing. Therefore, with regards to
donations, the software itself will not be
donated; it will be the license to use that
software. The commenter also
recommended allowing installment and
repairs to be among the types of
technology and services, the donation of
which is protected by the safe harbor.
Response: We also recognize that in
some instances, providers purchase the
rights to use the software, which is
accomplished through licensing, and
donate that use or license rather than
the software itself. Donating such
licenses can be protected under this safe
harbor in the same way that donating
software is protected, if all conditions of
the safe harbor are met. We also agree
with the commenter that installment
and repairs can be included among the
protected technology and services,
provided that the donations of such
installment and repairs squarely satisfy
the safe harbor’s conditions, including
that the donation is necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity.
g. Alternate Proposal
Summary of OIG Proposed Rule: We
included an alternate proposal to allow
parties to donate hardware, subject to
E:\FR\FM\02DER3.SGM
02DER3
77822
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
the other conditions of the proposed
safe harbor, if such hardware is
reasonably necessary based on a risk
assessment of the donor and recipient.
Summary of Final Rule: We are not
finalizing this alternate proposal.
Comment: Several commenters
supported including hardware and did
not agree that a risk assessment should
be required for protected donations of
hardware. A commenter observed that
while donors should be free to require
and even donate a cybersecurity risk
assessment, adopting such a
requirement to protect donations of
hardware could slow the proliferation of
cybersecurity technology. A commenter
objected to requiring a written risk
assessment from either party, or in
multiparty arrangements from any party.
Another commenter stated that OIG
should not adopt a security framework
tying cybersecurity technology to
particular industry standards and
should not require the preparation of
special security risk assessments or
management documents. Instead, the
commenter recommended that OIG
recognize any safeguard that advances
the HIPAA security standards.
Response: For the reasons stated
above, we are not finalizing this
alternative proposal. Parties may have
other legal obligations to conduct risk
assessments, and this safe harbor does
not affect any such requirements.
Furthermore, we are not requiring
cybersecurity technology and service
donations to meet specific standards.
Parties also remain free to donate
cybersecurity risk assessments under
this safe harbor if all of the other
conditions are satisfied. Parties are
encouraged to perform risk assessments
to determine donor and recipient
vulnerability to cyberattacks and to
assist in creating their own
cybersecurity programs.
Comment: Several commenters
recommended requiring a risk
assessment to receive protected
hardware or other donated cybersecurity
products for various reasons. For
example, a commenter highlighted that
a risk assessment can determine what
type of protection is needed when there
are vulnerabilities and ensure that the
cybersecurity product is effective once
implemented. A commenter requested
that it not be a requirement for the
recipient to perform any risk
assessment, as they may not have the
appropriate knowledge and expertise to
do so. Instead, the commenter suggested
that the recipient have the option to
perform the risk assessment if they have
the knowledge and expertise to do so;
otherwise, it could be completed by the
donor or a qualified third party.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Several commenters suggested that
any definition or scope of ‘‘risk
assessments’’ should rely on definitions
set out by NIST publications and further
suggested that OIG should rely on the
comprehensive NIST definition. Some
commenters requested that OIG provide
template risk assessment
documentation.
A commenter suggested that parties
be required to maintain the initial risk
assessment, which could be used to
compare the ‘‘baseline’’ risk assessment
to a future risk assessment to help
understand whether any previously
identified gaps were resolved.
Response: For reasons previously
stated, we are not requiring a risk
assessment as a condition of this safe
harbor. We agree that cybersecurity risk
assessments are valuable tools that can
evaluate vulnerabilities and identify
cybersecurity solutions, and parties
remain free to obtain such risk
assessments, or to donate them as long
as the conditions of this safe harbor are
met. For example, one method parties
might use to establish that a donation
was necessary for cybersecurity is to
utilize findings from a legitimate risk
assessment to demonstrate that a
recipient had a vulnerability that was
necessary to mitigate.
h. Scope of Protected Technology and
Services
Summary of OIG Proposed Rule: We
proposed to protect a broad range of
technology and services, excluding
hardware, and solicited comments on
this approach.
Summary of Final Rule: We are
finalizing protection for a broad range of
technology and services, including
certain hardware. We provide additional
clarity on the scope of this protection
and several examples below.
Comment: Most commenters
recommended that we finalize
protection for a broad range of
donations, and some requested specific
language or clarifications. In particular,
several commenters asked OIG to
consider the implications of cloudbased and subscription-based products
and services. Another commenter
requested OIG provide clarity related to
the scope of protected donations
through examples of the types of
software and services allowed (e.g.,
provision of a full-time cybersecurity
officer). Some commenters also noted
that a cybersecurity-specific help desk
may not be realistic and recommended
that OIG protect donations of general
help desk services, whether through the
donor’s IT department or the vendor’s
help desk services. A commenter urged
PO 00000
Frm 00140
Fmt 4701
Sfmt 4700
OIG to protect patches and software
updates.
Response: As finalized, the safe
harbor protects donations of a broad
range of cybersecurity technology and
services. This includes certain
cybersecurity hardware, as discussed
above, as well as a multitude of
cybersecurity services and technology.
Cybersecurity services and technology
would include both locally installed
cybersecurity software and cloud-based
cybersecurity software, including
patches and updates of such software or
patches and updates of other software or
programs if the patch or update is
predominantly for cybersecurity
purposes. Protected donations, however,
are constrained by the initial paragraph
to 1001.952(jj), which requires that the
donation is necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity.
This safe harbor is intended to cover a
wide range of cybersecurity technology
and services that have specific
functionality, as constrained by the
initial paragraph for 1001.952(jj). This
approach means that most technology
and services that include cybersecurity
as one function of multiple functions
will not be protected by this safe harbor.
For instance, depending on the facts and
circumstances of a particular
arrangement, donating a virtual desktop
that includes access to programs and
services beyond cybersecurity software
likely would not be protected because
the donation likely would include
functions not necessary and
predominantly used to implement,
maintain, or reestablish effective
cybersecurity, such as claims and billing
applications. We explicitly decided not
to protect technology or services that
may provide some beneficial
cybersecurity effects as one feature of a
broader suite of services because that
broad scope of protection could apply to
nearly any technology or service. We
believe such a broad scope of protection
under this safe harbor would elevate the
risk that valuable donations could
improperly influence the recipient.
Understanding those tradeoffs, we
conclude that the significant need for
the health care system to improve
cybersecurity is better served by this
safe harbor only protecting
cybersecurity technology and services
that have specific functionality, as
constrained by the initial paragraph to
1001.952(jj), but with fewer other
conditions that would limit certain
aspects of a donation (e.g., a monetary
cap on the value of a donation).
Donors and recipients that would like
to protect the donation of technology or
services that are not necessary or are
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
used predominantly to implement,
maintain, or reestablish cybersecurity
should assess those potential
arrangements under the Federal antikickback statute as well as other
potentially applicable safe harbors, such
as the EHR safe harbor at paragraph
1001.952(y). Alternatively, the advisory
opinion process remains available to
parties seeking a legal opinion regarding
the scope of the safe harbor as applied
to a specific set of facts and
circumstances.
For the same reasons, we are not
extending protection for donations of
general IT help desk services because
cybersecurity is not the predominant
use of such services. However, we are
aware of cybersecurity-specific software
and services that include customer
service and help desk features for
cybersecurity assistance. Such help desk
services, if they are necessary and
predominantly used for implementing,
maintaining, or reestablishing
cybersecurity, could meet the
introductory paragraph for 1001.952(jj)
and may be protected by this safe harbor
if all other conditions are met.
Relatedly, donating services through a
donor organization’s primary service
desk or IT help desk, limited to
reporting cybersecurity incidents, could
satisfy this requirement because the
service or help desk responsibilities
would be used predominately for
cybersecurity incident reporting.
Staffing a recipient’s practice with a
full-time cybersecurity officer, however,
would only be protected by this safe
harbor if that officer’s duties were used
predominately for implementing,
maintaining, or reestablishing effective
cybersecurity and were necessary. If the
officer performed general information
technology services or provided other
non-cybersecurity value to the
recipient’s business, then the donation
may not meet the requirements in the
initial paragraph for 1001.952(jj).
Comment: A commenter asked OIG to
clarify that services such as assurance,
assessment, and certification programs
that incorporate cyber-risk management
could receive safe harbor protection.
Response: To the extent the
assurance, assessment, and certification
programs that incorporate cybersecurity
risk management suggested by the
commenter satisfy all of the conditions
of the safe harbor, including the
requirements in the initial paragraph for
1001.952(jj), they could be protected.
We note, however, that if cybersecurity
is just one component or feature of the
assurance, assessment, and certification
programs referenced by the commenter,
then the other features are not likely to
be necessary and used predominantly to
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
implement, maintain, or reestablish
effective cybersecurity, and the
cybersecurity safe harbor would not
protect the referenced services, although
they could be protected under another
safe harbor.
Comment: A commenter expressed
concern that the OIG Proposed Rule
would create separate safe harbors for
various types of technology, resulting in
a piecemeal approach to tools that must
work together to drive care
coordination. The commenter urged OIG
to broaden the cybersecurity items and
services safe harbor and the EHR safe
harbor to be flexible enough to protect
technology that can help facilitate the
movement to value-based care. Several
commenters specifically recommended
that any final cybersecurity safe harbor
protect data analytics and reporting
functionalities. Another commenter
asked that OIG clarify that arrangements
involving sharing data and technology,
including cybertechnologies that keep
the data secure, are not illegal
remuneration when used for care
coordination purposes.
Response: We recognize that multiple
safe harbors may protect various types
of technology donations. Several safe
harbors finalized elsewhere in this final
rule protect certain remuneration to
facilitate care coordination and the
transition to value-based care, such as
the value-based safe harbors at
1001.952(ee)–(gg). Data analytics,
reporting functionalities, and other
information technology used to facilitate
the movement to value-based care may
be protected under these safe harbors,
provided the arrangement squarely
satisfies the conditions of any
applicable safe harbor. However, we
note that cybersecurity items in and of
themselves likely would not meet the
definition of the ‘‘coordination and
management of care,’’ as explained in
the preamble above. Relatedly, data
analytics and other information
technology, when coupled with a
cybersecurity donation, would not meet
the requirement that the donation be
necessary and used predominantly to
implement, maintain, or reestablish
effective cybersecurity.
We emphasize that arrangements
involving sharing data could potentially
involve remuneration that implicates
the Federal anti-kickback statute. For
instance, while standing on its own,
basic sharing of patient records for
purposes of care coordination or
treatment of patients is unlikely to
implicate the statute, the provision of
data analysis, data aggregation, or other
services of independent value to the
recipient likely would be the sort of
remuneration that implicates the statute.
PO 00000
Frm 00141
Fmt 4701
Sfmt 4700
77823
Any assessment of Federal anti-kickback
statute implications, available safe
harbor protection, and potential liability
under the statute, would require an
analysis of the facts and circumstances
specific to the particular arrangement.
Data analytics and other information
technology that may be protected by the
value-based safe harbors at
1001.952(ee)–(gg) can include built-in
cybersecurity protections. For example,
those safe harbors do not require the
data analytics software to be free from
cybersecurity protections to meet their
conditions. Such software might
normally include security features, such
as a secure login and authentication, as
part of the normal software
development and could be protected by
the value-based safe harbors, depending
on the facts and circumstances.
Where parties seek safe harbor
protection for the donation of
technology, parties do not need to
protect separate functions of that
technology under different safe harbors
if the donation meets the terms of a
single safe harbor. This cybersecurity
safe harbor is intended only to protect
cybersecurity technology and services.
Other safe harbors protect donations
that may include cybersecurity features
as part of a broader donation, without
regard to whether the cybersecurity
features would meet the requirements of
the cybersecurity safe harbor (e.g., a
donation of data analytics software that
includes cybersecurity features may be
protected by the value-based safe
harbors at 1001.952(ee)–(gg), or an EHR
system with cybersecurity features may
be protected by the EHR safe harbor at
1001.952(y)).
Unless the data analytics and
reporting functionality is predominantly
used to analyze and report on
cybersecurity threats or attacks (rather
than more broadly facilitating the
movement to value-based care), then it
typically would not satisfy the initial
paragraph for 1001.952(jj), which
requires that the cybersecurity donation
be necessary and used predominantly to
implement, maintain, or reestablish
effective cybersecurity.
Comment: A commenter
recommended that OIG clarify the scope
of what the cybersecurity technology
and services must protect, such as
cybersecurity to protect electronic
health records, medical devices, or other
information technology that uses,
captures, or maintains individually
identifiable health information. The
commenter stated that the proposed safe
harbor was silent as to the ‘‘object’’ of
the cybersecurity protection and an
explicit statement setting broad
parameters about the purpose of
E:\FR\FM\02DER3.SGM
02DER3
77824
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
donated cybersecurity technology and
services would provide guidance and
cover future technology advances.
Another commenter encouraged OIG to
permit donations related to medical
device cybersecurity, which the
commenter identified as a growing area
of vulnerability. The commenter posited
that promoting the security of medical
devices would create added protection
for patient privacy and safety.
Response: We are not defining the
‘‘object’’ or ‘‘subject’’ of the
cybersecurity protection. The safe
harbor protects a wide range of
cybersecurity technology and services
that are necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity. If
all other conditions of the safe harbor
are satisfied, this could include
cybersecurity donations in connection
with medical devices, EHR, and other
information technology.
Comment: A commenter supported
the inclusion of a broad array of
cybersecurity services as part of the safe
harbor, including numerous examples
from the OIG Proposed Rule. In
addition, the commenter recommended
adding services to the list included in
the OIG Proposed Rule, such as
consulting services deployed not to
conduct only a risk assessment or
analysis, but to work with the practice
to develop and implement specific
cybersecurity policies and procedures.
The commenter also suggested
protection for subscription fees to
vendor security products that assist
practices in developing policies and
procedures in support of a risk
assessment. Another commenter
requested that OIG provide further
examples of what would and would not
be protected by the safe harbor.
Response: We provided examples of
items and services that would be
protected by this safe harbor in the
preamble to the OIG Proposed Rule that
are still valid under the final rule and
provide additional examples in this
final rule.98 The examples included in
the OIG Proposed Rule apply to the safe
harbor, as finalized, and continue to
illustrate the scope of the technology
and services potentially protected by the
safe harbor. We emphasize that we
intend for the safe harbor to protect a
broad array of technology and services.
Donations of services that meet all
conditions of this safe harbor would be
protected. That would include
donations where the donor arranges for
or otherwise pays for third-party
vendors or consultants to provide
cybersecurity services that are necessary
98 84
FR 55735–6 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
and used predominantly to implement,
maintain, or reestablish effective
cybersecurity. We note, however, that
reimbursing a recipient or providing
monetary remuneration for such
services would not be protected by this
safe harbor because the safe harbor only
protects nonmonetary remuneration.
The advisory opinion process remains
available for parties seeking a legal
opinion regarding the scope of the safe
harbor as applied to a specific set of
facts and circumstances.
Comment: A commenter asked OIG to
include protection for implementation,
management, and remediation services
within the scope of this safe harbor, as
these will fully optimize donations.
Response: The safe harbor would
protect donations that include
implementation, management, and
remediation services, including those
provided through a third party, if all
conditions of the safe harbor are
satisfied. As we stated in the OIG
Proposed Rule, the safe harbor may
protect services such as developing,
installing, and updating cybersecurity
software, and training recipients how to
use it. We also stated in the OIG
Proposed Rule that ‘‘cybersecurity as a
service’’ may be protected, which
includes third-party services for
managing and monitoring the
cybersecurity of a recipient.
Comment: While many commenters
expressed concern about the
effectiveness of the safe harbor if it does
not protect a broad scope of technology
and services, other commenters
recommended limiting the scope of
protected technology and services. A
commenter noted that effective
cybersecurity protection could require a
whole suite of services, such as active
management, monitoring, and
developing an effective response system
if an issue arises, and it may not be
possible for an outside entity to provide
such a broad range of services.
Response: This safe harbor protects a
wide range of cybersecurity technology
and services that satisfy the conditions
of the safe harbor. It is intended to
remove one actual or perceived barrier
to improving the cybersecurity posture
of the health care industry. While this
safe harbor does not and cannot solve
all cybersecurity issues for the health
care industry, OIG believes that
cybersecurity donations are just one tool
that the health care system can use to
improve its cybersecurity. We encourage
providers and other actors to engage in
other cybersecurity efforts, consistent
with industry standards and applicable
laws, to improve the cybersecurity of
the entire health care system.
PO 00000
Frm 00142
Fmt 4701
Sfmt 4700
i. Monetary Cap
Summary of OIG Proposed Rule: We
solicited comments on whether the safe
harbor should include a monetary value
limit on the total amount of donations
that a donor can make to a recipient.
Summary of Final Rule: We are not
finalizing a condition imposing any
monetary limit.
Comment: A commenter
recommended that if the final safe
harbor protects hardware, OIG should
not impose any cap on the value of the
donated hardware. Another commenter
encouraged OIG to finalize the safe
harbor without imposing a monetary
limit on the value of applicable
remuneration. Some commenters
recommended a cap as a potential
safeguard.
Response: We are not finalizing any
monetary cap on the value of
remuneration protected by this safe
harbor. We believe most cybersecurity
donations are made for purposes of selfpreservation from the risk of
cyberattack. Therefore, donors are
incentivized to donate what is required
to achieve effective cybersecurity and
not make excessive donations beyond
the scope of what is needed to protect
themselves. Furthermore, the initial
paragraph for 1001.952(jj) limits
donations of technology and services to
those necessary and used
predominantly to implement, maintain,
or reestablish cybersecurity, which also
serves to limit any excessive value of
donations. The conditions at paragraphs
1001.952(jj)(1) and (2) ensure that the
cybersecurity safe harbor does not
protect donations that are tied to
Federal health care program referrals or
are otherwise conditioned on Federal
health care program business. These
conditions help mitigate the risk that
more valuable donations may lead to
more referrals or future business.
The threat-reduction purpose of
cybersecurity technology and the
conditions of the safe harbor work
together to limit the risk of fraud or
abuse caused by improper donations
and a monetary cap is not needed for
the cybersecurity safe harbor.
j. Deeming Provision
Summary of OIG Proposed Rule: We
solicited comments on whether to create
a provision in the final rule that would
allow donors and recipients to
demonstrate compliance with the
condition at paragraph 1001.952(jj)(1)
by meeting certain additional standards.
Specifically, we suggested a ‘‘deeming
provision’’ that would allow donors or
recipients to demonstrate that the
donation satisfies proposed paragraph
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
1001.952(jj)(1) if it furthers a recipient’s
ability to comply with a written
cybersecurity program that reasonably
conforms to a widely recognized
framework or set of standards, such as
one developed or endorsed by the
National Institute of Standards and
Technology (NIST) or another American
National Standards Institute-accredited
standards body, such as the
International Organization for
Standardization.
Summary of the Final Rule: We are
not finalizing a ‘‘deeming provision.’’
Comment: A number of commenters
supported the inclusion of a ‘‘deeming
provision’’ in the final rule and offered
suggestions on how to implement such
a provision. Several commenters
suggested that the ‘‘deeming provision’’
should apply if the donation furthers a
recipient’s compliance with a written
cybersecurity program that reasonably
conforms to a widely recognized
cybersecurity framework, such as one
developed by NIST, or guidelines
developed by the Department of Health
and Human Services Office for Civil
Rights (OCR) in collaboration with the
Office of the National Coordinator for
Health Information Technology (ONC).
One commenter recommended that any
reference to cybersecurity standards,
frameworks or risks be based on existing
independent frameworks, ideally drawn
from NIST standards.
Response: We are not finalizing a
‘‘deeming provision’’ for the
cybersecurity safe harbor. We are
concerned that a deeming provision
could have the inadvertent effect of
protecting multifunctional hardware,
software, or other technology and
services because the donation conforms
to a written cybersecurity protocol
following industry standards.
Specifically, if a donor or recipient were
to demonstrate that a donation of
hardware furthered its compliance with
a written cybersecurity program that
includes items such as laptops, servers,
or other types of multifunctional
hardware, parties may use the ‘‘deeming
provision’’ in attempting to protect
hardware that is not necessary or used
predominantly to implement, maintain,
or reestablish effective cybersecurity.
Although we are not finalizing a
voluntary ‘‘deeming provision,’’ parties
are encouraged to consider
implementing cybersecurity programs
that follow widely recognized industry
frameworks. Parties may also
voluntarily include their own standards
to apply to donations.
However, even if donations further
compliance with a written cybersecurity
program that is consistent with a widely
recognized industry cybersecurity
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
framework or a party’s own standards,
that does not automatically mean that
any cybersecurity donation is ‘‘deemed’’
necessary or used predominantly to
implement, maintain, or reestablish
effective cybersecurity. Parties should
undertake a careful analysis of any
donations for which they seek safe
harbor protection to ensure compliance
with all conditions of the safe harbor.
Comment: Some commenters urged
that any reference to standards or
frameworks used in any ‘‘deeming
provision’’ be illustrative and not
exclusive, so as to avoid unnecessary
constraints and allow for the application
of future frameworks. Another
commenter agreed with inclusion of a
‘‘deeming provision’’ but recommended
that such provision remain voluntary.
Several commenters objected to any
‘‘deeming provision,’’ noting that it
would add an unnecessary burden
without providing any meaningful
protection against fraud and abuse. A
commenter stated that physicians may
struggle to understand what ‘‘reasonable
conformance’’ looks like or when a
framework or standard is considered
‘‘widely recognized.’’ A commenter
stated that a stringent ‘‘deeming
provision’’ could create additional
barriers to mitigating the risks of
cybersecurity threats. One commenter
sought clarity on the ‘‘deeming
provision,’’ asking whether the recipient
must show financial need to satisfy the
‘‘deeming provision,’’ and another
commenter supported a ‘‘deeming
provision’’ when the cost of the
donation of technology and services
exceeds a specified monetary limit.
Response: Safe harbors are voluntary;
this safe harbor does not require any
individual or entity to offer free or
discounted cybersecurity technology or
services, nor does it require any
individual or entity to structure any
donations of cybersecurity technology
and services to satisfy the conditions of
the safe harbor. Notwithstanding, for the
reasons stated above we are not
finalizing a ‘‘deeming provision’’ in this
safe harbor. We also agree with the
commenter that parties may struggle to
understand what ‘‘reasonable
conformance’’ looks like or when a
framework or standard is considered
‘‘widely recognized.’’ Without selection
of one or more specific frameworks, any
‘‘deeming provision’’ could be subject to
manipulation.
Comment: One commenter suggested
that OIG adopt the same ‘‘deeming
provision’’ that appears in the EHR safe
harbor at paragraph 1001.952(y)(2).
Response: We decline to adopt the
commenter’s suggestion. The ‘‘deeming
provision’’ included in the EHR safe
PO 00000
Frm 00143
Fmt 4701
Sfmt 4700
77825
harbor at paragraph 1001.952(y)(2)
relates to donations of EHR items and
services satisfying the interoperability
condition in paragraph 1001.952(y)(2)
using ONC Certification standards
rather than the ‘‘necessary and used
predominantly’’ standard in this
cybersecurity safe harbor. Therefore, the
commenter’s suggested ‘‘deeming
provision’’ is not applicable in this
context and, for the reasons stated
above, we are not finalizing any
‘‘deeming provision’’ in this safe harbor.
k. Volume and Value Condition
Summary of OIG Proposed Rule: We
proposed at paragraph 1001.952(jj)(2)
that donations would not be protected
under this safe harbor if donors directly
take into account the volume or value of
referrals or other business generated
between the parties when determining
the eligibility of a potential recipient for
the technology or services, or the
amount or nature of the technology or
services to be donated. Donations also
would not be protected if donors
condition donations of technology or
services, or the amount or nature of the
technology or services to be donated, on
future referrals. Similarly, we proposed
at paragraph 1001.952(jj)(3) that
donations would not be protected if the
recipient or the recipient’s practice (or
any affiliated individual or entity)
makes the receipt of technology or
services, or the amount or nature of the
technology or services, a condition of
doing business with the donor.
Summary of Final Rule: We are
finalizing, without modification, these
conditions, but renumbering them as
1001.952(jj)(1) and (2).
Comment: Commenters generally
supported the provision restricting
donors from directly taking into account
the volume or value of referrals or other
business generated between the parties
when determining the eligibility of a
potential recipient for the technology or
services, or the amount or nature of the
technology or services donated.
Commenters also supported OIG’s
proposal that potential recipients
should not be permitted to condition
future business with the donor on the
receipt of cybersecurity donations. A
commenter recommended that OIG set
guardrails to ensure that industry
stakeholders do not donate
cybersecurity in order to influence
referral patterns. Some commenters also
agreed that OIG should not finalize a list
of selection criteria that, if met, would
be deemed not to directly take into
account the volume or value of referrals
or other business generated between the
parties, similar to the provision within
the EHR safe harbor at paragraph
E:\FR\FM\02DER3.SGM
02DER3
77826
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
1001.952(y)(5). A commenter agreed
that donations of cybersecurity
technology and services do not present
the same risks as donations of EHR
software and information technology.
Thus, a list is unnecessary.
Response: We are finalizing
paragraphs 1001.952(jj)(1) and (2) as
proposed. We agree with commenters
who recommended that we not include
a list of selection criteria deemed not to
directly take into account the volume or
value of referrals, similar to paragraph
1001.952(y)(5). We agree with the
commenter who described such a list as
unnecessary. Additionally, the safe
harbor conditions we are finalizing,
viewed in their totality, guard against
donations to influence referral patterns,
so additional guardrails are
unnecessary.
Comment: A commenter representing
hospitals and health systems expressed
concern that the provision of
cybersecurity technology and related
services to physician practices could
increase the risk of fraud and abuse if
the donations are used as a bargaining
chip, thus facilitating cost-shifting from
entities in need of such services and
potential donors, rather than
cooperation between the entities.
Another commenter representing the
laboratory industry expressed concerns
about physicians starting or encouraging
‘‘bidding wars’’ between laboratories,
insinuating that the laboratory that
offers or makes the most generous
donation will get the physician’s
referrals (and, likewise, some
laboratories in fact may act
inappropriately and promise a donation
in exchange for future referrals).
Response: We acknowledge the
commenters’ concerns about
inappropriate donations designed to
induce referrals. We are finalizing
paragraphs 1001.952(jj)(1) and (2) as
proposed to preclude such conduct from
protection under this safe harbor. Like
the commenters, we are concerned
about the ‘‘bargaining chip’’ and
‘‘bidding war’’ scenarios, and we
emphasize that donors that condition
donations on referrals—and potential
recipients who demand donations as a
condition of doing business or
continuing to do business—would not
qualify for protection under this safe
harbor. Furthermore, such offers and
solicitations may violate the Federal
anti-kickback statute.
Comment: A provider trade
association noted that donations of
cybersecurity technology and services
are typically made by software
developers and medical device
manufacturers, not providers. The same
trade association cautioned that
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
cybersecurity-related donations should
be based on risk to the donor’s own
software, systems, or network, and
suggested that such donations should be
available to all similar entities with
similar risk assessments and without
regard to business relationships or
affiliations.
Response: As we stated above, this
safe harbor is agnostic to the types of
individuals and entities donating the
protected cybersecurity technology and
services. We believe the requirement
that donations be necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity,
combined with requirements related to
the volume and value of referrals and
other business generated, provide
safeguards to ensure that donations are
made for necessary cybersecurity
purposes.
In response to the commenter’s
suggestion that donations should be
made available to similarly situated
entities, we note that the safe harbor is
voluntary. A donor can choose the
entities to which it donates.
Furthermore, it is likely impracticable
that donors would make donations
available to all similar entities with
similar risk assessments. Even in those
circumstances, the donor and a
potential recipient may have needs that
are different than those for other
similarly situated entities based on the
specific cybersecurity needs inherent in
connecting to the specific systems with
which the donor interacts. We
emphasize that determining whether a
cybersecurity donation meets the
conditions of the safe harbor requires an
analysis of the specific facts and
circumstances.
l. Recipient Contribution
Summary of OIG Proposed Rule: We
did not propose a requirement that
donors of cybersecurity technology and
services collect a monetary contribution
from recipients. In connection with our
alternative proposal that would cover
hardware, we solicited comments on
whether we should require a
contribution from a recipient if a
donation included hardware.
Summary of Final Rule: We are not
finalizing a contribution requirement as
a condition to this safe harbor,
regardless of whether hardware is
included in the donation.
Comment: Many commenters agreed
with our proposal not to require a
recipient of protected cybersecurity
technology and services to contribute to
the overall cost of the donation.
Commenters suggested that a
contribution requirement in the context
of this safe harbor may act as a barrier
PO 00000
Frm 00144
Fmt 4701
Sfmt 4700
to donations because it may be: (i)
Administratively burdensome to
calculate or track contributions; (ii)
imprecise; or (iii) cost-prohibitive for
recipients who lack adequate resources
to contribute. A commenter stated that
the pressing requirement to upgrade the
cybersecurity of the nation’s health care
systems should not be held hostage to
the ability of capital-constrained
medical practices to pay money for such
security. Several commenters agreed
with our conclusion in the OIG
Proposed Rule that forgoing a
contribution requirement in this safe
harbor would free recipients’ resources
to invest in other technology not
protected by the safe harbor, such as
updating legacy technologies. Several
commenters requested that donors have
the option to require a contribution from
recipients.
Response: We agree with commenters
who recommended against including a
contribution requirement in this safe
harbor. Rather than investing resources
in a contribution, the final rule frees up
recipients to invest resources in other
technology not protected by the safe
harbor, such as updating legacy
multifunctional hardware that may pose
a cybersecurity risk or simply investing
in their own computers, phones, and
other hardware foundational to their
businesses, caring for patients, and
interacting with their providers.
Additionally, we are finalizing only
those conditions that are critical to
guarding against fraud and abuse in the
context of cybersecurity donations in
order to provide regulatory flexibility
for donations intended to
counterbalance the significant
cybersecurity threats against the
nation’s health care ecosystem.
We have concluded that a
contribution requirement would be
burdensome in the context of
cybersecurity donations because the
necessity of donated services may vary
unpredictably—varying weekly or even
daily—in response to cybersecurity
threats. We understand that
cybersecurity patches and updates are
frequent and would need to be applied
or aggregated across an entire set of
recipients using the same technology or
services, further complicating
contribution amounts for each end user.
Also, we are concerned that recipients
might be unwilling or unable to accept
cybersecurity donations due to
potentially unpredictable costs they
might incur after the initial donation. In
the context of cybersecurity donations,
a contribution requirement would pose
a barrier to donations that, on balance,
is outweighed by the need for
widespread improvement of
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
cybersecurity hygiene in the health care
industry.
As we stated in the OIG Proposed
Rule, donors are free to require
recipients to contribute to the costs of
donated cybersecurity technology and
services as long as the determination of
a contribution requirement, or the
amount of the contribution, does not
take into account the volume or value of
referrals or other business between the
parties. For example, if a donor donates
without any required contribution
cybersecurity services to a high-referring
physician practice but requires a lowreferring physician practice to
contribute to the cost of such services,
the donor could violate the conditions
at paragraph 1001.952(jj)(1)(i) and (ii).
Comment: Several commenters
supported a contribution requirement
for various reasons. One commenter
representing the laboratory industry
discussed that industry’s experience
with the EHR safe harbor at paragraph
1001.952(y), concluding that absent a
contribution requirement, vendors have
little incentive to offer competitive
pricing. The commenter stated that its
experience with EHR donations may
extend to cybersecurity donations, and
cybersecurity technology vendors’ sales
representatives may urge physicians
that require cybersecurity software and
services to direct their requests to
laboratories likely to make a donation,
increasing the demand for the vendors’
cybersecurity technology. Another
commenter suggested that although
recipients should have a vested interest
in the products they are using, a 15
percent contribution may be too high for
some providers, suggesting that a
smaller contribution could be a fair
compromise. A number of commenters
requested a carve-out to any finalized
contribution requirement for small and
rural providers, those in medically
underserved areas, and federally
qualified health centers. Several
commenters argued for consistency in
any contribution requirement across
safe harbors, noting that because
cybersecurity is part and parcel of other
technology it could impose undue
complications to require recipients to
contribute to some donations but not
others. Several commenters asserted
that OIG should consider a flexible
contribution requirement that would
provide for a comparable investment
across provider types rather than a flat
percentage contribution.
Response: For the reasons stated in
the preceding response, we have
concluded that a contribution
requirement of any percentage is not
appropriate for this safe harbor.
Donations of cybersecurity technology
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
and services do not present the same
type or magnitude of risks as donations
of electronic health records software
and other information technology. As
we stated in the OIG Proposed Rule,
cybersecurity donations, if legitimate,
are more likely to be based on
considerations such as security risks—
especially the exposure of the donor
when connecting to the recipient—and
are less likely to be based on
considerations relating to the volume
and value of referrals or other business
generated. We believe the safeguards in
the final safe harbor, including
restrictions against recipients
conditioning their referrals or business
on donations, are sufficient to account
for the potential pressure from vendors.
Furthermore, suspected fraud and abuse
can be reported to OIG’s hotline at
https://oig.hhs.gov/fraud/report-fraud/
index.asp.
m. Patching and Updates
Summary of Proposed Rule: Related
to the issue of recipient contribution,
the OIG Proposed Rule discussed the
unique, practical difficulties of a
contribution in the context of
cybersecurity patching and updates.
Summary of Final Rule: We are not
finalizing any specific regulatory text
relating to patching and updates. We
view these as protected under the safe
harbor if all other conditions of the safe
harbor are satisfied.
Comment: Several commenters asked
that we protect the costs or services
associated with ongoing cybersecurity
software updates and other patches. A
commenter highlighted that patching
and updates are critical to managing
cybersecurity risks, and that prohibiting
their donation could neutralize any
benefits resulting from any final safe
harbor. A commenter noted that, given
the fast-paced nature of developments
in cybersecurity, it is likely that new
tools will need to be deployed on at
least an annual basis. Another
commenter requested clarification
regarding whether accepting a routine or
critical update would result in loss of
safe harbor protection, noting that
patching is sometimes given to
providers for free (because it is built
into the contracts with vendors) and
some patches may be focused on
security while others may be more
general.
Response: We agree with commenters
that patching and updates are critical to
managing cybersecurity risks, and this
final safe harbor protects such patches
and upgrades if all conditions of the safe
harbor are squarely satisfied. We note
that this final rule does not require a
contribution from the recipient, as
PO 00000
Frm 00145
Fmt 4701
Sfmt 4700
77827
discussed above, so routine patches and
upgrades given for free to recipients will
not result in loss of safe harbor
protection, as long as all safe harbor
conditions are met. Donors who collect
a percentage contribution from any
recipient, according to the written
agreement with the recipient, may need
to collect a contribution for any patches
and updates pursuant to the terms of the
parties’ agreement. It is possible for
donors to structure any required
recipient contribution in a number of
ways as long as neither the decision to
collect the contribution nor the amount
or nature of the contribution is based on
the volume or value of referrals or other
business generated between the parties.
For example, a donor is free to structure
donations that require a percentage or
sum certain contribution for the initial
cybersecurity donation but not for
subsequent patches and upgrades as
long as the donor does so consistently
and according to the terms of the
written agreement.
n. Writing Requirement
Summary of OIG Proposed Rule: We
proposed at proposed paragraph
1001.952(jj)(4) that a donor and
recipient set forth a written agreement
that is signed by the parties and that
describes the technology and services
being provided, and the amount of the
recipient’s contribution, if any.
Summary of Final Rule: We are
finalizing, with modification, a writing
requirement at paragraph
1001.952(jj)(3). We are not requiring that
the writing be a single document, and
we made certain clarifications,
including that the signed
documentation must include a general
description of the technology and
services provided.
Comment: Commenters generally
supported a writing requirement. A
commenter asserted that a written
agreement between donors and
recipients of cybersecurity technology
and services will bring transparency to
the donation process. Another
commenter agreed that a signed
agreement is necessary to ensure that
both parties understand what is being
donated and the terms of the agreement,
including long-term maintenance and
support of the technology.
Response: We agree with commenters
that a writing requirement will bring
transparency to the donation process
and ensure that the parties understand
the scope of the donation and the
responsibilities of both parties. The safe
harbor’s writing requirement mandates
that parties articulate in writing a
general description of the donation, and
if the donor will require a contribution
E:\FR\FM\02DER3.SGM
02DER3
77828
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
the parties must specify that amount.
We anticipate that parties would
include in their general description of
the donation some details about the
initial technology or service provided as
well as any provision of long-term
maintenance, support, patching, or
updates they intend to include within
the scope of the donation. We do not
anticipate that parties will specify every
unforeseen item or service that might be
necessitated by a future update.
Comment: A commenter stated that a
written agreement between donors and
recipients is an acceptable safeguard as
long as any requirement for such
agreement is reasonable in scope. The
commenter stated that required terms
and conditions in the agreement should
be limited, given the nature of the
donation and the relationship between
the parties. For example, the commenter
stated that the safe harbor’s writing
requirement should not compel written
terms other than to describe: (i) The
technology, services, or both to be
donated; (ii) commercial terms as
necessary to meet the safe harbor; and
(iii) warranties by each party to use such
technology in compliance with
applicable laws and regulations. The
commenter also urged OIG to provide a
publicly accessible template
cybersecurity donation agreement or
standard cybersecurity donation terms.
Response: We have designed the final
writing requirement to be reasonable in
the context of the other conditions in
the cybersecurity safe harbor. We
decline to add the specific examples of
terms and conditions to regulation text
or provide any template cybersecurity
donation agreement or standard
cybersecurity donation terms for parties
to use, as suggested by the commenter.
This condition requires that parties
include a general description of the
cybersecurity technology and services to
be provided and, if any contribution is
required, the parties must specify the
amount. The parties are free to add
other terms to their documentation
related to a cybersecurity donation.
Comment: A commenter appreciated
our preamble explanation of the safe
harbor’s writing requirement but
requested that the proposed regulatory
text include the word ‘‘general’’ or
‘‘generally’’ so that donors and
recipients do not unnecessarily include
every item or potential service in a
written agreement. The commenter
urged OIG to revise the regulatory text
of the writing requirement to read as
follows: ‘‘[generally] describes the
technology and services being
provided. . . .’’ The commenter also
requested clarification concerning any
value-related writing requirements. The
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
commenter stated that the proposed
regulatory language includes the
amount of the recipient’s contribution
(if any), while the preamble states that
the written agreement requires a
reasonable estimate of the value of the
donation. The commenter supported
only including the recipient’s
contribution (if any), but requested that
if we include a writing requirement
related to specifying the value of the
donation, then OIG should require the
writing to include a reasonable estimate
of the value of the donation so as to not
introduce any concept of fair market
value or the need to hire a valuation
consultant to determine a reasonable
estimate.
Response: We appreciate the
commenter’s concern about the
language included in the proposed
regulation text at proposed
1001.952(jj)(4), and we are finalizing a
writing requirement that includes some
changes suggested by the commenter.
Specifically, the final regulatory text of
this safe harbor’s writing requirement at
paragraph 1001.952(jj)(3) requires that
the signed writing include a general
description of the technology and
services being provided and the amount
of the recipient’s contribution, if any.
Through this final writing requirement,
we do not intend to: (i) Introduce any
fair market value requirement; (ii) force
parties to determine the fair market
value of the donation; or (iii) compel the
parties to hire a valuation consultant.
For purposes of this condition, we
interpret ‘‘the amount of the recipient’s
contribution, if any’’ to mean either the
sum certain a donor will collect as
contribution or, if the donor will collect
a percentage of the total value of the
donation, the percentage that will be
applied. To be clear, this safe harbor
does not include a recipient
contribution requirement; however, if
the donor chooses to require that the
recipient contribute, that contribution
must be documented in writing. We also
note that if the scope of the donation
changes materially over time, such as
when a donor provides more or fewer
technology or services than originally
anticipated in the scope of the
arrangement, or if the parties alter the
contribution requirement (if any), we
think that best practices would have the
parties document such modifications in
writing. If the donor requires a
contribution that applies to the initial
value of the donation but not the
subsequent value of patching and
upgrades, we anticipate that the writing
would specify such terms.
Comment: A commenter objected to
OIG’s proposed documentation
requirement, stating that it should be
PO 00000
Frm 00146
Fmt 4701
Sfmt 4700
scaled back to avoid imposing
burdensome writing requirements on
the parties. The same commenter argued
that a simple acknowledgement that the
software donation has been or will be
made available should be sufficient.
Response: We do not believe the
writing requirement should be scaled
back. This condition, as finalized,
imposes no greater—and indeed, may
require less—burden on the parties to
the written agreement than would
otherwise be expected in a commercial
transaction involving the exchange or
use of cybersecurity technologies or
services of this nature between parties,
such as a user agreement or purchase
order.
Comment: A commenter noted that
the OIG safe harbor would require a
signed written agreement between a
donor and recipient, while the
corresponding physician self-referral
law exception would require only
‘‘written documentation.’’ The
commenter recommended that OIG
revise the safe harbor to require only
written documentation, as opposed to a
formal written agreement.
Response: The formality of a signed
writing serves as an important safeguard
by transparently documenting the
parties’ donation and formal agreement
to any obligations in connection with
such donation. However, we are
persuaded not to require that the writing
be set forth in a single, written
agreement. We have revised the writing
requirement to permit a ‘‘collection of
documents’’ approach. To receive safe
harbor protection, the general
description of the technology and
services being provided and the amount
of the recipient’s contribution, if any,
must be set forth in writing and signed
by the parties. The terms do not need to
be set forth in a single, signed writing,
although we believe this approach is a
best practice from a compliance
perspective. As explained in section
III.A.1. of this preamble, some
conditions of our safe harbors are
different from CMS’s final rule by
design in light of the different statutory
schemes.
o. Cost-Shifting
Summary OIG Proposed Rule: We
proposed at proposed paragraph
1001.952(jj)(5) that the donor not shift
the costs of the technology or services
to any Federal health care program.
Summary of Final Rule: We are
finalizing, without modification, the
condition at paragraph 1001.952(jj)(4).
We received general support for the
proposed safeguards in the safe harbor,
but we did not receive specific
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
comments on the proposed prohibition
against cost-shifting. Donor Liability
Comment: Several commenters urged
OIG to provide guidance on a donor’s
potential liability for cybersecurity
events affecting any recipients of
cybersecurity donations. Several
commenters, including an organization
dedicated to serving chief information
officers, chief medical information
officers, chief nursing information
officers, and other senior health care IT
leaders asserted that without some way
to protect cybersecurity donors from
being held responsible for cybersecurity
incidents involving recipients,
providers would be reluctant to donate
technology or services for fear of the
downstream risk they might incur. A
few commenters suggested that OIG
create protections for donors that
safeguard them from risks stemming
from cybersecurity incidents
experienced by recipients. Another
commenter similarly urged OIG to
collaborate with OCR to develop a
mechanism to limit the donor’s liability
for cybersecurity events that may occur
at the recipient’s location. Commenters
recommended that OIG create
protections for donors that indemnify
them from risks stemming from
cybersecurity incidents experienced by
donors and clarify whether a donor can
be indemnified from an OCR action
related to a breach when such
indemnification provisions are included
in the parties’ written contract.
Response: Issues relating to
downstream liability, indemnification,
or other contracting and business tort
issues are beyond the scope of this
rulemaking. However, we highlight that
the safe harbor does not prevent parties
from addressing these issues through
contracts or other agreements, and we
note that the facts and circumstances of
any remuneration under such
agreements may require separate
analysis under the Federal anti-kickback
statute.
Comment: One commenter
characterized the safe harbor as
protecting recipients from liability
concerning fines, ransom, and litigation
risk.
Response: We agree that the general
effect of a cybersecurity donation
should help improve a recipient’s
cybersecurity, thereby potentially
reducing the recipient’s liability risk for
fines, ransom, and litigation stemming
from a cyberattack. We clarify, however,
that donations protected under this safe
harbor do not include monetary
remuneration to a recipient, or on behalf
of a recipient, for any fines, ransom, or
litigation stemming from a cyberattack.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
p. Other Comments
Comment: A provider trade
association cautioned that hospitals and
health systems that donate or subsidize
cyber products and services should not
use those as a pretext for discouraging
or inhibiting the exchange of patient
health information between providers.
Response: We note that this safe
harbor does not exempt entities and
individuals from other applicable State
and Federal laws and regulations related
to the commenter’s concerns about
entities’ conduct that may
inappropriately interfere with, prevent,
or materially discourage the exchange of
patient health information between
providers. The ONC regulation entitled
‘‘21st Century Cures Act:
Interoperability, Information Blocking,
and the ONC Health IT Certification
Program’’ 99 implements provisions of
the 21st Century Cures Act 100 (Cures
Act) that are designed to address
occurrences of information blocking. If
patients, providers, or others believe
that a health care provider, health IT
developer of certified health IT, or
health information network or health
information exchange is engaging in
information blocking, we encourage
reporting complaints to HHS through
the Report Information Blocking portal
(https://healthit.gov/report-infoblocking).
Comment: In the preamble to the OIG
Proposed Rule related to this safe
harbor, we distinguished certain
features of cybersecurity donations from
EHR donations. A commenter asked OIG
to clarify its statement that electronic
health record donations ‘‘present a
greater risk that [sic] one purpose of the
donation is for the donor to secure
additional referrals from the recipient or
otherwise influence referrals or other
business generated.’’ 101 Specifically, the
commenter urged us to clarify that this
reference to ‘‘one purpose’’ is not
intended to introduce the one-purpose
test into the rulemaking.
Response: The Federal anti-kickback
statute has been interpreted to cover any
arrangement in which one purpose of
the remuneration was to obtain money
for the referral of services or to induce
further referrals, and nothing in this
final rule changes such interpretation.
In other words, offering remuneration to
a purchaser or referral source
potentially implicates the Federal antikickback statute if one purpose is to
induce the purchase or referral of
Federal health care program business.
99 85
FR 25642 (May 1, 2020).
Century Cures Act, Public Law 114–255,
130 Stat. 1033.
101 84 FR 55737 (Oct. 17, 2019).
100 21st
PO 00000
Frm 00147
Fmt 4701
Sfmt 4700
77829
Donations of EHR, like any other thing
of value, constitute remuneration for
purposes of the Federal anti-kickback
statute. Whether a particular
arrangement including a donation of
EHR or cybersecurity technology and
services violates the statute would
depend on the facts and circumstances
of such an arrangement, including
whether the arrangement complies with
a safe harbor.
With respect to the statement the
commenter cited from the OIG Proposed
Rule, we confirm that we are not
introducing the so-called one-purpose
test as a condition of the safe harbor at
1001.952(jj).
9. Electronic Health Records Items and
Services (42 CFR 1001.952(y))
Summary of OIG Proposed Rule: We
proposed changes to the EHR safe
harbor at paragraph 1001.952(y), which
protects certain arrangements involving
the donation of interoperable EHR
software or information technology and
training services. First, we proposed to
amend the safe harbor to clarify that safe
harbor protection has always been
available for certain cybersecurity
software and services, and to expand the
safe harbor’s potential protection of the
donation of software and services
related to cybersecurity. Next, we
proposed to update the condition at
paragraph 1001.952(y)(2) to specify that
for software to be ‘‘deemed’’
interoperable, it must be certified by a
certifying body on the date it is donated.
We proposed to modify paragraph
1001.952(y)(3), which already
prohibited conduct similar to
‘‘information blocking’’ to align with the
proposed information blocking
definition and related exceptions in the
ONC, HHS Notice of Proposed
Rulemaking ‘‘21st Century Cures Act:
Interoperability, Information Blocking,
and the ONC Health IT Certification
Program’’ (ONC NPRM).102 We also
proposed to eliminate: (i) The condition
at paragraph 1001.952(y)(7) that
prohibits the donation of equivalent
items or services to allow donations of
replacement technology; and (ii) the
sunset provision at paragraph
1001.952(y)(13) to make the safe harbor
permanent. Finally, we proposed to
revise the definitions of ‘‘interoperable’’
and ‘‘electronic health record’’ and add
a definition of ‘‘cybersecurity,’’ and
include all definitions relevant to the
safe harbor at proposed paragraph
1001.952(y)(14). We also solicited
comments on whether we should
modify or eliminate the 15 percent
contribution requirement and whether
102 84
E:\FR\FM\02DER3.SGM
FR 7424 (Mar. 4, 2019).
02DER3
77830
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
we should expand the scope of
protected donors.
Summary of Final Rule: We are
finalizing, with modifications, the
changes we proposed to paragraph
1001.952(y). We are finalizing our
proposal to eliminate the sunset
provision and the provision that
prohibits the donation of equivalent
EHR items and services. We are
finalizing the language explicitly
protecting cybersecurity software and
services and the definition of
‘‘cybersecurity.’’ We also are finalizing
our revision to paragraph 1001.952(y)(2)
to update the deeming provision, with
a minor clarification. We are not
finalizing paragraph 1001.952(y)(3)
related to information blocking or our
proposed modifications to the definition
of ‘‘electronic health record.’’ We are
finalizing our modifications to the
definition of ‘‘interoperable,’’ but we are
not including the phrase ‘‘without
special effort on the part of the user.’’
This final rule also revises paragraph
1001.952(y)(1) to expand the scope of
protected donors to certain entities such
as accountable care organizations and
health systems. The final rule maintains
the 15 percent contribution requirement
but also includes flexibilities in
connection with administering that
requirement.
a. Cybersecurity
Summary of OIG Proposed Rule: To
clarify that the safe harbor protected
cybersecurity software and services
related to EHRs, we proposed to amend
the introductory language of paragraph
1001.952(y) by including the phrase
‘‘including certain cybersecurity
software and services’’ and adding the
term ‘‘protect.’’ We also proposed to
include in paragraph 1001.952(y)(14) a
definition for ‘‘cybersecurity’’ to mean
‘‘the process of protecting information
by preventing, detecting, and
responding to cyberattacks.’’
Summary of Final Rule: We are
finalizing, without modification, the
introductory language of paragraph
1001.952(y) except for a technical
correction by not including the word
‘‘certain.’’ We also finalize the
definition of ‘‘cybersecurity,’’ as
proposed.
Comment: We received several
comments in support of expressly
providing safe harbor protection for
certain cybersecurity software and
services that protect electronic health
records.
Response: We are finalizing
protection for cybersecurity software
and services, as described in more detail
below. We note that, to avoid confusion,
we made a technical correction by
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
removing the term ‘‘certain’’ in the
introductory paragraph of the EHR safe
harbor. This change has no substantive
effect. This safe harbor protects
cybersecurity software and services as
long as the donation meet all
conditions.
Comment: A commenter expressed
concern that the EHR safe harbor’s
cybersecurity proposal and the
separately proposed cybersecurity safe
harbor (proposed at paragraph
1001.952(jj)) have significant overlap
and could lead to confusion if both were
finalized. As such, the commenter
suggested that if OIG were to finalize a
separate cybersecurity safe harbor, the
proposed cybersecurity-related
clarifications to the EHR safe harbor
would not be necessary. The commenter
requested that if OIG were to finalize
protection for certain cybersecurity
software and services within the EHR
safe harbor, the agency clarify that the
predominant purpose of the software or
service must be cybersecurity associated
with the electronic health records.
Similarly, another commenter suggested
that creating separate safe harbors for
electronic health records and
cybersecurity is taking a piecemeal
approach to tools that must work
together for care coordination.
Response: We recognize that there is
a certain amount of overlap between the
cybersecurity safe harbor finalized in
this rule and the EHR safe harbor
amended by this final rule. Regardless
of this acknowledged overlap, it is
useful to clarify in the EHR safe harbor
that cybersecurity software and services
with the predominant purpose of
protecting electronic health records can
be protected under the EHR safe harbor
provided the donation satisfies all other
safe harbor conditions. For example, if
one party is donating an EHR system
that could be protected under the EHR
safe harbor and that EHR system
includes cybersecurity functions to
protect the electronic health records that
might not have appeared to meet the
safe harbor’s previous standard of being
necessary and used predominantly to
create, maintain, transmit, or receive
electronic health records, then parties
seeking safe harbor protection may want
to structure the donation arrangement to
satisfy the conditions of the EHR safe
harbor rather than potentially also
looking to the cybersecurity safe harbor.
However, the new cybersecurity safe
harbor also would remain available for
the protection of cybersecurity
technology and services if conditions of
that safe harbor were met. If, in contrast
to the example above, the cybersecurity
donation were to include a broader suite
of products and services that do not
PO 00000
Frm 00148
Fmt 4701
Sfmt 4700
have a predominant purpose to protect
the electronic health records (but are
used predominantly to implement,
maintain, or reestablish effective
cybersecurity), then parties seeking safe
harbor protection may want to evaluate
the arrangement in the context of the
standalone cybersecurity safe harbor.
Comment: Some commenters asked us
to broaden the scope of cybersecurity
protection within the EHR safe harbor
to, for example, protect cybersecurity
hardware such as network appliances.
One commenter asked that the safe
harbor protect without exception
cybersecurity hardware, software,
infrastructure, and services. Another
commenter suggested that if the
expanded safe harbor does not protect
hardware, it should permit donors to
place cybersecurity hardware at the
recipient’s location as long as the donor
retains title to or a leasehold interest in
the equipment. A commenter noted that
in order to protect donors from
cyberattacks, the safe harbor should
protect the donation of any
cybersecurity technology and related
services without a contribution
requirement to protect any protected
health information shared for groups of
patients.
Response: We are not expanding this
safe harbor to protect additional services
or hardware, regardless whether the
hardware is donated or loaned to a
recipient. The EHR safe harbor is
designed to protect donations of EHR
software and services, and expressly
excludes hardware. By including the
word ‘‘protect’’ in paragraph
1001.952(y), we are clarifying that the
scope of the safe harbor applies to
cybersecurity software or information
technology and training services that are
necessary and used predominantly to
protect electronic health records. There
is a separate, standalone safe harbor
intended to protect broader
cybersecurity donations available at
paragraph 1001.952(jj). That safe harbor,
as finalized in this rule, protects
cybersecurity hardware and does not
have a contribution requirement.
b. Deeming Provision
Summary of OIG Proposed Rule: We
proposed minor modifications to the
deeming provision at paragraph
1001.952(y)(2) by changing ‘‘it has been
certified by a certifying body’’ to read
‘‘it is certified by a certifying body.’’ We
also proposed to remove reference to
‘‘editions’’ of certification criteria to
align with proposed changes to the
certification program.
Summary of Final Rule: We are
finalizing, with modification, our
proposal to revise the condition at
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
paragraph 1001.952(y)(2). We are
clarifying that for software to be
‘‘deemed’’ interoperable, it must be
certified by a certifying body authorized
by ONC to certification criteria
identified in the then-applicable version
of 45 CFR part 170. We are making a
technical edit to conform the
terminology in our deeming provision to
the terminology used in 45 CFR part
170. Specifically, we are removing the
phrase ‘‘electronic health record’’
preceding ‘‘certification criteria’’
because it has been removed from 45
CFR 170 as of June 30, 2020. We are also
deleting the word ‘‘editions.’’
Comment: Commenters generally
agreed with our proposal to clarify that
software would be deemed
interoperable under the safe harbor if,
on the date it is donated, it ‘‘is certified’’
by a certifying body authorized by ONC
rather than ‘‘has been certified.’’ Some
commenters had questions about our
removal of the phrase ‘‘an edition’’
before ‘‘the electronic health record
certification criteria’’ and inquired
whether we should specify that the
criteria are the ‘‘latest’’ or ‘‘current’’
certification criteria.
Response: We agree with comments
that we should clarify our intention for
the software to be certified to the thencurrent certification criteria. However,
rather than inserting new language the
deeming provision will read: ‘‘[f]or
purposes of this paragraph (y)(2),
software is deemed to be interoperable
if, on the date it is provided to the
recipient, it is certified by a certifying
body authorized by the National
Coordinator for Health Information
Technology to certification criteria
identified in the then-applicable version
of 45 CFR part 170.’’ The version of
paragraph 1001.952(y)(2) being finalized
maintains nearly identical language
from OIG’s 2013 final rule addressing
the electronic health records safe harbor
(2013 EHR Final Rule) except that we
changed ‘‘it has been certified by’’ to ‘‘it
is certified by’’ 103 and, as noted above,
we removed the phrase ‘‘electronic
health record’’ before ‘‘certification
criteria.’’ We note that this latter change
does not alter the scope of remuneration
protected under this safe harbor; despite
removing the phrase in the deeming
provision, the safe harbor continues to
protect only items and services that are
used predominantly to create, maintain,
transmit, receive, or protect electronic
health records that meet all criteria of
the safe harbor.
Comment: A commenter opposed the
concept of an ‘‘optional’’ deeming
provision, asserting that it is critical to
103 78
FR 79202 (Dec. 27, 2013).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
require that software be certified by a
certifying body authorized by ONC to
further support the goal of value-based
arrangements.
Response: We agree that
interoperability is a critical condition of
the EHR safe harbor, but we disagree
with the commenter that certification by
a certifying body authorized by ONC
should be the only way of meeting this
standard. This certification provides
donors and recipients with assurance
that their product is interoperable for
purposes of this safe harbor, but such
certification is not a requirement for safe
harbor protection.
Comment: A commenter suggested
that the proposed change to the deeming
provision creates compliance
uncertainty in the context of an ongoing
software donation. In particular, the
commenter was concerned that the
proposed wording change would mean
that any time after the initial donation
the EHR software loses its certification,
the continued provision of the software
including maintenance would implicate
the fraud and abuse laws. Other
commenters supported the proposal to
require software to be certified at the
time it is provided to a recipient, with
a commenter noting that any updates to
donated systems should also be certified
to the most recent standards. A
commenter asked that physicians not
participating in the Quality Payment
Program be granted a 5-year grace
period under the interoperability
deeming provision so that their donated
EHR software need only be certified to
the 2015 edition.
Response: The deeming provision in
paragraph 1001.952(y)(2) is optional.
Certification of donated software by a
certifying body authorized by ONC is
not required to meet the terms of the
safe harbor; the safe harbor requires
that, to receive protection, the software
must be interoperable at the time it is
provided to the recipient. To the extent
physicians or other health care
providers are seeking protection of
donated EHR items and services under
the safe harbor, the donated EHR
software need only be interoperable (as
defined at paragraph
1001.952(y)(14)(iii)) to satisfy the
condition at paragraph 1001.952(y)(2).
If an EHR item or service loses its
certification, it would no longer satisfy
the deeming provision. Therefore, new
donations of such EHR items or
services, including updates and patches
of the software would not satisfy the
safe harbor’s deeming provision.
However, if the EHR items or services
were still interoperable (as defined at
paragraph 1001.952(y)(14)(iii)), then the
safe harbor would protect continued
PO 00000
Frm 00149
Fmt 4701
Sfmt 4700
77831
donation of such software and services,
including patches, as long as all other
conditions are met.
c. Information Blocking
Summary of OIG Proposed Rule: We
proposed modifying paragraph
1001.952(y)(3) by incorporating a
reference to the information blocking
definition and related exceptions in 45
CFR part 171. We solicited comments
on this approach.
Summary of Final Rule: We are not
finalizing the proposed modification to
paragraph 1001.952(y)(3) and instead
are deleting this condition from the safe
harbor.
Comment: We received a number of
comments about our proposal to
incorporate the ‘‘information blocking’’
prohibition from the 21st Century Cures
Act (Cures Act) 104 or the ONC NPRM
into the safe harbor at paragraph
1001.952(y)(3). While commenters did
not necessarily disagree that
information blocking should be
prohibited, commenters raised a number
of questions and concerns regarding
how such a provision would work in a
safe harbor. For example, although we
received from commenters support for
our proposal to update the safe harbor
to include a condition that would
preclude safe harbor protection for
arrangements that lead to ‘‘information
blocking’’ as that term is used in the
Cures Act, a number of commenters
expressed concern about relying on the
ONC NPRM, which was not yet final.
Commenters were particularly
concerned about the array of exceptions
to the definition of ‘‘information
blocking’’ and incorporation of the
definition of ‘‘electronic health
information’’ as proposed in the ONC
NPRM.
Some commenters asked that we
clarify which party is responsible to
ensure that information blocking does
not occur. For example, some
commenters noted that a donor cannot
control what happens to software after
it is donated. Similarly, several
commenters recommended removing or
revising the condition that a donor (or
any person on a donor’s behalf) does not
engage in a practice constituting
information blocking, explaining that a
vendor may engage in information
blocking without the donor’s
knowledge. Commenters expressed
contrasting opinions about the proposed
knowledge standard, with some
commenters recommending that it apply
to both health care providers and health
plans that voluntarily use the safe
104 21st Century Cures Act, Public Law 114–255,
130 Stat. 1033.
E:\FR\FM\02DER3.SGM
02DER3
77832
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
harbor to protect donations under this
safe harbor, while others recommending
that health plans be subject to the
‘‘knows, or should know’’ standard
because health plans are not health care
providers and do not have direct patient
care responsibilities.
Another commenter noted that if a
determination of information blocking
against either a donor or recipient
occurs at some time after a donation, the
recipient may be vulnerable to
unexpected costs or lose access to its
health information technology if the
arrangement suddenly ends.
Another commenter suggested that,
rather than including a prohibition on
information blocking (as such term is
defined in the Cures Act or in 45 CFR
part 171) as a safe harbor condition, OIG
should assume that information
blocking will not be tolerated and will
be enforced through other authorities.
Response: Based on the comments
and assessing the final rule published
by ONC, ‘‘21st Century Cures Act:
Interoperability, Information Blocking,
and the ONC Health IT Certification
Program’’ (ONC Final Rule),105 we are
not finalizing the proposed information
blocking condition, and we are
removing the existing paragraph
1001.952(y)(3), which prohibits the
donor or any person on the donor’s
behalf from taking any action to limit or
restrict the use, compatibility, or
interoperability of the donated EHR
items or services. This condition, when
originally implemented in OIG’s 2006
final rule creating the electronic health
records safe harbor (2006 EHR Final
Rule),106 was intended to help ensure
that transfers of health information
technology will further the policy goal
of fully interoperable health information
systems and will not be misused to steer
business to the donor.107 The 2013 EHR
Final Rule also explained that the
Department was considering other
policies to improve interoperability, and
noted that those policy efforts are better
suited than this anti-kickback statute
safe harbor to consider and respond to
evolving functionality related to the
interoperability of electronic health
record technology.108 At that time, the
Department had few other authorities to
directly address information blocking.
However, there are now other
enforcement authorities designed to
address information blocking. For
example, the Cures Act gave ONC and
OIG more direct authority to address
105 85
FR 25642 (May 1, 2020).
FR 45110 (Aug. 8, 2006).
107 71 FR 45127.
108 78 FR 79214 (Dec. 27, 2013).
information blocking.109 Additionally,
CMS has separate authority to require
certain providers and suppliers to attest
that they have not knowingly and
willfully limited or restricted the
compatibility or interoperability of their
certified electronic health record
technology.110
In addition, the Cures Act and the
ONC Final Rule recognize that certain
practices likely to interfere with,
prevent, or materially discourage access,
exchange, or use of electronic health
information may nonetheless be
reasonable and necessary. That is why
the Cures Act directed the Secretary to
identify exceptions to the definition of
‘‘information blocking.’’ The ONC Final
Rule implements eight exceptions that
apply to practices likely to interfere
with, prevent, or materially discourage
access, exchange, or use of electronic
health information provided the
practice meets the conditions of an
exception. However, the condition at
paragraph 1001.952(y)(3) as
implemented by the 2006 EHR Final
Rule conditioned safe harbor protection
on a party not taking ‘‘any action to
limit or restrict the use, compatibility,
or interoperability’’ of the donated EHR
items or services. The condition did not
account for actions that may be
reasonable and necessary, such as
implementing privacy and security
measures.
Recognizing these developments, we
agree with the commenter that these
new authorities are better suited than a
safe harbor condition to deter
information blocking and penalize
individuals and entities that engage in
information blocking. We also agree
with commenters that a recipient is
unlikely to have the capabilities to
determine whether a donor (or someone
on the donor’s behalf) engaged in
information blocking, which includes a
level of intent set by statute, or met an
exception to information blocking as set
forth in the ONC Final Rule.
Given these potential issues with the
proposed modifications to paragraph
1001.952(y)(3) and limitations of the
original condition in paragraph
1001.952(y)(3) discussed previously, the
condition may no longer be an effective
way to achieve the policy goals that
served as the original basis for this
condition. Removing the condition at
paragraph 1001.952(y)(3) is responsive
to commenters that had questions about
the scope of information blocking
practices, how OIG would determine the
party responsible, how the information
blocking knowledge standard in the
Cures Act and ONC Final Rule would be
assessed in context of this safe harbor,
and how the condition would apply to
parties that may not be subject to the
information blocking provision in
section 3022 of the Public Health
Service Act (PHSA).
We emphasize, however, that we are
maintaining the interoperability
condition in paragraph 1001.952(y)(2).
We believe this condition and the
optional deeming provision will ensure
that donations of EHR items and
services that meet the conditions of this
safe harbor further the Department’s
policy goal of an interoperable health
system and prevent donations being
made with the intent to lock in referrals
by limiting the flow of electronic health
information.
OIG remains committed to taking
action against individuals and entities
that engage in information blocking,
using specific authorities to do so.
Separate from this rule, OIG published
a notice of proposed rulemaking related
to information blocking enforcement.111
That proposed rule, among other things,
proposes the basis and procedures for
information blocking enforcement. As
stated in that proposed rule, addressing
the negative effects of information
blocking is consistent with OIG’s
mission to protect the integrity of HHS
programs as well as the health and
welfare of program beneficiaries.112
d. Sunset Provision
Summary of OIG Proposed Rule: We
proposed to eliminate the sunset
provision at paragraph 1001.952(y)(13).
As an alternative, we also proposed an
extension of the sunset date for the final
rule.
Summary of Final Rule: We are
finalizing this proposal by deleting the
sunset provision at paragraph
1001.952(y)(13).
Comment: We received nearly
universal support for removing the
sunset provision in paragraph
1001.952(y)(13), which requires that all
protected EHR donations must occur on
or before December 31, 2021.
Commenters asserted that the
elimination of the sunset date would
provide certainty for the ongoing
protection of donations of EHR items
and services. One commenter who
generally supported making the safe
harbor permanent recommended that
OIG delay doing so until the ONC
NPRM is finalized and available for
stakeholder consideration.
Response: We agree that eliminating
the sunset provision provides certainty,
106 71
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
109 Sec.
111 85
110 See
112 Id.
PO 00000
4002 and 4004 of the Cures Act.
81 FR 77008, 77028 (Nov. 4, 2016).
Frm 00150
Fmt 4701
Sfmt 4700
E:\FR\FM\02DER3.SGM
FR 22979 (Apr. 24, 2020).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
and we are finalizing our proposal to
make this safe harbor permanent and, as
we note above, the ONC Final Rule was
issued on May 1, 2020.
e. Contribution Requirement
Summary of OIG Proposed Rule: We
did not propose specific changes to the
15 percent contribution requirement at
paragraph 1001.952(y)(11). Instead, we
considered and solicited comments on
three alternatives: (i) Eliminating or
reducing the percentage of the
contribution required for small or rural
practices; (ii) reducing or eliminating
the 15 percent contribution requirement
in this safe harbor for all recipients; or
(iii) modifying or eliminating the
contribution requirement for updates to
previously donated EHR software or
technology.
Summary of Final Rule: We are
retaining the 15 percent contribution
requirement at paragraph
1001.952(y)(11) but removing the
requirement that payment of the
contribution be made in advance for
updates to existing EHR systems. To
make this modification, we have added
new paragraphs at 1001.952(y)(11)(i)
and (ii). Paragraph 1001.952(y)(11)(i)
describes that contributions for initial
and replacement EHR items and
services must be made in advance of the
donation and contributions for updates
to previously donated EHR item and
services need not be paid in advance.
Paragraph 1001.952(y)(11)(ii) is the new
location of the condition that the donor
does not finance the recipient’s
contribution amount; it does not include
any substantive changes.
Comment: A large number of
commenters on this topic recommended
that we remove the 15 percent
contribution requirement for all
donations and for all recipients.
Commenters provided several reasons to
remove the contribution requirement
(paragraph 100.952(y)(11)). For
example, some commenters suggested
that this requirement restricts the use of
EHRs with interoperable capabilities;
that this is not an effective deterrent to
inappropriate EHR donations; and that
the percentage is an arbitrary amount
that limits the use of important patient
tools. Commenters noted that any
transition to improve EHR technology
can streamline physicians’ workflows;
alleviate burdens; allow physicians to
spend more time with their patients;
and allow (assuming that the donated
technology is truly interoperable) the
sharing of patient records with near
equal ease with other providers using
certified EHR technology. Some
commenters questioned whether a
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
recipient contribution reduces the risk
of steering and inappropriate referrals.
Commenters noted that the donation
of EHR technology can be beneficial to
recipients who may be unsatisfied with
their EHR platform but lack the
resources to transition to a new
platform. A commenter noted that the
contribution requirement may be an
unreasonable constraint on how health
systems and hospitals finance the
needed infrastructure to implement new
value-based payment models and
promote the coordination of care.
Commenters cited the added burden
involved in setting the contribution
amount in writing and the necessary,
ongoing monitoring to ensure
compliance. Commenters also
highlighted that eliminating the
requirement would align this safe
harbor with the proposed cybersecurity
safe harbor at paragraph 1001.952(jj) for
which OIG did not propose to include
a contribution requirement.
Commenters that supported
eliminating the contribution
requirement as a condition to this safe
harbor still supported allowing the
donor to require a contribution. For
example, a commenter suggested that
any contribution requirement should be
left up to market forces and negotiation
between the parties. Another
commenter stated that the contribution
amount should be at the discretion of
the donor as long as the donor
consistently and fairly applies their
policy to all recipients. Finally, a
commenter suggested that the
contribution requirement should only
be eliminated if the scope of protected
donors remains the same.
Response: We understand the
donation recipients’ desires to eliminate
the 15 percent contribution
requirement. However, after careful
consideration, we continue to believe
that the contribution requirement is an
important safeguard against fraud and
abuse in light of the specific risks of
inappropriate generation of referrals
presented by donation of EHR items and
services. When recipients of valuable
remuneration have some responsibility
to contribute to the cost of the items or
services, they are more likely to make
economically prudent decisions and
accept only what they need or will use.
As we note below, however, we are
adding some flexibilities in connection
with administering the contribution
requirement.
Comment: Some commenters raised
concerns about eliminating the
contribution requirement. For example,
one commenter believed that physician
adoption and use of an EHR system is
improved when they have a certain
PO 00000
Frm 00151
Fmt 4701
Sfmt 4700
77833
level of buy-in and share in the financial
cost. Similarly, other commenters
suggested that 15 percent represents a
fair contribution amount, serves as a
reasonable safeguard to reduce wasteful
spending, and that it is important for
recipients to have a stake in the
purchased technology.
Response: We agree with commenters
that the contribution amount is fair and
provides a reasonable safeguard. For
these and other reasons discussed in
this final rule, we are maintaining the
15 percent contribution requirement.
Comment: We received support for
eliminating the recipient contribution
requirement for at least a subset of
recipients. Some commenters
specifically referenced removing the
requirement for all physicians. A
majority of these commenters
recommended removing the
contribution requirement for at least
small and rural providers or providers
serving underserved populations. Some
commenters expressed concern about
how we would define ‘‘small’’ or
‘‘rural’’ if we limited the exception to
those classes of individuals or entities.
A number of commenters requested that
the concept of ‘‘small and rural’’
practices be defined broadly and to
specifically include free clinics,
charitable clinics, and charitable
pharmacies. We also received a
recommendation to adopt the definition
of ‘‘small practice’’ used in the CMS
Quality Payment Program.113 Various
commenters requested that the
contribution requirement be eliminated
for safe harbor protection applicable to
Indian health care provider recipients.
We also received comments regarding
other potential recipients for whom the
contribution requirement may be a
financial burden, such as critical access
hospitals, disproportionate share
hospitals, and essential hospitals. A
commenter recommended that
‘‘underserved practices’’ should be
defined as those in: (i) Medically
underserved areas, as designated by the
Secretary under section 330(b)(3) of the
PHSA; (ii) primary health care
geographic health professional shortage
areas, as designated by the Secretary
under section 332(a)(1)(A) of the PHSA;
or (iii) a critical access hospital. A
commenter recommended defining
‘‘rural practices’’ as those located in
rural areas, as defined in the local
transportation safe harbor at paragraph
1001.952(bb).
Commenters noted that for cashstrapped entities, the contribution
requirement is a financial burden. For
example, certain tribal organizations
113 42
E:\FR\FM\02DER3.SGM
CFR 414.1305.
02DER3
77834
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
highlighted the financial burden of the
EHR safe harbor’s contribution
requirement for Indian health care
providers and asserted any contribution
requirement may inappropriately divert
funding away from patient care. Some
commenters noted that the 15 percent
contribution can be a significant barrier
for physician adoption of EHR
technology, even for practices that may
not qualify as small or rural practices.
Some commenters noted that the burden
is not only in the actual cost of the
contribution but also the administrative
tasks associated with tracking and
calculating the 15 percent.
Response: As we explain above, we
are retaining the 15 percent contribution
requirement for all recipients seeking
protection for EHR donations under the
EHR safe harbor. We agree with the
commenters who expressed concern
about defining subgroups of entities to
exempt from this requirement. Even if
we were to adopt certain definitions
existing in other regulations or
definitions suggested by commenters,
some of those designations can change
over time (e.g., a physician practice may
qualify as a ‘‘small practice’’ at some but
not other points in time depending on
staffing changes), which could create
confusion about implementation of the
contribution requirement and raise
corresponding safe harbor compliance
concerns. In addition, the fraud and
abuse risks associated with EHR
donations apply regardless of the
geography or size of the donation
recipient. If cost is a barrier for a
particular recipient, the recipient could
request an advisory opinion about an
arrangement without a 15 percent
contribution requirement.
Comment: In response to our
solicitation of comments on possibilities
to reduce any uncertainty and
administrative burden associated with
assessing a contribution for each update,
some commenters addressed other
aspects of the contribution requirement.
For example, a commenter expressed
concern about the requirement that
contributions must be made in advance.
This commenter noted that recipients
may unintentionally fall outside the safe
harbor due to inadvertent late payments
and requested that OIG add a remedy
period for mistakes to be corrected
without losing safe harbor protection.
Another commenter recommended
eliminating the requirement that fees be
collected prior to the receipt of services
and recommended instead to require a
commercially reasonable collections
process.
Response: Consistent with our
solicitation of comments on uncertainty
and administrative burden, and our
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
statement in the OIG Proposed Rule that
we were considering modifying the
contribution requirement as it relates to
updates, we are removing the
requirement that payment of the
contribution be made in advance for
updates to existing EHR systems. We
recognize that updates may need to take
place quickly to remedy security or
other problems in an EHR system, and
we understand the commenter’s concern
about inadvertent late payments under
such circumstances. We believe it is
reasonable and does not create
additional risk to bill a recipient for its
contribution after providing the update.
The safe harbor does not require a
specific billing method. In other words,
a donor could choose to bill a recipient
separately for each update or could bill
the recipient monthly or quarterly to
combine the contribution claims for all
updates during a select period of time.
We are not, however, removing the
requirement that contributions be made
in advance of an initial donation
(including the donation of a
replacement system). Parties seeking
safe harbor protection can effectively
plan for an initial donation, with all
expenses known up front, so that there
is not the same administrative burden or
uncertainty that parties may experience
when invoicing for periodic updates,
and, therefore, there is less risk of
inadvertent late payments. Because the
need for safe harbor protection would
not be triggered until the initial
donation happens, and the parties have
the ability to wait to make the donation
until the contribution is paid, we are not
adopting a cure period for late payments
associated with initial or replacement
donations.
Comment: A number of commenters
asked that if OIG retains a contribution
requirement on the initial EHR
donation, the contribution requirement
be eliminated for updates to the original
donation. Commenters noted that the
updates may ensure that the donation
continues to function as needed and to
meet current Federal standards for data
exchange. In contrast, a commenter
recommended OIG consider retaining a
contribution requirement only for the
provision of replacement technology
while eliminating it for the original
donation and any updates to that
original system.
Response: As explained above, we are
retaining the contribution requirement
for updates but will no longer require
that the contribution for updates be
made in advance. We recognize that
updates are crucial for the continuing
functionality of a system. However, we
do not think it is feasible to retain a
contribution requirement for certain
PO 00000
Frm 00152
Fmt 4701
Sfmt 4700
donations and eliminate it for others. If
we were to adopt that policy, parties
might structure donations to game the
difference between donation types. For
example, if a recipient were not
required to contribute to updates,
parties could structure the ‘‘initial’’
donation to consist of a functionality
with a small cost and consequently a
small required contribution, with the
most valuable functionality deemed to
be an ‘‘update’’ with no required
contribution. We believe the risk posed
by such arrangements would reduce the
effectiveness of the contribution
requirement as a safeguard against fraud
and abuse. For this reason, all donations
protected by this safe harbor require a
recipient contribution.
Comment: A commenter requested
that if a contribution requirement is
retained, the parties use either the fair
market value or the underlying cost of
the donation as the base amount from
which the contribution is calculated.
The commenter believed that this would
reduce the administrative burden of
compliance, which might allow smaller
providers to donate protected EHR.
Response: The relevant standard in
the safe harbor is that ‘‘the recipient
pays 15 percent of the donor’s cost for
the items and services.’’ We did not
propose to change this cost-based
standard and are not finalizing any
change. In 2006, when we initially
finalized the EHR safe harbor, we
provided an explanation about
calculating the cost of these items and
services.114 The cost should be clear
when a donor is purchasing an item or
service from a vendor. However, we
recognized some software or other
modules may be internally developed.
We recommended that parties should
use a reasonable and verifiable method
for allocating costs and maintain
documentation of such allocation. We
explained there, and maintain here, that
the method for allocating costs would be
scrutinized to ensure that they do not
inappropriately shift costs in a manner
that provides an excess benefit to the
recipient or results in the recipient
effectively paying less than 15 percent
of the donor’s true cost for the
technology.115
Comment: A commenter encouraged
HHS to study whether the 15 percent
recipient contribution requirement has
in fact prevented some or many
physicians practices from adopting EHR
technology, whether the safe harbor has
produced lasting partnerships and
ongoing incentives to use technology,
and whether technology donations
114 71
115 71
E:\FR\FM\02DER3.SGM
FR 45133 (Aug. 8, 2006).
FR 45133 (Aug. 6, 2006).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
potentially protected by the safe harbor
have resulted in market consolidation or
channel capture that has led to
increased costs for consumers.
Response: Any decision by HHS to
study the effectiveness or other impact
of the safe harbor and its conditions is
outside the scope of this rulemaking.
Comment: A commenter
recommended not requiring the 15
percent contribution for cybersecurity
donations under this safe harbor. The
commenter noted that some
organizations will permit practices to
use their EHR systems only if the
practice has certain cybersecurity
protections, and thus the commenter
suggested that the party requiring the
cybersecurity protection should pay any
costs associated with it.
Response: We are not finalizing
separate requirements for different types
of donations within this safe harbor. If
a party seeks to protect a donation of
cybersecurity software or services under
the conditions of the EHR safe harbor,
then a contribution is required.
However, parties that seek to protect a
cybersecurity donation without a
recipient contribution could structure
the donation to meet the safe harbor for
cybersecurity technology and related
services at paragraph 1001.952(jj).
f. Equivalent Technology and Scope of
Protected Donations
Summary of OIG Proposed Rule: We
proposed to delete the condition that
prohibits the donation of equivalent
items or services at paragraph
1001.952(y)(7) to allow donations of
replacement EHR technology.
Summary of Final Rule: We are
finalizing this proposal by deleting
paragraph 1001.952(y)(7).
Comment: Commenters broadly
supported removing the safe harbor
condition at paragraph 1001.952(y)(7)
that prohibits the protection of EHR
donations if a recipient possesses items
or services equivalent to those to be
donated. Commenters provided a
number of reasons for their support of
the elimination of this condition,
highlighting that some physician
practices may be working with an EHR
system that no longer meets their needs,
is outdated, or is otherwise substandard
because they cannot afford the full cost
to replace the system. A commenter
recommended that OIG eliminate this
condition but require a documented
rationale for a need for replacement
technology.
Response: We agree with the
commenters and are finalizing our
proposal to remove the condition at
paragraph 1001.952(y)(7) that prohibits
the donation of equivalent items and
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
services. We recognize that there may be
valid business or clinical reasons for a
recipient to replace an entire system
rather than update existing technology.
Under this safe harbor, replacement
technology is treated the same as a new
donation and would need to meet all
conditions of the safe harbor to receive
protection. For example, a recipient of
replacement technology would be
required to pay at least 15 percent of the
donor’s cost for the items and services
before receiving the items and services.
We believe that treating a donation of
replacement technology the same as a
new donation strikes an appropriate
balance by making necessary
replacements financially feasible for
recipients while maintaining safeguards
to limit the risk of recipients
inappropriately soliciting or accepting
unnecessary technology.
Comment: Commenters recommended
revisions to the language related to the
scope of protected donations. For
example, a commenter requested that
the safe harbor be expanded to include
training, maintenance, and upgrades of
EHRs. Similarly, a commenter
recommended revising the language to
items and services in the form of
software, other information technology,
and related services, including
implementation, training and support
services. A commenter asked whether
the safe harbor would still potentially
protect the ‘‘services’’ listed as examples
in the 2006 EHR Final Rule such as
connectivity, broadband, wireless,
clinical support, information services
related to patient care, and
maintenance. Another commenter was
concerned that the safe harbor protected
only donations of technology that have
been certified by ONC. Other
commenters asked for a significantly
expanded scope of potentially protected
donations including but not limited to:
(i) Hardware; (ii) technology related to
information sharing; (iii) cloud-based
items and services; (iv) practice
management and revenue cycle systems
and services; (v) clearinghouse services;
and (vi) industry-supported data
collection and analytics.
Response: As we note elsewhere in
this section, we are removing the
condition at 1001.952(y)(7) from the safe
harbor to protect donations of
replacement technology and clarifying
the safe harbor to explicitly protect
cybersecurity software and services if all
safe harbor conditions are satisfied. The
safe harbor already could protect some
of the items or services suggested by
commenters, such as maintenance and
training. The modifications to this safe
harbor as finalized, do not narrow the
scope of items or services that could
PO 00000
Frm 00153
Fmt 4701
Sfmt 4700
77835
receive safe harbor protection; the
examples listed in the 2006 EHR Final
Rule could still receive safe harbor
protection under the amended safe
harbor finalized in this rule.116 We also
wish to highlight, as we explain
elsewhere, that the safe harbor does not
require that donated software is certified
as interoperable by a certifying body
authorized by ONC; the safe harbor
requires that donated software is
interoperable. Per the terms of the
‘‘deeming provision,’’ certified software
is deemed to be interoperable. The
scope of electronic health record items
and services protected by this safe
harbor and the optional deeming
provision give donors and recipients
appropriate flexibility to determine
which items and services should be
donated given their circumstances. For
example, long-term care and post-acute
care recipients may need different types
of electronic health record items and
services than a physicians group
practice needs.
We did not propose and thus are not
finalizing in this safe harbor any
expansion that would protect donated
hardware. For any of the other software
or services for which commenters
requested safe harbor protection, the
standard remains as we proposed, i.e.,
that the items or services must be
necessary and used predominantly to
create, maintain, transmit, receive, or
protect electronic health records. For
example, some technology related to
information sharing could meet this
standard, such as the donation of
software or services related to
application programming interfaces
(APIs) used to support the exchange of
116 Specifically, we stated in the 2006 EHR Final
Rule that we interpret ‘‘ ‘software, information
technology and training services necessary and
used predominantly’ for electronic health records
purposes to include the following, by way of
example: Interface and translation software; rights,
licenses, and intellectual property related to
electronic health records software; connectivity
services, including broadband and wireless internet
services; clinical support and information services
related to patient care (but not separate research or
marketing support services); maintenance services;
secure messaging (e.g., permitting physicians to
communicate with patients through electronic
messaging); and training and support services (such
as access to help desk services). We interpret the
scope of covered electronic health records
technology to exclude: Hardware (and operating
software that makes the hardware function); storage
devices; software with core functionality other than
electronic health records (e.g., human resources or
payroll software, or software packages focused
primarily on practice management or billing); or
items or services used by a recipient primarily to
conduct personal business or business unrelated to
the recipient’s clinical practice or clinical
operations. Furthermore, the safe harbor does not
protect the provision of staff to recipients or their
offices. For example, the provision of staff to
transfer paper records to the electronic format
would not be protected.’’ 71 FR 45125.
E:\FR\FM\02DER3.SGM
02DER3
77836
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
electronic health information. Parties
seeking to rely on the safe harbor need
to analyze the EHR donation
arrangement to ensure that it squarely
meets all of the safe harbor’s conditions.
g. Protected Donors
Summary of OIG Proposed Rule: We
solicited comments on either removing
the restrictions on protected donors in
paragraph 1001.952(y)(1)(i) or revising
the paragraph to protect donations from
entities with indirect responsibilities for
patient care, such as health systems or
accountable care organizations that are
neither health plans nor submit claims
for payment.
Summary of Final Rule: This final
rule expands the scope of protected
donors to certain entities that are
comprised of the types of individuals or
entities listed as protected donors in
paragraph 1001.952(y)(1)(i)(A). To
effectuate this change, we added
paragraphs 1001.952(y)(1)(i)(A) and (B),
which describe the entities previously
considered protected donors to include
the new entities considered protected
donors as established by this final rule.
This final rule expands the scope of
protected donors to certain entities that
are comprised of the types of
individuals or entities listed as
protected donors in paragraph
1001.952(y)(1)(i)(A), as described in
more detail below.
Comment: We received a range of
comments in response to our suggestion
that we may consider expanding the
scope of protected donors. At one end
of the spectrum, we received a
suggestion not to change the scope of
protected donors at all. At the other end,
a commenter stated that the safe harbor
should protect donations from all
entities. However, the most common
recommendation from commenters on
this topic was to expand the scope of
protected donors to entities with
indirect responsibility for patient care
such as health systems, accountable care
organizations, clinically integrated
entities, and other entities that bear
financial risk in patient outcomes.
Commenters noted that these types of
entities have little incentive to abuse the
safe harbor and that protecting
donations from certain entities that do
not bill the Federal health care programs
would facilitate expanded use of
technology that may reduce the cost of
care and increase care coordination. We
also received a request to continue
excluding laboratories from the scope of
protected donors.
Response: We agree with commenters
who recommended expanding the scope
of protected donors to include entities
comprised of the types of entities
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
currently covered as protected donors
(e.g., parent companies of hospitals,
health systems, and accountable care
organizations). We see little added risk
to protecting donations of interoperable
electronic health records software or
information technology and training
services by entities such as health
systems or accountable care
organizations. These entities may have
financial risk for patient outcomes and
generally do not directly receive
referrals. However, we believe the risk
is too high to expand safe harbor
protection to donations from all entities.
We continue to have concerns about
protecting EHR donations made by
laboratories or manufacturers or
suppliers of items. Accordingly,
donations made by these entities will
continue to be ineligible for protection
under the EHR safe harbor.
Comment: A commenter asked
whether the safe harbor protects
donations from pharmaceutical
manufacturers that participate in
Federal health care programs.
Response: Pharmaceutical
manufacturers generally do not bill
Federal health care programs and are
not comprised of entities that bill
Federal health care programs and
therefore are not protected donors under
the safe harbor. While we recognize that
some manufacturers have implemented
programs that include more direct
contact with patients and payors, the
concerns we expressed in the preamble
to the 2006 EHR Final Rule 117 continue
to exist today. If a manufacturer that
operates its business in a way that it
believes would meet the terms of this
safe harbor has questions about whether
any donation would be protected by the
safe harbor or present a low risk of fraud
and abuse under the Federal antikickback statute, the advisory opinion
process remains available.
Comment: A commenter requested
that the safe harbor protect donations
made only by donors that provide EHR
access to pharmacists. The commenter
stated that some health information
technology systems block pharmacists’
117 71 FR 45128 (‘‘We have not included as
protected donors pharmaceutical . . .
manufacturers. . . . These entities do not provide
health care items or services to patients or submit
claims for those services. Our enforcement
experience demonstrates that unscrupulous
manufacturers have offered remuneration in the
form of free goods and services to induce referrals
of their products. Given this enforcement history,
and the lack of a direct and central patient care role
that justifies safe harbor protection for the provision
of electronic health records technology, we are not
including manufacturers as protected donors. We
believe there is a substantial risk that, in many
cases, manufacturers’ primary interest in offering
technology to potential referral sources would be to
market their products.’’)
PO 00000
Frm 00154
Fmt 4701
Sfmt 4700
visibility into relevant clinical
information from other health care
providers.
Response: The safe harbor does not
limit the scope of protected donors to
donors that grant EHR access to a
specified range of providers or
suppliers. However, for a donation to be
protected, it must be interoperable and
should not inappropriately interfere
with, prevent, or materially discourage
access, exchange, or use of electronic
health information (e.g., inappropriately
limit visibility to relevant clinical
information). To the extent that patients,
providers, or others believe that a health
care provider, health IT developer of
certified health IT, health information
network, or health information
exchange is engaging in information
blocking, we encourage reporting
complaints to HHS through the Report
Information Blocking portal, which is
available at https://healthit.gov/reportinfo-blocking.
Comment: A commenter requested
that the EHR safe harbor protect
donations made by multiple donors for
different types of technology to a single
recipient, as long as the technology
meets the interoperability requirements.
The commenter recommended the safe
harbor specifically protect the donation
of supplemental, nonequivalent EHR
applications that supplement a
recipient’s current EHR system and
noted that such applications could come
from different donors. The commenter
further proposed the safe harbor require
a clinical necessity analysis for ‘‘addon’’ EHR applications in addition to
replacement technology.
Response: Nothing in the amended
safe harbor, as it is being finalized,
would prevent safe harbor protection of
donations of ‘‘add-on’’ EHR applications
or donations from multiple donors.
Protection offered by this safe harbor is
not limited to EHR products that
include within a single product a
sufficiently comprehensive array of
functions to constitute an ‘‘EHR
system.’’ Instead, as explained in the
2006 EHR Final Rule, the safe harbor
also applies to donations of software
that serve a specific function related to
electronic health records, such as
interface and translation software and
secure messaging. In some instances,
those functions may be part of a larger
EHR software product, or they may be
implemented via standalone software
that interacts with a provider’s
electronic health record system. If each
donation squarely satisfies the
requirements of the amended safe
harbor—including the requirement that
the software is or the information
technology and training services are
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
necessary and used predominantly to
create, maintain, transmit, receive, or
protect electronic health records—such
donations could be protected regardless
of whether the technology is donated by
one or multiple donors.
We did not propose and thus are not
finalizing a condition that requires a
clinical necessity analysis of donations.
Such condition would not be necessary
in the safe harbor given the totality of
its conditions.
h. Definitions
i. Electronic Health Record
Summary of OIG Proposed Rule: We
proposed to modify the definition of
‘‘electronic health record’’ in paragraph
1001.952(y)(14)(iv) to mean: ‘‘a
repository of electronic health
information that: (A) Is transmitted by
or maintained in electronic media; and
(B) relates to the past, present, or future
health or condition of an individual or
the provision of healthcare to an
individual.’’
Summary of Final Rule: We are not
finalizing the proposed definition of
electronic health record and instead
retain the previous definition. This final
rule moves the definition of ‘‘electronic
health record’’ to paragraph
1001.952(y)(14)(iv).
Comment: Several commenters
expressed general support for our
proposed revision to the definition of
‘‘electronic health record,’’ particularly
to the extent that the definition would
align with the definition included in the
Cures Act. However, a number of
commenters were concerned about our
proposal to use the term ‘‘electronic
health information’’ as the ONC NPRM
proposed to define such term.
Commenters asserted that the regulatory
definition proposed by ONC is overly
broad and may extend far beyond what
Congress intended under the Cures Act.
For example, a commenter argued that
under the proposed definition a
patient’s computer or mobile telephone
could be considered an electronic health
record if the patient obtained a copy of
their health record through electronic
transmittal. Commenters also made
several suggestions to limit the scope of
‘‘electronic health information.’’
Response: As we stated in the OIG
Proposed Rule, we did not intend for
our proposed modifications to the
definition of ‘‘electronic health record’’
to make a substantive change to the
scope of protection.118 We thank
commenters for highlighting the
complexities that our changes
inadvertently might have introduced. To
118 See
84 FR 55742 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
remain true to our intent, we are not
finalizing any proposed changes to the
definition of ‘‘electronic health record.’’
We will retain the existing definition in
the safe harbor, which appears at
paragraph 1001.952(y)(14)(iv).
Comment: A commenter
recommended that the definition of
‘‘electronic health record’’ should be
standardized across all Federal
regulations, as permitted by the relevant
statutory framework. However, the
commenter expressed doubt that
changing the definition of ‘‘electronic
health record’’ as OIG proposed would
keep up with a dynamic redefinition of
how electronic health care is provided.
Response: A suggestion to standardize
definitions across Federal regulations is
outside the scope of this final rule. As
noted above, we are not finalizing any
changes to the definition.
Comment: A commenter
recommended that OIG define the
parameters of the EHR safe harbor to
ensure that the scope of covered
technology under the ‘‘electronic health
record’’ definition protects products
beyond those that are standalone EHRs
(e.g., products that connect to, amplify
the capabilities of, or leverage the data
in EHRs to promote coordination and
management of care). According to the
commenter, there are emerging
technologies that leverage data in EHRs
without creating new records and
enable patients to leverage technology to
maintain longitudinal records. To
modernize the safe harbor to
accommodate these developments, a
commenter asked that OIG clarify that
the term ‘‘repository’’ in the current and
proposed definition of EHR is not
limited to existing models of EHR. The
commenter also recommended that OIG
delete ‘‘predominantly’’ from the safe
harbor or otherwise broaden the
remuneration protected by the safe
harbor by adding the italicized words in
the following phrase from the EHR
definition: ‘‘software or IT functionality
necessary and used predominantly to
support or improve [italics added] the
creation, maintenance, transmission,
receipt or use of EHR.’’
Response: By proposing to revise the
definition of ‘‘electronic health record,’’
we did not intend to change the scope
of protection under the safe harbor. We
are retaining the existing definition of
‘‘electronic health record’’ and are not
adopting the commenter’s suggestion.
Emerging technologies that leverage
EHR data may be protected by the safe
harbor. The term ‘‘repository’’ carries its
common meaning: A place where
something such as data can be stored
and managed. If emerging technologies
are necessary and used predominantly
PO 00000
Frm 00155
Fmt 4701
Sfmt 4700
77837
to create, maintain, transmit, receive, or
protect electronic health records, and all
of other conditions of the safe harbor are
met, then donations of such
technologies would be protected.
Donations of software or information
technology services do not need to be
necessary and used predominately for
all five functions listed in paragraph
1001.952(y)(1) to be protected. Rather,
the software or information technology
services must meet at least one of the
five functions. For example, if software
is not used to create an electronic health
record but is necessary and used
predominately to transmit electronic
health records, donations of such
software may be protected by this safe
harbor if all other conditions are met. If
an entity has questions about whether
specific technology donations would be
protected by the safe harbor or present
a low risk of fraud and abuse under the
Federal anti-kickback statute, the
advisory opinion process remains
available.
Comment: A commenter supported
the current definition of ‘‘electronic
health record’’ rather than the proposed
revisions to the definition. However, the
commenter asked OIG to further clarify
this definition so that it would include
a longitudinal electronic record of
patient health information generated by
one or more encounters in any care
delivery setting that automates and
streamlines the clinician’s workflow.
Response: We are adopting the
recommendation to retain our current
definition of ‘‘electronic health record.’’
We agree that the commenter’s example
of a longitudinal electronic record
appears to meet this definition.
However, we recommend that parties
conduct their own analysis of the
particular facts and circumstances of
any arrangement as applied to the
definition. The advisory opinion
process remains available for parties
that seek an individualized
determination.
ii. Interoperable
Summary of OIG Proposed Rule: We
proposed to update the definition of the
term ‘‘interoperable’’ to align with the
statutory definition of ‘‘interoperability’’
added by the Cures Act to section
3000(9) of the PHSA and move it to
paragraph 1001.952(y)(14)(iii). We
proposed to define ‘‘interoperable’’ as
able to ‘‘(A) securely exchange data
with, and use data from other health
information technology without special
effort on the part of the user; (B) allow
for complete access, exchange, and use
of all electronically accessible health
information for authorized use under
applicable State or Federal law; and (C)
E:\FR\FM\02DER3.SGM
02DER3
77838
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
does not constitute information blocking
as defined in 45 CFR part 171.’’
Summary of Final Rule: We are
finalizing, with modifications, an
updated definition of ‘‘interoperable’’ in
paragraph 1001.952(y)(14)(iii). We are
removing the phrase ‘‘without special
effort on the part of the user’’ in
paragraph 1001.952(y)(14)(iii)(A), and
we are not finalizing proposed
paragraph 1001.952(y)(14)(iii)(C) that
would have incorporated the
information blocking regulations in the
definition of interoperability.
Comment: We received general
support for our effort to update the
definition of ‘‘interoperable.’’ However,
some commenters asked for further
clarification of the phrase ‘‘without
special effort on the part of the user.’’
Response: First, we are finalizing the
first two proposed criteria of the
‘‘interoperability’’ definition except, as
explained below, we are removing the
phrase ‘‘without special effort on the
part of the user.’’ We are removing the
third criterion we proposed in the
‘‘interoperable’’ definition: ‘‘[d]oes not
constitute information blocking as
defined in 45 CFR part 171.’’ That
criterion raises similar issues that we
discussed in section 9.c above regarding
the information blocking condition at
former paragraph 1001.952(y)(3).
Removal of that condition is consistent
with our rationale described in more
detail above.
We had proposed for the first prong
of the definition of ‘‘interoperable’’ that
it mean able to ‘‘[s]ecurely exchange
data with and use data from other health
information technology without special
effort on the part of the user.’’ While the
phrase ‘‘without special effort on the
part of the user’’ is used in the
definition of ‘‘interoperability’’ in the
Cures Act,119 the phrase ‘‘without
special effort’’ also is used in conditions
of certification in the Cures Act.120 As
we make clear above in section 9.b,
while software certified by ONC is
‘‘deemed’’ to be interoperable,
certification is not required for safe
harbor compliance. Therefore, to avoid
any implication that we are
incorporating a certification
requirement into the definition of
‘‘interoperable’’ as it is used in this safe
harbor, we are removing the reference to
‘‘without special effort on the part of the
user.’’
Comment: A commenter expressed
concern about the Federal Government’s
definition of ‘‘interoperability,’’ as
defined in the ONC NPRM, which the
119 Section 4003(a)(2), Public Law 114–255, 130
Stat. 1033.
120 Id.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
commenter believes inappropriately
focuses solely on high volumes of data
transferred or access to every piece of
health information ever collected. The
commenter asserted that we should
prioritize the transfer of and access to
secure, meaningful data in order to
avoid: (i) Confusing patients who lack
context; and (ii) overburdening
physicians with irrelevant information.
Response: First, as we note elsewhere
in this section, we are revising this safe
harbor such that the definition of
‘‘interoperable’’ no longer refers to the
definition proposed in the ONC NPRM.
Second, interoperability of donated EHR
items and services is an important
condition of the safe harbor. The
definition adopted in this final rule
states that ‘‘interoperable’’ means ‘‘able
to’’ securely exchange data and ‘‘allow
for complete access, exchange, and use
of’’ certain health information. In other
words, this definition does not require
the transfer of massive quantities of
data; it requires that such transfers be
possible.
i. Other Comments
Comment: A commenter suggested
that OIG continue to consider how data
is being shared and ensure that
information blocking is not occurring.
The commenter specifically
recommended that the safe harbor
require that all VBE participants be able
to review and have access to
information on different EHR systems
used in any value-based arrangement
and have the ability to import and
export data that can help further the
purpose of the value-based arrangement.
In addition, the commenter
recommended that physicians and
others providing care to beneficiaries
under value-based arrangements should
have the ability to select the EHRs that
are best suited for the applicable patient
population.
Response: The safe harbor does not
mandate how or which types of EHR
software or information technology
services a donor or recipient may select.
Because we are finalizing a change to
eliminate the restriction on donations of
equivalent technology, we hope that
parties will have more flexibility to
receive protected donations of EHR
software that best suit the needs of the
parties. However, we emphasize that
this safe harbor is not specific to or
limited to EHR software or information
technology services donated in the
context of value-based arrangements.
The value-based safe harbors finalized
here at paragraphs 1001.952(ee),(ff), and
(gg) could be available to protect the
donation of health information
technology pursuant to a value-based
PO 00000
Frm 00156
Fmt 4701
Sfmt 4700
arrangement, provided all conditions of
an applicable safe harbor are squarely
satisfied. In addition, for the reasons
that we explain in detail above, we are
not finalizing information blocking
provisions as conditions of this safe
harbor.
OIG remains committed to addressing
information blocking through other
authorities. Parties should submit
information blocking complaints to HHS
through the Report Information
Blocking portal (https://healthit.gov/
report-info-blocking).
Comment: A commenter asked OIG to
clarify when certain arrangements such
as data sharing arrangements could
implicate the Federal anti-kickback
statute. The commenter posited that
when technology is shared for
transitions of care or to streamline and
improve the referral process as a matter
of CMS policy, it does not implicate the
Federal anti-kickback statute.
Response: A ‘‘data sharing
arrangement’’ can vary greatly in the
scope of data or services being
exchanged. Simply transmitting
individual patient data for transitions of
care between, for example, an acute care
provider and post-acute care provider
would not implicate the statute.
However, sharing specific patient data
for care of that patient is distinct from
a data sharing arrangement that involves
aggregating data for research, marketing,
or other purposes unrelated to treating
the specific patients whose data is being
shared. With respect to technology for
data sharing, many types of
‘‘technology’’ would constitute
remuneration under the Federal antikickback statute but, as we have
repeatedly stated, certain limited-use
technology that is integral to the
services an individual or entity provides
would not implicate the statute.121 The
parties to a particular data sharing
arrangement would need to perform an
analysis of the facts and circumstances
to determine whether any data or
technology shared constitutes
remuneration under the statute and, if
so, whether a safe harbor such as the
EHR safe harbor could protect the
donation. The advisory opinion process
is also available for a legal opinion
regarding the facts and circumstances of
a particular arrangement.
121 78 FR at 79210 (‘‘The donation of free access
to an interface used only to transmit orders for the
donor’s services to the donor and to receive the
results of those services from the donor would be
integrally related to the donor’s services. As such,
the free access would have no independent value
to the recipient apart from the services the donor
provides and, therefore, would not implicate the
anti-kickback statute.’’).
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
10. Personal Services and Management
Contracts and Outcomes-Based Payment
Arrangements (42 CFR 1001.952(d))
Summary of OIG Proposed Rule: We
proposed to modify the existing safe
harbor for personal services and
management contracts at paragraph
1001.952(d). For paragraph
1001.952(d)(1) we proposed to: (i)
Substitute for the requirement that
aggregate compensation under these
agreements be set in advance a
requirement that the methodology for
determining compensation be set in
advance; (ii) eliminate the requirement
that if an agreement provides for the
services of an agent on a periodic,
sporadic, or part-time basis, the contract
must specify the schedule, length, and
the exact charge for such intervals; and
(iii) change the paragraph numbering.
These proposals are summarized at
sections III.B.10.a and b below.
We also proposed to create new
paragraphs 1001.952(d)(2) and (3) to
protect certain outcomes-based
payments (as defined). The proposals
for this new protection are summarized
at section III.B.10.c, d, and e below.
Summary of Final Rule: We are
finalizing the modifications to the
existing safe harbor for personal services
arrangements at paragraph
1001.952(d)(1), as proposed. We are
finalizing the new provisions for
outcomes-based payments at paragraphs
1001.952(d)(2) and (3), with
modifications summarized at sections
III.B.10.c, d, and e below.
a. Elimination of Requirement To Set
Aggregate Compensation in Advance
Summary of OIG Proposed Rule: We
proposed to substitute for the
requirement that aggregate
compensation under these agreements
be set in advance a requirement that the
methodology for determining
compensation be set in advance in
paragraph 1001.952(d)(1).
Summary of Final Rule: We are
finalizing this modification as proposed.
Comment: Commenters on this topic
overwhelmingly supported the
proposed removal of the requirement to
set aggregate compensation in advance
and its replacement with a requirement
that the compensation methodology be
set in advance. Commenters offered a
variety of reasons for their support. For
example, a commenter valued these
changes because they provide enhanced
flexibility to independent medical
groups and other providers seeking to
develop innovative care delivery
models. Another commenter suggested
that this change allows for greater
flexibility in personal services
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
arrangements while continuing to
incorporate safeguards that limit
potential abuse.
Another commenter explained a view
that incentive compensation in
comanagement arrangements or bundled
payment arrangements often has to be
structured in a formulaic manner, and it
is not possible for hospitals and
physicians to know at the beginning of
the arrangement whether and to what
extent the physicians may meet the
requirements for earning incentive
compensation or the actual amount of
compensation available. The commenter
believed the proposed change would
address this existing impediment to safe
harbor protection. The commenter also
appreciated that the proposed change
would more closely parallel the set-inadvance requirement under the
physician self-referral law exception for
personal services arrangements at 42
CFR 411.357(d), which would simplify
a stakeholder’s analysis of protection
under the safe harbor and exception
when both laws apply to an
arrangement.
Response: We are finalizing this
provision as proposed. This change
modernizes the safe harbor and should
provide enhanced flexibility to the
health care industry to undertake
innovative arrangements, including
arrangements that support the transition
to value and better coordinated care for
patients.
Comment: A commenter expressed
concern that certain proposed changes
to this safe harbor were not specific
enough. In particular, the commenter
warned that replacing a requirement to
set aggregate compensation in advance
with a requirement to identify the
methodology for determining
compensation could allow entities to
structure agreements that look
acceptable on the surface, but actually
take into account the volume and value
of referrals.
Response: We agree with the
commenter that implementing a more
flexible approach to specifying
compensation could protect
arrangements that differ in structure
from arrangements the safe harbor
currently protects. However, we believe
that other safe harbor conditions
mitigate the risk identified by the
commenter, namely the protection of
arrangements that take into account the
volume and value of referrals. For
example, we continue to require parties
seeking protection under the safe harbor
to adhere to the safe harbor’s other
conditions (e.g., aggregate compensation
must be consistent with fair market
value in an arm’s length transaction and
may not be determined in a manner that
PO 00000
Frm 00157
Fmt 4701
Sfmt 4700
77839
takes into account the volume or value
of any referrals or other business
generated between the parties).
Arrangements that do not squarely
satisfy these conditions would not be
protected by the safe harbor. In other
words, despite the safe harbor’s
increased flexibility related to
specifying compensation, the safe
harbor would not protect an
arrangement by which the aggregate
compensation is determined in a
manner that takes into account the
volume or value of referrals or other
business generated.
Comment: Some commenters
requested further guidance on whether
a payment methodology based on
‘‘actual expenses incurred’’ constitutes a
methodology that is sufficiently set in
advance to satisfy the safe harbor
condition as proposed. For example, a
commenter inquired about
compensation in an arrangement
wherein a hospital leases an employed
clinician from a physician practice on a
full- or part-time basis. Specifically, the
commenter sought clarification
regarding whether the safe harbor would
protect compensation under the
employee lease from the hospital to the
practice based on a methodology related
to the physicians practice’s actual
expenses incurred for employing such
clinician (e.g., salary, benefits, bonus,
liability insurance, overhead). Another
commenter requested guidance as to
whether payment based on annual
aggregate costs could be prorated to an
hourly rate and charged based on
completion of time records.
Response: We appreciate the
commenter’s examples of potential
arrangements that may be structured to
comply with the personal services safe
harbor as finalized. It is possible to
structure an arrangement to fit within
the safe harbor by using an hourly rate
or other set, verifiable formula provided
that all other conditions of the safe
harbor are met. However, whether
compensation under an employee lease
that is based on actual expenses
incurred would satisfy the requirement
that the compensation methodology be
set in advance or otherwise meet the
safe harbor would depend on the facts
and circumstances. The commenter
specifically cited salary, benefits,
liability insurance, overhead expenses,
and a bonus. For example, assume that
the hospital leases the physician parttime from the physician’s practice and
agrees to pay the practice the percent of
the practice’s actual expenses in
employing that physician that correlate
to the percentage of the physician’s
work actually performed for the
hospital. We would expect that an
E:\FR\FM\02DER3.SGM
02DER3
77840
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
employee’s salary, benefits, and liability
insurance typically would be set in
advance; overhead expenses possibly
also would be set in advance.
Consequently, the parties could
structure these elements of the part-time
employee’s expenses to satisfy the
condition that the compensation
methodology be set in advance.
However, depending on the structure
and criteria for receiving a ‘‘bonus,’’ that
portion of the practice’s expenses—and
therefore, the compensation
methodology for the part-time employee
lease—might not be set in advance and
might not meet other criteria of the safe
harbor. For example, if a bonus that took
into account the volume or value of
referrals between the parties was part of
the compensation under the lease, the
hospital’s compensation to the practice
for the part-time employee lease would
not be protected by the safe harbor.
The intent behind these modifications
is to provide enhanced flexibility while
mitigating the risk of parties
periodically adjusting the agent’s
compensation to reward referrals or to
promote unnecessary utilization of
services. Parties seeking protection
under this safe harbor must evaluate the
specific facts and circumstances of their
arrangement to determine whether the
compensation methodology over the
term of the agreement is set in advance
before any payment under the
arrangement is made. Any remuneration
also must meet all other conditions of
the safe harbor for protection.
Comment: Some commenters agreed
with our proposals but asked OIG to
define certain terminology under the
safe harbor such as ‘‘fair market value’’
and ‘‘does not take into account the
volume or value of referrals,’’ and asked
OIG to harmonize OIG’s interpretations
of this terminology under the Federal
anti-kickback statute with CMS’s
interpretations of this terminology
under the physician self-referral law in
the proposed rule CMS issued in
connection with the Regulatory Sprint
(CMS NPRM),122 to the extent possible
given the differences in the two laws.
For example, a commenter
recommended that OIG adopt CMS’s
interpretation of the volume or value
standard as proposed by CMS in the
CMS NPRM. Another commenter sought
clarification from OIG that incentive
compensation paid to a physician under
a comanagement, bundled payment, or
internal cost savings arrangement would
not take into account the volume or
value of referrals under the Federal antikickback statute if the physician is paid
a percentage of savings per ‘‘case.’’
122 84
FR 55766 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
According to the commenter, the more
cases performed may result in more
savings, more losses, or something in
between. A commenter asserted that
‘‘value’’ in the construct of ‘‘fair market
value’’ should not solely relate to what
an entity would pay regardless of the
outcome. According to the commenter,
OIG should consider defining ‘‘fair
market value’’ in a manner that
recognizes the value of savings
attributable to the services to the entity
paying the incentive compensation
rather than the time value of the
services or the value of the services
based on metrics, or any relevant fee
schedule. A commenter recognized that
OIG cannot opine on ‘‘fair market
value’’ in an advisory opinion but
requested that OIG explain whether
certain compensation methodologies
(e.g., using an hourly rate as a
compensation methodology or a
percentage of savings attributable to an
agent) could constitute fair market value
under the Federal anti-kickback statute.
Another commenter sought
confirmation that OIG interprets the
term ‘‘commercially reasonable’’
consistent with CMS’s proposed
interpretation in the CMS NPRM,
specifically ‘‘that the particular
arrangement furthers a legitimate
business purpose of the parties and is
on similar conditions as like
arrangements. An arrangement may be
commercially reasonable even if it does
not result in profit for one or more of the
parties.’’
Response: We did not propose to
define or interpret fair market value,
commercially reasonable, or the phrase
‘‘takes into account the volume or value
of referrals or business otherwise
generated,’’ nor are we adopting the
commenter’s suggestion that we
interpret these terms, for purposes of
applying the Federal anti-kickback
statute and safe harbor regulations,
consistent with CMS’s interpretations of
such terms. These terms have long
existed throughout our existing safe
harbors at section 1001.952 without
further definition or interpretation by
OIG and are well-established. Whether
or not fair market value is or was paid
or received for any personal services
provided by an agent to a principal
under this safe harbor depends on the
specific arrangement’s facts and
circumstances, and we decline to
interpret examples with limited
information.
Comment: Certain commenters were
concerned that Indian health care
service providers cannot utilize this safe
harbor because of the requirement that
each party in the arrangement pay fair
market value for services. According to
PO 00000
Frm 00158
Fmt 4701
Sfmt 4700
commenters, the fair market value for
Indian health facility jobs and services
may not align with the fair market value
elsewhere. Some of these commenters
recommended that the fair market value
for Indian health facilities be lowered
and relate more to the economic
realities of provider recruitment and
retention in tribal communities.
Commenters also noted that some parttime contractors currently use the fair
market value standard to extract pay
that exceeds the fair market value for
jobs within Indian health programs.
Response: We understand the
commenters’ concerns with respect to
establishing personal services
arrangements in facilities or regions
where salaries might be lower than the
fair market value found in other nearby
areas. We are not defining fair market
value or further specifying the
appropriate methodologies for parties to
use when determining fair market value
in this final rule. Based on our law
enforcement experience, arrangements
in which parties offer or provide free or
below fair market services to those in a
position to refer federally payable
business to the offeror can be
problematic under the Federal antikickback statute. However, we agree that
fair market value can vary by region,
setting, or other factors. For example, an
hourly rate for certain specialist services
in Manhattan likely would be higher
than the hourly rate for the same
services in rural Mississippi or at an
Indian health facility.
Comment: A commenter
recommended that OIG expand the
writing requirement within the safe
harbor to include contemporaneous
documentation rather than a signed
agreement. The commenter noted that
the CMS NPRM proposed to remove the
formality of a signed agreement and
modified this requirement in certain
physician self-referral law exceptions to
allow documentation that constitutes an
agreement under applicable state law,
which the commenter believes will ease
the regulatory burden for stakeholders
to document the arrangement.
Response: We did not propose to
modify the requirement that an agency
agreement be set out in writing, thus we
are not finalizing any change to that
requirement. As we explained above,
the physician self-referral law and the
Federal anti-kickback statute are
different laws with different standards
for liability. Having a signed, written
agreement that meets all requirements of
the safe harbor is a core safeguard that
is necessary for parties to demonstrate
that they intend to comply with all
requirements of the safe harbor, have
structured the compensation
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
methodology appropriately, and have a
meeting of the minds on the services
and payment to be provided under the
arrangement. However, we note that the
safe harbor does not specify a particular
format for the agreement. The written
agreement requirement can be met
either through a single, formal, signed
agreement or through a collection of
documents if such collection of
documents includes all of the required
elements of the safe harbor and is signed
by the parties (e.g., by signing each
document that makes up the agreement,
or by signing a single signed document
that incorporates separate documents by
reference).
b. Elimination of Requirement To
Specify Schedule of Part-Time
Arrangements
Summary of OIG Proposed Rule: We
proposed to eliminate the condition in
the safe harbor paragraph 1001.952(d)(5)
that requires that if an agreement
provides for the services of an agent on
a periodic, sporadic or part-time basis,
the contract must specify the schedule,
length, and the exact charge for such
intervals.
Summary of Final Rule: We are
finalizing this modification as proposed.
Comment: Commenters generally
appreciated the proposed removal of the
requirement that, for part-time
arrangements, the contract must specify
the schedule, length, and the exact
charge for such intervals. Multiple
commenters stated that eliminating the
requirement that part-time contractual
arrangements specify exact interval
schedules allows for greater flexibility
in protected personal services
arrangements, while the safe harbor
continues to incorporate safeguards that
limit potential abuse. For example, a
commenter noted the proposal could
apply to dialysis facility medical
directors who provide their services on
a part-time basis. The commenter
highlighted the unpredictable nature of
dialysis care and that the frequent need
to respond to urgent medical
emergencies can impede the ability of
nephrologists serving as dialysis facility
medical directors to adhere to
predetermined schedules. In contrast, a
commenter expressed concern that
eliminating this requirement may
increase the risk that either services will
not be rendered or that the payment for
services may vary based on referrals and
recommended additional
documentation requirements.
Response: We are finalizing the
removal of the requirement to specify
the exact schedule of part-time
arrangements, as proposed. We note that
this change to the safe harbor should
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
accommodate a broad range of part-time
or sporadic-need value-based payment
and care arrangements in furtherance of
the Department’s goals in connection
with the Regulatory Sprint. We did not
propose additional documentation
requirements, and we continue to
believe, as we stated in the OIG
Proposed Rule, that other conditions
sufficiently safeguard against the harms
mentioned by a commenter.123
c. Proposal To Protect Outcomes-Based
Payments
Summary of OIG Proposed Rule: At
proposed paragraphs 1001.952(d)(2) and
(3), we proposed to protect outcomesbased payment arrangements between a
principal and an agent that reward
improving patient or population health
by achieving one or more outcome
measures that effectively and efficiently
coordinate care across care settings, or
by achieving one or more outcome
measures that appropriately reduce
payor costs while improving, or
maintaining the improved, quality of
care. We proposed several safeguards.
Under proposed paragraphs
1001.952(d)(2), protected payments
would be between parties collaborating
to measurably improve or maintain
improvement in quality of care or
appropriately and materially reduce
costs of payments (without diminution
of the quality of care), and the agent
receiving the payment would need to
meet at least one evidence-based, valid
outcomes measure meeting specified
criteria, including selection based on
credible medical support. Under
proposed paragraph 1001.952(d)(2)(iii),
the payment methodology would be set
in advance, commercially reasonable,
consistent with fair market value, and
not determined in a manner that
directly takes into account the volume
or value of referrals or other business
generated between the parties.
Additionally, at paragraph
1001.952(d)(2), we proposed safeguards
to protect clinical decision-making,
guard against stinting on care, and
ensure written documentation,
monitoring, periodic rebasing of
outcome measures, and corrective
action of deficiencies in the quality of
care. The term of protected
arrangements would be at least 1 year.
At proposed paragraph 1001.952(d)(3),
we proposed making certain entities
ineligible for safe harbor protection
under the outcomes-based payments
provisions in a manner similar to the
proposed definition of VBE participant
at proposed paragraph 1001.952(ee)(12),
and we proposed that outcomes-based
123 84
PO 00000
FR 55744–45 (Oct. 17, 2019).
Frm 00159
Fmt 4701
Sfmt 4700
77841
payments would exclude payments
related solely to achievement of internal
cost savings for the principal. We
indicated that we were considering
excluding payments based on patient
satisfaction or convenience measures.
Summary of Final Rule: We are
finalizing, with modifications, the new
protection for outcomes-based payments
at paragraphs 1001.952(d)(2) and (3). We
revised the definition of ‘‘outcomesbased payment’’ in paragraph
1001.952(d)(3)(ii) to clarify that the
payment may be a reward for
successfully achieving an outcome
measure or a recoupment or reduction
in payment for failure to achieve an
outcome measure. Paragraph
1001.952(d)(2)(i) consolidates and
streamlines proposed paragraphs
1001.952(d)(2)(i) and (ii) related to
acceptable outcomes measures; to
receive a protected outcomes-based
payment, the agent must achieve one or
more legitimate outcome measure
selected based on clinical evidence or
credible medical support and with
specified benchmarks related to quality
of care, a reduction in costs, or both. At
paragraph 1001.952(d)(2)(vii)(B), we
revised our proposal related to
‘‘rebasing’’ of outcomes measures to
clarify that the parties must periodically
(i) assess and (ii) revise benchmarks and
remuneration under the agreement as
necessary to ensure that any
remuneration is consistent with fair
market value in an arm’s-length
transaction as required by paragraph
1001.952(d)(2)(ii).
We finalize the proposed
requirements related to fair market
value, commercial reasonableness, and
the volume or value of business at
paragraph 1001.952(d)(2)(ii). At
paragraph 1001.952(d)(2)(iii), we
finalize the writing requirement
proposed at paragraph
1001.952(d)(2)(viii). In paragraph
1001.952(d)(2), we finalize additional
safeguards related to clinical decisionmaking, stinting on care, a 1-year term,
monitoring, and counseling and
promotion of unlawful business, as
proposed.
At paragraph 1001.952(d)(3)(iii), we
finalized the scope of entities ineligible
for safe harbor protection for making
outcomes-based payments to include: (i)
Pharmaceutical companies; (ii) PBMs;
(iii) laboratory companies; (iv)
pharmacies that primarily compound
drugs or primarily dispense
compounded drugs; (v) manufacturers
of a device or medical supply, as
defined in paragraph (ee)(14)(iv); (vi)
medical device distributors or
wholesalers that are not otherwise
manufacturers of a device or medical
E:\FR\FM\02DER3.SGM
02DER3
77842
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
supply, as defined in paragraph
(ee)(14)(iv) of this section; or (vii)
DMEPOS companies. In the same
paragraph, we finalize our policy to
exclude payments for internal cost
savings or payments based solely on
patient satisfaction or patient
convenience measures.
We clarify in both paragraph
1001.952(d)(2)(ii) and paragraph
1001.952(d)(3)(ii) that the remuneration
may be ‘‘between or among’’ the parties,
rather than being limited to
remuneration from the principal to the
agent. We reordered the provisions from
paragraphs (d)(2)(iii)–(vii) without
making additional substantive changes.
We made technical corrections in
paragraph 1001.952(d)(2) to replace the
word ‘‘satisfy’’ with the word ‘‘achieve’’
in order to use a consistent term
throughout the safe harbor.
Comment: Many commenters
supported OIG’s proposal to expand the
existing safe harbor for personal services
and management contracts by creating
new provisions at paragraphs 42 CFR
1001.952(d)(2)–(3) to protect certain
outcomes-based payments. Some
expressed support for protection for
outcomes-based payments but
encouraged OIG to provide greater
specificity regarding the types of
payment arrangements, specific
outcome measures, and specific
requirements for measuring
achievement of outcomes that would
qualify for protection under these
proposed provisions to the safe harbor.
A commenter asked OIG to clarify that
the list of examples in the OIG Proposed
Rule’s preamble was not all-inclusive,
but merely a representative list of the
types of arrangements that may be
protected under the safe harbor.
Another commenter cautioned against
referencing or creating an exhaustive list
of specific types of payments that could
qualify as ‘‘outcomes-based payments’’
because that approach would be too
limiting. Another commenter requested
that OIG reiterate its recognition that
outcomes-based payment arrangements
may vary in structure and that the safe
harbor should provide flexibility for
arrangements designed to achieve
appropriate quality of patient care as
well as appropriate efficiency and costsaving goals. Many commenters
believed the proposals were
unnecessarily limited, overly complex,
and potentially difficult for physicians
to implement, and another commenter
found the monitoring of arrangements
overly burdensome.
Response: We intend for the
outcomes-based payments safe harbor to
support outcomes-based payments that
facilitate care coordination, encourage
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
provider engagement across care
settings, and advance the transition to
value. At the outset, we note that in
response to general comments regarding
the complexity of this safe harbor and
for the sake of clarity, we streamlined
the language we had proposed in
paragraphs 1001.952(d)(2)(i) and (ii)
such that the safe harbor still expressly
specifies that the agent must achieve
one or more legitimate outcome
measures selected based on clinical
evidence or credible medical support,
but we are not finalizing the proposed
language relating to the measures being
specific, evidence-based, and valid. As
we explain in greater detail in section
III.B.3.b above in our discussion of
outcome measures in the care
coordination safe harbor, based on
public comment, we changed the terms
‘‘evidence-based’’ and ‘‘valid’’ to
‘‘clinical evidence’’ and ‘‘legitimate’’ to
offer some additional flexibility while
reflecting our intention that measures be
credible and appropriate. In selecting
outcome measures, parties have broad
latitude under this safe harbor to
identify opportunities for improving or
maintaining the improvement of patient
care and reducing costs to payors in
ways that are scientifically valid,
measurable, and transparent.
We are not limiting protection under
the safe harbor to a specific set of
arrangements such as value-based
arrangements. In the OIG Proposed
Rule, we listed certain arrangements
that may be protected under the safe
harbor, provided the arrangement meets
every requirement of the safe harbor.124
We are not limiting the protection
provided by this safe harbor to a
particular list of arrangements or
particular types or structures of
arrangements or measures.
We take a broader approach by
providing additional protection to a
variety of stakeholders, which should
facilitate innovation in designing
compensation arrangements that are
value-based. As we stated in the OIG
Proposed Rule, we strive to provide
flexibility in this safe harbor, but we
also must include appropriate
safeguards, such as monitoring and
assessment requirements, to protect
patients and Federal health care
programs.
Comment: We received comments on
our proposed definition of ‘‘outcomesbased payment’’ and its interaction with
other requirements. For example, a
commenter recommended that we
remove the language in the ‘‘outcomesbased payment’’ definition that appears
to make effectively and efficiently
124 84
PO 00000
FR 55745 (Oct. 17, 2019).
Frm 00160
Fmt 4701
Sfmt 4700
coordinating care across care settings a
required factor in an outcome measure.
A commenter also asked that we
harmonize the terms we use to describe
‘‘outcome measures’’ throughout the
safe harbor. For example, a commenter
indicated that the definition of
‘‘outcomes-based payment’’ is not
consistent with the way payments are
made under existing alternative
payment models. A commenter
recommended a technical change to
paragraph 1001.952(d)(2) to specify that
the safe harbor protects outcomes-based
payments made by a principal to an
agent as compensation for the services
of the agent.
Response: We are not making the
change to paragraph 1001.952(d)(2)
suggested by a commenter to refer to
payments from a principal to an agent.
However, we note that the safe harbor
protects any ‘‘outcomes-based
payment,’’ and that term is defined in
paragraph 1001.952(d)(3). In this final
rule, we revised that definition to
protect payments ‘‘between or among a
principal and an agent’’ that meet
certain criteria, as described in more
detail below.
In addition, we removed the language
in the definition of ‘‘outcomes-based
payment’’ regarding effectively and
efficiently coordinating care across care
settings, and instead rely on a reference
to paragraph 1001.952(d)(2)(i) in which
outcome measures are described. We
believe that this change also addresses
the commenter’s concern about different
terminology in those two sections. We
also are revising the proposed
requirement that the outcome measure
measurably improves quality of patient
care or appropriately and materially
reduces payor costs to provide that the
measure must be used to quantify: (i)
Quality improvements (or maintenance
of improvements in quality); (ii)
material reductions in payor costs or
expenditure growth while maintaining
or improving the quality of care for
patients; or (iii) both. Finally, we note
that this safe harbor is not the only
option for protecting payments under
alternative payment models.
Participants in such models may be able
to look to the safe harbor for CMSsponsored models at paragraph
1001.952(ii), or the value-based safe
harbors at paragraphs 1001.952(ee)–(gg).
Comment: A commenter urged OIG to
use ‘‘outcome measures’’ under
paragraph 1001.952(d)(2) consistently
with the use of the term under
paragraph 1001.952(ee) to reduce
complexity.
Response: We interpret the term
‘‘outcome measure’’ under this safe
harbor to have the same meaning as
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
under any other safe harbor that uses it,
including paragraph 1001.952(ee). We
note, however, that different safe
harbors protect different types of
remuneration, include different
safeguards, and use additional terms.
For example, in the safe harbor for care
coordination arrangements, the
‘‘outcome or process measure’’ must
have a benchmark related to improving
or maintaining improvements in the
coordination and management of care
for the target patient population, while
‘‘outcome measures’’ under this safe
harbor must have benchmarks that
relate to improving or maintaining the
quality of patient care, reducing costs or
growth in expenditures to payors, or
both. If a party seeks safe harbor
protection for a particular arrangement,
the arrangement need only meet one
safe harbor to qualify for protection but
the arrangement must comply with all
conditions of the chosen safe harbor.
Comment: A commenter urged that
outcomes-based payments should
include a service component to prevent
sham arrangements that simply
maintain the status quo. Similarly, a few
commenters suggested that OIG limit
parties that may pay outcomes-based
payments to parties participating within
a VBE to prevent fraud and abuse, such
as sham arrangements through which no
service is provided. A commenter asked
whether an outcomes-based payment
agreement that requires exclusive or
minimum level of use of a product (e.g.,
product standardization) to achieve an
outcomes-based payment could be
protected by the safe harbor as long as
the principal makes a determination
that such the requirement for
exclusivity or minimum use will not
preclude it from making decisions in its
patients’ best interests.
Response: As we stated in the OIG
Proposed Rule, measures that simply
seek to reward the status quo would not
meet the safe harbor condition that
requires parties to select legitimate
outcome measures.125 However, we are
not limiting the scope of entities that
may make outcomes-based payments to
VBEs or VBE participants. We believe
that the conditions parties must meet for
safe harbor protection will sufficiently
mitigate the risk of fraud and abuse.
We agree that the safe harbor does not
necessarily preclude product
standardization. If the product
standardization measures selected by
the parties under the outcomes-based
payment arrangement do not limit any
party’s ability to make decisions in their
patients’ best interest and meet the other
terms of the safe harbor, then they could
125 84
FR 55746 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
be part of an outcomes-based payment
arrangement.
Comment: A trade association
commented that only sophisticated
health systems with advanced data
analytics have the capability to
internally develop outcome measures
while small, underserved, and rural
practices would not have the resources
to develop these measures internally.
For example, a commenter noted that
measuring outcomes can be a
challenging and resource-intensive
process that takes time to evaluate,
especially on the individual participant
level in a large entity with significant
numbers of participants and multiple
specialty areas.
Response: We recognize that
structuring and implementing
outcomes-based payment arrangements
that satisfy the conditions of this safe
harbor may be more onerous than
structuring and implementing
traditional personal service
arrangements under the existing
personal services and management
contracts safe harbor (e.g., a party
striving to satisfy the outcomes-based
payment arrangements provisions must
determine legitimate outcome measures,
establish the types of services to be
performed to achieve an outcome
measure, set benchmarks, monitor and
assess achievement, and ultimately
achieve outcome measures). We
understand the commenter’s concern
regarding the potential administrative
and financial impact that developing
outcome measures may have on small,
underserved, and rural providers.
Participation in an outcomes-based
payment arrangement is entirely
voluntary, as is structuring outcomesbased payments to satisfy the conditions
of this safe harbor. To the extent that
parties wish to enter into an outcomesbased payment arrangement and
structure such arrangement to satisfy the
conditions of this safe harbor, the
parties have discretion in the selection
of outcome measures. Providers serving
small, underserved, or rural
communities may select outcome
measures that would not impose an
inappropriate financial burden on the
parties to effectuate.
Comment: A commenter asked OIG to
include process measures (e.g.,
providing or not providing a specific
treatment) that are supported by strong
evidence of improving an outcome
within the types of valid outcome
measures that may serve as the basis for
payment under the safe harbor. Another
commenter recommended that we
require outcomes-based arrangements to
include a service component.
PO 00000
Frm 00161
Fmt 4701
Sfmt 4700
77843
Response: We agree that process
measures supported by strong evidence
of improving an outcome may serve as
a component of outcome measures that
an agent must achieve to receive an
outcomes-based payment. For example,
an outcomes-based payment
arrangement may measure the agent’s
compliance with certain steps of a care
process (e.g., providing mammograms)
to improve a specific health outcome. In
section III.B.3.b above, we explain the
rationale for permitting process
measures to be included in the care
coordination arrangements safe harbor
but not in the outcomes-based payment
provisions discussed here (although a
process measure could be included as
part of an outcomes measure); that
rationale focuses on the different
remuneration permitted under the two
safe harbors and the different standards
set forth by each safe harbor.
Under the modified regulatory text,
outcome measures must be selected
based on clinical evidence or credible
medical support and be used to: (i)
Quantify improvements or maintenance
of improvements in the quality of
patient care; (ii) quantify a material
reduction in costs to, or growth in
expenditures of, payors while
maintaining or improving quality of care
for patients; or (iii) both. In addition, as
we proposed in the OIG Proposed Rule
a ‘‘measure’’ related to patient
satisfaction or convenience would not
meet the criteria of an outcome
measure.126 For similar reasons to those
we discuss in connection with outcomes
measures for paragraph 1001.952(ee),
the final rule at paragraph
1001.952(d)(3)(iii)(C) provides that an
outcomes-based payment based solely
on patient satisfaction or patient
convenience measures would not be
protected. We recognize that patient
satisfaction and patient convenience can
be relevant factors in patient care.
However, we do not consider these
types of measures, standing alone, to
provide adequate protection against
abusive or sham payment arrangements
for purposes of granting safe harbor
protection.
We anticipate that most outcomesbased arrangements would include
certain services to meet the conditions
of the safe harbor, and the regulatory
text includes several references to
services. However, we believe that
adding a separate requirement specific
to performing services could add
confusion, and that existing conditions
in paragraph 1001.952(d)(2) safeguard
against sham arrangements.
126 84
E:\FR\FM\02DER3.SGM
FR 55708 (Oct. 17, 2019).
02DER3
77844
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Comment: A commenter asked OIG
not to require outcome measures to
measurably improve the quality of
patient care once the quality of care
metric has been achieved. Instead, the
commenter suggested that OIG focus on
payment incentives that reduce costs
after quality targets are met. On the
other hand, a commenter expressed
concern that allowing payment for
‘‘maintaining improvement’’ would
invite sham arrangements that disguise
payments in exchange for referrals for
merely maintaining the status quo.
Response: We share the concern about
the potential for sham arrangements
associated with maintaining cost or
quality. However, we also recognize that
parties may succeed in reaching the
desired outcome on quality or cost
containment but need to be incentivized
to maintain it to prevent subsequent
reductions in attained quality or cost
containment. To achieve the desired
outcome, parties may need to invest
resources at the beginning of an
arrangement (e.g., to develop new
protocols and engage in training).
However, a continued expenditure of
resources also may be necessary to
avoid regression from any progress
made. These are the types of issues we
would expect parties to assess and, as
necessary, revise benchmarks and
remuneration under the arrangement to
benchmarks to continue to achieve the
desired outcome on a periodic basis. For
example, if parties had an outcome
measure related to reducing falls to a
certain level from a starting benchmark
point in a skilled nursing facility, and
they eventually achieve a fall rate
benchmark that no longer has room for
improvement, a revised outcome
measure might be to maintain that low
fall rate (i.e., the new fall rate becomes
the starting benchmark, and the
outcome measure is to maintain it rather
than reduce it). Any outcomes-based
payment made for a new outcome
measure would still have to meet all
conditions of the safe harbor, including
that the methodology for setting
compensation is consistent with fair
market value. For example, the fair
market value of an outcomes-based
payment made to an agent to maintain
the desired level of quality of care may
be lower than the fair market value of
an initial outcomes-based payment
made for implementing operational
changes necessary to achieve the quality
of care outcome measure.
Comment: A commenter indicated
that it currently operates outcomesbased payment arrangements and
suggested that OIG impose the following
three requirements to ensure that all
outcomes-based payments are
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
legitimately made toward advancing the
clinical and cost-saving goals of the
arrangement and not merely payments
for referrals: (i) Require outcome
measures to be well-defined, meaningful
to patients, achievable in a defined
timeframe, and agreed upon by the
parties; (ii) require outcome measures to
be tracked through claims data, existing
registries, EHRs, or other low-cost
mechanisms; and (iii) require the
arrangement to deliver measurable
outcomes that improve patient quality
of care and other benefits to the health
care system through lower cost of care,
other efficiencies, or shared
accountability, or both.
Response: We appreciate the
commenter’s helpful suggestions. While
we are not using the precise wording
offered by the commenter, we believe
the language finalized in the regulation
captures many of the concepts suggested
by the commenter. Similar to the
commenter’s suggestion of requiring
meaningful, well-defined outcome
measures, we require that the outcome
measures be selected based on clinical
evidence or other credible medical
support and be used to quantify
improvements to or maintenance of
improvements in the quality of care or
material reductions in cost to (or growth
in expenditures of) payors, while
maintaining or improving the quality of
care of patients. We are not setting a
timeline by which parties must achieve
outcomes or requiring that parties must
specify a timeline under which
outcomes must be achieved because we
recognize that the timeframe necessary
to achieve certain outcome measures
can vary greatly, depending on the
measure and other characteristics, and
that it may be challenging for parties to
specify a certain timeline to achieve
outcomes. Likewise, we do not specify
any particular mechanism for tracking
progress toward meeting outcome
measures. We are not requiring parties
to track outcome measures through
claims data. However, the parties must
regularly monitor and assess the agent’s
performance under the specified
outcome measure(s), including its
impact on patient quality of care and
make any necessary adjustments. Parties
also must periodically assess and, as
necessary, revise the benchmarks and
remuneration under the arrangement to
ensure remuneration is consistent with
fair market value. We do not believe
mandating specific documentation
methods is a necessary safeguard against
fraud and abuse; parties may conduct
and document such monitoring in any
way that makes sense for the particular
arrangement.
PO 00000
Frm 00162
Fmt 4701
Sfmt 4700
Comment: A commenter asked OIG to
remove the proposed requirement that
an outcome measure ‘‘appropriately and
materially’’ reduce costs or growth in
expenditures for payors because the
commenter believed this provision was
too subjective. A commenter requested
that OIG provide greater certainty to
stakeholders by establishing concrete
methods that parties could use to
determine whether an outcome measure
improves quality of care under an
arrangement. Another commenter
disagreed with the proposed safe harbor
requirement that the agent achieve the
outcome measure in order to receive
payment, asserting that constant
achievement of any outcome measure is
not practical in health care.
Response: We are making certain
changes to ensure that parties
appropriately measure and quantify the
results of the arrangement on patient
quality of care and costs. We are
finalizing our proposal requiring the
agent to achieve the outcome measure
for the payment to be protected.127 We
believe this requirement serves as an
important safeguard to ensure that
remuneration is for legitimate outcomes
anticipated through implementing the
arrangement and is not a vehicle for
rewarding referrals. We are not
requiring particular methods to evaluate
quality improvements (or maintenance
of improvements in quality) under any
protected arrangement because we
believe that evaluation methods may be
specific to each arrangement and may
evolve in the future as parties innovate
in new ways. We are modifying the
proposed language by replacing
‘‘appropriately and materially’’ with a
requirement that the agent achieve one
or more legitimate outcome measures
that meet conditions described
elsewhere in this preamble. We believe
this modification will allow parties
additional flexibility to determine how
to quantify quality improvements (or
maintenance of improvements in
quality) to accommodate different types
of outcomes-based payment
arrangements among a variety of
stakeholders.
127 We recognize that the Federal anti-kickback
statute applies both to the offer and the receipt of
remuneration, and parties may not know at the time
of the offer of an outcomes-based payment (i.e.,
when the parties develop and initiate the
arrangement) whether the outcome measure(s) will
be achieved. Assuming all other safe harbor
conditions are met when the remuneration is
offered under an outcomes-based payment
arrangement, the offer would be protected, even if
the agent fails to achieve the outcome measure.
However, any payment made for an outcome
measure not successfully achieved would not meet
the safe harbor conditions under paragraph
1001.952(d)(i) and would not be protected.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Comment: Numerous commenters
urged OIG to broaden its proposal to
protect payments that solely provide
cost savings to a payor to include cost
savings to providers. Some commenters
argued that limiting protection to
arrangements that achieve cost savings
to a payor would make the safe harbor
unworkable in practice and encouraged
OIG to include arrangements that
achieve cost savings to a provider to
incentivize changes in physician
behavior that are necessary to facilitate
the transition to value-based care. A
commenter posited that outcomes-based
payments by nature involve
standardization on a given system,
protocol, or both to improve efficiencies
and better coordinate and deliver care.
A few commenters indicated that cost
savings arrangements for cost-reporting
providers would not immediately
produce cost reductions for payors but
may eventually lower Medicare costs
because the cost reductions may be
reflected in future bundled payment
rates.
Response: Having considered the
comments, we decline to broaden the
safe harbor to protect outcomes-based
payments for arrangements that reduce
internal costs only to the providers
making the payments. We are concerned
that such payments, while potentially
beneficial in generating efficiencies,
pose risks to patient care that outweigh
the potential for the arrangements to
further the care coordination and
efficiency goals of this rulemaking if
protected.
In some cases, such as hospitalphysician gainsharing, arrangements
that reduce internal costs may benefit
only the hospital making the payments
without necessarily contributing to
better care coordination, improvements
in quality of care, or appropriate
reductions in costs. We are concerned
that some payments, such as a payment
to select a less expensive device or to
discharge a patient more quickly, could
lead to reductions in the quality or
safety of patient care. Moreover, apart
from quality of care concerns such
payments would not offer a
corresponding reduction in the
payments made by Medicare or another
Federal health care program. In the
absence of a potential efficiency benefit
to Federal health care programs, and in
light of patient care concerns, we are not
protecting payments that relate solely to
the achievement of internal cost savings
for the principal making the payment as
an ‘‘outcomes-based payment.’’
However, properly structured
arrangements that compensate
physicians for services performed and
achieve hospital internal cost savings
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
can serve legitimate business and
medical purposes. Depending on the
specific facts and circumstances, such
arrangements could potentially be
structured in a manner that complies
with paragraph 1001.952(d)(1), as
finalized.
Comment: Numerous commenters
opposed the proposed safe harbor
requirement that the methodology for
determining the aggregate compensation
(including any outcomes-based
payments) paid between or among the
parties over the term of an agreement be
consistent with fair market value,
commercially reasonable, and not be
determined in a manner that directly
takes into account the volume or value
of referrals or other business generated
between the parties, arguing that there
are no industry standards applicable to
outcomes-based payments available to
date. A commenter expressed concern
about only prohibiting the aggregate
compensation from being determined in
a way that ‘‘directly’’ takes into account
the volume or value of referrals. Others
supported these safe harbor
requirements but asked for clarification
from OIG on these terms, or asked OIG
to align OIG’s view of these standards to
be consistent with the definitions of
these terms proposed in the CMS NPRM
as they relate to the physician selfreferral law.
Others argued that legitimate,
outcomes-based arrangements should be
able to take into account the volume or
value of referrals within the payment
methodology. A few commenters
suggested that OIG remove the fair
market value requirement.
Response: We recognize that the
process of evaluating whether an
outcomes-based payment arrangement is
consistent with fair market value may
evolve and adapt as the health care
industry shifts to value-based care
payment models and outcomes-based
payments. However, we believe that
ensuring that the aggregate
remuneration is consistent with fair
market value helps ensure that
monetary remuneration is paid for
services that achieve legitimate outcome
measures rather than referrals.
We are not adopting any particular
standard for determining that the
aggregate compensation methodology is
consistent with fair market value to
provide parties sufficient flexibility to
analyze fair market value as applicable
to specific arrangements and in
arrangements that may not currently
exist today. As explained above in our
discussion of the elimination of the
requirement to set aggregate
compensation in advance, we decline to
adopt the fair market value standard
PO 00000
Frm 00163
Fmt 4701
Sfmt 4700
77845
proposed by CMS under the physician
self-referral law. We are finalizing our
proposal to require that the
compensation methodology for
determining the outcomes-based
payment not directly take into account
the volume or value of referrals or other
business generated between the parties.
We believe this will provide parties
flexibility to structure arrangements that
incentivize providers to achieve an
outcome measure, even if the
methodology indirectly takes into
account the volume or value of referrals.
Comment: A commenter questioned
whether the safe harbor protects
‘‘reverse-flow payments’’ from an agent
to a principal and recommended that
OIG revise the definition for ‘‘outcomesbased payment’’ to protect payments
from an agent to a principal when a
targeted outcome or cost metric has not
been achieved (i.e., shared-losses
payments).
Response: In the OIG Proposed Rule,
we explained that a shared-losses
payment could constitute an ‘‘outcomesbased payment.’’ 128 We are finalizing
this position through revisions to the
regulatory text at paragraph
1001.952(d)(3)(ii) to clarify that an
outcomes-based payment is a payment
‘‘between or among a principal and an
agent’’ that meets the criteria listed in
paragraphs 1001.952(d)(3)(ii)(A) and (B),
and includes payments in the form of
recoupment from or reduction in
payment to an agent.
Comment: Several commenters
objected to the safe harbor including a
specific timeframe after which parties
seeking protection for outcomes-based
payments would have to rebase their
benchmarks. Commenters noted that
any such time limits would be artificial.
A commenter concerned with the
negative effects of annual rebasing on
preventive care provided the following
example: One clinician takes preventive
care steps to prevent colon cancer or to
identify cancer at an earlier stage (e.g.,
through colonoscopies, blood work) in
the first year, which has the effect of
reducing the risk of cancer for 5 years,
while another clinician does not take
any preventive care steps for a patient
and the patient develops cancer 4 years
later. According to the commenter, if
rebasing is done on an annual basis, the
second clinician would be rewarded for
providing care at no cost and good
outcomes during that 1 year, while the
first clinician would not be rewarded
because the clinician provided high-cost
care with no discernible improvement
of outcomes during that limited
timeframe.
128 84
E:\FR\FM\02DER3.SGM
FR 55745 (Oct. 17, 2019).
02DER3
77846
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Some commenters noted that
finalizing a safe harbor condition that
specifies timeframes for rebasing may
have a negative impact on participation
in outcomes-based arrangements. For
example, because margins for
improvement against benchmarks may
be more challenging or impossible to
meet over time, parties may be
disincentivized to enter into these
arrangements in the first place, or
incentivized to unwind them after
initial improvements, due to concerns
about having an arrangement structure
that does not squarely meet a safe
harbor. Some of the commenters noted
that, if there must be a specific
timeframe in the safe harbor, that
timeframe should be at least 5 to 10
years. In contrast, a commenter
recommended that benchmarks be
adjusted at least yearly to limit the risk
that ‘‘evergreen’’ arrangements could be
used as a vehicle to evade legitimate
outcome obligations and instead to
reward referrals.
Several commenters supported the
standard we proposed in the OIG
Proposed Rule requiring outcome
measures to be periodically rebased, as
applicable, during the term of the
agreement. As an alternative, a
commenter suggested that OIG revise
this provision to require that the parties
periodically reevaluate whether an
outcome measure should be rebased
throughout the term or expressly state
that under some circumstances it may
be appropriate upon review to maintain
an existing outcome-based measure. In
support of a nonspecific periodic review
approach, commenters noted that the
time period for implementing
interventions and other actions needed
to influence outcome measures can vary
greatly, as can the time period needed
for results to fully appear in outcome
measures data. In addition, commenters
asserted that some outcomes measures
may not be tied to a baseline
performance level at all. Commenters
also highlighted that outcomes-based
payments may be made for maintaining
improvement in quality of patient care,
in which case the targets for the
outcomes-based payment would not be
altered. A commenter noted that
providers and collaborators continually
analyze their results, and value-based
purchasing programs incentivize parties
to adjust outcome measures in a timely
manner. We also received a request for
clarification on any durational limits on
outcome-based payments or if there are
parameters related to when they must
end (i.e., whether an arrangement must
end upon achieving the initial outcome
measure or if it can continue through
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
implementing a new outcome measure
or maintaining the initial achievement).
Response: We note first that for an
agent to receive a protected outcomesbased payment under the final safe
harbor, the agent must have achieved a
specified, legitimate outcome measure.
For an outcome to be measurable, there
must be some sort of benchmark,
whether that benchmark is a starting
point (e.g., a 10 percent reduction from
X) or reflects an end point (e.g., 90
percent of the time, X happened or was
avoided). We agree with commenters
that a one-size-fits-all approach is not
appropriate for assessing benchmarks.
However, we also agree with the
commenter who highlighted the concern
we raised in the OIG Proposed Rule
about ‘‘evergreen’’ arrangements 129 in
which outcome measures are not
properly monitored and the
remuneration is paid in exchange for
referrals, after any intended benchmarks
have been met (or without determining
that the outcome measure was
achieved).
To illustrate, we point to the example
from a commenter as it is summarized
above, with two clinicians taking
different approaches to patients with
respect to colon cancer prevention and
detection. Setting aside the potentially
disparate impact on patient health,
health outcomes, and quality of care,
and looking only at costs for purposes
of this example, one clinician may
increase costs to payors in the short
term by increasing preventive care but
may save money in the longer term,
while the other clinician may have
limited costs in the short term, but by
failing to detect the cancer early may
increase costs to payors in the long
term. However, it is not clear in the
example what the outcome measure
might be. By way of example for
illustrative purposes, the U.S.
Preventive Services Task Force
recommends colon cancer screening
beginning at age 50. A reasonable
outcome measure might be a specific
percentage increase in the practice’s
patient population first getting screened
between age 50 and 55. Parties would
need to evaluate an appropriate
benchmark year (i.e., a percentage
increase in first screenings from which
year), and whether over time the
percentage change should be updated,
the benchmark year should be changed,
or both. In addition, the amount of
remuneration paid for achieving the
outcome measure should be reassessed
to determine whether it is fair market
value. For example, a practice may need
to develop new processes, training, and
129 84
PO 00000
FR 55747 (Oct. 17, 2019).
Frm 00164
Fmt 4701
Sfmt 4700
take other steps initially to achieve an
outcome measure. While certain work
must continue in future years to
continue achieving the desired
outcomes (whether it is for continuing
to improve quality of patient care or
materially reduce cost, or to maintain
the achieved improvements in those
areas), the outcomes-based payment
may be less than it was during the
initial year(s). If the outcome measure
was based on the cost savings over the
course of a year, an annual reassessment
of the benchmark and remuneration
would be appropriate to meet that safe
harbor requirement. We also recognize
that some outcome measures might be
on a longer timetable for reassessment
(e.g., a percentage reduction in costs
over a 5-year time span). Therefore, the
outcome measure might not need to be
reassessed for 5 years (but an outcomesbased payment also would not be
protected by this safe harbor until such
outcome is achieved).
We have revised the regulatory text in
the final rule to address many of the
issues the commenters raised. These
revisions are consistent with the
substance of what we proposed in the
OIG Proposed Rule. In the OIG Proposed
Rule, we had solicited comments on
defining the term ‘‘rebasing’’ and had
described the fraud and abuse risk we
were trying to prevent (e.g.,
arrangements in which outcome
measures are not properly monitored or
assessed and could be used as a vehicle
to reward referrals well after the desired
provider behavior change or savings
benchmark has been met 130).
Specifically, in this final rule, rather
than stating that, for each outcome
measure, the parties must ‘‘rebase
during the term of the agreement, to the
extent applicable,’’ we are stating that
the parties must ‘‘[p]eriodically assess
and, as necessary, revise benchmarks
and remuneration under the agreement
to ensure that the remuneration is
consistent with fair market value in an
arm’s-length transaction as required by
(d)(2)(ii).’’ Thus, for safe harbor
protection, all parties must assess the
arrangement periodically (e.g.,
determine whether continued use of a
benchmark or a measure is appropriate
and whether the remuneration is
appropriate for achieving that outcome
measure), and then the parties should
make any adjustments to benchmarks or
remuneration that may be necessary to
meet other conditions of the safe harbor.
130 84
E:\FR\FM\02DER3.SGM
FR 55747 (Oct. 17, 2019).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
d. Outcomes-Based Payments: Entities
Not Eligible for Protection
Summary of the OIG Proposed Rule:
We proposed making certain entities
ineligible for safe harbor protection
under the outcomes-based payments
provisions, as described in section
III.B.10.c.
Summary of the Final Rule: We are
finalizing our policy to make certain
entities ineligible for safe harbor
protection. Specifically, the following
entities will be ineligible to use the safe
harbor: (i) Pharmaceutical companies;
(ii) PBMs; (iii) laboratory companies;
(iv) pharmacies that primarily
compound drugs or primarily dispense
compounded drugs; (v) manufacturers
of a device or medical supply, as
defined in paragraph (ee)(14)(iv); (vi)
medical device distributors or
wholesalers that are not otherwise
manufacturers of a device or medical
supply, as defined in paragraph
(ee)(14)(iv) of this section; and (vii)
DMEPOS companies. In addition, the
final rule clarifies that DMEPOS
companies do not include a pharmacy
or a physician, provider, or other entity
that primarily furnishes services.
Comment: Numerous commenters,
including stakeholders representing
pharmaceutical and medical device
manufacturers and laboratories,
opposed carving out pharmaceutical
and medical device manufacturers,
manufacturers, distributors, and
suppliers of DMEPOS, and laboratories
from the protection under the safe
harbor. For example, a commenter
suggested that medical device
manufacturers should be protected
because they can make valuable
contributions to value-based care. Other
commenters supported OIG’s proposal,
with some commenters requesting that
we make additional entities ineligible
for protection, such as device
manufacturers, distributors,
wholesalers, PBMs, and pharmacies.
Response: As laid out in the OIG
Proposed Rule, we remain concerned
that pharmaceutical and medical device
companies, DMEPOS companies, and
laboratories may inappropriately use
outcomes-based payment arrangements
to market their products or divert
patients from a more clinically
appropriate item or service, provider, or
supplier without regard to the best
interests of the patient or to induce
medically unnecessary demand for
items and services.131 In the OIG
Proposed Rule, we proposed to exclude
from safe harbor protection payments
made directly or indirectly by a
pharmaceutical manufacturer; a
manufacturer, distributor, or supplier of
durable medical equipment, prosthetics,
orthotics, or supplies, or a laboratory.
We proposed to exclude these parties
based on our enforcement and oversight
experience and for reasons similar to the
reasons for proposed exclusion of these
entities from the definition of VBE
participant (for further discussion of
these reasons, readers are referred to
section III.B.2.e.ii above). We explained
that this provision reflected our
concerns that these types of entities are
heavily dependent on prescriptions and
referrals and might use outcomes-based
payments primarily to market their
products to providers and patients. We
further said we were considering
excluding pharmacies (including
compounding pharmacies), PBMs,
wholesalers, and distributors for the
same reasons we proposed to exclude
them from the definition of VBE
participant. With respect to PBMs,
wholesalers, and distributors, their
businesses are closely connected to the
sale of manufacturer products, which
provides an additional reason to
exclude them along with manufacturers.
Additionally, we said in the OIG
Proposed Rule that we were considering
for the final rule the exclusion of
medical device manufacturers from
participation in the outcomes-based
payments arrangements safe harbor.132
We explained our historical law
enforcement experience with matters
involving kickbacks paid to physicians,
hospitals, and ambulatory surgical
centers to market various medical
devices, such as devices used for
invasive procedures; in some cases,
these schemes resulted in patients
getting medically unnecessary care. We
also explained our longstanding concern
with physician-owned distributorships
of medical devices because of financial
incentives to perform more (or more
extensive) procedures than are
medically necessary and to use the
devices sold by the distributorship
instead of more clinically appropriate
devices.133
For the reasons stated in the OIG
Proposed Rule, we are finalizing the
provision as follows: Outcomes-based
payments made directly or indirectly by
the following entities are ineligible for
protection under this safe harbor: (i) A
pharmaceutical manufacturer,
distributor, or wholesaler; (ii) a
pharmacy benefit manager; (iii) a
laboratory company; (iv) a pharmacy
that primarily compounds drugs or
primarily dispenses compounded drugs;
132 84
131 84
FR 55746 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
FR 55705 (Oct. 17, 2019).
133 Id.
Jkt 253001
PO 00000
Frm 00165
Fmt 4701
Sfmt 4700
77847
(v) a manufacturer of a device or
medical supply, as that term is defined
in paragraph 1001.952(ee)(14)(iv) of this
section; (vi) a medical device distributor
or wholesaler that is not otherwise a
manufacturer of a device or medical
supply, as defined in paragraph
(ee)(14)(iv) of this section; or (vii) an
entity or individual that sells or rents
durable medical equipment, prosthetics,
orthotics, or supplies covered by a
Federal health care program (other than
a pharmacy or a physician, provider, or
other entity that primarily furnishes
services). We are not making payments
made by pharmacies ineligible for safe
harbor protection (except with respect
to pharmacies that primarily compound
drugs or primarily dispense
compounded drugs for the reasons
described in section III.B.2.e.ii.f above),
although we suspect outcomes-based
payments made by pharmacies might be
relatively rare. As noted in a comment
and response summarized in section
III.B.2.e.iv above, pharmacies often
serve as the key point of contact
between patients and the health care
system and provide many services to
patients. For the same reasons we
describe in that section, we do not
believe that program integrity concerns
warrant excluding them from protection
under this safe harbor. We have
modified the language describing
DMEPOS companies to clarify that a
pharmacy (other than a compounding
pharmacy) or physician, provider, or
other entity that primarily furnishes
services remains eligible to make
protected payments even if they also
have some DMEPOS business. We did
not propose, and did not intend, to
exclude physicians or other providers.
We are mindful that there may be
legitimate uses for outcomes-based
payments by these sectors. However, we
are concerned that the proposed safe
harbor conditions were not intended to
be, and are not, tailored to outcomebased contracting or payments in these
sectors. As noted in the OIG Proposed
Rule, we may consider outcomes-based
contracting for pharmaceutical products
and medical device manufacturers in
future rulemaking. Outcomes-based
payment arrangements involving these
sectors should be analyzed for
compliance with the Federal antikickback statute based on their facts and
circumstances, including the intent of
the parties. The entities that are
ineligible to receive protection under
this safe harbor for making outcomesbased payments remain eligible to use
the modified personal services and
management contracts safe harbor at
paragraph 1001.952(d)(1).
E:\FR\FM\02DER3.SGM
02DER3
77848
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
e. Writing and Monitoring
Summary of OIG Proposed Rule: With
paragraph 1001.952(d)(2)(viii), we
proposed a requirement of a signed
writing evidencing the outcomes-based
payments agreement. We proposed at
paragraph 1001.952(d)(2)(vii) a
requirement that the parties regularly
monitor and assess the agent’s
performance for each outcome measure,
including the impact of the outcomesbased payments arrangement on quality
of care, and rebase outcomes measures
periodically.
Summary of Final Rule: We are
finalizing, with modifications, the
writing requirement for outcomes-based
payments and we moved the
requirement from paragraph
1001.952(d)(2)(viii) to paragraph
1001.952(d)(2)(iii). As modified, the
written agreement must include at a
minimum a general description of the
types of services to be performed under
an outcomes-based payment
arrangement. We are also finalizing the
monitoring and assessment requirement
with clarification regarding the rebasing
requirement. Under the final rule parties
must periodically assess and, as
necessary revise, benchmarks and
remuneration under the agreement to
ensure that any remuneration is
consistent with fair market value in an
arm’s-length transaction as required by
paragraph 1001.952(d)(2)(ii).
Comment: Commenters generally
agreed that some type of written
agreement should be required for safe
harbor protection, but commenters did
not necessarily agree with the specific
condition OIG proposed. On the one
hand, a commenter was concerned
about arrangements losing safe harbor
protection by not technically meeting
the requirement of all services being
documented, considering the need for
some arrangements to be flexible. On
the other hand, a commenter
recommended that the safe harbor
include additional documentation
requirements, such as: Documentation
of benchmarking methodologies; metrics
for how to assess objectively its outcome
measure(s) and documentation of the
execution of any such assessment;
records created at the time they entered
into the agreement identifying the basis
for the determination of compensation
and the clinical evidence or credible
medical support considered; and
contemporaneous documentation of the
services performed and the outcomes
achieved. This commenter asserted that
these additional documentation
requirements would help prevent posthoc justifications for conduct that the
parties did not actually believe was
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
permissible at the time, and that a lack
of documentation is a way individuals
and entities try to hide lack of
compliance with a safe harbor.
Response: We understand the need for
flexibility in outcomes-based
arrangements. However, the safe harbor
must include safeguards to avoid
protecting arrangements that reward
referrals. In the OIG Proposed Rule, we
proposed that the written agreement
include at a minimum: (i) The services
to be performed by the parties for the
term of the agreement; (ii) the outcome
measure(s) the agent must achieve to
receive an outcomes-based payment;
(iii) the clinical evidence or credible
medical support relied upon by the
parties to select the outcome measure(s);
and (iv) the schedule for the parties to
regularly monitor and assess the
outcome measure(s). We believe it is
critical for parties to include the
outcome measures, the basis for
selecting the outcome measures, and the
monitoring and assessment schedule in
an agreement at the outset of the
arrangement.
However, we are modifying the
requirement that the agreement specify
the services to be performed over the
term of the agreement. We recognize
that the parties may not be aware of
every step necessary to achieve a certain
outcome measure when the agreement
becomes effective and that the needed
services might change over time to
achieve the desired outcome measure.
Protected remuneration under
paragraph 1001.952(d)(2) is dependent
upon meeting the outcome measure, not
necessarily the specific steps a party
may have taken to achieve that measure.
Therefore, we are modifying the
regulatory text to specify that the
agreement must include at a minimum
a general description of the types of
services to be performed. We note,
however, that other conditions of the
safe harbor (e.g., monitoring the
arrangement to assess the agent’s
performance and impact on patient care)
would necessitate some type of
documentation of services or other
activities performed to achieve the
outcome measure. We believe that
requiring a general description of the
anticipated services, coupled with the
other required elements of the written
agreement, strikes the appropriate
balance between transparency needed to
protect patients and Federal health care
programs and flexibility for parties to
create innovative arrangements that may
need to evolve to achieve the desired
results.
Comment: A commenter asked
whether an agreement to provide
outcomes-based payments can be signed
PO 00000
Frm 00166
Fmt 4701
Sfmt 4700
in advance of the establishment of the
outcome measure(s) and whether the
parties’ eligibility for compensation
commences on the date the outcome
measure(s) are mutually agreed upon in
writing signed by the parties or at some
other time.
Response: There may be certain other
existing written agreements between the
parties in advance of commencing an
outcomes-based payment arrangement.
But for purposes of meeting the writing
requirement for protection under this
safe harbor, the parties must agree to the
outcome measure(s) in writing and sign
such an agreement in advance of, or
contemporaneous with, the
commencement of the terms of the
outcomes-based payment arrangement.
Furthermore, eligibility for protected
compensation under this safe harbor
commences after achievement of the
outcomes measure (or failure to achieve
it by the designated time in the case of
a shared losses payment), assuming all
safe harbor conditions are met.
11. Warranties (42 CFR 1001.952(g))
Summary of OIG Proposed Rule: We
proposed to modify the existing safe
harbor for warranties at paragraph
1001.952(g) to: (i) Protect certain
warranties for one or more items and
related services upon certain conditions,
such as all federally reimbursable items
and services subject to bundled
warranty arrangements must be
reimbursed by the same Federal health
care program and in the same payment
(‘‘same program/same payment
requirement’’); (ii) exclude beneficiaries
from the reporting requirements
applicable to buyers; and (iii) define
‘‘warranty’’ directly and not by
reference to 15 U.S.C. 2301(6).
Summary of Final Rule: We are
finalizing the modifications to the
warranties safe harbor as proposed in
the OIG Proposed Rule. In addition, in
response to concerns raised by
commenters, we are clarifying in this
preamble the scope of buyers’ reporting
obligations to make clear the safe harbor
is designed to accommodate the various
reimbursement systems under which
buyers may report price reductions.
a. Inclusion of Services in Bundled
Warranties
We are finalizing our proposal to
protect warranties that warranty a
bundle of items or a bundle of items and
services. This revision protects, for the
first time, warranties covering services,
although the safe harbor does not
provide protection to warranties that
warranty only services. As explained in
the OIG Proposed Rule, we believe
warranties for services that are not tied
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
to one or more related items could
present heightened fraud and abuse
risks.
Comment: Commenters generally
supported our proposal to revise the
warranties safe harbor to protect
bundled warranties for one or more
items and related services. A commenter
noted sellers and buyers, such as health
systems, would have greater flexibility
under the safe harbor to protect related
services that are often integral to
determining whether the terms of a
warranty, such as a clinical outcome,
have been met. According to the
commenter, such services might
include, for example, data collection
and analytics, verification of product
use consistent with labeling and
governing clinical protocols (including
through confirmatory laboratory
testing), and monitoring patient
adherence to prescribed treatment
regimens.
Response: We agree with commenters
that the revised safe harbor will offer
greater flexibility to buyers and sellers
to enter into innovative arrangements
that warranty the value of an entire
bundle of items or that include bundled
items and services. We would highlight,
however, that this revision to the
warranties safe harbor does not protect
free or reduced-priced items or services
that sellers provide either as part of a
bundled warranty arrangement or
ancillary to a warranty arrangement.
Instead, it merely protects the offer and
exchange of warranty remedies under a
warranty arrangement, provided all of
the safe harbor’s conditions are
satisfied. As discussed further below,
items and services provided either as
part of or ancillary to a warranty
arrangement may not need safe harbor
protection or may be protected by other
safe harbors.
Comment: A commenter supported
our proposal not to protect warranties
covering only services. Another
commenter, however, recommended
that OIG should protect warranties that
cover services only, explaining that
medical device manufacturers can play
a role in offering data analytics via
software solutions, for example to
predict post-treatment health care
conditions and costs and thereby reduce
utilization of higher-acuity post-acute
services. According to the commenter,
offering warranties that guarantee
outcomes from using such services
would provide an incentive for
investment from both parties—the
vendor and the provider.
Response: We appreciate the
commenter’s explanation regarding the
potential benefits of services offerings.
As we discussed in the OIG Proposed
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Rule, however, we believe services-only
warranty arrangements present a
heightened risk of fraud and abuse. In
particular, we noted that the
determination of whether services meet
a clinical outcomes goal established by
a warranty arrangement can be more
subjective than warranties involving
items. We also expressed concern that
the potential to receive a monetary
remedy under a services-only warranty
could induce patients to select a
particular provider, particularly if the
clinical results are not easily achievable.
Parties seeking to enter into outcomesbased arrangements for only services
may look to the revised personal
services and management contracts and
outcomes-based payment arrangements
safe harbor at paragraph 1001.952(d) for
potential protection.
Comment: A commenter requested
that if OIG finalizes limitations on the
items and services that may qualify for
bundled warranties, OIG should clarify
that a warrantied bundle of items and
services could encompass limited
support services offered by the
manufacturer that are not federally
reimbursable and are offered free of
charge. The commenter asked for this
clarification in light of preamble
language from the OIG Proposed Rule
stating that the modified safe harbor
would not protect free or reducedpriced items or services that sellers
provide either as part of a bundled
warranty arrangement or ancillary to a
warranty arrangement. As an example,
the commenter asked OIG to confirm
that the safe harbor would protect a
manufacturer’s warranty of the clinical
effectiveness of a self-injected drug
contingent on the patient receiving
product administration and use
education through nurse support offered
by the manufacturer.
Response: We confirm that, under the
safe harbor as modified, a warrantied
bundle of items and services could
encompass services offered by the
manufacturer that are not federally
reimbursable and are offered free of
charge, although we emphasize that the
safe harbor only protects remuneration
provided as a warranty remedy; services
offered for free by manufacturers would
not themselves be protected under this
safe harbor. The same program/same
payment requirement does not prohibit
the inclusion of non-federally
reimbursable items or services in the
bundle of items and services being
warrantied. Therefore, under the safe
harbor, a manufacturer could offer a
bundled warranty that warranties the
clinical effectiveness of a self-injected
drug contingent on the patient receiving
post-prescribing product administration
PO 00000
Frm 00167
Fmt 4701
Sfmt 4700
77849
and use education through nurse
support offered by the manufacturer. We
also want to confirm and clarify that the
modified safe harbor does not protect
free or reduced-priced items or services
that sellers provide either as part of a
bundled warranty arrangement or
ancillary to a warranty arrangement.
The modifications to the safe harbor
provide protection for warranty
remedies stemming from warranties
covering more than one item or more
than one item and service, whereas the
original safe harbor for warranties
provided protection for warranty
remedies stemming from warranties on
only one item. If non-reimbursable
items or services offered for free as part
of a bundled warranty have
independent value to a buyer, the
parties to the warranty arrangement may
look to other safe harbors to protect the
exchange of those items and services,
such as the personal services and
management contracts and outcomesbased payments safe harbor.
Comment: In response to our
solicitation of comments regarding the
potential anticompetitive effects that
bundled warranties may have—
including barriers to entry for
manufacturers and suppliers that cannot
offer bundled warranties—a commenter
stated that it did not believe competitive
barriers to entry were a likely outcome,
and that any risks of anticompetitive
behavior that may exist are better
addressed through the government’s
other enforcement authorities to police
anticompetitive behavior. According to
the commenter, it is not uncommon for
vendors to partner in selling and
offering a warranty for a bundle of
products containing items from different
vendors.
Response: We appreciate this
comment and recognize that a variety of
models exist in the marketplace for
bundled-sale arrangements. We are not
finalizing additional safeguards
designed to limit the potential
anticompetitive effects of bundled
warranties. We continue to believe,
however, that anticompetitive risks can
be reduced by the safe harbor’s
provisions prohibiting exclusive-use or
minimum-purchase requirements as a
condition of a warranty offering.
Comment: A commenter warned that
bundled warranties may harm
competition and limit clinician and
patient choice because, even with the
prohibition on exclusivity and
minimum-purchase requirements,
sellers could condition a warranty on
the purchase of a bundle of products
and services. The commenter suggested
that OIG include language in the safe
harbor that no warranty shall interfere
E:\FR\FM\02DER3.SGM
02DER3
77850
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
with a health care provider’s autonomy
and responsibility to make clinical
decisions with regard to patient care
and safety.
Response: We appreciate the
commenters’ concerns and recognize
that providing protection for bundled
warranties could result in some
anticompetitive effects. However, the
safeguards we are finalizing in this rule,
including prohibiting exclusivity and
minimum-purchase requirements and
limiting the scope of what may be
included in a bundled warranty,
provide meaningful protection against
anticompetitive behavior that otherwise
may occur. As noted in the OIG
Proposed Rule, protection for bundled
warranties may foster beneficial
arrangements that facilitate the use of
higher-value items and services. While
we have not included an express
requirement that protected warranties
cannot interfere with a health care
provider’s autonomy and responsibility
to make clinical decisions with regard to
patient care and safety, we emphasize
that the modifications to the safe harbor
that we are finalizing are not intended
to—and should not—affect providers’
ongoing responsibilities to make clinical
decisions in the best interests of their
patients.
Comment: Some commenters
recommended that we include other
additional safeguards within the safe
harbor. For example, a commenter urged
OIG to consider a safeguard that would
prohibit any unfair or deceptive practice
in the marketing of a service warranty.
Another commenter urged us to add a
requirement that for a warranty to be
protected under the safe harbor, the
manufacturer or supplier must
determine that the warranty is
reasonably related to an evidence-based
clinical improvement objective and is
commercially reasonable.
Response: As noted above, we believe
the safeguards in the OIG Proposed Rule
strike the right balance between
protecting beneficiaries and Federal
health care programs while promoting
beneficial and innovative arrangements,
such as bundled warranties. In
particular, we have not added a separate
prohibition against unfair or deceptive
practices because deceptive commercial
practices are already prohibited by
numerous State and Federal laws. We
do not believe providing a separate
requirement here is necessary.
We also decline to impose a
requirement that warranty arrangements
relate to evidence-based clinical
improvement objectives. Although some
warranties may relate to evidence-based
clinical improvement outcomes, many
warranty arrangements that the safe
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
harbor could protect, such as those
guaranteeing that an item is defect-free
or otherwise functions as intended, may
not have an evidence-based clinical
improvement component.
Finally, we decline to impose a
commercial reasonableness requirement
within the warranties safe harbor for the
same reasons articulated above. It is not
clear that a commercial reasonableness
requirement would provide additional,
meaningful protection against fraud and
abuse in the context of the warranties
safe harbor, given the limited scope of
protected remuneration and, in
particular, that a seller may not pay any
individual (other than a beneficiary) or
entity for any medical, surgical, or
hospital expense incurred by a
beneficiary other than for the cost of the
items and services subject to the
warranty.
Comment: Some commenters opposed
restrictions on the manner in which
sellers could provide warrantied
medication adherence services as part of
a bundled warranty, with those
commenters pointing to the importance
of medication adherence services
generally and the alignment that exists
between manufacturers’ incentives and
patients’ health outcomes. Commenters
noted that adherence programs can play
an important role in helping patients
follow their prescribed treatment
regimens, which has been shown to lead
to better patient outcomes, including
fewer hospitalizations and emergency
room visits. Commenters also pointed
out that medication nonadherence—the
problem of patients not taking
medications in accordance with their
health care providers’ directions or
otherwise not following their providers’
treatment recommendations—is a major
health problem, leading to poor clinical
outcomes and increased health care
spending. Commenters also asserted
that the fraud and abuse risks of
manufacturers providing medication
adherence services is low because
manufacturers have financial,
regulatory, reputational, ethical, and
legal incentives to ensure their products
are used only to the extent that they
continue to be safe and effective for
patients. Commenters further noted that,
when medication adherence programs
are included in outcomes-based
contracts, manufacturers are rewarded
for their product working as intended to
promote patients’ health and safety and
penalized for their product not working
well for patients, which improves the
alignment between manufacturer
incentives and patient health and safety.
Although most commenters on the
topic did not support restrictions on the
manner in which sellers could provide
PO 00000
Frm 00168
Fmt 4701
Sfmt 4700
warrantied medication adherence
services, a few commenters expressed
support for a possible safeguard
discussed in the OIG Proposed Rule. In
particular, a commenter expressed
support for OIG’s proposal to require
sellers’ use of independent
intermediaries for direct patient
adherence activities, while another
commenter supported a prohibition on
any direct patient outreach by a seller
offering a warranty. A commenter who
shared the concerns expressed in the
OIG Proposed Rule regarding patient
outreach services being provided by
manufacturers and suppliers
recommended a safeguard requiring that
warrantied patient outreach services be
approved by a licensed medical
professional. In doing so, the
commenter expressed concern that drug
manufacturers may abuse any safeguard
requiring sellers to use independent
intermediaries to perform direct patient
outreach services.
Response: OIG agrees that medication
adherence services can have a
significant beneficial impact on patient
health and health care costs. Although
we also recognize the potential for
greater alignment of manufacturers’
incentives and patient health outcomes
in value-based arrangements, at this
time most arrangements for the sale of
a drug reimbursed by a Federal health
care program are not outcome-driven,
and we continue to have concerns
regarding the direct provision of
medication adherence services by
sellers of warrantied items because their
financial incentive to sell their products
could result in medication adherence
services that increase fraud and abuse
risks, such as patient harm and
overutilization.
Despite these risks, we are not
imposing any restriction in this final
rule on the manner in which warrantied
medication adherence services may be
provided when offered as part of a
bundled warranty. A limitation on the
manner in which sellers of one or more
warrantied items provide such services
as part of a bundled warranty may not
materially reduce any fraud and abuse
risks, particularly because a limitation
on warranties would not affect the
provision of medication adherence
services in contexts other than bundled
warranties. For the same reason, we are
declining to impose a requirement that
warrantied medication adherence
services must either be provided via an
independent intermediary or subject to
the approval of a licensed medical
professional. We emphasize that the
warranties safe harbor would not protect
the provision of free or reduced-cost
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
medication adherence services
furnished by a seller.
Comment: A few commenters asserted
that, consistent with existing OIG
guidance, medication adherence
services do not constitute remuneration
because they do not have independent
value to a buyer but rather are integrally
related to the underlying product. A
commenter noted that, although OIG has
expressed concern that manufacturersponsored adherence supports could
replace actions that a health care
provider might otherwise take to
support medication adherence, the
likelihood of manufacturer adherence
supports leading providers to reduce
their own efforts to improve their
patients’ medication adherence is very
small.
Response: We disagree with the
assertion that medication adherence
services never constitute remuneration
and thus never implicate the antikickback statute. For example, in
Advisory Opinion No. 11–07, we noted
that the vaccine reminder program
offered by a manufacturer could have
independent value to health insurers
and health care entities and could
confer an additional financial benefit on
physicians because the vaccine
reminders were intended to encourage
the recipients to schedule an
appointment with their children’s
health care practitioners, who likely
would be reimbursed for administering
the vaccine and possibly for an
associated office visit. As highlighted in
this example, medication adherence
services could result in a provider’s
opportunity to earn income. We also
recognize that medication adherence
services provided to beneficiaries as
part of warranty arrangements could
have independent value to the
beneficiary, depending on how those
arrangements are structured.
Although the OIG Proposed Rule
stated that the provision of free or below
fair market value medication adherence
services ‘‘would implicate the antikickback statute,’’ 134 we clarify in this
final rule our position that such services
could implicate the statute but would
not necessarily implicate the statute in
all circumstances, and that such
analysis would be dependent upon the
facts and circumstances of a specific
offering.
Comment: A commenter urged OIG to
ensure that pharmacies can continue to
provide adherence and medication
therapy management services, including
when such activities are compensated at
fair market value by payors,
134 84
FR 55748 n.83 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
manufacturers, and others within the
supply and payment chain.
Response: The modifications to the
warranties safe harbor set forth in this
final rule do not change pharmacies’
ability to provide adherence and
medication therapy management
services. Any financial arrangement
between pharmacies and payors,
manufacturers, and others within the
supply and payment chain could
implicate the anti-kickback statute and
should be analyzed on a case-by-case
basis for compliance with the statute.
Depending on the facts, other safe
harbors may be available, including the
personal services and management
contracts and outcomes-based payments
safe harbor.
Comment: A commenter expressed
support for a standalone safe harbor
protecting manufacturer-supported
patient adherence programs, and other
commenters asked OIG to promulgate an
additional rule that expressly defines
how value-based arrangements for drugs
can include all relevant health care
entities (including manufacturers,
payors, providers, and patients) and
medication adherence programs without
running afoul of the Federal antikickback statute.
Response: We appreciate the
commenters’ requests for further
rulemaking. However, they are outside
the scope of this rulemaking.
Comment: A commenter expressed
concern regarding the statement in the
OIG Proposed Rule regarding the
provision of free or reduced-price
laboratory testing as part of a warranty
arrangement. The commenter asserted
that the inclusion of confirmatory
laboratory testing under a warranty
arrangement could fit within the revised
warranties safe harbor where a seller
engages an independent laboratory
under a fair market value arrangement
to perform testing solely to determine
whether the terms of a clinical outcome
or other value-based warranty have been
met.
Response: Regardless of whether
items and services used to determine
the efficacy of a warranty have
independent value to the buyer, the
warranties safe harbor provides
protection only for sellers’ offer and
provision of warranty remedies, not the
offer or sale of the items and services
being warrantied or any items or
services used to determine whether a
clinical outcome or other value-based
outcome has been achieved. We
recognize that warranty arrangements in
some circumstances may require
laboratory testing or other data to
determine, for example, whether
clinical or other outcomes have been
PO 00000
Frm 00169
Fmt 4701
Sfmt 4700
77851
met or whether the buyer or patient has
adhered to the terms of the warranty.
We did not intend to suggest in the
OIG Proposed Rule that, in all instances,
confirmatory laboratory testing for
purposes of determining whether
warrantied outcomes have been
achieved would implicate the antikickback statute. Where a seller
provides free items and services
ancillary to a warranty arrangement that
could have independent value to the
buyer, sellers should analyze such
arrangements on a case-by-case basis to
determine whether they implicate the
anti-kickback statute and may look to
other safe harbors, such as the safe
harbor for personal services and
management contracts and outcomesbased payments, for protection. In the
case of confirmatory laboratory testing
relating to a warranty arrangement, such
testing could have independent value to
the buyer if, for example, it alleviates
administrative or financial burdens the
buyer otherwise would incur to obtain
laboratory testing for purposes other
than the warranty.
b. Requirement for Federally
Reimbursable Items and Services
Subject to Bundled Warranty
Arrangements To Be Reimbursed by the
Same Federal Health Care Program and
in the Same Payment
We recognize the possibility that
bundling of one or more items and
related services that are reimbursed
under different methodologies or
different payments could create
incentives for overutilization or the
potential for cost-shifting. The final rule
protects warranties that apply to one or
more items and related services only if
the federally reimbursable items and
services subject to the warranty
arrangement are reimbursed by the same
Federal health care program and in the
same Federal health care program
payment. The same program/same
payment requirement provides
important protection against these risks.
Comment: A number of commenters
objected to the condition that federally
reimbursable items and services in a
bundled warranty arrangement must be
reimbursed by the same Federal health
care program and in the same Federal
health care program payment in order to
qualify for protection under the safe
harbor. Commenters expressed concern
that this condition would constrain
innovation by limiting what items may
or may not be included in a bundle
based on reimbursement status, rather
than focusing on clinical efficacy. A
trade association representing providers
noted that care coordination
arrangements often require payments
E:\FR\FM\02DER3.SGM
02DER3
77852
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
from different reimbursement
methodologies. For example, a joint
replacement can occur in a hospital or
ambulatory surgical center and then a
patient may be discharged to a skilled
nursing facility or to home health care.
The commenter expressed concern that
a warranty covering this episode of care
would not be eligible for safe harbor
protection because of the different
payment methodologies. The
commenter recommended OIG
implement alternative safeguards in lieu
of the same program/same payment
requirement, such as limiting
application of the safe harbor to
medically necessary items and services,
prohibiting stinting, and requiring the
warranty to be part of a written care
plan by a licensed medical professional.
Other health care providers
commented that the proposed same
program/same payment requirement is
outdated and unworkable in light of
value-based arrangements that utilize a
combination of items, services, or both,
and that it is impracticable to determine
that the same program/same payment
requirement will be satisfied for every
patient. Commenters also noted that
warranties allow manufacturers to help
providers manage risk when testing out
new combinations of devices and
supports, even if they are reimbursed
under separate prospective or composite
rate systems.
Response: Although the warranties
safe harbor could be used to protect a
wide range of innovative arrangements,
it is not designed to protect warranties
involving items purchased by multiple
buyers across different care settings or
reimbursed by different payment
systems. As explained further in this
final rule, we believe a bundle of
products paid for separately and
potentially across different payment
systems poses an increased risk of
inappropriate utilization and
overutilization. Such arrangements may
qualify for protection under the valuebased safe harbors described in this
final rule, such as the safe harbors for
care coordination arrangements
(paragraph 1001.952(ee)), value-based
arrangements with substantial downside
financial risk (paragraph 1001.952(ff)),
and value-based arrangements with full
financial risk (paragraph 1001.952(gg)).
We do not believe that the proposed
alternative safeguards would be as
effective—or as straightforward to apply
and interpret—as the same program/
same payment requirement we are
finalizing.
Comment: A commenter noted that a
manufacturer or supplier seldom knows
all of the ways in which providers might
be reimbursed for items and services
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
included in a bundled warranty
arrangement.
Response: As noted above, the
warranties safe harbor is not designed to
protect warranty arrangements that span
different care settings or that involve
multiple payment systems. Sellers
should be able to craft warranty
offerings that meet the terms of the safe
harbor, even if a particular bundle of
items or items and services could
potentially be reimbursed in different
ways. For example, a seller’s written
warranty could specify that warranty
remuneration is available only in
circumstances in which the bundle is
reimbursed under the same Federal
health care program and in the same
payment.
Comment: Commenters noted that the
bundled warranty arrangement
approved under Advisory Opinion No.
18–10 would not meet the revised safe
harbor because some of the items in the
bundle were separately reimbursable
under certain States’ Medicaid
programs. Commenters also observed
that various State Medicaid programs
employ different reimbursement
methodologies and that even within a
single State, reimbursement
methodologies can differ depending on
whether beneficiaries are covered by the
State’s fee-for-service program or a
Medicaid managed care plan.
Response: We acknowledge that
Medicaid programs reimburse items and
services with a variety of payment
methodologies, which can include
separate, unbundled reimbursement for
some items. We remain concerned,
however, that providing safe harbor
protection to warranties containing
separately reimbursable items would
introduce a higher risk of fraud and
abuse in the form of potential
overutilization, inappropriate steering,
or inappropriate utilization. For
example, a buyer may have an incentive
to purchase separately reimbursable
items in order to receive the benefit of
a warranty on those items because the
buyer will be reimbursed for each item
separately, and if even one item does
not meet the specified level of
performance, the buyer could receive
the cost of all items in the bundle. By
comparison, if a buyer receives one
warranty payment for all items covered
by a bundled warranty, the buyer has a
greater incentive to contain its costs and
not purchase unnecessary items (or
services).
The arrangement described in
Advisory Opinion No. 18–10 included
the possibility that bundled devices
could be separately reimbursed by State
Medicaid programs, although the
opinion specified that these instances
PO 00000
Frm 00170
Fmt 4701
Sfmt 4700
would be infrequent and that Medicaidreimbursed cases represented a very
small part of the requestor’s business.
Although warranty remuneration paid
resulting from the failure of a separately
reimbursable item or service would not
be covered by the warranties safe
harbor, the advisory opinion process
remains available for a legal opinion
regarding facts and circumstances that
may not be protected by the safe harbor.
Although we solicited comments on
instances when an exception may be
necessary to the provision requiring
reimbursement by the same Federal
health care program payment, upon
further consideration we do not believe
an exception is necessary. The modified
safe harbor requires that federally
reimbursable items and services covered
by a bundled warranty must be
reimbursed by the same Federal health
care program payment—not that the
items and services be only reimbursable
by one Federal health care program
payment. In other words, the possibility
that an item or service is reimbursable
under a different program or by a
different payment does not foreclose a
manufacturer or supplier from offering a
bundled warranty covering the item or
service as long as the item or service is
in fact reimbursed by the same Federal
health care program payment as the
other item(s) and service(s) comprising
the warranty bundle.
Although we recognize that it may be
difficult for a seller to know under
which reimbursement methodology a
particular item or service will be
reimbursed, we believe parties entering
into bundled warranty arrangements
could specify in the warranty’s written
terms that only items and services
reimbursed by the same Federal health
care program payment will be eligible
for the warranty. Because warranty
remedies are by their nature furnished
after the use of items and services, a
buyer likely knows before making a
warranty claim whether the items and
services are or will be reimbursed by the
same Federal health care program
payment. Consequently, a warranty
undertaking could explicitly state that
warranty remedies are available only for
patients or procedures in which the
bundled items and services are
reimbursed by the same program and
same payment even where alternative
reimbursement methodologies for those
items and services exist.
Comment: A commenter noted that in
many cases items or services included
in a bundle are not reimbursed
specifically but might be deemed
reimbursed indirectly as part of a
payment for another item or service. In
such cases, there might be numerous
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
potential payments or reimbursement
methodologies which could be viewed
as providing such indirect
reimbursement.
Response: The warranties safe harbor
does not attempt to address every
possible variation in reimbursement
methodologies. We continue to believe
that limiting safe harbor protection to
warranties involving bundled items and
services reimbursed under the same
program and same payment is an
important safeguard to protect against
inappropriate steering, inappropriate
utilization, or overutilization of
federally reimbursable health care items
and services. We believe that, in most
circumstances, health care providers
can identify the reimbursement source
for a particular item and can also
determine whether items and services
subject to a bundled warranty are
reimbursed by the same payment.
Comment: A commenter urged OIG to
abandon the same program/same
payment requirement and instead
extend protection for bundled
warranties involving items and services
reimbursed under multiple prospective
payment or composite rate systems,
which the commenter asserted would
protect a broader range of warranties but
pose a low risk of fraud and abuse due
to cost-shifting because no warrantied
items would be separately reimbursable.
Another commenter suggested that the
safe harbor should protect bundled
warranties involving items and services
that are not specifically reimbursed
under bundled or fee-for-service
payments but that could be reflected in
some manner in a provider’s Medicare
cost report.
Response: Although we recognize that
warrantying only bundled items and
services reimbursed under prospective
payment bundles or composite rate
systems could reduce the risk of costshifting between Federal health care
programs, we remain concerned that
protecting bundled warranties across
such methodologies could complicate
both the administration of warranties
and reporting obligations, and we
decline to expand the safe harbor
provision according to the commenter’s
suggestion.
Comment: A commenter stated that
the same program/same payment
requirement would not protect a
warranty bundle consisting of a
particular federally reimbursed drug
product when used in conjunction with
a companion diagnostic. According to
the commenter, the drug would be
reimbursed under Medicare at the
negotiated price (for a Part D drug) or at
ASP plus 6 percent (for a Part B drug),
while the companion diagnostic would
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
be reimbursed under the clinical
laboratory fee schedule.
Response: We appreciate the
commenter’s concern and acknowledge
that the safe harbor would not protect
the type of arrangement described in
this comment. However, the safe harbor
could protect a warranty covering a drug
product, and where the seller wants to
provide a companion diagnostic to
determine if a warrantied outcome has
been achieved, the seller could look to
other safe harbors to protect the
provision of the companion diagnostic
to the extent the provision of the
companion diagnostic implicates the
anti-kickback statute.
Comment: A commenter asserted that
the same program/same payment
requirement could foreclose protection
for even one-drug warranties because
drugs are virtually always reimbursed
by Medicare, Medicaid (and usually
additional Federal health care
programs), with each program having
different payment methodologies for
outpatient drugs.
Response: As noted in proposed
paragraph 1001.952(g)(5), the same
program/same payment requirement
would only apply when a manufacturer
or supplier offers a warranty for more
than one item or one or more items and
related services. This requirement
would not apply to single-item
warranties.
Comment: A number of commenters
expressed concern that the requirement
that federally reimbursable bundled
items and services be reimbursed by the
same Federal health care program
payment could inhibit innovative
warranties based on the performance of
warrantied items and related services
across a patient population (populationbased warranties). A commenter argued
that the safe harbor should
accommodate value-based arrangements
that study a representative sample of a
patient population and use the results
observed from the sample to determine
the price or price concession that is
appropriate for product utilization more
broadly. Another commenter asserted
that warranties offered across a patient
population have a low risk of fraud and
abuse where none of the items or
services is separately reimbursable.
Response: As discussed in the
preamble to the OIG Proposed Rule, we
believe the expanded warranties safe
harbor will facilitate beneficial and
innovative arrangements between
buyers and sellers, such as bundled
warranties. While population-based
warranties would not necessarily pose
the same fraud and abuse risk of
problematic cost-shifting between
Federal health care programs as
PO 00000
Frm 00171
Fmt 4701
Sfmt 4700
77853
warranties covering a bundle of items
and services that are reimbursable under
different Federal health care programs,
population-based warranties could pose
different fraud and abuse risks.
Specifically, population-based
warranties may result in steering to
particular products in a manner that
inappropriately limits patient choice
and providers’ clinical decision-making
and could result in overutilization or
inappropriate utilization of items or
services where a buyer feels compelled
to use a certain quantity of a seller’s
product in order to be eligible for a
warranty remedy. We appreciate the
commenter’s request for the warranties
safe harbor to protect value-based
arrangements that could inform the
price of a product, and while the
modified safe harbor does not
specifically protect population-based
warranties, we emphasize our statement
in the OIG Proposed Rule that we may
consider specifically tailored safe harbor
protection for value-based contracting
and outcomes-based contracting for the
purchase of pharmaceutical products
(and potentially other types of products)
in future rulemaking.
c. Capped Amount of Warranty
Remedies
The existing safe harbor for warranties
contains the limitation that a
manufacturer or supplier must not pay
remuneration to any individual (other
than a beneficiary) or entity for any
medical, surgical, or hospital expense
incurred by a beneficiary other than for
the cost of the item itself. In the OIG
Proposed Rule, at proposed paragraph
1001.952(g)5), we proposed to adapt this
limitation to accommodate the safe
harbor’s expanded protection of
bundled warranties. In the
modifications to the safe harbor we are
finalizing here, warranty remuneration
for any medical, surgical, or hospital
expense incurred by a beneficiary is
capped at the cost of the items and
services subject to the warranty.
This cap plays an important role in
safeguarding against sellers providing
excess remuneration to providers to
induce referrals. The revised safe harbor
offers sellers more flexibility by
protecting both a broader scope of
warranties and a potentially higher
amount of warranty remuneration
reflecting the cost of the entire bundle
of items or bundle of items and services.
This adaptation allows sellers to offer a
valuable remedy to their customers if a
product fails to meet a specified level of
performance.
Comment: Although some
commenters expressed support for OIG’s
proposal to limit the remuneration a
E:\FR\FM\02DER3.SGM
02DER3
77854
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
manufacturer or supplier may pay to
any individual (other than a beneficiary)
or entity for any medical, surgical, or
hospital expense incurred by a
beneficiary other than for the cost of
items and services subject to the
warranty, several commenters objected
to this proposed safeguard. For example,
a commenter argued that warranty
remedies that exceed the aggregate value
of the warrantied items and related
services are likely to be the key drivers
in realizing the potential of value-based
care. Another commenter stated that
capping the warranty remedy based on
the collective cost of the warrantied
items and services is insufficient
because providers expect vendors
offering warranties addressing long-term
population health issues to be
financially accountable for costs greater
than the cost of the items and services
subject to the warranty.
Response: As proposed, the revised
safe harbor would protect warranties in
which vendors offer to reimburse any
medical, surgical, or hospital expense
incurred, up to the cost of the
warrantied items and services incurred
by the buyer to acquire those items and
services. The safe harbor could be used
to protect reimbursement for hospital
expenses incurred as a result of, for
example, a bundle of items that failed to
meet the clinical outcomes guaranteed
by a warranty arrangement. The total
warranty remuneration provided,
however—including the cost of any
replacement items—would be limited to
the original cost of the items and
services incurred by the buyer. We
believe the proposed expansion of this
safe harbor provides a significant and
sufficient opportunity for vendors to
offer a meaningful and valuable remedy
to their customers to account for the
failure of an item, a bundle of items, or
a bundle of items and services to meet
warrantied standards.
Comment: Commenters stated that
capping the amount of warranty
remuneration will negatively impact
patient care and unnecessarily stifle
innovative value-based arrangements
because vendors will not be able to offer
appropriate remedies if warrantied
outcomes are not achieved, such as the
provision or payment for medical,
surgical, hospital, or other services and
related items in connection with the
replacement or supplementation of a
warrantied item, or as an alternative or
supplemental treatment.
Response: We continue to believe that
the proposed cap strikes an appropriate
balance between protecting
remuneration for warrantied products
and safeguarding against excessive
remuneration paid by vendors to induce
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
referrals. Furthermore, as we explained
in the preamble to the OIG Proposed
Rule, the safe harbor, as finalized,
already is broad enough to protect
certain value-based arrangements, such
as warranties that offer a clinical
outcomes guarantee, as long as the safe
harbor’s other requirements are met.
Comment: A commenter stated that
there is negligible risk that
manufacturers and suppliers would use
warranties to provide excess
remuneration because vendors entering
into warranty arrangements face steep
exposure and will take all possible
precautions to avoid future payments
under such warranties.
Response: We continue to believe that
without limiting the amount of
protected warranty remuneration there
is a risk of vendors paying excessive
remuneration to induce further Federal
health care business. For example,
without a cap on warranty
remuneration, a vendor could pay for a
wide range of consequential expenses
resulting from the failure of a device
including, for example, hospitalization
expenses, revision surgery, and other
downstream expenses, in addition to
providing a replacement for the faulty
device. We believe that would provide
too great an opportunity for sellers to
offer generous remuneration to buyers.
d. Prohibition on Exclusivity and
Minimum-Purchase Requirements
We proposed a new safeguard at
proposed paragraph 1001.952(g)(6) that
would preclude warranty arrangements
from being conditioned on the exclusive
use or minimum purchase of one or
more items or services. We are finalizing
this safeguard because we believe it
provides important protection against
patient steering that could interfere with
clinical decision-making and against
potential anticompetitive effects.
Comment: Some commenters
expressed support for the proposed
prohibition on warranties conditioned
on a buyer’s exclusive use of any of the
manufacturer’s or supplier’s items or
services. Other commenters argued that
these safeguards are unnecessary and
possibly contravene the intent of the
proposal. For example, a commenter
noted that warranties constitute a means
by which sellers compete against one
another by providing assurances of
performance. In addition, commenters
noted that providers can standardize
their use of any one of a number of
similar, competitive products, and that
such standardization through
exclusivity and minimum-purchase
requirements can promote competition
and lower costs without triggering any
PO 00000
Frm 00172
Fmt 4701
Sfmt 4700
concerns regarding patient access to
medically necessary items.
Response: We are finalizing the
prohibition against sellers conditioning
a warranty on a buyer’s exclusive use or
minimum purchase of any of the seller’s
items or services. Although exclusivity
and minimum-purchase requirements
may allow for certain efficiencies, we
view exclusivity and minimumpurchase requirements tied to the offer
of a warranty as potentially abusive
steering practices that could result in,
among other things, interference with
clinical decision-making, overutilization
or inappropriate utilization, or
anticompetitive effects. Because
warranty arrangements can be valuable
tools for buyers to defray the costs
associated with an item (and under the
modified safe harbor, multiple items or
items and services) that does not
function as expected, the potential for
sellers to require exclusivity and
minimum-purchase requirements in
exchange for a warranty may lock
buyers into a particular item (and under
the modified safe harbor, multiple items
or items and services) and thereby could
result in, for example, a buyer using a
particular item in a given case that is
not in the patient’s best interest.
Comment: A commenter asserted that
exclusivity and minimum-purchase
requirements are features that can
promote competition and lower costs, as
in the case of purchase discounts
conditioned on the volume of products
purchased. The commenter observed
that a warranty might be conditioned on
a minimum- or exclusive-purchase
requirement, and that such requirement
would not preclude a buyer from
purchasing competitive products in
violation of the requirement; the
provider would simply lose the benefit
of the warranty by doing so.
Response: Because warranties can be
valuable tools for buyers to defray the
costs associated with an item (or items
and services) that do not function as
expected, we reiterate our concerns that
conditioning warranties on exclusivity
or minimum-purchase requirements
increases certain fraud and abuse risks,
as described above, and thus we are
finalizing the modifications to the safe
harbor with the prohibition on
conditioning warranties on such
requirements.
Comment: A number of commenters
urged OIG to omit or revise the
prohibition against conditioning
warranties on minimum-purchase or
exclusivity requirements. In particular,
commenters asserted that populationbased warranties typically require that
there be some minimum level of use of
the product (and any related services) so
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
as to make the outcomes measure
statistically meaningful. For example, a
manufacturer might state in a warranty,
consistent with clinical studies, that use
of its device will produce the
warrantied outcome a given percentage
of the time, but that the warranty is only
available if the device has been used on
a large enough number of patients
(typically determined through a
minimum-purchase requirement) to
produce a statistically relevant
outcomes measure.
Response: We agree that populationbased warranties could require a certain
amount of use of a product and any
related services to make the outcomes
measure(s) set forth in a warranty
undertaking statistically meaningful.
However, for the reasons set forth in this
preamble, we are finalizing the same
program/same payment requirement,
which means that protection under the
safe harbor as modified does not extend
to warranties for items used across a
patient population. Particularly given
this limitation in the safe harbor, we do
not believe conditioning warranties on
exclusivity or minimum-purchase
requirements is necessary for sellers to
engage in beneficial warranty
arrangements that promote the value of
the items and services being warrantied.
Comment: A commenter urged OIG to
adopt a permissive approach, which
would protect warranties conditioned
upon exclusive-use arrangements under
the safe harbor as long as manufacturers
or suppliers: (i) Have good-faith reasons
for adopting exclusive-use
requirements; (ii) take and document
reasonable precautions to avoid stinting
on care, cherry-picking, lemondropping, or inappropriate utilization;
and (iii) otherwise ensure that neither
clinical decision-making nor patient
care choices are adversely impacted.
Response: We appreciate the
commenter’s recommended safeguards
and the commenter’s focus on reducing
the fraud and abuse risks associated
with exclusivity requirements.
However, for the reasons articulated
above, we view certain risks as an
inherent part of warranties conditioned
on the exclusive use of any of a seller’s
products or services, and thus we are
finalizing a safe harbor provision
restricting warranties conditioned on
exclusivity requirements.
Comment: Commenters noted that
sellers of items reimbursed under
Federal health care programs are not
subject to any general prohibitions on
imposing exclusivity or minimumpurchase requirements as a condition of
making discounts available or
otherwise.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
Response: To the extent that the
commenter refers to the discount safe
harbor and the warranties safe harbor,
those safe harbors were designed to
protect remuneration paid under
different circumstances, and therefore it
is appropriate to include different
safeguards in the safe harbors.
Comment: A number of commenters
asserted that many of the innovative,
risk-based warranty arrangements
proposed by manufacturers may include
equipment and consumables that must
be used together, resulting in a
requirement to exclusively utilize a
manufacturer’s goods in order to obtain
warranty protection. The proposed
limitation on exclusive use could hinder
these manufacturers from creating and
proposing such warranty-based risksharing arrangements.
Response: The revised warranties safe
harbor, consistent with the description
in the OIG Proposed Rule, would
expand the safe harbor to explicitly
protect warranties in which a bundle of
items or a bundle of items and services
must be used together to obtain
warranty protection. The exclusive-use
and minimum-purchase prohibitions
provide meaningful protections against
inappropriate steering practices and
anticompetitive effects without
impacting the ability of manufacturers
and suppliers to offer bundled
warranties.
Comment: A commenter requested
clarification on how OIG will interpret
the exclusive-use limitation if, for
example, a provider enters into an
arrangement to purchase an ‘‘exclusive’’
or ‘‘preferred’’ product independent of
any potential unrelated bundled
warranty offered by the product’s
manufacturer.
Response: OIG is aware that
arrangements exist in which providers
agree to the exclusive purchase of a
particular item or designate an item as
‘‘preferred’’ in exchange for favorable
commercial terms. The revised safe
harbor is not intended to impact those
arrangements. Rather, the exclusive-use
and minimum-purchase provisions in
the revised safe harbor prevent a
manufacturer or supplier from receiving
safe harbor protection for a warranty
that is conditioned on the buyer’s
exclusive use or minimum purchase of
items or services offered by the
manufacturer or supplier. We interpret
the ‘‘conditioned on’’ standard to mean
that a causal connection exists between
receiving a warranty (or continuing
eligibility for warranty coverage) and
maintaining exclusivity or minimumpurchase levels. The safe harbor does
not prohibit exclusive-use or minimumpurchase provisions that are
PO 00000
Frm 00173
Fmt 4701
Sfmt 4700
77855
conditioned upon commercial terms
unrelated to the offer of a warranty.
e. Reporting Requirements
As discussed in the OIG Proposed
Rule, industry stakeholders have
expressed concern that the safe harbor’s
existing reporting requirement could
limit the ability of sellers to offer
innovative warranty arrangements,
including warranties that span multiple
years. Stakeholders also have noted that
the reporting requirement could make
safe harbor protection unavailable for
providers that lack specific reporting
obligations under Federal health care
programs or providers that do not file
cost reports.
We are addressing these concerns in
this final rule by: (i) Clarifying in the
preamble discussion below that the safe
harbor can be used to protect warranty
arrangements that span multiple years;
(ii) changing references in the safe
harbor from ‘‘the price reduction’’ to
‘‘any price reduction’’ to make clear that
more than one price reduction may
occur pursuant to a warranty
arrangement; and (iii) clarifying in this
preamble that buyers are obligated to
report price reductions in a manner
compatible with the reimbursement
methodology for the warrantied items or
services, including circumstances in
which a provider does not submit cost
reports or a formal ‘‘claim for payment’’
unless the payor does not provide a
reporting mechanism. Lastly, we are
making a technical, non-substantive
correction to paragraph 1001.952(g)(3)
to remove a comma after ‘‘and’’ and
before ‘‘when any price reduction
becomes known.’’
Comment: A commenter noted that
many items and services are reimbursed
by Medicare Advantage plans or
Medicaid managed care organizations,
and therefore buyers have no obligations
to report price reductions in a ‘‘cost
reporting mechanism’’ or ‘‘claim for
payment,’’ as referenced in the
warranties safe harbor. The commenter
asked OIG to clarify that a buyer should
only be required to report a price
reduction or replacement product
obtained as part of a warranty if it has
an obligation to do so under applicable
requirements of the Federal health care
program payor making payment for the
warrantied item or service to which the
price reduction relates.
Response: In the preamble to the OIG
Proposed Rule, we solicited comments
on the burden of current reporting
requirements and the need for more
flexible reporting requirements for
warranties tied to clinical outcomes. We
emphasize that buyers, other than
beneficiaries, are obligated under the
E:\FR\FM\02DER3.SGM
02DER3
77856
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
safe harbor to report price reductions in
a manner compatible with the
reimbursement methodology for the
item(s) or service(s) which, as a
commenter pointed out, may not in all
circumstances be reported in a ‘‘cost
reporting mechanism’’ or a ‘‘claim for
payment.’’ We affirm that this
requirement applies to buyers even
when buyers do not have an express
obligation to report a price reduction or
replacement product under applicable
requirements of the Federal health care
program payor making payment for the
warrantied item or service to which the
price reduction relates. In the event that
a payor does not provide any
mechanism for reporting of costs, such
reporting is not required in order for a
buyer to obtain safe harbor
protection.135
Comment: In light of our preamble
discussion regarding the timing of
reporting requirements, including the
protection for outcomes-based warranty
arrangements in which buyers could
receive return payments from
manufacturers over several years,
commenters requested additional
clarification with respect to reporting
requirements. In particular, commenters
requested clarification that multiple
warranty payments related to the same
item or bundle of items and services
could be reported at various points
throughout a warranty arrangement, and
that buyers are obligated to report such
payments at the time they are received.
A commenter suggested that OIG revise
the manufacturer reporting
requirements such that price reductions
must appear either on an invoice or a
statement, or on a series of invoices or
statements. The commenter also
suggested revising paragraph
1001.952(g)(3)(ii) such that the
manufacturer is obligated to provide the
buyer with documentation of the price
reduction calculation in the same fiscal
year as the purchase or the following
fiscal year.
Response: We agree with the
commenters that, under the warranties
safe harbor, buyers can report multiple
warranty payments related to the same
item or bundle of items and services at
135 We remind parties to warranty arrangements
that they must comply with all legal obligations
associated with Medicare cost reporting and other
applicable requirements of any Federal health care
program payor, including those related to billing
and payment for replaced devices offered without
cost or with a credit. For example, we note that
under the Medicare inpatient prospective payment
system if a provider received full credit for the cost
of a device, CMS requires that the credit be reported
to the Medicare program and the cost of the device
is subtracted from the DRG payment. See 42 CFR
412.89; 42 CFR 412.2(g) and Medicare Claims
Processing Manual, CMS Pub. 100–04, Ch. 3,
§ 100.8.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
various points throughout a warranty
arrangement. Paragraph 1001.952(g)(1)
already requires buyers to report ‘‘any
price reduction’’ obtained as part of the
warranty. We are finalizing
corresponding revisions to paragraph
1001.952(g)(3) to change all references
to ‘‘the price reduction’’ to ‘‘any price
reduction’’ to make clear that more than
one price reduction may occur pursuant
to a warranty arrangement. With respect
to the commenter’s suggestion to allow
sellers to report price reductions on a
series of invoices or statements, we
believe this expansion of the safe harbor
is unnecessary because sellers must
either: (i) Report price reductions on the
initial invoice or statement the
manufacturer sends to the buyer; or (ii)
when the amount of any price reduction
is not known at the time of sale, report
the existence of the warranty on the
invoice or statement, and later provide
the buyer with documentation of the
calculation of any price reduction
resulting from the warranty. Therefore,
sellers must provide information
regarding all price reductions to the
buyer regardless of whether sellers
report them on an invoice or statement
or otherwise. Lastly, the modifications
to the warranties safe harbor set forth in
this final rule do not include a
requirement for the seller to provide the
buyer with documentation of the price
reduction calculation in the same or
following fiscal year of the buyer. We
expect buyers and sellers to fulfill their
reporting obligations under paragraphs
1001.952(g)(1) and 1001.952(g)(3) in a
timely manner but are not otherwise
prescribing a timeline for doing so.
Comment: A commenter requested
clarification that buyers are entitled to
use any reasonable methodology for
purposes of allocating a rebate that does
not relate to a specific item or service
across all bundled items and services to
which the warranty rebate relates.
Response: We understand that, in
some circumstances, remuneration paid
pursuant to a bundled warranty will be
related to more than one item or service
that fails to meet the specifications set
forth in the warranty undertaking. The
safe harbor does not set forth a specific
methodology to allocate reporting across
multiple items or a combination of
items and services. OIG believes that in
most cases a warranty remedy paid
pursuant to a bundled warranty should
be reported proportionately to the cost
of each bundled item or service, but we
wish to provide flexibility for buyers to
adopt different but reasonable allocation
methodologies in circumstances in
which, for example, the failure of the
bundle to meet the agreed specifications
PO 00000
Frm 00174
Fmt 4701
Sfmt 4700
results disproportionately from the
failure of a particular item or service.
Comment: A commenter supported
the proposal to expressly exclude
beneficiaries from the reporting
requirements applicable to other buyers.
Response: We appreciate the
commenter’s support, and we are
finalizing revisions to the warranties
safe harbor to exempt beneficiaries from
the reporting requirement for buyers.
Comment: A commenter noted that a
cost reduction under a warranty might
be received long after the warrantied
item has been purchased by a provider,
particularly when the clinical outcome
from the use of the item may be
measured several years after the initial
purchase of the item. Accordingly, the
commenter recommended that OIG
specifically provide for safe harbor
purposes that such a rebate must be
reported only after it is received.
Response: We agree that the reporting
requirement is not triggered until
remuneration is received under the
warranty arrangement. We also
recognize that the failure of an item or
service to meet specifications might not
occur until a period of years after
purchase.
f. Definition of ‘‘Warranty’’
We proposed and are finalizing at
paragraph 1001.952(g)(7) to define
‘‘warranty’’ directly and not by
reference to 15 U.S.C. 2301(6). By
defining ‘‘warranty’’ directly, we clarify
that the warranties safe harbor is
available for drugs and devices
regulated under the Federal Food, Drug,
and Cosmetic Act, whereas the
definition set forth in 15 U.S.C. 2301(6)
potentially excludes FDA-regulated
drugs and devices. The safe harbor
protects not only warranties covering a
‘‘product’’ but warranties covering an
item or bundle of items, or services in
combination with one or more related
items. Finally, the new definition
parallels the prior definition’s language
requiring a written promise that an item,
bundle of items, or bundle of items and
services is defect-free or will meet a
specified level of performance over a
specified period of time.
As we explained in the OIG Proposed
Rule, we interpret the definition of
‘‘warranty’’ to apply to warranty
arrangements conditioned on clinical
outcomes guarantees, provided other
safe harbor requirements are met.
Comment: Commenters expressed
support for the proposed revisions to
the warranties safe harbor, including
adopting a new definition of the term
‘‘warranty.’’ Several commenters offered
proposed revisions to the types of
remuneration articulated in proposed
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
paragraph 1001.952(g)(7)(ii). In
particular, commenters urged OIG to
confirm that a partial refund or
retrospective rebate resulting in a price
adjustment would constitute a ‘‘refund’’
or ‘‘other remedial action,’’ as those
terms are used in paragraph
1001.952(g)(7)(ii).
Response: As explained in the
preamble to the OIG Proposed Rule,
OIG’s proposed definition is largely
modeled after the definition of
‘‘warranty’’ in the Magnuson-Moss Act,
codified at 15 U.S.C. 2301(6), which
defines ‘‘refund’’ as refunding the actual
purchase price (less reasonable
depreciation based on actual use where
permitted by rules of the Commission).
Although we have not explicitly
adopted this definition, it provides
persuasive guidance as to how we
would interpret the term ‘‘refund.’’
Regardless of how ‘‘refund’’ is
defined, our proposed safe harbor
contemplates that manufacturers or
suppliers may ‘‘take other remedial
action’’ if an item fails to meet the
specifications set forth in the written
arrangement. It is conceivable that a
partial refund or retrospective rebate
resulting in a price adjustment would
constitute ‘‘other remedial action’’ as
long as all other conditions of the safe
harbor were met.
Comment: Several commenters
recommended that OIG expand the list
of permissible types of remuneration in
paragraph 1001.952(g)(7)(ii) to allow for
‘‘reperformance of services.’’
Response: Our definition of
‘‘warranty’’ includes an arrangement ‘‘to
refund, repair, replace, or take other
remedial action. . . .’’ If a warranty
arrangement is connected to the sale of
a bundle of items and services,
‘‘reperformance of services’’ likely
would be an ‘‘other remedial action’’
under the safe harbor as long as all other
safe harbor conditions were satisfied,
including that the total remuneration
provided (in whatever form) cannot
exceed the cost of the items and services
subject to the bundled warranty
arrangement.
Comment: A commenter
recommended that in addition to
protecting warranty arrangements that
provide remuneration in the event of
product failure, the safe harbor should
allow vendors to receive success
payments in the event legitimate valuebased objectives are achieved.
Response: The warranties safe harbor
is designed to protect warranty
arrangements in which vendors offer
remuneration to their customers in the
event one or more items, or a bundle of
one or more items and related services,
fails to meet a specified level of
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
performance. The safe harbor does not
by its terms protect arrangements in
which customers pay success fees to
vendors contingent upon achieving
certain outcomes. Depending on how
such an arrangement is structured,
remuneration paid by a customer to a
vendor might not implicate the antikickback statute, or it might fall within
a different safe harbor, such as the
revised safe harbor for personal services
and management contracts and
outcomes-based payment arrangements.
Any such arrangements should be
reviewed and analyzed under the antikickback statute on a case-by-case basis.
Comment: A commenter urged OIG to
provide examples of the types of clinical
outcomes guarantees that could be
protected under the warranties safe
harbor. Another commenter expressed
concern regarding whether outcomes
can properly be guaranteed by suppliers
or manufacturers of warrantied items.
Response: As noted above, we believe
the expanded warranties safe harbor
could be used to protect a wide range
of warranty arrangements including, as
we discussed in the preamble to the OIG
Proposed Rule, warranty arrangements
conditioned on clinical outcomes
guarantees. In this final rule, we decline
to provide specific examples of the
types of clinical outcomes guarantees
that might be protected because we do
not wish to narrow the scope of
innovative arrangements that might seek
coverage under the safe harbor.
Comment: A commenter asked OIG to
clarify that the warranties safe harbor
would protect an arrangement in which
a warranty payment could vary
depending on the product’s
performance on one or more dimensions
specified in the warranty arrangement,
as opposed to the warranty payment
being a fixed amount.
Response: The warranties safe
harbor—both in its existing form and as
modified by this final rule—is silent on
whether a warranty arrangement
protected under the safe harbor can
have a single triggering condition or
multiple triggering conditions in order
to qualify for safe harbor protection. We
believe, however, that a warranty
arrangement could have multiple
triggering conditions based on
specifications set forth in the warranty
undertaking. In such an arrangement,
the seller must still comply with
paragraph 1001.952(g)(4) in determining
the maximum amount of remuneration
it could offer for any given item, bundle
of items, or bundle of items or services.
Comment: Some commenters
encouraged OIG to make clear that a
‘‘buyer’’ as referenced in the safe harbor
includes an indirect buyer such as a
PO 00000
Frm 00175
Fmt 4701
Sfmt 4700
77857
payor or pharmacy benefit manager.
Another commenter asked OIG to
coordinate with CMS to recognize that
reimbursement for or replenishment of
items and services, pursuant to a
warranty arrangement, is excludable
from price reporting under CMS’s
government pricing regulations and
guidance, including determining how
warranty arrangements involving
pharmaceutical products and
manufacturer-supported adherence
programs impact CMS’s determination
of best price.
Response: The warranties safe harbor
does not contain a definition of the term
‘‘buyer,’’ and the modifications to the
safe harbor that we are finalizing do not
affect the scope of individuals and
entities that may receive protection
under the safe harbor as buyers.
Consistent with our approach elsewhere
in this final rule, we decline to label
certain individuals or entities as
‘‘buyers’’ in order to encourage
innovation. The commenter’s request
regarding price reporting under CMS
pricing regulations and guidance is
outside the scope of this rulemaking.
Comment: A commenter expressed
concern that the safe harbor’s definition
of warranty is not sufficiently broad to
protect warranties that guarantee
achievement of value-based outcomes.
Response: As modified, the safe
harbor protects arrangements that
guarantee ‘‘a specified level of
performance’’ of an item, a bundle of
items, or a bundle of items and services.
We clarified in the preamble to the OIG
Proposed Rule that the warranties safe
harbor’s protection could extend to
arrangements conditioned on clinical
outcomes guarantees, which could
include warranties conditioned upon
‘‘value-based’’ outcomes that meet the
safe harbor’s other requirements. We
believe this offers buyers and sellers
significant flexibility to structure
arrangements that guarantee
achievement of value-based objectives
in the context of a warranty. The
advisory opinion process remains
available for parties seeking OIG’s legal
opinion on a specific arrangement.
12. Local Transportation (42 CFR
1001.952(bb))
Summary of OIG Proposed Rule: We
proposed to modify the existing safe
harbor for local transportation at
paragraph 1001.952(bb) to: (i) Expand
the distance limitations applicable to
residents of rural areas from 50 to 75
miles (including for shuttle services);
and (ii) remove any mileage limitation
for a patient transported from an
inpatient facility from which the patient
has been discharged after admission as
E:\FR\FM\02DER3.SGM
02DER3
77858
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
an inpatient to the patient’s residence or
another residence of the patient’s
choice. We indicated that we were
considering and solicited comments on
whether to eliminate the mileage
limitation for patients discharged from
certain settings and to extend the safe
harbor to protect transportation for
nonmedical purposes that may improve
or maintain patient health. We provided
preamble guidance to clarify that we
believe nothing in the language of the
safe harbor precludes protection for
transportation offered through ridesharing services and invited
commenters to share any basis for
disagreement. We also proposed a
technical change to move undesignated
definitions set forth in the note to
paragraph 1001.952(bb) to a new
paragraph 1001.952(bb)(3).
Summary of Final Rule: We are
finalizing the proposed modifications to
the safe harbor at paragraph
1001.952(bb), with modifications. With
respect to transportation following an
inpatient admission, we clarify that the
mileage limits do not apply when the
patient is discharged from an inpatient
facility following inpatient admission or
released from a hospital after being
placed in observation status for at least
24 hours. We retain our guidance
regarding rideshare programs and do not
extend protection under the safe harbor
to transportation for non-medical
purposes. We finalize the technical
reorganization.
a. Expansion of Mileage Limit for
Patients Residing in Rural Areas
Comment: Many commenters
supported our proposal to increase the
mileage limit for safe harbor protection
of transportation of residents of rural
areas to 75 miles. One such commenter
explained that an expansion to 75 miles
would meaningfully ‘‘capture’’ the
communities and patients it serves and
enable those patients who live farther
away to access specialty services such
as cancer care, neurology, transplant,
and other specialties that are typically
concentrated in larger hospitals located
in urban areas. Another commenter
stated that because many rural residents
must travel more than 50 miles to obtain
medically necessary services, increasing
the limit to 75 miles likely would
improve access to health care for many
rural residents.
However, not all commenters agreed.
A commenter explained that rural areas
are increasingly reporting shutdowns of
local health care providers, which
increases the distance traveled to
receive necessary care. The commenter
pointed to examples of closings of
nursing homes resulting in patients
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
being moved farther away. The
commenter explained that a mileage
limitation of 75 miles in rural areas
would be insufficient because it is not
uncommon for skilled nursing facilities
and assisted living facilities to be
located 150 miles or more from
hospitals, physician’s offices, outpatient
facilities, and other clinical locations.
The commenter advocated for OIG to
expand the mileage limitation to 150
miles in rural areas; alternatively, the
commenter suggested that OIG expand
to 75 miles for all patients and 150
miles for transports originating in a
rural area as defined under the U.S.
Census Bureau’s classification
guidelines.
Response: We are finalizing the
proposed expansion to 75 miles for
residents of rural areas. In the OIG
Proposed Rule, we explained that
commenters to the OIG RFI stated that
the existing local transportation safe
harbor’s 50-mile limit for rural areas
was insufficient because many residents
of rural areas needed to travel more than
50 miles to obtain medically necessary
services. We proposed to increase the
mileage limit for rural areas to 75 miles
and solicited comments on whether this
increase would be sufficient. We further
solicited data and evidence about
appropriate distances, as well as
information about patients needing
transportation and how longer distance
transportation would be provided. We
indicated that we would use the
information to assist us in determining
whether an increased distance limit is
necessary and practical and whether it
is likely to be subject to abuse.
For the following reasons, we have
determined that an increase to 75 miles
is necessary and practical, and we are
finalizing the 75-mile limit. In
combination with all of the conditions
of the safe harbor, we conclude that the
increased mileage limit is not likely to
be subject to abuse. Commenters on this
topic universally supported an
expanded mileage limit for rural areas,
and many supported our specific
proposal of 75 miles. The final safe
harbor will expand safe harbor
protection and facilitate access to health
care for residents of rural areas,
including those seeking types of
specialty care often concentrated in
urban areas. The expanded mileage
limit facilitates access to care for rural
area patients whose travel distances
have increased due to provider closings.
The existing safe harbor contains a
single, uniform mileage limit for rural
areas, offering a bright line standard that
is practical and clear to administer from
a compliance perspective. Our final rule
preserves this structure. Accordingly,
PO 00000
Frm 00176
Fmt 4701
Sfmt 4700
we are not adopting the suggestion to
create a longer distance standard
applicable only to transports originating
in rural areas. Nor are we adopting the
suggestion to extend the mileage limit
for rural areas to 150 miles. The safe
harbor is intended for local
transportation and this limit to local
transportation is rooted in the legislative
history in connection with the
Beneficiary Inducements CMP. In
enacting the CMP provision prohibiting
inducements to Federal and state health
care program beneficiaries, Congress
intended that the statute not preclude
the provision of complimentary local
transportation of nominal value.136 We
are concerned that 150 miles would be
neither local nor appropriately address
risks of abuse, such as inducing
beneficiaries to travel long distances for
care when they might prefer and be able
to obtain comparable care more locally.
We are mindful of the disruptions and
burdens on patients in rural areas when
local providers close and patients are
transferred or must seek care at more
distant locations. The news reports cited
by the commenter describe some
patients being transferred from closed
nursing facilities between 50 and 75
miles away and others moving longer
distances. We believe the expanded
limit we are finalizing should help
many patients facing longer travel
distances. We recognize that the safe
harbor will not protect every instance of
needed transportation. This does not
mean that programs offering
transportation for rural area patients at
greater distances are unlawful. To the
contrary, such programs may be lawful
depending on their facts and
circumstances and would need to be
evaluated on a case-by-case basis under
the statute, including with respect to the
intent of the parties. We remind
stakeholders that the OIG advisory
opinion process remains available for
parties seeking to determine whether a
particular arrangement complies with
the law. We note that our further
modification of the safe harbor to
eliminate any distance limit for
beneficiaries needing transportation
from hospital inpatient or observation
stay services to their residences, which
can include nursing facilities, will also
assist residents in rural areas facing
longer travel distances to obtain health
care.
Comment: While some commenters
found the increase of the limit for
transportation of residents of rural
communities to 75 miles to be sufficient
136 H.R. Conf. Rep. No. 104–736 at 255. See also
79 FR 59717, 59722–23 (Oct. 3, 2014); 81 FR 88368,
88379 (Dec. 7, 2016).
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
to address patient needs, many
commenters advocated for OIG to
expand the mileage limit further for
certain categories of patients, such as
those patients who live in areas without
public transportation, those who have
no health care facilities within 75 miles
of their home, or those who lack access
to specialty health care services due to
the closures of nearby rural hospitals.
For example, a transportation company
shared OIG’s desire to expand
transportation access in rural areas and
explained that 20 percent of Americans
live in rural areas but that rural hospital
closures have increased significantly in
recent years. The commenter suggested
that OIG remove the distance limit so
that it could provide transportation for
rural patients who now have to travel
longer distances to receive care.
According to the commenter, rural
communities face limited transportation
options, and reliable transportation
could effectively close gaps in access to
care.
Commenters suggested various
options that generally would tie
protection for transportation beyond 75
miles to a patient’s medical need. For
example, a commenter recommended
that we protect transportation that is
greater than 75 miles if the eligible
entity determines that a patient requires
a medical procedure and the nearest
provider of such procedure is more than
75 miles from the patient’s residence. At
least one commenter suggested that we
impose additional monitoring
requirements when transportation in
excess of the proposed mileage limit is
necessary.
Another commenter suggested
protection for transportation exceeding
75 miles when the provider certifies in
writing that there is no alternative
provider available within 75 miles of
the patient’s home and that the
transportation is furnished based on
patient need using a good faith,
individualized determination that the
transport is necessary to facilitate the
patient’s access to medically necessary
items or services. However, some
commenters expressed concern that
requiring a demonstration of need for
transportation exceeding 75 miles
would unnecessarily complicate the
provision of transportation services,
could lead to administrative burden,
and would not further the objectives of
the safe harbor. At least one of these
commenters suggested that, if it does
impose such a condition, OIG should
recognize a range of need assessment
tools.
Another commenter suggested that
OIG should expand the mileage
limitation beyond 75 miles for ‘‘frontier
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
areas’’ (which the commenter
recommended that we define using
selected levels from either commuting
codes or frontier and remote codes), but
it recommended that we include
safeguards to prohibit bypassing locally
available health care. At least one
commenter asserted that no
demonstration of financial, medical, or
transportation need should be required
for transportation above the current
limits because the requirement for
transportation to be for medically
necessary items or services serves as
sufficient protection.
Response: For the reasons in the prior
response, we are finalizing our proposal
to increase the rural area mileage limit
from 50 miles to 75 miles but are not
extending it farther. For the reasons that
follow, we are not adopting the
suggestions to expand safe harbor
protection for distances beyond 75 miles
in the specific circumstances suggested
by commenters (e.g., instances where
eligible entities determine or certify that
there is a medical need, areas lacking
public transportation or access to
specialty health care services, or areas
where rural hospitals have closed).
We are maintaining the current safe
harbor design of a single, uniform
mileage limit for rural areas, which
offers bright-line guidance and reduces
administrative burden, including the
administrative burden associated with
the need to obtain certifications and/or
other evidence of need determinations.
We acknowledge and agree with
commenters’ concerns that imposing a
patient need standard for exceptions to
the general mileage limitations in the
safe harbor could be administratively
burdensome, and we are not adopting a
patient need standard as a condition of
the safe harbor. In the 2016 rule
finalizing the local transportation safe
harbor, we stated that while we
understand that a set mileage limit is
not a one-size-fits-all solution, we
believe that a bright-line rule is easier
for all parties to apply.137 This remains
true. Specifically, the expansion of the
mileage limitation combined with the
bright-line rule should benefit many
patients in rural and underserved areas
and should be easy for eligible entities
to apply in practice.
Furthermore, if we were to expand the
mileage limit for specific types of
patient need, we are concerned that
providers could develop arbitrary
criteria that do not reflect legitimate
need and are subject to abuse. We are
also concerned that, in many instances,
exceptions could swallow the mileagelimitation rule, which we view as a
fundamental safeguard and consistent
with the safe harbor’s intended focus on
local transportation.138 On balance,
including additional monitoring or
certification conditions would not
mitigate these concerns sufficiently to
warrant the extra administrative burden.
In finalizing this proposal, we aim to
balance the needs of rural patients to
have access to quality health care with
our concerns that patients could be
transported for unnecessary care or be
swayed to use a more distant provider
even when they may prefer to receive
items or services from a local provider.
Transportation arrangements in rural
areas or to address specific fact patterns
such as hospital closures, lack of public
transportation, or access to specialty
health care services are not necessarily
unlawful and would be evaluated for
compliance with the statute on a caseby-case basis, including with respect to
the intent of the parties. Individuals and
entities that participate in value-based
enterprises as VBE participants may
look to the patient engagement and
support safe harbor paragraph
1001.952(hh) as an additional or
alternative avenue of protection for
certain transportation services. Parties
may also use OIG’s advisory opinion
process for specific facts and
circumstances that may fall outside safe
harbor protection.
Comment: Some commenters
requested wholesale exemption from
any mileage limitations under the safe
harbor. Several commenters
representing Indian health care
providers asked that the safe harbor not
include any mileage limitations for
transportation provided by Indian
health care providers; in addition, some
of these commenters advocated
removing any restrictions regarding the
use of Federal funds by Indian health
care providers for the cost of
transportation furnished to their
beneficiaries. Some of these commenters
recommended that OIG expand the safe
harbor to protect free emergency
transportation and air transportation for
patients of Indian health care providers.
A commenter that represents
community health centers
recommended that OIG exempt certain
health centers from the mileage limits
because Federal regulations issued by
the Health Resources and Services
Administration require certain health
centers to provide transportation
services as needed for adequate patient
care.139
Another commenter suggested that
OIG expand the safe harbor for
138 81
137 81
PO 00000
FR 88388 (Dec. 7, 2016).
Frm 00177
Fmt 4701
Sfmt 4700
77859
139 42
E:\FR\FM\02DER3.SGM
FR 88387–89 (Dec. 7, 2016).
U.S.C. 254b(b)(1)(A)(iv).
02DER3
77860
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
transportation for homeless individuals
in a manner that aligns with California
Health and Safety Code section
1265.2(o), which requires
documentation that a hospital prior to
discharge of a homeless patient has
offered the homeless patient
transportation to a specified destination
if that destination is within a maximum
travel time of 30 minutes or a maximum
travel distance of 30 miles of the
hospital. Numerous commenters
suggested that OIG expand the mileage
limit for ‘‘special patient populations,’’
such as patients undergoing cancer or
behavioral health treatment or receiving
dialysis services, regardless of whether
such patients reside in a rural or urban
area. According to these commenters,
these special patient populations often
need transportation services to care
facilities over much greater distances
than 25 or 75 miles in order to access
quality care to treat their medical
conditions. At least one such
commenter recommended that OIG
require providers to use ‘‘reasonable
measures’’ (e.g., a shortage of
appropriate medical facilities or health
care professionals in a geographic area)
that would be evaluated based on the
totality of the circumstances for each
individual.
Response: In developing this final
rule, we considered the comments
offered by entities that provide services
for communities with unique health
care needs. The commenters raise
important considerations about access
to care for Tribal, rural, and
underserved communities, an area of
ongoing interest for OIG in our work to
look at the effectiveness of HHS
programs. Here, however, we have
concerns regarding the fairness of
eliminating the mileage limitation for
populations of patients with specific
health conditions while imposing
mileage restrictions on patients with
other health conditions. It would also be
difficult to craft a fair and sufficiently
bright-line rule allowing for exceptions
to the mileage limitation based on
‘‘reasonable measures’’ evaluated on a
case-by-case basis. Furthermore, any
such exception would be difficult to
administer.
We note that lack of access to care in
a particular geographic area could be a
relevant factor in determining on a caseby-case basis whether a particular local
transportation arrangement involves an
improper inducement to a beneficiary
under the Federal anti-kickback statute
or Beneficiary Inducements CMP.
Depending on the specific facts and
circumstances of the arrangement,
arrangements could comply with the
statutes even if they do not fit in the safe
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
harbor. OIG’s advisory opinion process
is better suited than the local
transportation safe harbor to evaluate
arrangements on a case-by-case basis.140
Moreover, depending on the specific
facts of the arrangement, transportation
furnished by a VBE participant to
patient populations including those
identified by the comments summarized
above could be structured to qualify for
protection under the patient engagement
and support safe harbor paragraph
1001.952(hh) that we are finalizing in
this rule.
In response to commenters that
requested OIG remove any restrictions
regarding the use of Federal funds for
the cost of transportation furnished to
their patients, we did not propose to
modify the existing prohibitions on
shifting the cost of protected
transportation to any Federal health care
program, other payors, or individuals,
and we are not finalizing any such
changes here. The existing prohibition
serves important program integrity
purposes, as described in the 2016 final
rule.141 In addition, we recognize that
other statutes or regulations may govern
an entity’s provision of transportation to
patients and may impact the ability of
an entity to structure an arrangement
that squarely satisfies the conditions of
the local transportation safe harbor.
Where parties are required by Federal
or State law to provide transportation
services to certain patients or to provide
transportation services as part of a
service covered by a Federal health care
program or other Department program,
those arrangements might not implicate
the Federal anti-kickback statute. If the
patient is entitled to receive services
under their Federal health care program
coverage, the parties should assess
whether there is any remuneration
passing to the patient; providing a
covered item or service paid for by a
Federal health care program alone
would not result in an exchange of any
remuneration under the Federal antikickback statute. However, there could
be circumstances under which a
provider or supplier, when furnishing a
covered item or service, does give a
Federal health care program beneficiary
something of value, or remuneration,
thereby implicating the Federal antikickback statute. For example, the
Federal anti-kickback statute would be
implicated by a provider waiving or
reducing any required cost-sharing
obligations for the covered item or
service incurred by a Federal health care
140 OIG, OIG Adv. Op. Nos. 00–07, 09–01, 15–13,
and 16–02. (OIG has issued several favorable
advisory opinions in this area.)
141 81 FR 88389 (Dec. 7, 2016).
PO 00000
Frm 00178
Fmt 4701
Sfmt 4700
program beneficiary or providing
‘‘extra’’ items and services for free that
are not part of the covered item or
service. Furthermore, we remind
stakeholders that an arrangement that
does not satisfy all conditions of the
local transportation safe harbor does not
necessarily violate the Federal antikickback statute. The advisory opinion
process remains available to
stakeholders seeking prospective
protection for transportation
arrangements that do not fit within the
four corners of the safe harbor.
As an initial matter, we note that this
safe harbor, as finalized, does not
modify existing Federal law regarding
IHS appropriations for transportation
services furnished to its beneficiaries.
While some commenters sought safe
harbor protection for air transportation
furnished to certain populations, we
note that we exclude protection for free
or discounted air transportation under
the existing local transportation safe
harbor and we did not propose changes
to this provision. Although we are not
adopting this suggestion, we are
promulgating clear mileage limits to
provide additional flexibilities to
stakeholders to benefit all patients,
including patients served by Indian
health care providers and community
health centers. With respect to the
comment requesting protection for free
emergency transportation, we did not
propose changing the safe harbor’s
restriction on ambulance-level
transportation and are not making this
change. To the extent free emergency
transportation means waiving
beneficiary cost-sharing—cost-sharing
waivers based on good faith—
individualized determinations of the
beneficiary’s financial need have long
been acceptable under OIG guidance.
Comment: A commenter asked OIG to
consider protecting transportation to an
alternative health care provider without
a mileage limitation in the event that
one of a provider’s locations must divert
scheduled patients with urgent needs
due to a disaster or similar emergency
circumstances.
Response: We are not adopting this
recommendation to remove the mileage
limitation for the reasons noted above
with respect to other commenter
suggestions for specific exceptions to
the mileage limit based on various types
of need. OIG is mindful of the need to
protect patients whose availability of
care is impacted by natural disasters,
public health emergencies, and other
exigent circumstances. For example, in
response to the COVID–19 public health
emergency, OIG has publicly answered
inquiries from the health care
community regarding the application of
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
OIG’s administrative enforcement
authorities under the Federal antikickback statute and the Beneficiary
Inducements CMP, including to
transportation arrangements.142 It is
important to note that the presence of
exigent circumstances can be a relevant
factor in determining whether the
Federal anti-kickback statute would be
implicated or violated by a particular
transportation arrangement.
Comment: Numerous commenters
encouraged OIG to expand the mileage
limitation for transportation furnished
to patients that reside in urban areas, as
defined by the existing safe harbor. A
commenter asserted that many
Metropolitan Statistical Areas extend
beyond 25 miles, and some health care
providers in those communities have
developed evidenced-based clinical
quality intervention strategies for highrisk patients that rely on free patient
transportation. At least one commenter
suggested that providing urban patients
with safe, reliable transportation over a
distance greater than 25 miles is a lowcost, high-value way to ensure access to
care, and advocated for OIG to expand
the mileage limit for urban areas from
25 miles to at least 50 miles. Another
commenter urged OIG to add flexibility
in instances when the nonrural patient
demonstrates a financial, medical, or
transportation need.
Response: We did not propose to
expand the mileage limits for protected
transportation furnished to patients
residing in urban areas and, therefore,
we are not finalizing any such
expansion here.
b. Elimination of Distance Limitations
on Transportation of Discharged
Patients to Their Residence
Comment: Many commenters strongly
supported OIG’s proposal to eliminate
any distance limit on transportation
furnished to a patient who has been
discharged from a facility after
admission as an inpatient, regardless of
whether the patient resides in an urban
or rural area, if the transportation is to
the patient’s residence or another
residence of the patient’s choice.
Numerous commenters recommended
that OIG clarify in the final rule that a
‘‘residence’’ includes custodial care
142 See FAQs–Application of OIG’s
Administrative Enforcement Authorities to
Arrangements Directly Connected to the
Coronavirus Disease 2019 (COVID–19) Public
Health Emergency, available at https://oig.hhs.gov/
coronavirus/authorities-faq.asp (describing that,
under the unique and exigent circumstances
resulting from the COVID–19 outbreak, certain
modest transportation assistance would present a
low risk of fraud and abuse under the Federal antikickback statute and the Beneficiary Inducements
CMP).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
facilities, including but not limited to
nursing facilities, which can serve as a
patient’s residence on a permanent
basis. Another commenter asked OIG to
confirm that a patient’s residence may
include a homeless shelter.
Response: We confirm that we intend
for the term ‘‘residence’’ as used in
paragraph 1001.952(bb)(1)(iv)(B) to
include custodial care facilities that may
serve as a patient’s permanent or longterm residence provided that the patient
established the custodial care facility as
a residence before receiving treatment
by the facility from where the patient is
being transported. In addition, we
intend the term ‘‘residence’’ to include
a homeless shelter when a patient is
homeless or established the homeless
shelter as a residence prior to hospital
admission. While not raised by
commenters, we also affirm our
statement in the OIG Proposed Rule that
a residence of the patient’s choice can
include the residence of a friend or
relative who is caring for the patient
post-discharge.143 As long as the other
requirements of this safe harbor are met,
transportation to these locations would
be protected. We also confirm our
intention, as noted in the OIG Proposed
Rule’s preamble and raised in the
comment above, that this post-discharge
analysis is not dependent on whether
the patient resides in a rural or urban
setting.144
c. Transportation to Locations Other
Than a Patient’s Residence or a
Residence of the Patient’s Choice
Comment: Many commenters,
including multiple associations
representing health care providers,
advocated for OIG to modify the safe
harbor to protect transportation to any
location of the patient’s choice,
including to another health care facility
when there is a medical need for the
transfer. Commenters provided various
examples of instances when they
believe hospitals, other providers, and
patients could benefit when patients are
transferred to other facilities. For
example, some commenters explained
that individuals seen in the emergency
room may require transportation to
another health care facility, while a
trade association representing hospitals
stated that a patient’s medical needs
may require being discharged from an
inpatient facility directly to post-acute
care.
Another commenter expressed
concern that, without the ability to
provide transportation to another health
care facility, skilled nursing facilities
143 84
144 84
PO 00000
FR 55751 (Oct. 17, 2019).
FR 55751 (Oct. 17, 2019).
Frm 00179
Fmt 4701
Sfmt 4700
77861
may be limited in their ability to
transport discharged patients to a
hospital, to a hospice, or to other longterm care facilities. Another commenter
added that SNF patients often require
transportation services following
discharge to accommodate any mobility
limitations.
Response: After considering the
comments, we are not extending safe
harbor protection to transportation of
patients to any location of their choice
or another provider or facility. In
developing this final rule, we reviewed
and weighed the examples provided by
commenters of situations when they
believed it would be beneficial for a
patient to be transported to another
provider following discharge as an
inpatient from a facility. We agree that
the examples described by the
commenters could benefit patients in
many circumstances. However, we
believe that protecting transportation
between health care providers in a
position to refer to each other is not
sufficiently low risk to warrant safe
harbor protection because of the risk
that such transportation arrangements
could be used to steer patients to health
care facilities that may not be in the
patients’ best interests; for instance, the
entity sponsoring the transportation
might limit transportation improperly to
affiliated facilities to generate system
revenue and as a result may interfere
with patient choice. Arrangements that
do not fit in the safe harbor are not
necessarily prohibited under the antikickback statute. Under the final rule,
patients discharged from inpatient
facilities may be offered transportation
to a nursing facility if it is their
residence.
In this final rule, OIG is finalizing a
new safe harbor at paragraph
1001.952(hh) that may protect certain
patient engagement tools and supports
including transportation when the
offeror of the transportation is a VBE
participant. As long as all of the safe
harbor’s conditions are satisfied, the
safe harbor at paragraph 1001.952(hh)
could protect transportation of patients
from an inpatient hospital to another
health care facility for post-acute care
treatment.
In addition, we emphasize that safe
harbors are voluntary and that any
assessment of liability under the Federal
anti-kickback statute requires an
analysis of the facts and circumstances
specific to the arrangement, including
the intent of the parties. For
arrangements that do not meet all
requirements of the safe harbor, the
party could seek an advisory opinion.
E:\FR\FM\02DER3.SGM
02DER3
77862
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
d. Elimination of Distance Limitations
for Patients Other Than Those
Discharged After an Inpatient
Admission
Comment: Numerous commenters
requested that OIG expand the proposed
exemption from distance limitations
beyond discharged hospital inpatients
to include patients treated in a hospital
outpatient department, ambulatory
surgery center, or hospital emergency
room, as well as patients held in
observation status at the hospital for a
substantial period of time but who are
not admitted. For example, a trade
association representing hospitals
asserted that patients may travel a
significant distance to obtain treatment
that does not require an admission, and
the commenter believed that
transportation home for these patients
without a limitation on distance would
be appropriate. The commenter
suggested that OIG could provide
parameters for protected transportation
so that it is not used as a workaround
to the mileage limitations that otherwise
serve as a condition of the safe harbor.
To this point, a commenter suggested
that an appropriate safeguard to limit
potential fraud concerns would be to
require a medical justification to receive
transportation home for reasons other
than an inpatient discharge (e.g., after a
colonoscopy or after receiving stitches,
a licensed medical professional could
determine that a patient is unable to
travel home safely).
Response: As finalized in this rule,
the mileage limitation of this safe harbor
does not apply in two circumstances.
First, we confirm our intention, as noted
in the OIG Proposed Rule’s preamble,
that the elimination of the mileage
limitation applies after admission as an
inpatient. Second, we are persuaded by
commenters that we should expand the
safe harbor by removing the mileage
limitation when a patient is discharged
after spending 24 hours in observation
status. We indicated in the OIG
Proposed Rule that we were considering
including transportation for patients
who have been under observation status
for a timeframe of at least 24 hours. We
are including this provision in the final
rule because we believe that
transportation home following an
extended stay in observation status at a
hospital is sufficiently similar to
transportation home following an
inpatient discharge and to prevent any
safe harbor compliance challenges
resulting from a patient’s status as an
inpatient or outpatient in the hospital.
We also solicited comments regarding
transportation home for patients seen in
the emergency department or following
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
a procedure at an ambulatory surgery
center. We are mindful that available
transportation home for these patients
could help address a legitimate need.
However, we are not removing the
mileage limitation for other patients
categorized as outpatients, including
patients who are seen in the emergency
room but not under observation for at
least 24 hours, or patients discharged
from an ambulatory surgical center. It is
not clear that we could define
acceptable medical justifications or
make distinctions about categories in
this safe harbor. Moreover, creating an
exception to the mileage limitations in
the safe harbor for local transportation
for these categories of patients would
make the exception so expansive and
overly broad so as to limit the utility of
the mileage limitations as safeguards
against potentially abusive
arrangements. The OIG advisory
opinion process remains available for
particular transportation programs not
covered by this safe harbor.
In promulgating this safe harbor, we
observed that Congress did not intend to
preclude the provision of local
transportation of nominal value in the
context of beneficiary inducements.
Although the Federal anti-kickback
statute has no such exception for
remuneration of nominal value, we
stated that protection of complimentary
local transportation that met certain
requirements that limit the risk of fraud
and abuse was warranted.145 We believe
that transportation home following
inpatient discharge or a stay in
observation status at a hospital for at
least 24 hours poses a sufficiently low
risk of inducing patient referrals to the
hospital, provided all safe harbor
conditions are met.
e. Local Transportation for HealthRelated, Nonmedical Purpose
Comment: Commenters generally
supported extending protection under
this safe harbor to transportation
furnished for nonmedical purposes. For
example, some commenters, including
trade associations whose members are
hospitals or nurse practitioners,
encouraged OIG to protect
transportation to obtain services that
address social determinants of health
(e.g., nutrition counseling, chronic
disease counseling services, housing
services), even if those services do not
constitute medical care. The
commenters posited that these services
have a direct effect on a patient’s health
outcomes and well-being and are critical
to achieving effective care transitions
and improved outcomes, including
145 81
PO 00000
FR 88379 (Dec. 7, 2016).
Frm 00180
Fmt 4701
Sfmt 4700
reduced readmissions. One such
commenter asked OIG to support
hospitals’ efforts to connect patients to
nonmedical care and foster innovative
community collaboration.
Another commenter advocated for
protection of transportation to access
nutritious foods, suggesting that patients
living in a ‘‘food desert’’ may have
difficulties obtaining such foods, which
the commenter asserted could
potentially lead to increased health care
costs later if the patients develop
nutritional issues that require medical
attention. A commenter also suggested
that transportation to food stores, food
banks, other non-health care social
services (e.g., housing assistance), or
agencies that offer employment or
vocational training would be
appropriate for safe harbor protection. A
commenter asked OIG to clarify the
types of non-medical purposes that OIG
believes should not be protected by any
expansion of the safe harbor.
Some commenters suggested potential
safeguards for expanded safe harbor
protection for transportation for nonmedical purposes. Recognizing the need
to minimize the risk of fraud and abuse
that may arise in conjunction with nonmedical transportation, such as
inducing beneficiaries to receive
unnecessary health care items and
services, these commenters suggested a
variety of safeguards such as: (i)
Imposing restrictions on an entity’s
ability to condition receipt of nonmedical transportation support on
continued receipt of health care services
from a particular provider; (ii) requiring
the entity to utilize an independent
transportation vendor to arrange for
transportation; (iii) requiring the entity
to tie any transportation service to a
specific quality improvement, social
determinant of health, or public health
initiative; (iv) requiring that the
transportation is unlikely to interfere
with, or skew, clinical decision-making;
and (v) requiring providers to document
the patient’s need for such non-medical
transportation (e.g., patient’s income,
medical condition).
Another commenter suggested the
existing conditions of the safe harbor,
combined with an appropriately tailored
scope of nonmedical transportation
purposes (e.g., a direct connection to the
coordination and management of care),
would be a sufficient safeguard against
abusive transportation initiatives.
Response: We are not expanding the
local transportation safe harbor to
protect patient transportation for
nonmedical purposes. In response to the
OIG RFI, we received comments
suggesting that transportation for
nonmedical purposes may improve
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
patient health, and we solicited
comments on whether the safe harbor
could be expanded to protect
transportation for these purposes
without creating an unacceptable risk of
fraud and abuse, such as inducing
beneficiaries to receive unnecessary
health care items and services. Some
commenters suggested potential
safeguards (e.g., requiring the entity to
tie any transportation service to a
specific quality improvement, social
determinant of health, or public health
initiative). While we do not doubt that
properly structured transportation for
non-medical needs can help patients
maintain or improve their health, we
believe that protecting transportation for
non-medical purposes under paragraph
1001.952(hh), which limits protection of
transportation to tools and supports
furnished by VBE participants, rather
than under the safe harbor for local
transportation, presents the lowest risk
approach to protecting patients and
Federal health care programs from
fraudulent and abusive transportation
schemes.
We continue to believe that the risk of
beneficiaries being improperly induced
to obtain items or services is too high for
safe harbor protection when the
transportation is for non-medical
purposes. As we explained in the 2016
final rule establishing the local
transportation safe harbor, a
transportation program offered by a
provider or supplier inherently poses a
risk both of inducing patients to get
items or services that they might
otherwise not have obtained and to get
services from that provider or supplier.
In the case of transportation for
medically necessary items and services,
we think that risk is acceptable.
However, we believe the risk is too high
when the transportation is for nonhealth-related purposes.146 We noted
that it would be difficult to determine
whether non-medical transportation is
related to the patient’s health care (e.g.,
transportation to a shopping center that
includes both a grocery store and a
movie theater). We went on to say that
transportation for nonmedical purposes
very well might be more frequent than
transportation for medical
appointments, which would give larger
providers a significant competitive
advantage over smaller entities or
individual suppliers.147 We explained
that transportation for nonmedical
purposes would not violate the statute
if it is not for the purpose of inducing
146 81
147 81
FR 88384 (Dec. 7, 2016).
FR 88384 (Dec. 7, 2016).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
individuals to obtain federally
reimbursable items and services.
Notwithstanding the foregoing, we are
mindful of the importance of addressing
social determinants of health, and for
this reason among others we are
finalizing a new safe harbor at
paragraph 1001.952(hh) that protects
nonmedical transportation offered by
VBE participants if such transportation
has a direct connection to the
coordination and management of care of
the target patient population and meets
the other conditions of the safe harbor.
In promulgating paragraph
1001.952(hh), we recognize that
transportation to address social
determinants of health could improve
patients’ overall health and reduce
health care costs. However, without the
safeguards embedded within the VBE
framework, including accountability for
advancing value-based purposes, we are
concerned that transportation for nonmedical purposes could be used
improperly to recruit patients or
incentivize overutilization of items or
services; therefore, OIG is not extending
the local transportation safe harbor to
include transportation for nonmedical
purposes.
f. Use of Ride-Sharing Services
Comment: Commenters supported
OIG’s clarification in the OIG Proposed
Rule that transportation furnished
through ride-sharing services could be
protected by the safe harbor and that, for
purposes of this safe harbor, there is no
difference between taxis and ridesharing services. A commenter
emphasized the importance of these
services with respect to patients with
driving restrictions, cognitive
impairments, and mobility limitations.
While some commenters did not believe
a change to the regulatory text was
needed, at least one commenter
recommended that we amend the safe
harbor to protect transportation via ridesharing services explicitly; according to
this commenter, the safe harbor is
ambiguous with respect to ride-sharing
services, which discourages some
providers from entering into
arrangements with ride-sharing services.
A commenter recommended that OIG
clarify whether a ride-share service can
advertise a partnership with a hospital
or health system to promote patient
awareness and utilization of such
services. Another commenter urged OIG
not to make providers responsible for
knowing or controlling the advertising
practices of taxi companies, ride-sharing
services, or other transportation
providers.
Response: We support the use of ridesharing services or other patient
PO 00000
Frm 00181
Fmt 4701
Sfmt 4700
77863
transportation services similar to a taxi
service by eligible entities to make local
transportation available for their
patients. The safe harbor protects
certain free or discounted local
transportation made available by an
eligible entity, and we confirm that an
eligible entity may make such
transportation available through ridesharing arrangements or through other
means of local transportation that may
exist in the future (e.g., self-driving
cars). We do not believe an amendment
to the regulatory text is necessary.
Indeed, nothing in the language of the
safe harbor prevents the use of ridesharing services by eligible entities as
long as all other conditions of the safe
harbor are met. As we explained in the
OIG Proposed Rule, although we do not
explicitly refer to ride-sharing services
within the safe harbor, we see no
meaningful differences between these
services and taxis, or other similar
technology that serve as a taxi service
should they become available in the
future.148 We are not explicitly
including specific transportation
methods within the regulatory text to
avoid being overly proscriptive and to
allow eligible entities sufficient
flexibility to outsource these services
appropriately while satisfying every
condition of the safe harbor.
We note that eligible entities that
make transportation services available
to patients by using ride-sharing or
other similar transportation service
providers must meet all requirements of
the safe harbor and ensure such service
providers also meet all requirements of
the safe harbor to receive protection,
including for example the prohibitions
against luxury transportation and
publicly marketing or advertising the
free or discounted local transportation
services.
In the OIG Proposed Rule, we
explained that a taxi company, ridesharing service, or other provider of
transportation could advertise that it
provides transportation to medical
appointments and suggest to patients
that they contact their medical
providers to determine whether free or
discounted transportation is available to
their facilities. We stated, however, that
it cannot advertise that it provides free
or discounted transportation to a
particular health care provider or group
of providers because such customerspecific advertising is within the control
of the customer (i.e., the eligible entity
paying for the transportation) to
prohibit, and therefore would be
imputed to the customer and would
disqualify transportation furnished by
148 84
E:\FR\FM\02DER3.SGM
FR 55752 (Oct. 17, 2019).
02DER3
77864
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
the customer from safe harbor
protection.149 Accordingly, we strongly
suggest that eligible entities that furnish
local transportation to patients and
choose to rely on this safe harbor have
mechanisms in place to ensure this
condition of the safe harbor is satisfied.
13. Accountable Care Organization
(ACO) Beneficiary Incentive Program
(42 CFR 1001.952(kk))
Summary of OIG Proposed Rule: We
proposed at proposed paragraph
1001.952(kk) to codify the statutory
exception to the definition of
‘‘remuneration’’ at section
1128B(b)(3)(K) of the Act, as added
under section 50341 of the Budget Act
of 2018, for ACOs operating a CMSapproved beneficiary incentive program
under the Medicare Shared Savings
Program, as defined under section
1899(m) of the Act. We proposed to
clarify that an ACO may furnish
incentive payments only to assigned
beneficiaries and to interpret the
statutory language in the Budget Act of
2018 stating, ‘‘if the payment is made in
accordance with the requirements of
such subsection [section 1899(m) of the
Act],’’ to mean ‘‘if the incentive
payment is made in accordance with the
requirements found in such
subsection.’’ We did not propose any
additional safe harbor conditions that
incentive payments made by an ACO to
an assigned beneficiary under an ACO
Beneficiary Incentive Program
established under section 1899(m) of the
Act would have to satisfy, and we
solicited comments on the proposed
lack of additional conditions.
Summary of Final Rule: We are
finalizing the safe harbor without
modifications.
Comment: Several commenters
expressed support for the ACO
Beneficiary Incentive Program safe
harbor. For example, a commenter
posited that incentivizing patients to
attend primary care appointments may
improve patient outcomes and reduce
downstream medical expenses. Another
commenter agreed with OIG’s proposal
not to establish additional safe harbor
conditions to protect incentives under
an ACO Beneficiary Incentive Program
that satisfies the statutory exception and
regulatory requirements.
Response: We are finalizing the
regulation text as proposed. We note
that we do not interpret the statutory
exception found at section
1128B(b)(3)(K) of the Act, nor the safe
harbor finalized at paragraph
1001.952(kk), to require satisfaction of
any requirements found outside section
149 84
FR 55752 (Oct. 17, 2019).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
1899(m) of the Act (e.g., the regulatory
requirements established by CMS
implementing the ACO Beneficiary
Incentive Program found at 42 CFR
425.304(c)).
Comment: A commenter supported
the codification of the ACO Beneficiary
Incentive Program exception in a safe
harbor but recommended that OIG
broaden the exception to protect any
future beneficiary incentives covered
under CMS-sponsored payment models
and beneficiary incentive options that
may be available in the future.
According to the commenter, the ACO
Beneficiary Incentive Program is too
limited and the commenter has advised
CMS that ACOs, and alternative
payment models (APM) more broadly,
should be able to provide beneficiary
incentives to subsets of their
population. Another commenter
requested that OIG expand the safe
harbor to protect ACOs participating in
any Innovation Center demonstration,
noting that several ACO demonstrations
have risk-bearing standards that exceed
those in the Medicare Shared Savings
Program.
Response: This safe harbor codifies a
statutory safe harbor that is specific to
ACO Beneficiary Incentive Programs;
the commenters’ suggestions are beyond
the scope of the statute and our
proposal. To the extent the commenters
are requesting safe harbor protection for
beneficiary incentives provided through
existing CMS-sponsored models
developed pursuant to section
1115A(d)(1) of the Act, any fraud and
abuse waiver applicable to beneficiary
incentives under the relevant model
would potentially provide protection as
long as the beneficiary incentive
arrangement squarely satisfies the
conditions of the applicable waiver.
Moreover, we are finalizing a new safe
harbor for CMS-sponsored models at
paragraph 1001.952(ii) that protects
certain CMS-sponsored model patient
incentives under models for which CMS
has determined that paragraph
1001.952(ii)(2) should apply. This new
safe harbor is described more fully in
section III.B.7 of this preamble.
Comment: A trade association
representing community pharmacists
recommended that pharmacists be
included in the definition of an ‘‘ACO
professional’’ and that pharmacy
services should constitute qualifying
services for purposes of the ACO
Beneficiary Incentive Program safe
harbor. According to the commenter,
including pharmacy services as
qualifying services would give
pharmacists more resources to provide
medication adherence services more
PO 00000
Frm 00182
Fmt 4701
Sfmt 4700
efficiently to further enhance care
coordination.
Response: The commenter’s
suggestion is beyond the scope of the
ACO Beneficiary Incentive Program
statutory exception found at section
1128B(b)(3)(K) of the Act that OIG
proposed to codify at paragraph
1001.952(kk). Section 1899(h) of the Act
defines an ACO professional for
purposes of the Medicare Shared
Savings Program, and section 1899(m)
of the Act sets forth the scope of
qualifying services. CMS administers
the Medicare Shared Savings Program
on behalf of the Secretary, which
includes promulgating regulations
interpreting the statutory definition of
ACO professional and the scope of
qualifying services; for this reason, any
requests to expand these terms should
be directed to CMS.
Comment: A commenter supported
the proposed safe harbor but
recommended that OIG consider the
administrative burden associated with
the ACO Beneficiary Incentive Program.
In particular, the commenter noted that
several requirements of the ACO
Beneficiary Incentive Program (e.g.,
recordkeeping requirements) are
burdensome.
Response: The commenter’s
suggestion is beyond the scope of this
rulemaking. Section 1899(m) of the Act
contains certain programmatic reporting
and documentation requirements for
beneficiary incentives under the
Medicare Shared Savings Program, and
CMS has promulgated additional
regulations implementing the ACO
Beneficiary Incentive Program.150 The
new safe harbor at paragraph
1001.952(kk) does not alter existing
documentation requirements or impose
any additional documentation
requirements. Furthermore, section
50341(b) of the Budget Act of 2018 does
not give OIG authority to waive
programmatic documentation
requirements set forth in section
1899(m) of the Act or in CMS
regulations.
Comment: A commenter requested
additional guidance on the specifics of
the protected remuneration under this
safe harbor.
Response: The new safe harbor at
paragraph 1001.952(kk) protects
incentive payments made by an ACO to
an assigned beneficiary under a
beneficiary incentive program
established under section 1899(m) of the
Act if the incentive payment is made in
accordance with the requirements found
in section 1899(m) of the Act. We
interpret the statutory language in the
150 42
E:\FR\FM\02DER3.SGM
CFR 425.304(c)(4)(i).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Budget Act of 2018 stating, ‘‘if the
payment is made in accordance with the
requirements of such subsection
[section 1899(m) of the Act]’’ to mean
‘‘if the incentive payment is made in
accordance with the requirements found
in such subsection.’’
We read this provision broadly to
incorporate all the requirements found
in section 1899(m) of the Act as
requirements of the ACO Beneficiary
Incentive Program statutory exception to
the definition of ‘‘remuneration’’ under
the Federal anti-kickback statute. In
other words, as we stated in the
preamble to the OIG Proposed Rule, we
interpret this statutory requirement to
mean that for an incentive payment to
satisfy the ACO Beneficiary Incentive
Program statutory exception, and the
corresponding safe harbor interpreting
the statutory exception, all of the
requirements enumerated at section
1899(m) of the Act—related both to
ACO Beneficiary Incentive Programs
and incentive payments made pursuant
to such programs—must be satisfied. We
do not interpret the statutory exception
at section 1128B(b)(3)(K) of the Act to
require satisfaction of any requirements
found outside of section 1899(m) of the
Act. For instance, CMS, which
administers the Medicare Shared
Savings Program, has promulgated
programmatic regulations setting forth
more detailed requirements for
implementing an ACO Beneficiary
Incentive Program in accordance with
section 1899(m) of the Act. While
compliance with these regulations is not
a condition of satisfying the safe harbor,
it would be prudent for ACOs to review
these regulations to ensure that their
ACO Beneficiary Incentive Programs
meet all applicable programmatic
requirements.
C. Civil Monetary Penalty Authorities:
Beneficiary Inducements CMP
1. Exception for Telehealth
Technologies for In-Home Dialysis (42
CFR 1003.110)
Summary of OIG Proposed Rule: We
proposed to amend the definition of
‘‘remuneration’’ under the Beneficiary
Inducements CMP by codifying the
statutory exception enacted as part of
the Budget Act of 2018. Specifically, we
proposed to add an exception to the
definition of ‘‘remuneration’’ in
paragraph 1003.110 at proposed
paragraph 1001.110(10) for the
provision of certain telehealth
technologies related to in-home dialysis
services. The proposed exception would
protect the provision of telehealth
technologies by a provider of services or
renal dialysis facility to an individual
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
with end-stage renal disease (ESRD)
who is receiving home dialysis paid for
by Medicare Part B, provided the
donation meets conditions proposed in
the OIG Proposed Rule. We proposed a
condition that would require uniform
provision of technology. In addition, we
proposed to define ‘‘telehealth
technologies’’ as multimedia
communications equipment that
includes at a minimum audio and video
equipment permitting two-way, realtime interactive communication
between the patient and distant site
physician or practitioner used in the
diagnosis, intervention, or ongoing care
management—paid for by Medicare Part
B—between a patient and the remote
healthcare provider.
Summary of Final Rule: We are
finalizing this provision with several
modifications at paragraph 1003.110(10)
to align with the statutory exception in
1128A(i)(6)(J). As explained in more
detail below, we are removing most of
the additional proposed conditions and
proposed regulatory text language that
were not in the statutory exception.
Additionally, the final rule modifies the
definition of ‘‘telehealth technologies’’
and includes physicians as a type of
practitioner that can donate telehealth
technologies to a patient. We are not
finalizing the other proposed conditions
on which we solicited comments.
a. General Comments
Comment: Commenters on this topic
overwhelmingly supported our
proposed exception, in many cases as
proposed. For example, a commenter
stated that the exception would enhance
access to telehealth services for
vulnerable patients, including those
who are immobile or located in rural
areas, and would encourage patients to
appropriately address their chronic
condition. Commenters observed that
telehealth technologies will provide an
important tool for dialysis facilities and
other providers to ease patients’
adoption of home dialysis as their
treatment modality of choice and that
increased use of telehealth services
benefit patients, including through
reduced travel to and from physician
visits. A commenter expressed that
broad protection under the Beneficiary
Inducements CMP would be consistent
with policy priorities of Congress and
the Department, as well as under the
Executive Order entitled ‘‘Advancing
American Kidney Health.’’ Another
commenter noted the Administration’s
policy goal of increased rates of uptake
and retention of in-home dialysis and
urged OIG to consider the impact
technologies have outside of an isolated
PO 00000
Frm 00183
Fmt 4701
Sfmt 4700
77865
clinical visit, such as dialysis modality
education and support group access.
Some commenters raised concerns
about the need for safeguards against
risks such as inappropriate steering,
lemon-dropping, and cherry-picking of
patients by providers and the use of free
at-home technologies to entice patients
to use a particular provider, especially
when the technology could also be used
for other purposes beyond the provision
of telehealth services. Some commenters
urged us to adopt the statutory
exception without any additional
conditions that could create barriers to
patients accessing telehealth services,
more administrative burden, or
additional duties on staff. A commenter
stated that the additional conditions and
other potential safeguards in the OIG
Proposed Rule preamble are
unnecessary.
Response: We have made several
modifications to the final exception that
address the commenters’ general
concerns. Consistent with the statutory
exception at section 1128A(i)(6)(J) of the
Act and the OIG Proposed Rule, these
modifications finalize a broader
definition of ‘‘telehealth technologies,’’
reduce the number of conditions from
the OIG Proposed Rule, and modify the
proposed conditions to more closely
align to the statute. The final exception
incorporates the statutory text from
section 1128A(i)(6)(J) and the two
statutory conditions at 1128A(i)(6)(J)(i)
and (ii). We describe the specific
rationale for each of these modifications
in greater detail below.
These modifications reflect our
understanding as stated in the OIG
Proposed Rule that this is a narrow
exception to the CMP beneficiary
inducement statute. Primarily, the
exception is limited to a subset of
patients receiving in-home dialysis and
certain, enumerated providers in the
statutory exception.151 Because the
exception finalized here is only
available to established patients who are
receiving specific services paid for by
Medicare Part B, the potential for fraud
and abuse is reduced. Similar to our
rationale related to the definition and
use of target patient population in the
patient engagement and support safe
harbor at paragraph 1001.952(hh), we
believe that remuneration connected to
an objectively defined set of patients
decreases the risk that valuable
remuneration will be offered to patients
as an inducement to seek care or as a
reward for receiving care. For the
purposes of this exception, Congress
established the patient population as
151 84
E:\FR\FM\02DER3.SGM
FR 55754 (Oct. 17, 2019).
02DER3
77866
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
those receiving in-home dialysis paid
for by Medicare Part B.
Additionally, the two statutory
conditions address common risks of
fraud and abuse associated with
remuneration furnished to beneficiaries.
The first, which bars telehealth
technologies from being offered as part
of any advertisement or solicitation,
protects against improper marketing
schemes that entice beneficiaries to
receive unnecessary services or select
providers or services based on promises
of valuable gifts rather than medical best
interests. The second statutory
condition requires that the telehealth
technologies are provided for the
purpose of furnishing telehealth
services related to the recipient’s ESRD;
this condition tailors the statutory
protection to arrangements that assist
beneficiaries in managing their ESRD,
reducing risk that the provision of
telehealth technologies induce orders or
purchases of other, unrelated items and
services. These statutory limitations
reduce the risks of fraud and abuse
associated with providing certain
beneficiaries with free telehealth
technologies.
We share commenters’ concerns that
offering valuable technology for free to
patients has the potential to impact a
patient’s selection of a provider, and we
agree that this exception should not be
used to effectuate inappropriate
steering, lemon-dropping, or cherrypicking of patients. The risk of fraud
and abuse associated with selectively
deciding which patients receive
telehealth technologies is mitigated by
conditions finalized in this rule (e.g.,
telehealth technologies are protected if
provided to a beneficiary already
receiving in-home dialysis paid for by
Medicare Part B and if that patient
initiated contact or scheduled an
appointment with the donor (paragraphs
(10)(i) and (ii) in 42 CFR 1003.110)).
This final rule strives to foster the
policy goal of: (i) Ensuring that
beneficiaries can choose and benefit
from medically appropriate in-home
dialysis care, as determined by the
beneficiary and their provider,
physician, or renal dialysis facility; (ii)
protecting beneficiaries against coercive
marketing schemes that do not serve
their best interests; and (iii) ensuring
that providers, physicians, and renal
dialysis facilities are seeking the
protection of the exception use
telehealth technologies for purposes
related to beneficiaries’ ESRD as
contemplated in the statutory exception.
We have endeavored to reduce
administrative and staff burden
wherever possible, consistent with these
goals.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
b. Definition of ‘‘Telehealth
Technologies’’
Summary of OIG Proposed Rule:
Using the definition of ‘‘interactive
telecommunications system’’ pursuant
to 42 CFR 410.78(a)(3) as a basis,152 we
proposed to define ‘‘telehealth
technologies’’ as multimedia
communications equipment that
includes, at a minimum, audio and
video equipment permitting two-way,
real-time interactive communication
between the patient and distant site
physician or practitioner used in the
diagnosis, intervention, or ongoing care
management—paid for by Medicare Part
B—between a patient and the remote
healthcare provider. We proposed to
exclude telephones, facsimile machines,
and electronic mail systems from the
definition. However, we proposed that
smartphones with two-way, real-time
interactive communication through
secure video conferencing applications
would not be considered ‘‘telephones.’’
We sought comments on this definition
and whether ‘‘telehealth technologies’’
should include technologies such as
software, a webcam, data plan, or
broadband internet access that
facilitates the telehealth encounter.
Summary of Final Rule: We are
finalizing, with modifications, the
regulatory text defining ‘‘telehealth
technologies’’ in response to comments
and in a way that is technology agnostic,
as described further below.
Comment: Several commenters agreed
with our proposed definition of
‘‘telehealth technologies’’ based on 42
CFR 410.78(a)(3), including our
proposal to exclude smartphones from
our interpretation of what consists of a
‘‘telephone’’ for the purposes of our
proposed ‘‘telehealth technologies’’
definition because it would help expand
access to medically necessary care. A
commenter suggested OIG finalize a
152 In response to the COVID–19, HHS and CMS
have exercised emergency authorities and
regulatory flexibilities to help health care providers
respond to the COVID–19 public health emergency.
Specific to telehealth covered by Medicare Part B,
CMS has expanded the types of technology that can
be used to provide telehealth services, the types of
services that can be provided via telehealth, certain
coverage requirements related to originating and
distant sites, and other flexibilities. Most of these
flexibilities will remain in place until the Secretary
ends the declaration of a public health emergency
for COVID–19. See for example 85 FR 19230 (Apr.
6, 2020), COVID–19 Emergency Declaration Blanket
Waivers for Health Care Providers, available at
https://www.cms.gov/files/document/summarycovid-19-emergency-declaration-waivers.pdf; 85 FR
27550 (May 8, 2020), Additional Policy and
Regulatory Revisions in Response to the COVID–19
Public Health Emergency and Delay of Certain
Reporting Requirements for the Skilled Nursing
Facility Quality Reporting Program, available at
https://www.govinfo.gov/content/pkg/FR-2020-0508/pdf/2020-09608.pdf.
PO 00000
Frm 00184
Fmt 4701
Sfmt 4700
technology-neutral definition of
‘‘telehealth technologies’’ and urged us
not to detail specific technologies or
services, which are likely to change over
time to facilitate the development of
more efficient means of delivering the
same services. While a commenter
agreed with excluding telephones,
facsimile machines, and electronic mail
systems from the definition of
‘‘telehealth technologies’’ because the
commenter did not view them as
providing the required services, other
commenters asserted that these
technologies should not be included.
For example, a commenter explained
that these technologies do not constitute
‘‘telehealth technologies’’ as standalone
items but can be used to supplement a
telehealth encounter.
Several commenters were supportive
of including the broader range of
technologies considered in the OIG
Proposed Rule (e.g., software and data
plans). Commenters suggested that these
technologies, which alone will not
facilitate a telehealth encounter, may be
required by some patients to access
telehealth services. A commenter
asserted that the exception should
protect any type of technology as long
as it contributes to accomplishing the
telehealth service. The commenter also
urged OIG to consider that software
protected under the exception must be
easily downloadable, be easy to use for
patients, and meet HIPAA standards.
Another commenter supported
narrowly defining ‘‘telehealth
technologies’’ as the ‘‘interactive
communications system’’ necessary for
the telehealth service. According to the
commenter, a broader definition could
inappropriately induce a beneficiary to
consider in-home dialysis because of the
availability of technology benefits rather
than the clinical appropriateness of the
treatment approach. A commenter also
suggested that if necessary we include a
list of items ineligible for protection
under this exception.
Response: We agree with those
commenters that recommended a
broader definition that includes items
and services that facilitate telehealth
services because the goal of this
exception, as explained in the OIG
Proposed Rule, is to protect a wide
range of technologies to better support
in-home dialysis. Specifically, this final
rule modifies the definition of
‘‘telehealth technologies’’ by removing
references to specific types of
technology, limits on the type of
communication, and a requirement that
telehealth services be paid for by
Medicare Part B. We are revising
language to clarify that the definition
means technology used to support
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
communication between providers and
patients in instances when the
communication is distant or remote, and
when the communication is for
diagnosis, intervention, or ongoing care
management. For purposes of the
telehealth technologies exception to the
definition of ‘‘remuneration’’ authorized
under section 1128A(i)(6)(J) of the Act,
this final rule defines ‘‘telehealth
technologies’’ to mean hardware,
software, and services that support
distant or remote communication
between the patient and provider,
physician, or renal dialysis facility for
the diagnosis, intervention, or ongoing
care management. We note that the
revised definition includes all of the
technologies that we proposed would
constitute telehealth technologies and
be protected if all conditions of the
exception were met: that is, multimedia
communications equipment, including
audio and video equipment permitting
two-way, real-time interactive
communication with the patient.
The revised definition also now
includes technologies that we proposed
to specifically exclude from the
definition: Telephones, facsimile
machines, and electronic mail systems.
The final definition is technology
agnostic. We emphasize that the revised
definition retains the element that the
technology supports provider and
patient communication for diagnosis,
intervention, or ongoing care
management. Additionally, for a
donation of technology to be protected
it must meet all conditions of this
exception, not just satisfy the revised
definition of ‘‘telehealth technologies.’’
This includes the condition at
paragraph (10)(i) in 42 CFR 1003.110
that requires the telehealth technology
be provided for the purpose of
furnishing telehealth services related to
the recipient’s end-stage renal disease. If
a provider, physician, or facility
determines that a fax machine meets
this condition and the revised definition
(and the donation meets all other
conditions) then it would be protected
by this exception.
This modification is consistent with
the statutory exception and our
solicitation of comments in the
proposed rule. In the OIG Proposed
Rule, we proposed to define ‘‘telehealth
technologies’’ to encompass
‘‘multimedia communications
equipment’’ that included at a minimum
audio and video equipment with distant
site, interactive communications
functionality between patients and
physicians or practitioners. We
considered whether to broaden the
definition to include technology such as
software, webcams, data plans, and
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
broadband internet access that facilitate
a telehealth encounter and solicited
specific comments on the treatment of
telephones, facsimile machines, and
electronic mail systems.
We are modifying the definition to
focus on the functionality of the
technology to support telehealth rather
than specific types. The revised
definition is technology neutral to
provide flexibility to providers,
physicians, and renal dialysis facilities
to determine what telehealth technology
is needed for the purpose of furnishing
telehealth services related to an
individual’s ERSD. By ‘‘technology
agnostic,’’ we mean that the technology
is not limited to specific technologies or
services, which are likely to change over
time. For telehealth and virtual care
specifically, we believe a technologyagnostic approach is especially
important given, for example, the
widespread and rapid changes to
telehealth during the response to the
COVID–19 public health emergency.
This approach will also allow the
exception to continue to be available to
support telehealth services for ESRD
beneficiaries as technology evolves. We
recognize that the revised definition
will allow for a wider range of
technology to be provided to
beneficiaries than the proposed
regulatory text. We also recognize the
potential for ‘‘telehealth technologies’’
as defined more broadly in this final
rule to inappropriately induce patients
to pursue in-home dialysis over a
dialysis facility or select a particular
provider or physician. However, we
believe the risk is mitigated because the
exception is available for a defined set
of patients already receiving in-home
dialysis, marketing is not allowed, and
other conditions provide safeguards
against fraud and abuse.
The revised definition is supported by
the statutory exception in section
1128A(i)(6)(J) of the Act. The statute
gives the Secretary authority to define
‘‘telehealth technologies’’ and protects
technologies provided for the purpose of
furnishing telehealth services related to
the individual’s ESRD. The statute did
not limit the telehealth technology or
technology services under the exception
to any related Medicare definitions. In
contrast, section 1128A(i)(6)(J) of the
Act states that a provider of services or
a renal dialysis facility are defined as
those terms are used in title XVIII
(Medicare). ‘‘Telehealth technologies’’
in section 1128A(i)(6)(J) and the term
‘‘telehealth services’’ in 1128A(i)(6)(J)(ii)
do not include a reference to specific
statutory or regulatory definitions.
Therefore, the statute provides the
Secretary additional flexibility to
PO 00000
Frm 00185
Fmt 4701
Sfmt 4700
77867
interpret these terms differently than
any related Medicare definitions. We
similarly interpret the term ‘‘telehealth
services’’ differently than the scope of
telehealth services paid for by Medicare
Part B. For a more detailed discussion
of the term ‘‘telehealth services’’ used in
paragraph (10)(ii) in 42 CFR 1003.110,
see section III.C.1.e below.
Based on the statutory exception and
flexibility afforded by the statutory
exception and the response to our
solicitation on the appropriate scope of
technology covered by this exception,
we are modifying the definition in the
regulatory text of ‘‘telehealth
technologies’’ to focus on core
functionality to support telehealth
services and be technology agnostic. As
several commenters noted, telehealth
technologies are ineffective without the
ability to connect any device facilitating
telehealth services, and the purpose of
this exception would not be advanced
without those capabilities. We agree and
have expanded the definition of
telehealth technologies to include
services that support distant or remote
communication between the patient,
provider, or renal dialysis facility for
diagnosis, intervention, or ongoing care
management. For example, the finalized
definition would include internet
service or data plans.
We emphasize that although this
definition would encompass various
technologies, to receive protection
under the exception arrangements for
providing telehealth technologies to
beneficiaries must squarely satisfy the
other conditions in the exception,
including that the technologies are
provided for the purpose of furnishing
telehealth services related to the
recipient’s ESRD.
In this preamble we offer examples of
technology we view as within the scope
of the final definition of ‘‘telehealth
technologies.’’ We are not providing an
exhaustive list in regulatory text or
preamble to avoid inadvertently limiting
telehealth technologies that donors
determine are best suited to facilitate
telehealth services to beneficiaries with
ESRD and to allow for the evolution of
technology. We are not including a
condition related to ease of use for
telehealth technologies furnished to
patients, which we believe is a
consideration for the patient and the
clinician and is not needed as a fraud
and abuse safeguard. Parties would need
to comply with any other applicable
government regulations that address
ease of use or functioning of telehealth
technology. Similarly, HIPAA and other
Federal and State privacy and security
laws apply notwithstanding this
exception; therefore, we do not believe
E:\FR\FM\02DER3.SGM
02DER3
77868
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
an additional condition within this
exception is necessary.
Comment: Several commenters
asserted that limiting ‘‘telehealth
technologies’’ to two-way, real-time
interactive communications equipment
is overly narrow and could bar
protection of many beneficial
technologies that pose no greater risk
than technologies included in the
proposed definition. As an example,
some commenters suggested that
equipment used to monitor and report
data to physicians and dialysis facilities
(e.g., Bluetooth-enabled stethoscopes
and thermometers) would not qualify
under the proposed definition but could
provide valuable clinical benefits. A
commenter suggested that OIG follow
the example provided in the current
Kidney Care Choices Model operated by
the Innovation Center that allows the
use of asynchronous store-and-forward
technologies and the forwarding of
health history to a clinician for review
outside of a real-time interaction.
Several commenters recommended
including real-time (synchronous) and
store-and-forward (asynchronous) audio
and video platforms. A commenter
stated that an audio-only platform may
be appropriate to assess whether the
patient’s condition necessitates an office
visit.
Response: We agree with commenters
who suggest revising the definition to
include broader forms of technology,
including technologies that enable
asynchronous communications between
the patient and a distant site physician
or practitioner. We have revised the
definition of ‘‘telehealth technologies’’
to cover a more expansive range of
technology than the proposed
definition. This modification to the
definition would cover technology
based on its function, rather than
specific types of technology. This would
include equipment that could be used to
monitor and report data to physicians
and dialysis facilities (e.g., Bluetoothenabled stethoscopes and thermometers)
where appropriate, provided such
technologies satisfy the other conditions
of the exception. We believe the donor
of any protected telehealth
technologies—who per the terms of the
exception must be currently providing
the in-home dialysis, telehealth
services, or other ESRD care to the
patient—is in the best position to
determine whether real-time or
asynchronous information is
appropriate and whether such
technologies serve the purpose of
furnishing telehealth services related to
the recipient’s ESRD. We do not believe
the distinction between two-way, realtime technology and asynchronous
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
technology materially changes the fraud
and abuse analysis associated with
providing patients valuable technology.
Relatedly, we agree that some audioonly technology may be appropriate to
assess whether the patient’s condition
necessitates an office visit and could
contribute substantially to the provision
of telehealth services to a patient.
As explained above, the definition of
‘‘telehealth technologies’’ set forth in
this final rule is technology agnostic and
is not limited, for example, to
technologies used for two-way, real-time
interactive communication. We believe
this final definition will extend
protection to many of the specific
technologies identified by commenters
as long as other conditions of the
exception are met.
Comment: A commenter encouraged
OIG to define the minimum set of
capabilities required for a telehealth
physician visit to include at least realtime bidirectional video interaction
with audio. The commenter
recommended the definition for
‘‘telehealth technologies’’ include tools
such as peripheral devices or
applications that the physician deems
necessary to complete a proper
assessment of the patient during a
telehealth service, including remote
monitoring and asynchronous
messaging.
Another commenter recommended
OIG adopt the full definition of
‘‘interactive telehealth system’’ at 42
CFR 410.78 in lieu of the proposed
‘‘telehealth technologies’’ definition but
expand the definition to protect the use
of asynchronous technologies in certain
geographic areas (e.g., areas that are
medically underserved). The same
commenter also recommended
including peripheral or supporting
technology in the definition, which
could support the use of remote patient
monitoring.
Response: As described above, we
have modified the definition of
‘‘telehealth technologies’’ to clarify the
scope of technologies with telehealth
capabilities protected by this exception.
With respect to real-time bidirectional
video interaction with audio, we view
such technology as within the scope of
the proposed definition as well as the
definition finalized here. We also agree
with the commenter that the definition
should include tools such as peripheral
devices or applications that the
physician deems necessary to complete
a proper assessment of the patient
during a telehealth service. The
definition of ‘‘telehealth technologies’’
encompasses the peripheral or
supporting technologies for remote
patient monitoring noted by the
PO 00000
Frm 00186
Fmt 4701
Sfmt 4700
commenter. Asynchronous technologies
would also meet the definition of
telehealth technologies and could be
protected if all conditions of the
exception are met. For example, many
types of remote patient monitoring
technology are asynchronous and used
to support remote communication
between a patient and their physician
for diagnosis, intervention, and ongoing
care management. We did not propose
and are not adopting any geographic
limitation. Such restrictions are not
necessary due to the other safeguards in
the safe harbor, and further narrowing
the limited statutory exception is not
consistent with the statutory text (e.g.,
section 1128A(i)(6)(J) of the Act is not
connected to telehealth services paid for
by Medicare Part B, which are
historically subject to geographic
limitations).
We note that policies regarding what
constitutes a physician telehealth
service are outside the scope of this
rulemaking because it is limited to
requirements for an exception to the
Beneficiary Inducements CMP.
Comment: Another commenter
recommended aligning the exception
with the list of services payable under
the Medicare Physician Fee Schedule
when furnished via telehealth by
expanding the definition of ‘‘telehealth
technologies’’ to include
communications-based technologies in
addition to telehealth technologies.
Response: We believe the commenter
is referring to the telehealth
technologies used to furnish
‘‘communications technology-based
services’’ such as virtual check-in and
remote assessment services that are
separately billable under Medicare Part
B. As discussed above, we have revised
the definition of ‘‘telehealth
technologies,’’ and it would include
technologies that facilitate
communications for these services
including, by way of example, virtual
check-in services. This exception
protects a wide range of telehealth
technologies that are provided for the
purposes of furnishing remote or distant
services through various modalities,
including telehealth services, virtual
check-in services, e-visits, monthly
remote care management, and monthly
remote patient monitoring.
Consistent with this approach, as
explained more fully above, we have
modified the telehealth technologies
definition so that it is not dependent on
Medicare Part B payment for telehealth
services. Relatedly, as explained more
fully below, we are also modifying
paragraph 10(iii) under the definition of
‘‘remuneration’’ in 42 CFR 1003.110 so
that protection of telehealth
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
technologies is not conditioned on their
being provided for the purpose of
furnishing ‘‘telehealth services’’ paid for
by Medicare Part B.
c. Furnished by Specified Individuals
and Entities Currently Providing Care to
the Patient
Summary of OIG Proposed Rule:
Section 1128A(i)(6)(J) of the Act limits
the exception to technologies provided
‘‘by a provider of services or a renal
dialysis facility (as such terms are
defined for purposes of title XVIII) to an
individual with end-stage renal disease
who is receiving home dialysis for
which payment is being made under
part B of such title . . . .’’ We proposed
to implement this statutory provision in
two ways. First, we proposed to use the
precise statutory text in the introductory
text in paragraph (10) under the
definition of ‘‘remuneration’’ in 42 CFR
1003.110. Second, we proposed a
condition at paragraph (10)(i) that
interprets the statutory language so that
the exception would be available only to
the provider of services or the renal
dialysis facility that is currently
providing in-home dialysis, telehealth
services, or other ESRD care to the
patient. We explained that the intent of
this condition was to ensure that the
exception only protected the provision
of telehealth technologies to patients
with whom the provider or renal
dialysis facility had a prior clinical
relationship. A beneficiary has a prior
clinical relationship with the donor if
the patient is receiving home dialysis,
telehealth services, or other ESRD care
from the donor. We also specifically
solicited comment on this interpretation
recognizing that this limitation may
pose challenges.
We also sought comment on but did
not propose specific regulatory text for
whether we should interpret the
statutory exception to apply not only to
the ‘‘provider of services or the renal
dialysis facility (as those terms are
defined in title XVIII of the Act)’’ but
also ‘‘suppliers,’’ as defined in title
XVIII of the Act, so that the exception
would be consistent with the broader
goals to expand patient access to inhome dialysis care furnished by their
physician in section 50302(b) of the
Budget Act of 2018.
Summary of Final Rule: We are
finalizing, with modifications, the
proposed condition at paragraph (10)(i)
that interprets the statutory language so
that the exception would be available
only to the provider of services or the
renal dialysis facility that is currently
providing in-home dialysis, telehealth
services, or other ESRD care to the
patient. The final rule limits the
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
exception to telehealth technologies
furnished by a provider of services,
physicians, or a renal dialysis facility
currently providing in-home dialysis,
telehealth services, or other ESRD care
to the patients or has been selected or
contacted by the patient to schedule an
appointment or provide services.
Comment: Several commenters
supported both of our proposals
implementing section 1128A(i)(6)(J) of
the Act, including the interpretation
that the provision of telehealth
technologies is limited to patients with
whom the donors have a prior clinical
relationship. Several commenters
shared OIG’s concern that expanding
the exception to protect the provision of
telehealth technologies to new patients
or to patients who are not currently
receiving ESRD services or care from the
individual or provider of services or the
facility may result in inappropriate
steering.
However, another commenter
expressed concern that this
interpretation would be operationally
difficult to implement and could reduce
the benefits of the otherwise permissible
telehealth technologies. According to
the commenter, once patients have
selected a provider, they should not
have to wait for telehealth services
furnished through protected
arrangements until they are already
receiving in-home dialysis. The
commenter asserted that delaying
telehealth technologies in this context
may disrupt normal care delivery
methods.
Response: Consistent with section
1128A(i)(6)(J) of the Act and our
proposed interpretation, limiting the
exception to telehealth technologies
furnished by a provider of services,
physicians, or a renal dialysis facility
currently providing in-home dialysis,
telehealth services, or other ESRD care
to the patients is consistent with the
statutory language and an appropriate
safeguard against inappropriate steering
and patient recruitment. As such, we are
finalizing the introductory language of
paragraph (10) under the definition of
remuneration in 42 CFR 1003.110 as
proposed.
We also are finalizing the condition at
paragraph (10)(i) under the definition
for ‘‘remuneration’’ in 42 CFR 1003.110
with modifications. Specifically, we
have modified this condition by adding
the following clause: ‘‘or has been
selected or contacted by the individual
to schedule an appointment or provide
services.’’
We agree with the commenter who
suggested that once a patient has
selected a provider, physician, or
facility, the patient should be eligible to
PO 00000
Frm 00187
Fmt 4701
Sfmt 4700
77869
receive telehealth technologies. The
purpose of the proposed condition was
to limit the risk of the technologies
being used as a recruiting tool or to
facilitate the provision of unnecessary
services. However, because protected
telehealth technologies may not be
offered as part of any advertisement or
solicitation, we believe that making
telehealth technologies available to
patients who contact the provider,
physician, or facility on their own
initiative is sufficiently low risk to
warrant protection by this exception.
Thus a provider, physician, or facility
may offer or furnish telehealth
technologies to a patient with ESRD
who is receiving home dialysis paid for
by Medicare Part B after the patient
selects and initiates contact with a
provider, facility, or physician to
schedule an appointment or other
services.153 This approach is consistent
with our intent in the OIG Proposed
Rule to prevent arrangements from
being protected by the exception where
the donor does not have a preexisting
clinical relationship with the patient
and to reduce the risk of inappropriate
patient recruitment or marketing
schemes.
We view a patient reaching out to
schedule an appointment or other
services and asking whether assistance
in facilitating telehealth services might
be available as low risk in light of the
other conditions in the exception, such
as the limitation on advertisement and
solicitation discussed further below.
Patient-initiated contact is also
distinguishable from a provider, facility,
or physician initiating contact with a
new patient (or to the patient’s case
manager) and soliciting the patient to
elect in-home dialysis or to switch
providers, coupled with an offer of
telehealth technologies. The former
would be protected (if all other
conditions of the exception are met) and
the latter would not.
Comment: Several commenters
opposed extending the exception to
apply to suppliers as defined in title
XVIII of the Act because it could result
in telehealth technologies being offered
to patients without any provider
reviewing whether the technology is an
appropriate offering for the particular
patient’s clinical condition and, more
generally, increases the risk for
153 If a patient is unable to call a provider or
physician himself or herself, or has otherwise given
consent for a person (e.g., a family member, a case
manager, or a provider or supplier when the patient
is attending an appointment or receiving services)
to schedule appointments or upcoming services for
him or her, then a request for an appointment or
upcoming services made on behalf of the patient is
sufficient to meet the patient-initiated contact
requirement.
E:\FR\FM\02DER3.SGM
02DER3
77870
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
inappropriate use or offering of
technologies. A commenter also asserted
that expanding protected donors to
include protection for suppliers is not
consistent with congressional intent. A
commenter asserted that protection
under the exception should be limited
only to nephrologists and dialysis
providers who are directly responsible
for the provision of care to home
dialysis patients.
Response: This final exception,
consistent with our solicitation in the
OIG Proposed Rule, protects telehealth
technologies provided by physicians as
defined in title XVIII of the Act who are
providing in-home dialysis, telehealth
services, or other ESRD care to the
recipient. This modification will be
included in the introductory language of
paragraph (10) and in paragraph (10)(i)
under the definition to remuneration in
42 CFR 1003.110. As explained in the
OIG Proposed Rule and further below,
this modification is consistent with
section 50302 of the Budget Act of 2018.
In particular, physicians—notably but
not exclusively nephrologists—are
central to the provision of telehealth
services related to ESRD care that would
be furnished using the telehealth
technologies, as described in the statute.
For example, without the inclusion of
physicians, telehealth technologies
furnished by a patient’s nephrologist
could not receive protection under this
exception.
As part of the Creating High-Quality
Results and Outcomes Necessary to
Improve Chronic Care Act of 2018,154
section 50302 of the Budget Act of 2018
amends section 1881(b)(3) of the Social
Security Act to permit an individual
with ESRD receiving home dialysis to
elect to receive their monthly ESRDrelated clinical assessments via
telehealth, if certain other conditions
are met. CMS implemented these
statutory changes through amendments
to 42 CFR 410.78 and 414.65.155 Under
those CMS rules, the newly covered
monthly ESRD-related clinical
assessments furnished via telehealth
would be provided by a physician at the
distant site who is licensed under State
law to furnish the covered monthly
ESRD-related clinical assessments.156 It
154 S.
870, 115th Congress (Sept. 26, 2017).
FR 59495 (Nov. 23, 2018).
156 42 CFR 410.78(b) specifies in part that
‘‘Medicare Part B pays for covered telehealth
services included on the telehealth list when
furnished by an interactive telecommunications
system if the following conditions (are met, such as)
. . . [t]he physician or practitioner at the distant
site must be licensed to furnish the service under
State law. The physician or practitioner at the
distant site who is licensed under State law to
furnish a covered telehealth service described in
this section may bill, and receive payment for, the
155 83
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
is consistent with the OIG Proposed
Rule and section 50302 of the Budget
Act of 2018 that this exception protect
the provision of telehealth technologies
offered by physicians (e.g.,
nephrologists) furnishing monthly
ESRD-related clinical assessments via
telehealth for patients receiving home
dialysis. Under the new CMS rules, the
physicians performing these clinical
assessments are well positioned to
understand what telehealth technologies
should be provided to the ESRD patient
for the purpose of furnishing telehealth
services.
We agree with commenters that
expanding the exception to a broad
range of practitioner types by using
‘‘suppliers’’ poses risk and, upon further
review, we see no support in the statute
for doing so. Section 1128J(i)(6)(J) of the
Act conditions protection on the
connection between the provider of
services or renal dialysis facility and
caring for an individual with ESRD. The
definition of ‘‘suppliers’’ in title XVIII
includes a physician or other
practitioner, a facility, or other entity
(other than a provider of services) that
furnishes items or services under this
title. That definition covers numerous
practitioner and entity types, many of
which are not providing ESRD services.
We are concerned that including these
practitioners and entities would not
further the ESRD-related purposes of the
exception, were not contemplated by
Congress, and could pose risk that these
parties would offer telehealth
technologies to steer beneficiaries to
select them as a supplier or to their
products and services. In light of that
risk and consistent with the section
1128J(i)(6)(J) of the Act, we are
finalizing the exception by including
‘‘physicians’’ but not ‘‘suppliers’’ (as
that term is defined in title XVIII).
Section 1861(r) of the Act defines the
term ‘‘physician.’’ That definition
includes a limited set of practitioners
including doctors of medicine or
osteopathy, doctors of dental surgery,
doctors of podiatric medicine, doctors of
optometry, and chiropractors. Under
this final exception, a physician must
meet this definition in 1861(r) of the Act
and, consistent with paragraph 10(i) in
42 CFR 1003.110, be providing in-home
dialysis, telehealth services, or other
ESRD care to the patient. Consequently,
it is unlikely that all practitioner types
under 1861(r) would be eligible for
protection for providing telehealth
technologies under this exception. For
example, it is unlikely that dental
surgeons, doctors of podiatric medicine,
service when it is delivered via a
telecommunications system.’’
PO 00000
Frm 00188
Fmt 4701
Sfmt 4700
or chiropractors would be providing
telehealth services to ERSD patients.
d. Prohibition on Advertisement or
Solicitation
Summary of OIG Proposed Rule: We
proposed to incorporate the statutory
requirement in section 1128A(i)(6)(J)(i)
of the Act that the telehealth
technologies are not offered as part of
any advertisement or solicitation. We
proposed to interpret the terms
‘‘advertisement’’ and ‘‘solicitation’’
consistent with their common usage in
the health care industry.
Summary of Final Rule: We are
finalizing this condition as proposed.
Comment: A commenter expressed
support for the proposal precluding the
protection of telehealth technologies
offered as part of an advertisement or
solicitation.
Response: We are including this
protection in the final rule, consistent
with the statute. As stated in the OIG
Proposed Rule, we interpret the terms
‘‘advertising’’ and ‘‘solicitation’’
consistent with prior rulemakings. We
emphasize that whether a particular
means of communication constitutes an
advertisement or solicitation will
depend on the facts and
circumstances.157
Additionally, consistent with our
interpretation in the OIG Proposed Rule,
we note that it is important for patients
to receive information about their health
care options, and that not all
information provided to beneficiaries is
advertising or solicitation. Stakeholders
should interpret the terms
‘‘advertisement’’ and ‘‘solicitation’’
consistent with their common usage in
the health care industry.
e. Provided for the Purpose of
Furnishing Telehealth Services Related
to an Individual’s End Stage Renal
Disease
Summary of OIG Proposed Rule: We
proposed to interpret the condition at
section 1128A(i)(6)(J)(ii) of the Act that
the telehealth technologies are provided
‘‘for the purpose of furnishing telehealth
services related to the individual’s
[ESRD]’’ to mean that the technologies:
(i) Contribute substantially to the
provision of telehealth services related
to the individual’s ESRD; (ii) are not of
excessive value; and (iii) are not
duplicative of technology that the
beneficiary already owns if that
technology is adequate for telehealth
purposes. We proposed to interpret
‘‘telehealth services related to the
individual’s ESRD’’ to mean only those
telehealth services paid for by Medicare
157 81
E:\FR\FM\02DER3.SGM
FR 88373 (Dec. 7, 2016).
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Part B. We stated that we would
consider technology to be of excessive
value if the retail value of the
technology were substantially more than
required for the telehealth purpose.
We sought comment on but did not
propose regulatory text on the following
issues: (i) Whether we should require
that the person furnishing the telehealth
technologies make a good faith
determination that the individual to
whom the technology is furnished does
not already have the necessary
technology and that such technology is
necessary for the telehealth services
provided; (ii) whether we should adopt
a more restrictive exception that would
protect technologies that provide the
beneficiary with no more than a de
minimis benefit for any purpose other
than furnishing telehealth services
related to the individual’s ESRD; (iii)
whether we should adopt a different
standard that would protect telehealth
technologies only when furnished
predominantly for the purpose of
furnishing telehealth services related to
the individual’s ESRD; and (iv) whether
the exception should require the
provider or facility to retain ownership
of any hardware and make reasonable
efforts to retrieve the hardware once a
beneficiary no longer needs it for the
permitted telehealth purposes.
Summary of Final Rule: We finalizing
this condition, with modification, to use
the statutory language in section
1128J(i)(6)(J)(ii) of the Act. We are
finalizing this condition consistent with
the statutory exception to read: The
telehealth technologies are provided for
the purpose of furnishing telehealth
services related to the individual’s endstage renal disease.
Comment: Several commenters
supported our interpretation of section
1128A(i)(6)(J)(ii) of the Act as proposed.
Commenters appreciated what they
believed to be meaningful guardrails to
ensure that the provision of telehealth
technology does not serve as an
inducement to select a particular
provider and shared our concerns
regarding the potential for providers to
offer such remuneration to steer patients
with whom they do not have a prior
clinical relationship to themselves.
Some commenters argued that our
proposed interpretation of ‘‘for the
purpose of furnishing telehealth
services related to the individual’s
[ESRD]’’ was more restrictive than the
statutory language required. For
example, a commenter supported
removing the word ‘‘substantially’’ from
the phrase ‘‘contributes substantially to
the provision of telehealth services,’’
observing it adds a restriction that does
not appear expressly in the statute.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
A commenter noted that certain
telehealth technologies may have some
benefit to a patient beyond facilitating
telehealth services related to the
individual’s ESRD, but most uses can be
limited from a technical standpoint. For
those services for which it would not be
feasible to limit use, such as data
services, the commenter believed that
such services could be provided based
on a patient’s clinical need, geographic
need, or both, and removed when the
patient no longer has a clinical or
geographic need for the services (e.g.,
the patient is no longer treated in the
home).
Response: We are not finalizing our
proposed language. Instead, we are
modifying this condition to use the
statutory language in section
1128J(i)(6)(J)(ii) of the Act. We agree
with commenters that the proposed
condition added additional
requirements not included in the
statute. To the extent that the exception
needed additional safeguards, the
Secretary has the authority to
implement those under section
1128J(i)(6)(iii) of the Act. Therefore, we
are finalizing this condition consistent
with the statutory exception to read:
The telehealth technologies are
provided for the purpose of furnishing
telehealth services related to the
individual’s end-stage renal disease.
As explained in the OIG Proposed
Rule, we have concerns about the
provision of valuable technology
improperly inducing a beneficiary to
choose a particular provider, physician,
or facility. The limited nature of the
exception and the conditions finalized
in this rule provide reasonable and
necessary safeguards against fraud and
abuse. For example, the conditions at
paragraphs 10(i) and (ii) work together
to prevent protection under the
exception if the provider, physician, or
renal dialysis facility is marketing or
using the potential provision of
technology to induce and obtain new
patients.
Based on the statutory language and
matching condition finalized here, we
believe a wide range of technologies
could be protected. However, we
emphasize that a determination
regarding whether the provision of
telehealth technologies meets the
condition at paragraph 10(ii) in the
definition of ‘‘remuneration’’ at 42 CFR
1003.110 requires a case-by-case
assessment of the functionality of the
technologies to be provided and
telehealth services being furnished to
the ESRD patient.
We are not including a condition as
suggested by the commenter that would
require a donor to technically limit the
PO 00000
Frm 00189
Fmt 4701
Sfmt 4700
77871
telehealth technologies provided. Under
this condition and the definition of
‘‘telehealth technologies’’ as finalized,
technologies that are multifunctional
and have purposes in addition to
furnishing telehealth services related to
the individual’s ESRD are not precluded
and may be protected. For example, this
condition could protect a tablet that a
patient would use to access telehealth
services for their ESRD care, even
though the tablet has other purposes or
functionalities (e.g., ability to download
any mobile application) as long as such
provision meets all conditions of the
exception.
Comment: Several commenters
opposed OIG’s considered interpretation
of this statutory condition—‘‘the
telehealth technologies are provided for
the purpose of furnishing telehealth
services related to the individual’s
[ESRD]’’—that would restrict telehealth
technologies to those that do not
provide the beneficiary with more than
a de minimis benefit outside of the
telehealth services related to the
individual’s ESRD. Commenters
suggested that such a condition would
limit access to needed technology, add
unnecessary burden and uncertainty, or
impede the objective of expanding inhome dialysis patients’ use of telehealth
services. A commenter recognized that
allowing devices with non-health care
functions could be considered an
inducement but highlighted that
patients who receive such devices also
must accept the obligations and
responsibilities of home dialysis, which
the commenter believes serves as an
appropriate safeguard.
Another commenter expressed
concerns that the de minimis benefit
standard might create complications for
patients with multiple health needs that
could be fulfilled by the same device,
and the commenter asserted that it
would not be a good use of resources for
a patient to be prescribed two separate
digital health tools when one would
meet all of the patient’s clinical needs.
Response: We agree with commenters
and are not finalizing a de minimis
benefit standard in this exception.
Comment: Several commenters
supported prohibiting providers from
giving patients telehealth technologies
for home dialysis that are of excessive
value or duplicative of technology that
the beneficiary already owns. A
commenter found these guardrails
particularly important given the limited
number of vendors currently offering
home dialysis equipment and supplies.
The commenter asserted that the limited
competition in the home dialysis market
would make acquisition costs of
telehealth technologies particularly
E:\FR\FM\02DER3.SGM
02DER3
77872
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
significant for small and independent
providers who lack market share
advantages used in negotiations with
vendors. Another commenter requested
further clarification on what donations
would be considered of ‘‘excessive
value.’’
Response: For the reasons noted
above, we are finalizing paragraph
(10)(iii) in 42 CFR 1003.110 to mirror
the statutory language at section
1128J(i)(6)(J)(ii) of the Act, without a
requirement that the telehealth
technologies not be of excessive value.
Additionally, we are not finalizing a
condition elsewhere that requires the
telehealth technologies not be of
excessive value. The limited nature of
the exception and the other conditions
provide appropriate safeguards.
The value of the telehealth
technologies provided to a patient may
be a fact or circumstance used to assess
whether the provision of such
technology meets the finalized
condition at paragraph 10(iii) in the
definition of ‘‘remuneration’’ at 42 CFR
1001.130. In other words, depending on
the facts and circumstances, technology
of excessive value could indicate that
the technology is not being provided for
the purpose of furnishing telehealth
services related to the individual’s
ESRD. Excessively valuable technology
beyond what is reasonable for
furnishing telehealth services related to
ESRD could also indicate that the
technology is part of a prohibited
advertisement or solicitation under
paragraph (10)(ii).
As stated in the OIG Proposed Rule,
providing telehealth technology with
substantial independent value might
serve to inappropriately induce the
beneficiary. In the context of this
exception, that risk materializes because
excessive value of the telehealth
technology may make the purpose of the
donation suspect and call into question
whether it is related to furnishing
telehealth services. For example, if a
$50 per month data plan would
facilitate the connection needed for the
patient to access telehealth services, the
provision of a $100 per month data plan
might raise concerns that the data plan
is being offered for a purpose other than
access to telehealth services. Similarly,
if the donor knows that the patient
already has a data or internet service
plan that would facilitate the furnishing
of telehealth services and furnishes such
a plan anyway, a question could arise
about the purpose of the remuneration
to the patient.
Comment: A commenter stated that if
telehealth technologies are provided for
the purpose of furnishing telehealth
services related to the individual’s end-
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
stage renal disease, and if the donated
telehealth technologies meet the other
elements of the exception, no dollar
value limit should be necessary because
the purpose cannot be to induce
beneficiaries to select particular
providers. Two other commenters
recommended including a condition
requiring the recipient’s payment of at
least 15 percent of the offeror’s cost for
the in-kind remuneration. Another
commenter recommended a $500
annual cap to ensure the technology did
not act as an inducement for referrals.
Response: We did not propose a
contribution requirement or an annual
monetary cap. We believe the
combination of safeguards we are
finalizing implement the statutory
conditions in section 1128A(i)(6)(J) of
the Act and safeguard against risks of
fraud and abuse.
Comment: Related to the proposed
requirement that the telehealth
technologies be necessary and
nonduplicative of technology the
patient already has, a commenter stated
that a patient’s existing personal use
technology may have some of the
necessary capabilities but also may lack
all components necessary to be reliable
and fully functional for accessing
telehealth services. The commenter
further asserted it would not be efficient
or practical to require that the provider
furnish additional necessary
components to the patient’s existing
technology—and any associated
installation and support services—to
make it fully capable of accessing
telehealth services. For example, the
commenter referenced a patient who has
a personal computer without video
capabilities. The commenter surmised
that it is more logical and cost-effective
to provide a ready-to-use integrated
device focused solely on their ESRD
clinical assessments and related ESRD
care support to the patient instead of
trying to retrofit the computer, which
could involve identifying and installing
missing components and providing
technological support for this personaluse equipment. The commenter
recommended that if the patient’s
personal technology does not have all
the necessary components for
telehealth, provision of fully integrated
telehealth technology should be
protected under the exception.
Response: We are not finalizing a
requirement that the telehealth
technologies not be duplicative of
technology that the beneficiary already
owns in paragraph 10(iii) in the
definition of ‘‘remuneration’’ at 42 CFR
1001.130. This condition is being
finalized consistent with the statutory
condition at section 1128J(i)(6)(J)(ii) of
PO 00000
Frm 00190
Fmt 4701
Sfmt 4700
the Act. Additionally, we are not
finalizing a condition elsewhere that
requires the telehealth technologies not
be duplicative of technology that the
beneficiary already owns. The limited
nature of the exception and the other
conditions provide appropriate
safeguards.
Assessing whether telehealth
technologies would be duplicative of
technology that the beneficiary already
has may be a fact or circumstance used
to determine whether the provision of
such technology meets the finalized
condition at paragraph 10(iii) in the
definition of ‘‘remuneration’’ at 42 CFR
1001.130. For example, if a patient has
existing telehealth technology and is
already able to receive telehealth
services, providing the patient with
additional telehealth technology may
not have the purpose of furnishing
telehealth services. A true
determination would have to be based
on the specific facts and circumstances
of the additional provision of telehealth
technologies, including the telehealth
services provided to the patient and the
patient’s condition.
We highlight that if a patient’s
existing technology does not have all
the necessary components or
capabilities to support the telehealth
services, then those facts are favorable
in determining that the provision of
telehealth technology to that patient
meets the condition at paragraph
(10)(iii). With respect to the decision
between ‘‘retrofitting’’ a patient’s
existing technology or providing fully
integrated telehealth technology,
meeting this exception is not
specifically conditioned on whether the
technology is fully integrated or
retrofitted. In making a determination
about the technology to provide and
potential protection under this
exception, providers, physicians, and
renal dialysis facility will have to assess
the particular facts and circumstances
for that patient and the potential
technology. To be clear, we do not
intend for this exception to result in
providers, physicians, and renal dialysis
facilities that provide telehealth
technologies attempting to retrofit a
patient’s existing technology. To the
extent that technology already owned or
used by a patient with ESRD would not
be adequate for the telehealth services,
that fact weighs favorably in
determining that providing new
telehealth technology meets the
condition at 10(iii) under the definition
of ‘‘remuneration’’ in 42 CFR 1003.110.
Comment: Many commenters objected
to the proposed additional requirement
that the party furnishing the technology
make a good faith determination that the
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
individual to whom the technology is
furnished does not already have the
necessary telehealth technology. Some
commenters stated that the primary
proposal—that the technology is not of
excessive value and is not duplicative of
technology that the beneficiary already
owns if that technology is adequate for
the telehealth purposes—provides
adequate protection against technologies
being used as inducements for
duplicative or unnecessary telehealth
services. Other commenters supported
the proposed ‘‘good faith
determination’’ requirement. Another
commenter asked us to clarify what a
‘‘good faith’’ effort to determine that the
patient does not have the necessary
technology means, because the
commenter is concerned that this
provision could lead to increased
physician burden. A commenter stated
that requiring facilities or providers to
make a good faith determination
regarding whether the recipient already
has access to telehealth technologies
places a potentially ongoing burden to
investigate a home dialysis patient’s
personal life to ensure that they do or
do not possess such technology. The
commenter asked whether a facility or
provider must consistently audit patient
technology access to ensure that the
loaned or donated technology does not
become duplicative over time. The
commenter suggested that patients
should be able to opt out of telehealth
technologies furnished by a provider or
facility, even if specified in their plan of
care, because they already have access
to such technology. In this way, the
responsibility falls to the patient to
report access to technology, not on the
facility or provider to ensure that the
patient does or does not possess such a
device. Some commenters supported the
proposed additional ‘‘good faith
determination’’ requirement.
Response: We are not including a
condition in this final exception that
requires a good faith determination that
the individual to whom the technology
is furnished does not already have the
necessary telehealth technology.
Consistent with the discussion related
to the condition on duplicative
technology, we note that assessing
whether providing telehealth
technologies would be duplicative of
technology that the beneficiary already
has may be a fact or circumstance used
to determine if the provision of such
technology meets the finalized
condition at paragraph 10(iii) in the
definition of remuneration at 42 CFR
1003.110.
In response to the commenters’
questions regarding what constitutes a
good faith effort, we want to clarify that
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
this exception does not condition
protection on investigating the patient’s
personal life or auditing the technology
that a patient may already have
available. When determining whether
the provision of telehealth technology
meets this condition, specific facts and
circumstances about the patient will
need to be considered. This would
include the patient’s health condition,
telehealth services provided to the
patient, and how the telehealth
technologies support furnishing
telehealth services relating to the
patient’s condition. Most of the
information about the patient is likely
gathered as part of the clinical and
monthly assessments that patients
receiving in-home dialysis receive or is
gathered through the normal course of
patient and provider interaction about
the patient’s condition and treatment.
That said, nothing in this exception
prevents physicians, providers, and
facilities from asking patients about
their existing technology needs and
capabilities; nothing requires patients to
answer such inquiries. We would expect
that conversations about patients’
existing technology would inform
donors’ decision-making with respect to
furnishing telehealth technologies
consistent with this exception. We do
not prescribe how providers,
physicians, and facilities make the
determination whether providing
telehealth technologies meets the
condition that the technology be for the
purpose of furnishing telehealth
services related to the patient’s ESRD.
As modified, we do not believe this
final exception will increase provider,
physician, or renal dialysis facility
burden, nor expose patients to
unwarranted intrusions. Conditions of
this exception implement the statutory
exception in section 1128A(i)(6)(J) of the
Act. The statutory exception gives
providers, physicians, and renal dialysis
facilities the flexibility to provide
telehealth technologies for the purpose
of furnishing telehealth services related
to patients’ ESRD. This may help
increase options for ESRD patients to
manage their care by making telehealth
more widely available. We also note that
use of this exception is voluntary.
Comment: A commenter
recommended that as a condition for
protection, the telehealth technology
provided to the patient should be
necessary for the provision of the
telehealth services and, where possible,
restricted to the functions that facilitate
the provision of care (e.g., a tablet that
can only be used for telehealth services),
and ensure a secure, safe, and
satisfactory user experience. However,
the commenter explained that some
PO 00000
Frm 00191
Fmt 4701
Sfmt 4700
77873
telehealth technologies may be
duplicative or overlap with technology
the patient may already have access to
and that the condition may result in an
overly burdensome patient intake
process, to include an accounting of all
of the patient’s technology (e.g., items in
a patient’s possession as well as the
operating systems and compatibility
with the telehealth offering). The
commenter suggested that instead of
protecting only nonduplicative
telehealth technologies, OIG limit
protected telehealth technologies to
what is reasonably necessary for the
furnishing of telehealth services and
require that providers, suppliers, and
facilities provide the patient with
disclosure language that the telehealth
equipment is provided for their ESRDrelated treatment and care, and that it is
the responsibility of the patient to use
the device for these specific purposes
only.
Response: We did not propose a
condition that the telehealth technology
be necessary for the provision of
telehealth services and are not finalizing
such a condition. As explained above,
we are also not finalizing a condition
that requires a good faith determination
that the individual to whom the
technology is furnished does not already
have the necessary telehealth
technology. We emphasize telehealth
technology is not protected unless the
technology is provided for the purpose
of furnishing telehealth services related
to the individual’s end-stage renal
disease.
We are not finalizing the condition
that would require the person who
furnishes the telehealth technologies to
take reasonable steps to limit the use of
the telehealth technologies by the
individual to the telehealth services
described on the Medicare telehealth
list. We agree with the commenter that
there may be practical and operational
challenges with such a requirement.
Additionally, the combinations of
safeguards finalized in this rule
appropriately protect against potential
fraud and abuse and this condition,
which we considered in the OIG
Proposed Rule, is not necessary.
Comment: A commenter expressed
support for our proposal to interpret
‘‘telehealth services related to the
individual’s [ESRD]’’ to mean telehealth
services paid for by Medicare Part B
because the proposal ensures that all
Part B telehealth services are treated
consistently by defaulting to the
statutory definition for telehealth
services. Another commenter suggested
that we clarify that, in order to qualify
for protection under the exception, the
telehealth technologies must be used for
E:\FR\FM\02DER3.SGM
02DER3
77874
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
the Part B clinical assessment and also
may be used for additional clinical
support and patient monitoring directly
related to the ongoing ESRD care.
Many other commenters urged us not
to adopt this interpretation, asserting
that it was too narrow. Commenters
noted that patients with ESRD could
benefit from telehealth services that
might not be covered by Part B—
including patient education, dietary
counseling, and monitoring vital signs—
that may assist with managing
comorbidities (which may or may not be
related to the patient’s ESRD) and
preventing further progression of kidney
disease. A commenter stated that while
the care provided via telehealth
technologies should be primarily related
to the management of ESRD, dialysis
providers are well-suited to treat the
‘‘whole person’’ with the assistance of
telehealth technologies. The commenter
sought to provide telehealth
technologies that might support virtual
ESRD management (e.g., nurse
assessment, social worker support,
dietician care), as well as telehealth
technologies that may address ESRDrelated issues and comorbidities
possibly included in value-based care
models (e.g., fistula evaluation and
specialty visits for comorbidity
management). Commenters also asserted
that protecting a broader range of
telehealth services would further the
Department’s goal of encouraging care
coordination and Congress’ intent in
enabling in-home dialysis. Some
commenters asserted that the statute
does not require limiting the telehealth
services to those paid for by Medicare
Part B. A commenter also noted that
payment for ESRD services under
Medicare Part B is through a bundled
payment and it is therefore impossible
to have the technology tied to any
particular reimbursed service.
Response: We are not finalizing our
proposed interpretation of ‘‘telehealth
services related to the individual’s
[ESRD]’’ to mean telehealth services
paid for by Medicare Part B. We did not
propose regulatory text to implement
this interpretation, and therefore, are
not making corollary modifications to
the regulatory text. We explain in more
detail below that we broadly interpret
the term ‘‘telehealth services’’ to apply
a wide range of services that are
provided with telehealth technologies.
However, we are not adopting a specific
definition of ‘‘telehealth services’’ for
this exception. We provide additional
explanation about our interpretation of
the term ‘‘telehealth services’’ below.
We agree with commenters that
section 1128A(i)(J)(6) of the Act does
not limit telehealth services to those
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
paid for by Medicare Part B. The
definition of ‘‘telehealth technologies’’
in section 1128A(i)(6)(J) and the term
‘‘telehealth services’’ in 1128A(i)(6)(J)(ii)
are not limited to related definitions in
Medicare. The statute provided the
Secretary flexibility to interpret these
terms differently than the Medicare
definitions in Title XVIII of the Act.
Consistent with the statutory
exception and for the purpose of this
exception, we are not limiting the term
‘‘telehealth services’’ to those that
would be paid for by Medicare Part B.
We recognize that this means providers,
physicians, and renal dialysis facilities
will have flexibility to determine
whether telehealth technologies are
provided for the purpose of furnishing
telehealth services related to the
individual’s ERSD. The limited nature
of the exception and the other
safeguards appropriately limit the risk
of fraud and abuse. For example, one
risk of inappropriate beneficiary
inducements is that they will lead to a
practitioner providing medically
unnecessary services to the patient. The
limited nature of this exception
mitigates that risk (e.g., this exception is
limited to Medicare Part B beneficiaries
receiving in-home dialysis). It is
unlikely that a beneficiary could be
induced to receive medically
unnecessary in-home dialysis to receive
free telehealth technologies. In-home
dialysis is invasive treatment and
requires significant up-front training.
Additionally, under the same sections
the beneficiary must be receiving inhome dialysis paid for by Medicare Part
B. That mitigates and provides
additional protection against providers,
physicians, and renal dialysis facilities
that seek to use telehealth technologies
to induce and bill for medically
unnecessary telehealth services related
to the patient’s ESRD condition. If the
provider is seeking to bill Medicare for
telehealth services that use telehealth
technologies protected by this
exception, those services must meet all
Medicare requirements, including
medical necessity. This exception does
not affect Medicare requirements for
ESRD services or telehealth services.
Furthermore, billing for medically
unnecessary telehealth services is not
protected by this exception and such
conduct would implicate criminal and
civil health care fraud statutes.
Therefore, this exception does not need
to link the term ‘‘telehealth services’’ to
those paid for by Part B as an additional
safeguard for the purposes of this
exception. To the contrary, we agree
with commenters that limiting
telehealth services to services currently
paid for by Medicare Part B would
PO 00000
Frm 00192
Fmt 4701
Sfmt 4700
unnecessarily limit the utility of the
exception to support patients’ ESRD
care and use of home dialysis. To the
extent that the telehealth services are
not billable to Medicare, there is
reduced risk that free telehealth
technology is being offered as an
inducement for billable services.
We are not finalizing a definition of
‘‘telehealth services’’ specific for this
exception. Instead, we are providing an
interpretation of the term in the
preamble of this rule. The exception
protects the provision of a broad range
of telehealth technologies, as we
explained above in the discussion of
that definition. If we were to limit the
term to telehealth services paid for by
Medicare Part B, then the types of
technology would be limited to those
identified in section 1834(m) of the Act
and 42 CFR 410.78 (i.e., audio and video
equipment permitting two-way, realtime interactive communication).
Similarly, if we were to define
‘‘telehealth services,’’ we might
inadvertently limit the scope of the
telehealth technologies definition that is
intended to be broad.
As stated previously, we intend for
this exception to apply to all types of
telehealth technology that are provided
for the purposes of furnishing distant or
remote services through various
modalities. At a minimum, such
services include the following types
covered by Medicare: Telehealth
services, virtual check-in services, evisits, remote care management, and
remote patient monitoring. To receive
protection, telehealth technologies do
not need to be provided for the purpose
of furnishing a payable Medicare service
related to the individual’s end-stage
renal disease.
To provide additional examples, this
exception would protect telehealth
technology provided for the purpose of
furnishing the following types of
telehealth services raised by
commenters as long as the arrangement
meets all conditions of the exception:
Virtual ESRD management (e.g., nurse
assessment, social worker support,
dietician care), patient education,
dietary counseling, and monitoring vital
signs. Other services not listed here may
also be considered telehealth services
for the purposes of this exception based
on the facts and circumstances of the
care being provided. Accepted clinical
and care practices for use of telehealth,
physician judgment, and patient and
caregiver needs and preferences with
respect to modalities would be relevant
considerations in assessing the
telehealth services under this specific
condition. This exception provides
significant flexibility to providers,
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
physicians, and renal dialysis facilities
to assess how telehealth technologies
can be provided to support a wide range
of telehealth services related to an
individual’s ESRD.
Again, this exception does not change
the coverage or payment requirements
related to the provision of these services
or submitting claims for reimbursement.
Even though this exception may protect
a physician, provider, or renal dialysis
facility from CMP liability for providing
a patient telehealth technology for the
purpose of furnishing telehealth
services, that does not mean the
physician, provider, facility, or any
other individual or entity can bill for
those services.
The other limitation in this condition
is that the telehealth technologies be
provided for the purposes of furnishing
telehealth services related to the
individual’s ESRD. In response to
commenters who recommended that
this include telehealth services that
address ESRD-related issues and
comorbidities, we agree that this
language is not specifically limited to
ESRD. We recognize that patients with
ESRD are likely receiving care for
comorbidities that affect their ESRD. It
would be difficult to define in this
Beneficiary Inducement CMP exception
criteria that a provider, physician, or
renal dialysis facility could apply to
assess whether a telehealth service is or
is not related to an individual’s ESRD.
We believe the appropriate approach is
to give health care providers flexibility
to make this determination reasonably
based on the specific facts and
circumstances of the patient’s condition
and telehealth services furnished to care
for such condition. Although not
required, we believe it would be a best
practice for the donor to document
contemporaneously how the telehealth
services relate to the individual’s ESRD
care, such as to management of care,
monitoring of health, or treatment,
potentially including reference to
appropriate clinical or other relevant
health or patient-reported indicators.
Furthermore, we note that several
other exceptions and safe harbors may
apply to certain items and services for
which commenters sought protection
under this exception, depending on the
facts and circumstances, such as the
patient engagement and support safe
harbor finalized in this rule at 42 CFR
1001.952(hh) and the exception to the
definition of ‘‘remuneration’’ under the
Beneficiary Inducements CMP for
certain remuneration that poses a low
risk of harm and promotes access to
care, 42 CFR 1003.110.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
f. Ownership and Retrieval of
Technology
Summary of OIG Proposed Rule: In
the OIG Proposed Rule, we considered
and sought comment on a condition that
would require the provider or facility to
retain ownership of any hardware and
make reasonable efforts to retrieve the
hardware once the beneficiary no longer
needs it for the permitted telehealth
purposes.
Summary of Final Rule: After a
consideration of relevant comments, we
are not finalizing this condition.
Comment: Many commenters on this
topic expressed support for the overall
concept of requiring the provider or
facility to retain ownership and make
reasonable efforts to retrieve the
hardware once the beneficiary no longer
needs it. Some commenters did not
support a requirement that the provider
or facility retain ownership. Some of
these commenters noted that the
concept of ownership in this context
may be rendered moot because the
useful life of the device may expire
during the period of use by the patient.
Some commenters also questioned the
utility of requiring retrieval of items that
are no longer state-of-the-art or
otherwise have minimal value. Many
commenters also expressed concern
regarding the administrative burden
associated with tracking and monitoring
compliance with a retrieval
requirement.
Many commenters on this topic
described potential scenarios in which
technology may be provided to a patient
who then ceases to need it (e.g., the
patient receives a transplant). In these
circumstances, commenters were
generally supportive of requiring the
provider or facility to retrieve the
technology. Several commenters
supported requiring ‘‘reasonable efforts’’
to retrieve the hardware in
circumstances when it will not harm the
patient, with exceptions for
circumstances when retrieval is
impractical, the hardware has greatly
reduced utility or value, or the patient
has died. A commenter also asserted
that if the hardware is provided in such
a way that the use is limited to
telehealth services, it will not provide
substantial independent value to the
beneficiary, and thus the failure to
retrieve after reasonable recovery efforts
does not create meaningful inducement
risks.
Response: We are not finalizing a
requirement that a provider, physician,
or facility retain ownership of the
technology. We also are not finalizing a
retrieval requirement. We note that the
condition that the telehealth
PO 00000
Frm 00193
Fmt 4701
Sfmt 4700
77875
technologies be provided to an
individual with ESRD and who is
receiving home dialysis for which
payment is being made under Medicare
Part B would necessitate termination of
technology services (e.g., recurring
monthly data plan fees or applications
that require ongoing subscription fees) if
the individual is no longer receiving
home dialysis payable by Medicare Part
B. Likewise, technology services would
need to be terminated if the patient is
no longer using them for ESRD-related
telehealth services. Further, the
exception does not protect sham
donations of technology given to
individuals to keep indefinitely.
g. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We
proposed to require as a condition of
protection under the exception that the
provider of services or a renal dialysis
facility not separately bill Federal health
care programs, other payors, or
individuals for the telehealth
technologies, claim the costs of the
telehealth technologies as a bad debt for
payment purposes, or otherwise shift
the burden of the costs of the telehealth
technologies to a Federal health care
program, other payors, or individuals.
Summary of Final Rule: We are not
finalizing this condition.
Comment: Commenters expressed
support for the proposed prohibition on
cost-shifting. No commenters expressed
opposition.
Response: Upon consideration of the
combination of safe harbor conditions
implemented by this final rule, we are
not finalizing the proposed cost-shifting
prohibition. We have concluded that the
combination of final conditions and the
limited-nature of this statutory
exception will adequately protect
against fraud and abuse risks, and an
additional safeguard related to costshifting is not necessary.
We proposed the cost-shifting
condition to protect against the
telehealth technologies resulting in
inappropriately increased costs to
Federal health care programs, other
payors, and patients. However, we do
not want to exclude arrangements from
this exception that involve furnishing
telehealth or other service to the ESRD
patient receiving in-home dialysis and
that are also billable to Medicare. We
recognize that those services, as long as
applicable Medicare rules are met, may
appropriately result in Medicare paying
for costs of certain telehealth
technologies or an appropriate increase
in certain Medicare costs.
We did not intend to suggest any limit
on appropriate billing of Federal health
care programs or other payors for
E:\FR\FM\02DER3.SGM
02DER3
77876
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
medically necessary items and services
furnished in connection with telehealth
technologies provided to ERSD patients
receiving in-home dialysis. If a provider
furnishes items or services that are
covered as part of a Federal health care
program, the provision of those items or
services alone would not implicate the
Federal anti-kickback statute at all.
However, there could be circumstances
under which a provider, when
furnishing covered items or services,
does give a Federal health care program
beneficiary something of value, or
remuneration, thereby implicating the
Federal anti-kickback statute. For
example, the Federal anti-kickback
statute would be implicated by a
provider waiving or reducing any
required cost-sharing obligations for the
covered items and services incurred by
a Federal health care program
beneficiary or providing ‘‘extra’’ items
and services—that is, that are not part
of the covered item or service—for free.
Furthermore, nothing in this rule
exempts parties from responsibility for
compliance with all applicable coverage
and billing rules.
Additionally, this final exception
covers a wider range of telehealth
technologies used to support the
furnishing of telehealth services than
types of technology used to provide
Medicare Part B covered ‘‘telehealth
services.’’ There may be other Medicare
covered services that would cover the
costs of telehealth technologies, as
defined in this exception, as part of a
service provided to a beneficiary
receiving in-home dialysis. For
example, the remote patient monitoring
services described by the chronic care
remote physiologic monitoring family of
codes are covered by Medicare Part B
but are not ‘‘telehealth services’’ within
the meaning of the Medicare statute.
However, remote patient monitoring
technologies would meet the definition
of ‘‘telehealth technologies’’ in this final
exception.
h. Other Potential Safeguards
i. Consistent Provision of Telehealth
Technologies
Summary of OIG Proposed Rule: The
OIG Proposed Rule considered several
other potential conditions for this
exception, including prohibiting
providers and renal dialysis facilities
from discriminating in the offering of
telehealth technologies. We solicited
comments on this potential safeguard
and whether it would limit the ability
of providers and facilities to offer
technologies due to the potential cost of
furnishing the technology to all
qualifying patients rather than a small
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
subset. We also solicited comments on
why offering technology to a smaller
subset of qualifying patients might be
appropriate and not increase the risk of
fraud and abuse.
Summary of Final Rule: We are not
finalizing this condition.
Comment: A few commenters
supported some form of a
nondiscrimination standard as
appropriate. On the other hand, several
commenters raised concerns regarding a
possible condition to the exception
requiring that a provider or facility
provide the same telehealth
technologies to any Medicare Part B
patient receiving in-home dialysis, or to
otherwise consistently offer telehealth
technologies to all patients, including
that the uniform provision of telehealth
technologies would be cost-prohibitive
for many providers and facilities and
could result in their decision not to offer
any telehealth technologies. Several
commenters encouraged us to adopt
more flexible standards that would
allow the provider or facility to exercise
discretion in offering telehealth
technologies to ensure that the patients
to whom they offer the technologies are
most likely to benefit from them.
At least one of these commenters
suggested that providers and facilities
be permitted to provide telehealth
technologies differentially to patients
based on clinical risk assessments,
clinical appropriateness determinations
from the patient’s physician, or other
clinical or means-based criteria, with
another commenter noting that it is
common for providers and payors to
focus interventions on higher risk or
higher cost patients. A dialysis provider
specified that they would like the
exception to protect the deployment of
certain technologies, such as remote
monitoring or wearable devices, to
specific patient populations that may
have higher assessed clinical risk, such
as patients that have experienced a
recent hospitalization event.
Other commenters supported the
approach of requiring providers or
facilities to consistently offer telehealth
technologies to all patients satisfying
specified, uniform criteria, and a
commenter requested that we make
clear that a provider or facility would
have flexibility to establish criteria
under which only a subset of patients
would be offered telehealth
technologies. A commenter noted that
legitimate criteria may include for
example patient mobility, access to
transportation options, financial status,
and health condition. A commenter
suggested that we identify and carve out
criteria that would not be appropriate,
such as the patient’s payor or provider.
PO 00000
Frm 00194
Fmt 4701
Sfmt 4700
A dialysis provider encouraged OIG to
ensure flexibility to provide and
customize certain telehealth technology
offerings to patients based on for
example means-based or rural location
needs, and to allow for changes
resulting in the development of new
technology. The commenter noted that
the availability and cost of data plans
and devices with wireless cellular
service may vary from location to
location, and thus a requirement to
furnish the same telehealth technologies
to all patients may not be feasible.
Response: We appreciate the
comments that explain why providing
the same telehealth technologies to any
Medicare Part B eligible patient
receiving in-home dialysis may be
impractical or impossible, and we are
not finalizing that condition. We also
are not finalizing a condition that would
require providers, physicians, and
facilities to consistently offer telehealth
technologies to all patients satisfying
specified, uniform criteria. As stated in
section III.C.1.a above, this is a narrow
statutory exception to the Beneficiary
Inducement CMP. Because the
exception finalized here is only
available to established patients who are
receiving specific services paid for by
Medicare Part B, the potential for fraud
and abuse is reduced.
We recognize that patient need for
technology may vary based on location,
availability of transportation, financial
status, diagnosis and treatment plan, or
other legitimate and appropriate factors.
We believe the donor is in the best
position to identify whether provision
of the technology is appropriate only to
a subset of patients receiving in-home
dialysis paid for by Medicare Part B. We
are providing additional flexibilities to
donors to determine which beneficiaries
receive telehealth technologies by not
finalizing this condition. The risk of
fraud and abuse associated with
selectively deciding which patients
receive telehealth technologies is
mitigated by other conditions finalized
in this rule (e.g., telehealth technologies
are protected only if provided to
beneficiary already receiving in-home
dialysis). Additionally, providers,
physicians, and facilities must still meet
Medicare requirements for services
provided to the beneficiary; they cannot
bill for medically unnecessary services.
Schemes to submit false claims would
implicate other criminal and civil fraud
statutes and would not be protected by
this exception to the Beneficiary
Inducement CMP.
Comment: Several commenters
encouraged us to adopt a standard that
allows for providing technology on an
as-needed basis, recognizing that some
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
patients may choose not to have
telehealth services and some patients
may prefer to use their own technology.
Other commenters encouraged us to
ensure patients retain the right to
choose whether to participate in
telehealth services or utilize telehealth
technology.
Response: The design of the final rule
allows providers to take into account
patient choice and preferences. We are
not finalizing a condition that would
have required physicians, providers,
and facilities to provide telehealth
technologies in accordance with
specified criteria applied uniformly. We
agree with commenters that patient
choice is paramount, and the decision to
select a home dialysis modality or
telehealth services related to the
patient’s ESRD rests with the patient.
Patients are under no obligation to
dialyze in the home or to receive
telehealth services, notwithstanding the
availability of telehealth technologies.
We emphasize that protected telehealth
technologies cannot be offered as part of
an advertisement or solicitation, nor
should offers of free telehealth
technology be made for the purpose of
persuading patients to make clinical
decisions about treatment modalities. In
such cases, the telehealth technologies
are not being provided for the purpose
of furnishing telehealth services as
required by the statute and this
exception.
ii. Notice to Patients
Summary of OIG Proposed Rule: In
the OIG Proposed Rule, we stated that
we were considering adding a condition
that would require providers or facilities
to provide a written explanation of the
reason for the technology and any
potential ‘‘hidden’’ costs associated
with the telehealth services to any
patient who elects to receive telehealth
technology. We considered this
condition in response to concerns raised
in comments submitted in response to
the OIG RFI 158 that patients may be
confused by the technology or the
reason they are receiving a piece of
technology and may be unaware of costs
associated with telehealth services. We
sought comment on these perceived
risks to patients, whether to include a
written notice requirement in the final
rule and, if so, what that notice should
state.
Summary of Final Rule: For the
reasons stated below, we are not
finalizing this requirement.
Comment: Most commenters on this
topic supported the principle of
providing information to patients, but
158 83
FR 43607 (Aug. 27, 2018).
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
commenters disagreed as to whether we
should adopt a formal notice
requirement as a standard for meeting
the exception. Some commenters
asserted that there was no need for a
formal notice requirement as a
condition of the exception because this
type of communication should be a part
of the normal physician-patient
relationship. Others stated that
conveying this type of information is the
current standard of medical practice for
home dialysis patients. Other
commenters supported having a formal
notice requirement as a condition of the
exception, emphasizing the need to
ensure patients have a clear and
transparent understanding of the care
they are receiving and the costs of such
care. A commenter requested that OIG
provide a sample of any required notice.
Response: We agree that patients need
to have a clear understanding of the care
they are receiving and the costs of such
care. However, we also agree with
commenters that this information
should be conveyed through the
physician-patient relationship or in the
normal facility-patient communications
for patients dialyzing at home. We are
not finalizing any notice requirement as
part of the exception. Parties are free to
provide written notice explaining the
reason for the technology and any
potential costs associated with the
telehealth services if they so choose.
iii. Patient Freedom of Choice
Summary of OIG Proposed Rule: The
OIG Proposed Rule considered a
condition to the telehealth technologies
exception designed to preserve patient
freedom of choice among health care
providers and the manner in which a
patient receives dialysis services (i.e.,
in-home or in a facility). Specifically,
we considered adding a condition to the
exception that would require offerors of
telehealth technologies to advise
patients when they receive such
technology that they retain the freedom
to choose any provider or supplier of
dialysis services and receive dialysis in
any appropriate setting.
Summary of Final Rule: As explained
below, we are not finalizing this
requirement.
Comment: Several commenters, while
supportive of patient autonomy and
ensuring that patients are aware of the
right to choose practitioners, providers,
suppliers, and dialysis modalities,
disagreed with additional
documentation requirements related to
informing patients of these rights for a
number of reasons. For example, one
commenter suggested that patients may
not wish to receive this information.
The commenter advocated instead for
PO 00000
Frm 00195
Fmt 4701
Sfmt 4700
77877
broader protections for freedom of
choice, such as a prohibition on
restricting referrals. Other commenters
highlighted the administrative burden of
additional documentation. Commenters
stated that notice already is part of the
provider and patient relationship,
noting that for certain facilities any
additional documentation requirement
would be duplicative of the notice
requirements found in the ESRD
Conditions for Coverage (CFCs). A
commenter requested a carve-out for
facilities that meet the requirement
under the CFCs. A commenter asserted
that it would not add sufficient value
that outweighs the burden of providing
a written explanation of the reason for
the technology and any potential
‘‘hidden’’ costs associated with the
telehealth services to any patient who
elects to receive telehealth technology.
Other commenters supported the
proposed requirement and asserted that
patients should be informed that they
have the choice whether to use
technologies and that their choice will
not in any way influence the care to
which they are entitled. Another
commenter suggested that this should
be standard information given to
patients receiving ESRD-related care,
regardless of the treatment modality
they use. The commenter shared a
concern raised that some patients may
be persuaded to opt for telehealth
services due to generous telehealth
technologies and services being offered
rather than clinical appropriateness, and
believes this step could prevent any
such inappropriate care from occurring.
One commenter proposed to further
clarify that the patient notice or patient
consent for use of telehealth
technologies include that the patient is
not required to utilize or accept the
provision of such technologies.
Response: We are not finalizing this
condition because we believe in part
that existing laws are better suited to
protecting patient freedom of choice and
the patient’s best interest than a
statutory-based exception to the
Beneficiary Inducement CMP, including
those discussed by the commenters.
Furthermore, discussion of clinical
appropriateness of in-home dialysis and
telehealth services related to a patient’s
ESRD is inherent in the physicianpatient relationship or facility-patient
relationship, which serves first-andforemost to protect the patient’s best
interest and preserve patient choice.
The condition finalized at paragraph
(10)(i) in 1003.110 limits the offer or
furnishing of telehealth technologies to
a patient that initiates contact with the
provider, facility, or physician to
schedule an appointment or other
E:\FR\FM\02DER3.SGM
02DER3
77878
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
service also supports patient autonomy,
and marketing is not allowed by the
condition at paragraph (10)(ii) in
1003.110. These conditions will help
preserve a patient’s choice to select any
provider, physician, or facility without
inappropriate influence from such
entities.
Comment: A commenter supported
informing recipients of their freedom to
choose any provider or supplier of
dialysis services but requested
clarification regarding whether
telehealth technologies furnished to
certain in-home dialysis patients would
also be covered under the exception to
the definition of ‘‘remuneration’’ for
items or services that promote access to
care and pose a low risk of harm to
Federal health care programs at
1128A(i)(6)(F) of the Act.
Response: As stated above, we believe
existing laws are better suited to
protecting patient freedom of choice and
nothing in this rule limits patient’s
freedom of choice. As we stated in the
OIG Proposed Rule, the provision of
telehealth technologies might qualify for
protection under other existing
exceptions or safe harbors. Whether a
particular arrangement for the provision
of telehealth technologies meets the
requirements of, for example, the
exception for arrangements that promote
access to care and poses low risk of
harm at 1128A(i)(6)(F) of the Act (and
the corresponding regulatory exception
at 42 CFR 1003.110) is a fact-specific
analysis beyond the scope of this
rulemaking. We note that parties are
also free to request an OIG advisory
opinion.
iv. Materials and Records Requirement
Summary of OIG Proposed Rule: We
did not propose a condition related to
the development or retention of
materials and records or another
documentation requirement but
solicited comments on the fraud and
abuse risks presented by not including
such a condition in this exception.
Summary of Final Rule: We are not
finalizing a materials and records
retention requirement.
Comment: Commenters agreed with
our approach to omit a materials and
records or other documentation
requirement. A commenter noted that
this approach reduces unnecessary
administrative burden. Another
commenter pointed to other
documentation requirements required
by law, highlighting that these obviate
the need for a documentation
requirement in this exception.
Response: We agree that omitting a
documentation requirement for this
exception may reduce administrative
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
burden for donors of telehealth
technologies. We believe that in the case
of telehealth technologies provided to
individuals with ESRD under this
exception, the absence of a
documentation requirement does not
materially impact the attendant fraud
and abuse risks. We note, however, that
while this exception is voluntary,
parties that rely on it have the burden
of demonstrating that all the conditions
are met. Maintaining documentation
that the provision of telehealth
technologies satisfies the exception’s
conditions may be prudent for
compliance purposes.
a. Other Offerors
Comment: Several commenters stated
that free and charitable clinics and
charitable pharmacies, especially in
rural areas, rely on the use of telehealth
technologies to provide access to
specialty care to uninsured and
medically underserved patients. The
commenters posited that eliminating
barriers to allow free and charitable
clinics and charitable pharmacies to
furnish telehealth technologies to
patients without implicating the
physician self-referral law or the Federal
anti-kickback statute would enhance
their ability to serve the target
population of uninsured and medically
underserved. The commenters suggest
that expanded access to telehealth
technologies would enhance health
equity and care coordination,
specifically for those who are uninsured
and in rural areas. Another commenter
was supportive of the exception and
suggested expansion to allow for the
provision of telehealth technologies by
behavioral health providers.
Response: We appreciate the
commenters’ suggestion that telehealth
technologies may benefit a broader
range of patients. Charitable clinics or
charitable pharmacies that meet the
conditions in paragraphs (10)(i) and (ii)
(e.g., a provider, physician, or renal
dialysis facility that is currently
providing the in-home dialysis,
telehealth services, or other end-stage
renal disease care to the patient or has
been selected or contacted by the
individual to schedule an appointment
or provide services) may be eligible to
protect the provision of telehealth
technologies under this exception. Such
a determination must be based on the
facts and circumstance of the specific
clinic or pharmacy, and whether the
provision of the telehealth technology
meets all conditions of the exception.
We note that several other exceptions
and safe harbors may apply to the
provision of telehealth technologies to
patients, depending on the facts and
PO 00000
Frm 00196
Fmt 4701
Sfmt 4700
circumstances, such as the patient
engagement and support safe harbor,
finalized in this rule at 42 CFR
1001.952(hh), and the exception to the
definition of ‘‘remuneration’’ under the
Beneficiary Inducements CMP for
certain remuneration that poses a low
risk of harm and promotes access to
care, found at 42 CFR 1003.110.
j. Recipient
Comment: A commenter stated that it
is critical to ensure that the provision
without charge of these same
technologies to nephrologists and other
treating physicians of home dialysis
patients is permissible under antikickback statute. The commenter
highlighted that every dialysis patient is
required to have an attending
nephrologist, and the nephrologist is the
only individual who is part of the
required care team who is not otherwise
employed by the dialysis provider.
Accordingly, the commenter urged us to
clarify that the dialysis provider can
also provide members of the care team
who are not employed by the dialysis
provider with the technology and
software necessary to accommodate
telehealth for dialysis patients.
Response: We appreciate the
commenter’s concerns, but the
commenter’s recommendations are
outside the scope of the statutory
exception we codify here, which is an
exception to the definition of
‘‘remuneration’’ under the Beneficiary
Inducements CMP. Specifically, the
regulatory exception we finalize here
implements the corresponding statutory
exception in section 50302 of the
Budget Act of 2018, which protects the
provision of telehealth technologies ‘‘to
an individual with end-stage renal
disease. . . .’’ This exception does not
protect remuneration between a dialysis
provider and other members of a
patient’s care team. As the commenter
notes, remuneration among and between
providers and practitioners may
implicate the Federal anti-kickback
statute. Parties seeking to protect such
arrangements may seek protection under
a safe harbor, such as the care
coordination arrangements safe harbor
finalized in this rule at 1001.952(ee).
Parties are also free to request an
advisory opinion pursuant to 42 CFR
1008 et seq. related to the facts and
circumstances described in this
comment.
Comment: A commenter requested
clarity regarding situations in which
technologies provided to beneficiaries
could also result in potential indirect
benefits to other providers who may be
in a referral source relationship with the
donor of the telehealth technologies,
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
including in the context of an integrated
care delivery system.
Response: We appreciate the
commenter’s concern. The Federal antikickback statute is a criminal statute
that serves as an important sanction
against fraud when parties intentionally
offer or pay kickbacks to influence
referrals. Any indirect benefit to a
provider who may be a referral source
for a donor would need to be analyzed
under the Federal anti-kickback statute
which, as explained above, is outside
the scope of the statutory exception to
the Beneficiary Inducements CMP that
we codify here. As a matter of law,
arrangements that fit in an exception to
the Beneficiary Inducements CMP are
not automatically protected from
liability under the Federal anti-kickback
statute. Parties seeking to protect
remuneration implicating the Federal
anti-kickback statute should assess
arrangements to determine if the
arrangement qualifies for protection
under a safe harbor.
IV. Provisions of the Final Regulation
This final rule incorporates the
regulations and amendments we
proposed in the OIG Proposed Rule, but
with changes to the regulatory text. In
this final rule, we modify existing as
well as add new safe harbors pursuant
to our authority under section 14 of the
Medicare and Medicaid Patient and
Program Protection Act of 1987 by
specifying certain payment practices
that will not be subject to prosecution
under the Federal anti-kickback statute.
We also codify into our regulations a
statutory safe harbor for patient
incentives offered by ACOs to assigned
beneficiaries under ACO Beneficiary
Incentive Programs and a statutory
exception to the definition of
‘‘remuneration’’ in 42 CFR 1003.110 for
certain telehealth technologies
furnished to in-home dialysis patients.
The following is a list of the safe
harbors and the exception that we are
finalizing: Modifications to the existing
safe harbor for personal services and
management contracts at 42 CFR
1001.952(d); modifications to the
existing safe harbor for warranties at 42
CFR 1001.952(g); modifications to the
existing safe harbor for electronic health
records items and services at 42 CFR
1001.952(y); modifications to the
existing safe harbor for local
transportation at 42 CFR 1001.952(bb); a
new safe harbor for care coordination
arrangements to improve quality, health
outcomes, and efficiency at 42 CFR
1001.952(ee); a new safe harbor for
value-based arrangements with
substantial downside financial risk at 42
CFR 1001.952(ff); a new safe harbor for
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
value-based arrangements with full
financial risk at 42 CFR 1001.952(gg); a
new safe harbor for arrangements for
patient engagement and support to
improve quality, health outcomes, and
efficiency at 42 CFR 1001.952(hh); a
new safe harbor for CMS-sponsored
model arrangements and CMSsponsored model patient incentives at
42 CFR 1001.952(ii); a new safe harbor
for cybersecurity technology and related
services at 42 CFR 1001.952(jj); a new
safe harbor for accountable care
organization (ACO) beneficiary
incentive program at 42 CFR
1001.952(kk); and an exception for
telehealth technologies for in-home
dialysis at 42 CFR 1003.110.
V. Regulatory Impact Statement
As set forth below, we have examined
the impact of this final rule as required
by Executive Order 12866, the
Regulatory Flexibility Act (RFA) of
1980, the Unfunded Mandates Reform
Act of 1995, Executive Order 13132, and
Executive Order 13771. In section A, we
provide an overview of our analysis of
the impact of this final rule. We also
provide additional supporting analysis
in section F.
Summary of OIG Proposed Rule: We
determined that the aggregate economic
impact of the proposals would be
minimal and would have no effect on
the economy or on Federal or State
expenditures. We also determined that
the proposals would not significantly
affect small providers. Further, we
determined that the rule was neither
regulatory nor deregulatory under
Executive Order 13771.
Summary of Final Rule: We are
finalizing the determinations set forth in
the OIG Proposed Rule except for the
determination under Executive Order
13771. Here we explain that this final
rule is a deregulatory action under
Executive Order 13771. In addition, we
provide additional explanation about
our determinations here.
A. Overview of Analysis
By making available the new
protections established in this final rule,
we expect health care industry
stakeholders will realize increased
flexibility and legal certainty when
entering into value-based, care
coordination, and other arrangements
that have the potential to reduce Federal
health care program expenditures and
improve the quality of care without
sacrificing program integrity. However,
we are unable to quantify—with
certainty—the overall aggregate impact
or effect on small providers related to
changes in industry behavior that we
can reasonably expect following the
PO 00000
Frm 00197
Fmt 4701
Sfmt 4700
77879
effective date of this final rule. Even so,
we believe that our final policies are
reasonably likely to permit, if not
encourage, behavior that will reduce
waste in the U.S. health care system,
including Medicare and other Federal
health programs, and that these changes
will result in lower costs for both
patients and payors, and generate other
benefits, such as improved quality of
patient care and lower compliance costs
for providers and suppliers. Below we
describe: (1) The need for new and
modified safe harbors and exceptions;
(2) an overview of the estimated impact
of the final rule; (3) anticipated
outcomes of the final rule; (4) expanded
protections under the final rule and
examples of anticipated arrangements;
(5) anticipated beneficial impact of
value-based, care coordination, and
patient engagement and support
arrangements; (6) anticipated beneficial
impact of the new safe harbor for
cybersecurity technology and services;
and (7) anticipated costs.
1. Need for New and Modified Safe
Harbors and Exceptions
The Federal anti-kickback statute
provides for criminal penalties for
whoever knowingly and willfully offers,
pays, solicits, or receives remuneration
to induce or reward, among other
things, the referral of business
reimbursable under any of the Federal
health care programs, including
Medicare and Medicaid. Health care
providers and others may voluntarily
seek to comply with safe harbors so that
they have the assurance that their
business practices will not be subject to
any Federal anti-kickback enforcement
action. Compliance with an applicable
safe harbor insulates an individual or
entity from liability under the Federal
anti-kickback statute. Parties may use
any applicable safe harbor into which
they can squarely fit.159 However,
failure to fit in a safe harbor does not
mean that an arrangement violates the
law.
The Beneficiary Inducements CMP
provides for the imposition of civil
monetary penalties against any person
who offers or transfers remuneration to
a Medicare or State health care program
(including Medicaid) beneficiary that
159 Existing safe harbors that may apply to some
care coordination and value-based arrangements
include the employee safe harbor (42 CFR
1001.952(i)), the personal services and management
contracts safe harbor (42 CFR 1001.952(d)), the
various managed care safe harbors (e.g., 42 CFR
1001.952(t)), and the local transportation safe
harbor (42 CFR 1001.952(bb)). However,
stakeholders have informed us that many
arrangements they would like to enter into cannot
fit in the existing safe harbors as currently
structured.
E:\FR\FM\02DER3.SGM
02DER3
77880
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
the benefactor knows or should know is
likely to influence the beneficiary’s
selection of a particular provider,
practitioner, or supplier of any item or
service for which payment may be
made, in whole or in part, by Medicare
or a State health care program
(including Medicaid). Compliance with
an applicable exception to the definition
of ‘‘remuneration’’ under the
Beneficiary Inducements CMP or
compliance with an exception or safe
harbor to the Federal anti-kickback
statute protects such practice from
liability under the Beneficiary
Inducements CMP.
In many cases, emerging coordinated
care and value-based delivery and
payment arrangements, which
encourage functional integration and
coordination between and among
providers and other industry
stakeholders, often using financial
incentives, may not fit easily or at all
under current safe harbors to the
Federal anti-kickback statute,
exceptions to the Beneficiary
Inducements CMP, or both. Many valuebased and care coordination
arrangements also rely on improving
patient engagement in care through
tools or supports (e.g., free or reducedcost technology, free local
transportation services), potentially
implicating both the Federal antikickback statute and the Beneficiary
Inducements CMP. Such tools or
supports may not fit easily (or at all)
under existing safe harbors to the
Federal anti-kickback statute or
exceptions to the definition of
‘‘remuneration’’ under the Beneficiary
Inducements CMP.
Public stakeholders have asserted—
through comments to both the OIG RFI
and OIG Proposed Rule, as well as other
public forums—that this lack of clear
legal protection has a chilling effect on
the development of effective care
coordination arrangements, value-based
arrangements, and arrangements
engaging or supporting patients. As a
consequence, this final rule provides
greater certainty and protection for care
coordination arrangements, value-based
arrangements, patient engagement tools
and supports, and other beneficial
arrangements from potential liability
under the Federal anti-kickback statute
and Beneficiary Inducements CMP (as
applicable), if the arrangements are
properly structured to satisfy an
applicable safe harbor’s or exception’s
conditions (as applicable).
2. Overview of Estimated Impact of the
Final Rule
There is not enough available
information to estimate this final rule’s
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
effect on the economy, Federal or State
expenditures, or small providers. In
other words, we are not able to provide
quantitative estimates of savings to or
expenditures for the Federal health care
programs, providers, and others that
will result from this final rule. More
specifically, we lack a basis for
determining the scope and magnitude of
financial arrangements for which parties
may seek safe harbor protection.
We lack a basis for making any
quantitative estimates for the following
reasons. First, we cannot estimate how
many providers and other industry
stakeholders will enter in value-based
and care coordination arrangements or
other arrangements protected by these
final safe harbors and exception. This is
in part because using and complying
with the safe harbors and exception to
the definition of ‘‘remuneration’’ under
the Beneficiary Inducements CMP
finalized here are voluntary. Indeed,
providing remuneration in the context
of a care coordination arrangement and
engaging Federal health care program
beneficiaries through the provision of
tools and supports are voluntary as well.
Stated otherwise, parties are not
required either to enter into financial
relationships that implicate the Federal
anti-kickback statute and Beneficiary
Inducements CMP, or to structure any
financial relationships that implicate
these statutes to satisfy a safe harbor or
exception, as applicable. Failure to
satisfy a safe harbor or exception, as
applicable, does not mean that an
arrangement is illegal under the Federal
anti-kickback statute or Beneficiary
Inducements CMP. Parties are free to
conduct financial arrangements that do
not fit within the protections set forth in
these final regulations provided that
they otherwise comply with the law.
Further, while parties often use safe
harbors and exceptions as tools to
structure compliant arrangements,
parties may also wait to assert
compliance with a safe harbor as a
defense should the Government bring an
enforcement action. For this reason, it is
further difficult to estimate usage of
these regulations.
Second, while we can provide
examples—as noted below—of
arrangements we believe health care
industry stakeholders may enter into
under the protection of these final safe
harbors and exception, we cannot
predict the form of all of the
arrangements, nor which industry
stakeholders will enter into what form
of arrangements. More specifically,
based on comments submitted by
stakeholders, our understanding of
currently existing value-based and care
coordination arrangements, and our
PO 00000
Frm 00198
Fmt 4701
Sfmt 4700
assumption that there will be continued
innovation, we expect significant
heterogeneity in value-based and care
coordination arrangements that seek
protection under these safe harbors and
exception. Applying a ‘‘conceptual
framework’’ developed by RAND
Corporation in an assessment of valuebased programs illuminates how the
attributes of value-based care and care
coordination arrangements could vary
across the industry, making any basis
for quantitative estimates regarding the
impact of the regulatory flexibilities set
forth in this final rule highly
speculative.160
In particular, the RAND conceptual
framework highlights how various
aspects of the arrangements for which
parties may seek safe harbor and
exception protection could differ,
including: (1) Overarching program
design features with respect to the
value-based arrangement (e.g.,
measures, incentive structure, targets for
incentives, and quality improvement
support and resources); (2) the
characteristics of the providers and the
settings in which they practice,
including whether or not the providers
are employees, as well as the
characteristics of other parties to the
arrangement; and (3) external factors
(e.g., other payment policies, other
quality initiatives, consumer behavior,
market characteristics, and regulatory
changes) that can enable or hinder any
response to the incentive. In addition,
we expect wide variation in the patient
populations served and their particular
needs with respect to care coordination
and tools and supports. To provide an
example related to external factors,
whether a provider might need to use
the patient engagement and support safe
harbor (paragraph 1001.952(hh)) may
depend on whether the beneficiary’s
Federal health care program covered the
desired tool and support. An
arrangement for the provision of digital
technology that is a covered item or
service, when provided in accordance
with coverage and payment rules, does
not likely require safe harbor protection
and additional regulatory flexibility in
this final rule. On the other hand, an
arrangement for the provision of
noncovered tools and supports for free
to a Federal health care program
beneficiary likely implicates the Federal
anti-kickback statute and may implicate
the Beneficiary Inducements CMP, may
need safe harbor protection, and would
160 Cheryl L. Damberg et al., RAND Corp.,
Measuring Success in Health Care Value-Based
Purchasing Programs (2014), available at https://
www.rand.org/content/dam/rand/pubs/research_
reports/RR300/RR306/RAND_RR306.pdf.
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
benefit from such flexibility. Variation
in coverage and payment rules and
changes in such rules over time impact
the analysis of the application of the
statutes to arrangements and whether
parties would seek to use the final
regulations.
In sum, any estimation of behavioral
change—and any resulting increases or
decreases in costs to Federal or State
health care programs, providers and
other stakeholders, or patients—would
be highly speculative and too uncertain
to be appropriately quantifiable. While
we cannot gauge with certainty savings
or costs that may result from this final
rule, the rule reflects our effort to
remove barriers impeding wider
adoption of beneficial care coordination
and value-based arrangements identified
by stakeholders, while prohibiting
arrangements that would improperly
increase utilization, promote anticompetitive behavior, or result in fraud
or abuse. Below we elaborate on the
intended and anticipated beneficial
outcomes related to the final rule as
well as some potential costs.
3. Anticipated Outcomes of the Final
Rule
We can reasonably predict, however,
that the final rule likely will result in
changes to stakeholder behavior. The
rule may increase providers’ or others’
participation in beneficial value-based,
care coordination, patient engagement
and support, and other arrangements to
the extent that providers or others have
been concerned that such arrangements
would otherwise implicate the Federal
anti-kickback statute and Beneficiary
Inducements CMP. In this regard, and
with respect to the intended outcomes
and benefits related to this final rule, we
anticipate that the policies in this final
rule may: (1) Remove barriers to robust
participation in beneficial value-based
health care delivery and payment
systems, including those administered
by CMS and non-Federal payors; (2)
facilitate arrangements for beneficial
patient care coordination among
affiliated and unaffiliated health care
providers, practitioners, suppliers, and
others; (3) remove barriers to providing
tools and supports to patients to better
engage them in their care and improve
health outcomes; (4) provide certainty
for participants in the Medicare Shared
Savings Program and Innovation Center
models; (5) facilitate the continued
adoption and use of electronic health
records by making permanent the safe
harbor for the donation of such items
and services; and (6) promote more
robust cybersecurity throughout the
health care system. Some of the benefits
that we anticipate will arise from these
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
intended outcomes are: (1) Improved
care coordination for patients, including
Federal health care program
beneficiaries; (2) improved quality of
care and outcomes for patients,
including Federal health care program
beneficiaries; (3) potential reduction in
compliance costs to individuals and
entities to which the Federal antikickback statute’s and Beneficiary
Inducements CMP’s prohibitions apply;
(4) reduction in administrative
complexity and related waste from
continued progress toward
interoperability of data and electronic
health records; (5) protection against the
corruption of or access to health records
and other information essential to the
safe and effective delivery of health
care; and (6) reduction in impacts of
cybersecurity attacks, including the
improper disclosure of protected health
information (PHI), and reduction in
costs associated with cybersecurity
attacks, including ransom payments,
costs to patients whose PHI is
improperly disclosed, and costs to
providers, suppliers, and others to
reestablish cybersecurity.
With respect to the final rule’s impact
on parties currently participating in the
Medicare Shared Savings Program and
Innovation Center models, we have
determined that this Final Rule would
not significantly alter the conditions
upon which such providers and
suppliers operate. Such parties
currently must comply with the fraud
and abuse statutes and receive fraud and
abuse waivers as needed for CMS to
operate the Medicare Shared Savings
Program and test models, as authorized
by statute. Finalizing safe harbors
protecting value-based arrangements,
care coordination, and certain patient
engagement tools and supports would
not significantly alter these conditions.
This is particularly true in light of the
new final safe harbor for CMSsponsored models, which is designed to
streamline the current fraud and abuse
waiver process and make model
participation more uniform with respect
to compliance with fraud and abuse
laws.
4. Expanded Protections Under Final
Rule and Examples of Anticipated
Arrangements
As explained in greater detail in the
preamble above, this final rule expands
safe harbor protection under the Federal
anti-kickback statute to protect the
following types of arrangements that, in
most cases, would not fit squarely or
with certainty in existing safe harbors:
• Certain remuneration exchanged
between or among eligible participants
in a value-based arrangement that
PO 00000
Frm 00199
Fmt 4701
Sfmt 4700
77881
fosters better coordinated and managed
patient care.
• Certain tools and supports
furnished to patients to improve quality,
health outcomes, and efficiency.
• Certain remuneration provided in
connection with a CMS-sponsored
model.
• Certain donations of cybersecurity
technology and services.
• Certain donations of electronic
health records items and services.
• Certain outcomes-based payments
and remuneration in connection with
part-time personal services and
management contracts arrangements.
• Certain remuneration in connection
with bundled warranties for one or more
items and related services.
• Certain free or discounted local
transportation given to Federal health
care program beneficiaries.
In addition, this final rule extends
protection under the Beneficiary
Inducements CMP to protect certain
‘‘telehealth technologies’’ furnished to
certain in-home dialysis patients.
Based on the Department’s experience
with the Medicare Shared Savings
Program and Innovation Center models,
information provided by commenters on
the OIG RFI and the OIG Proposed Rule,
and information shared publicly by
providers, suppliers, practitioners,
health plans, and others, following the
issuance of this final rule we reasonably
expect parties may seek protection
under the final safe harbors and
exception such as the following:
• A hospital—in recognition that new
reimbursement models may extend
hospital accountability for a patient’s
health beyond inpatient or outpatient
care—may wish to provide recently
discharged patients with free health
coaching, technology that facilitates
remote monitoring, a non-reimbursable
home visit, or nutritional supplements
to promote the best health outcomes
after discharge.
• A hospital, recognizing that clinical
collaboration and care coordination may
improve patient transitions from one
care delivery point to the next, may
wish to provide care coordinators that
furnish individually tailored case
management services for patients
requiring post-acute care.
• A medical device manufacturer may
wish to offer a physician practice or
hospital a data analysis service to track
clinical practices, clinical outcomes,
and patient impact as they relate to
hospital- or health-care-acquired
pressure injuries.
• A hospital may wish to provide
support and to reward institutional
post-acute providers for achieving
outcome measures that effectively and
E:\FR\FM\02DER3.SGM
02DER3
77882
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
efficiently coordinate care across care
settings and reduce hospital
readmissions. Such measures would be
aligned with a patient’s successful
recovery and return to living in the
community.
• A physician may wish to offer—for
free— a prescription pickup service to
retrieve filled prescriptions from the
pharmacy and get them to the patient to
expedite the patient’s adherence to the
physician’s ordered treatment.
• A primary care physician, dialysis
facility, or other provider could furnish
a smart tablet that is capable of twoway, real-time interactive
communication between the patient and
his or her physician. In turn, the Federal
health care program beneficiary’s access
to a smart tablet could facilitate
communication through telehealth and
the provision of in-home dialysis
services.
5. Anticipated Beneficial Impact of
Value-Based, Care Coordination, and
Patient Engagement and Support
Arrangements
As explained further below, to the
extent that providers and others elect to
use these safe harbors and exception to
the definition of ‘‘remuneration’’ under
the Beneficiary Inducements CMP to
protect care coordination, value-based,
and other arrangements, there could be
significant beneficial impacts should the
intended effect of the regulatory
flexibilities afforded by this final rule—
promoting the adoption of beneficial
value-based arrangements and improved
care coordination—come to fruition.
As noted above, we are unable to
quantify with certainty any impact
related to the changes in industry
behavior that we can reasonably expect
following the effective date of this final
rule. Despite the inability to quantify
impact, we believe that the value-based
arrangements, care coordination
arrangements, and patient engagement
and support arrangements protected by
this final rule ultimately will reduce
waste in the U.S. health care system.
In particular, a recent review of
literature from January 2012 to May
2019 focusing on unnecessary spending,
or waste, in the U.S. health care system
(the 2019 study) indicates that waste
related to the failure of care
coordination alone results in annual
costs of $27 billion to $78 billion.161
Much of the research on waste and
improvement reviewed in the 2019
study was conducted in Medicare
populations. The 2019 study noted
empirical evidence that interventions,
such as aligning payment models with
value or supporting delivery reform to
enhance care coordination, safety, and
value, can produce meaningful savings
and reduce waste by as much as half.
The 2019 study also identified waste
from administrative complexity
(resulting from fragmentation in the
health care system) as the greatest
contributor to waste in the U.S. health
care system at an estimated $266 billion
annually, and highlighted the
opportunity to reduce waste in this
category from enhanced payor
collaboration with health care providers
and clinicians in the form of valuebased payment models. According to
the 2019 study, as value-based care
continues to evolve, there is reason to
believe that such interventions can be
coordinated and scaled to produce
better care at lower cost for all U.S.
residents. Moreover, in value-based and
care coordination arrangements,
improvements could reduce waste
related to overtreatment and low-value
care, a separate category of waste in the
U.S. health care system.
OIG studies regarding the Medicare
Shared Savings Program and
participating ACOs have found
beneficial impacts through improved
quality of care and reduced spending. A
June 2019 evaluation found that
Medicare Shared Savings Program ACOs
have developed a number of strategies
that the ACOs found successful in
reducing Medicare spending and
improving quality of care.162 These
strategies include, among others,
engaging beneficiaries to improve their
own health, reducing avoidable
hospitalizations and improving hospital
care through better care coordination,
and using technology for information
sharing. For example, one ACO in the
study used tablets to issue medication
reminders and digital scales to transmit
information directly to care coordinators
to help manage the health of
beneficiaries with end-stage congestive
heart failure. The ACO reported that
hospitalizations for this group declined,
on average, from four times a year to one
time. The evaluation observes that the
successful strategies can apply not only
to ACOs but also to other providers
committed to transforming the health
care system toward value.
An August 2017 OIG report analyzed
spending and quality data from the first
3 years of the Medicare Shared Savings
161 William H. Shrank et al., Waste in the US
Health Care System, Estimated Costs and Potential
for Savings, 322 JAMA 1501 (2019), available at
https://jamanetwork.com/journals/jama/fullarticle/
2752664.
162 OIG, ACOs’ Strategies for Transitioning to
Value-Based Care: Lessons From the Medicare
Shared Savings Program (OEI–02–15–00451), July
19, 2019. Available at https://oig.hhs.gov/oei/
reports/oei-02-15-00451.asp.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
PO 00000
Frm 00200
Fmt 4701
Sfmt 4700
Program to determine the extent to
which ACOs reduced Medicare
spending and improved quality.163
During the period studied, most of the
428 participating ACOs (serving 9.7
million beneficiaries) reduced Medicare
spending compared to their
benchmarks, achieving a net spending
reduction of nearly $1 billion. At the
same time, ACOs generally improved
their performance on most of the
individual quality measures. ACOs also
outperformed fee-for-service providers
on most of the quality measures. A
small subset of ACOs showed
substantial reductions in Medicare
spending while providing high-quality
care. These high-performing ACOs
reduced spending by an average of $673
per beneficiary for key Medicare
services during the review period. This
included significant spending
reductions for high-cost services such as
inpatient hospital care and skilled
nursing facility care. These ACOs also
maintained high use of primary care
services, which can lower utilization
and costs for other care, and reduced the
use of costly services such as emergency
department visits. In contrast, other
Medicare Shared Savings Program ACOs
and the national average for fee-forservice providers showed an increase in
per beneficiary spending for key
Medicare services.
In addition, we are aware that certain
other innovative value-based and care
coordination arrangements exist that
have resulted in cost savings for thirdparty payors, quality of care
improvements, or both.164 While we
cannot extrapolate these results to the
possible impact of this final rule, we
163 OIG, Medicare Shared Savings Program
Accountable Care Organizations Have Shown
Potential for Reducing Spending and Improving
Quality (OEI–02–15–00450), Aug. 28, 2017.
Available at https://oig.hhs.gov/oei/reports/oei-0215-00450.asp.
164 See e.g., Brian W. Powers et al., Impact of
Complex Care Management on Spending and
Utilization for High-Need, High-Cost Medicaid
Patients, 26 Am. J. Managed Care e57 (2020),
available at https://doi.org/10.37765/
ajmc.2020.42402 (finding, in a study of a complex
care management program implemented in
Tennessee for high-need, high-cost Medicaid
patients, that the program reduced total medical
expenditures by 37 percent and inpatient utilization
by 59 percent); Shreya Kangovi et al., EvidenceBased Community Health Worker Program
Addresses Unmet Social Needs and Generates
Positive Return on Investment, 39 Health Aff. 207
(2020), available at https://www.healthaffairs.org/
doi/full/10.1377/hlthaff.2019.00981 (finding that
every dollar invested in the Individualized
Management for Patient-Centered Targets (IMPaCT)
intervention, which is ‘‘a standardized community
health worker intervention that addresses
socioeconomic and behavioral barriers to health in
low-income populations,’’ yielded a return of $2.47
within a single fiscal year from the perspective of
a Medicaid payer).
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
believe the reported success of some of
these programs suggests the promising
nature of value-based care and
improved care coordination. In
describing the results below, we do not
mean to suggest that this rule prescribes
or endorses the interventions inherent
to these results. Further, we emphasize
that this final rule simply removes
certain regulatory barriers to
implementing value-based and care
coordination arrangements that may be
similar to those described below.
For example, a case study targeted at
determining the specific factors that
reduce Medicare payments and lead to
hospital savings in bundled payment
models for lower extremity joint
replacement surgeries (which provide a
lump sum payment to be shared among
providers for an episode of care instead
of payment for every service performed)
in one Texas health system found that,
between July 2008 and June 2015, the
system’s five hospitals were able to
reduce total Medicare spending per
episode of care by $5,577, or 20.8
percent, in cases without complications,
and by $5,321, or 13.8 percent, in cases
with complications.165 The hospitals
also recognized $6.1 million in internal
cost savings, along with slight decreases
in emergency room visits and
readmission rates, and a decrease in
cases with a prolonged length-of-stay
admission. Over half of the internal cost
savings were attributable to reduced
implant costs.166 We note that the
product standardization incentive
programs that contribute to such
internal cost savings involve
compensation arrangements between
hospitals and physicians which,
depending on their structure, may not
satisfy the requirements of any current
safe harbors to the Federal anti-kickback
statute, but to which the new and
modified safe harbors may apply.
Relatedly, in 2018, a large health plan
announced that it was expanding a
bundled payment program for spinal
surgeries and hip/knee replacements to
new markets, after finding savings of
$18,000 per procedure,167 and a health
network reported over $10 million in
165 Amol S. Navathe, et al., Cost of Joint
Replacement Using Bundled Payment Models,
177(2) JAMA Internal Med. 214–222 (Feb. 2017),
available at https://jamanetwork.com/journals/
jamainternalmedicine/article-abstract/2594805.
166 Vera Gruessner, 3 Ways Bundled Payment
Models Brought Hospital Cost Savings, Health Payer
Intelligence (Jan. 16, 2017), https://
healthpayerintelligence.com/news/3-ways-bundledpayment-models-brought-hospital-cost-savings.
167 David Muhlestein et al., Recent Progress In
The Value Journey: Growth Of ACOs And ValueBased Payment Models In 2018, Health Affairs Blog
(Aug. 14, 2018), https://www.healthaffairs.org/do/
10.1377/hblog20180810.481968/full/.
VerDate Sep<11>2014
19:45 Dec 01, 2020
Jkt 253001
77883
savings in 2017 with more anticipated
savings in 2018.168
As another example of the potential
for cost savings associated with valuebased arrangements, a recent survey of
more than 100 commercial payors
showed that, in 2018, ‘‘pure FFS’’
payment—where each medical service
is billed and paid for separately—
accounts for only 37.2 percent of
reimbursement and is expected to drop
to 26 percent by 2021.169 According to
the payors surveyed, payors that
adopted value-based health care
delivery and payment models reduced
health care costs by an average of 5.6
percent, improved provider
collaboration, and created more
impactful member engagement.
Further, there are studies that suggest
that improved care coordination may
decrease costs and enhance health
outcomes. One randomized, controlled
trial evaluated the cost-effectiveness of
a home-based care coordination
program that targeted older adults with
problems self-managing their chronic
illnesses.170 Study participants in the
test group received care coordination
services from a nurse and a pill
organizer. The results of this study
showed that, for those beneficiaries who
participated in the study for more than
3 months, total Medicare costs were
$491 lower per month than in the
control group. Another study conducted
by the Centers for Disease Control and
Prevention demonstrated that certain
interventions, such as team-based or
coordinated care, increase patient
medication adherence rates.171
Specifically, in a 2015 study, patients
assigned to team-based care—including
pharmacist-led medication
reconciliation and tailoring, pharmacistled patient education, collaborative care
between pharmacist and primary care
provider or cardiologist, and two types
of voice messaging—were significantly
more adherent with their medication
regimen 12 months after hospital
discharge (89 percent) compared with
patients not receiving team-based care
(74 percent).
In addition, there are reported
examples of value-based health care
delivery and payment programs
developed and implemented by
commercial health plans that report
success. For example, one health plan
recently reported that it saved $1 billion
through avoided costs in 3 years of its
recent primary care pay-for-value
program that offers primary care
practices rewards for their performance
on quality, cost, and utilization
measures, while also improving
outcomes for the plan’s members.172
According to this plan, members treated
by a primary care provider in the
program had 11 percent fewer
emergency room visits in 2017 than
members treated by a primary care
physician not in the program. The plan
also stated that members with a primary
care physician in the program
experienced 16 percent fewer inpatient
admissions in 2017 compared to
members seeing a primary care
physician not in the program,
potentially saving the plan $224 million
in inpatient care costs.173
A collaboration between a physicianled ACO and a health plan in North
Carolina similarly reportedly reduced
costs while improving quality of care.174
Specifically, an analysis conducted by
the plan concluded that the 47 primary
care practices that participated in the
collaboration: (1) Reduced the total cost
of care by 4.7 percent for commercial
patients; (2) reduced the total cost of
care by 6.1 percent for Medicare
Advantage patients; and (3) improved
their Medicare star ratings, on average,
from 3 to 4.5 stars. Another analysis by
a different health plan determined that
primary care physicians paid under
global capitation improved certain
patient outcomes related to preventive
care and chronic conditions, such as
168 Shane Wolverton, Providers partner with
payers for bundled payments, Becker’s Payer Issues
(May 10, 2018) https://
www.beckershospitalreview.com/payer-issues/
providers-partner-with-payers-for-bundledpayments.html.
169 Thomas Beaton, Value-Based Payment
Adoption Drives 5.6% Reduction in Care Costs,
Health Payer Intelligence (June 18, 2018), https://
healthpayerintelligence.com/news/value-basedpayment-adoption-drives-5.6-reduction-in-carecosts.
170 Karen Dorman Marek et al., Cost analysis of
a home-based nurse care coordination program, 62
J. Am. Geriatrics Soc’y 2369 (2014).
171 Andrea B. Neiman et al., CDC Grand Rounds:
Improving Medication Adherence for Chronic
Disease Management—Innovations and
Opportunities, 66 Morbidity & Mortality Wkly. Rep.
1248 (2017), available at https://www.cdc.gov/
mmwr/volumes/66/wr/mm6645a2.htm.
172 Press Release, Highmark, Inc., Highmark saves
more than $1 billion in avoided cost with True
Performance program (Oct. 5, 2020), available at
https://www.highmark.com/newsroom/pressreleases.html#!release/highmark-saves-more-than1-billion-in-avoided-cost-with-true-performanceprogram.
173 Press Release, Highmark, Inc., Highmark’s
True Performance Program Avoided Health Care
Costs by More Than $260 Million in 2017 (June 26,
2018), available at https://www.highmark.com/
newsroom/press-releases.html#!release/highmarkstrue-performance-program-avoided-health-carecosts-by-more-than-260-million-in-2017.
174 Press Release, Blue Cross and Blue Shield of
North Carolina, Primary Care ACOs from Blue Cross
NC and Aledade Show Significant Savings and
Quality Improvements (July 20, 2020), available at
https://mediacenter.bcbsnc.com/news/primarycare-acos-from-blue-cross-nc-and-aledade-showsignificant-savings-and-quality-improvements.
PO 00000
Frm 00201
Fmt 4701
Sfmt 4700
E:\FR\FM\02DER3.SGM
02DER3
77884
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
higher screening rates for colorectal and
breast cancer, higher rates of medication
review, and higher controlled blood
sugar levels.175
6. Anticipated Beneficial Impact of New
Safe Harbor for Cybersecurity
Technology and Services
The health care sector is among the
most targeted industries for cyberattacks
and is also under-resourced to prevent
such attacks and data breaches. As a
result, the cost of cybersecurity attacks
and breaches within the health care
industry is significant. A study
estimated that data breaches may have
cost U.S hospitals $6.2 billion between
2015 and 2016.176 Additionally, other
estimates indicate that a health care
organization that is breached faces $8
million dollars in costs on average as a
result of the breach, or $400 per patient
record involved.177 The impact of
cyberattacks extends beyond increased
and unnecessary recovery and ransom
costs. It may limit patient access to a
provider or directly affect patient care.
For example, a September 2020
cyberattack on a large health care
system in the United States reportedly
affected nearly 400 facilities, causing
hospitals to divert ambulances during
the initial stages of the attack. In
addition, staff reported that some lab
test results were delayed. The system
responded by suspending user access to
its information technology applications
related to operations across the United
States, requiring the use of backup
processes, including paper medical
record charting and labeling
medications by hand, for nearly 3
weeks.178
175 UnitedHealth Group, Physicians Provide
Higher Quality Care Under Set Monthly Payments
Instead of Being Paid Per Service, UnitedHealth
Group Study Shows (Aug. 11, 2020), available at
https://www.unitedhealthgroup.com/newsroom/
2020/uhg-study-shows-higher-quality-care-underset-monthly-payments-403552.html.
176 Ponemon Institute, Sixth Annual Benchmark
Study on Privacy & Security of Healthcare Data
(May 2016), available at https://www.ponemon.org/
local/upload/file/Sixth%20Annual%20
Patient%20Privacy%
20%26%20Data%20Security%20
Report%20FINAL%206.pdf.
177 Health Sector Cybersecurity Coordination
Center, A Cost Analysis of Healthcare Sector Data
Breaches (Apr. 4, 2019), available at https://
www.hhs.gov/sites/default/files/cost-analysis-ofhealthcare-sector-data-breaches.pdf.
178 Jeff Lagasse, Universal Health Services hit with
cyberattack that shuts down IT systems, Healthcare
Finance (Sept. 29, 2020), https://www.healthcare
financenews.com/news/universal-health-serviceshit-cyberattack-shuts-down-it-systems-1; Jessica
Davis, UPDATE: UHS Health System Confirms All
US Sites Affected by Ransomware Attack, Health IT
Security (Oct. 5, 2020) https://healthitsecurity.com/
news/uhs-health-system-confirms-all-us-sitesaffected-by-ransomware-attack; Jessica Davis, 3
Weeks After Ransomware Attack, All 400 UHS
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
According to the Health Sector
Cybersecurity Coordination Center
(HC3), health care organizations should
consider implementing strong risk
management practices to help prevent
data breaches and minimize any
disruptions or loss if a breach occurs.179
HC3 highlights that adequate prevention
and preparation for data breaches will
protect patients, minimize direct and
indirect costs, and allow for more
efficient operations of a health care
organization.180 Separately, the HCIC
Task Force’s June 2017 report, among
other things, highlighted its review of
many concerns related to potential
constraints imposed by the physician
self-referral law and the Federal antikickback statute. The report encouraged
Congress to evaluate an amendment to
these laws specifically for cybersecurity
software that would allow health care
organizations the ability to assist
physicians in the acquisition of this
technology, through either donation or
subsidy.181 The HCIC Task Force noted
that the existing regulatory exception to
the physician self-referral law (42 CFR
411.357(w)) and the safe harbor to the
Federal anti-kickback statute (42 CFR
1001.952(y)) applicable to certain
donations of EHR items and services
could serve as an ideal template for an
analogous cybersecurity provision.182
Further substantiating the need for
increased flexibility related to the
donation of cybersecurity technology
and services, in 2018, the American
Medical Association surveyed over
1,300 physicians in a cybersecurityrelated survey. Approximately 83
percent of the participants reported
having experienced some sort of
cybersecurity attack.183 The study also
highlighted that 50 percent of the
surveyed physicians wished they could
receive donations of security-related
hardware and software from other
Systems Back Online, Health IT Security (Oct. 13,
2020), https://healthitsecurity.com/news/3-weeksafter-ransomware-attack-all-400-uhs-systems-backonline; and Press Release, Universal Health Services
(Oct. 29. 2020), https://www.uhsinc.com/statementfrom-universal-health-services/.
179 Health Sector Cybersecurity Coordination
Center, A Cost Analysis of Healthcare Sector Data
Breaches (Apr. 4, 2019), https://www.hhs.gov/sites/
default/files/cost-analysis-of-healthcare-sectordata-breaches.pdf.
180 Id.
181 HCIC Task Force Report, https://www.phe.gov/
Preparedness/planning/CyberTF/Documents/
report2017.pdf.
182 Id.
183 American Medical Association, Tackling
Cyber Threats in Healthcare, https://www.amaassn.org/sites/ama-assn.org/files/corp/mediabrowser/public/government/advocacy/medicalcybersecurity-findings.pdf and https://www.amaassn.org/sites/ama-assn.org/files/corp/mediabrowser/public/government/advocacy/infographicmedical-cybersecurity.pdf.
PO 00000
Frm 00202
Fmt 4701
Sfmt 4700
providers, and recommended that OIG
develop a safe harbor to permit it.
As described in section III.B.8 of this
final rule, we received overwhelming
support from across the health care
industry in response to our proposal to
establish the new safe harbor for
cybersecurity items and services, and
we anticipate significant expansion of
cybersecurity efforts through donations
following the effective date of this final
rule, similar to the expanded adoption
of EHR items and services reported by
stakeholders following the
establishment of the EHR safe harbor in
2006. Support for the new cybersecurity
safe harbor came from many wellresourced organizations that are
potential future donors of cybersecurity
technology, such as health plans and
large health systems, as well as from
likely recipients of donations and trade
groups representing practitioners.
Because of the cost of cybersecurity
attacks to organizations that wish to
donate or receive cybersecurity
technology and services, and the general
support among donors and recipients
for the new cybersecurity exception, we
anticipate significant investment in
improvements to the cybersecurity
hygiene of the health care industry. An
organization’s cybersecurity posture is
only as strong as its weakest link,
including weaknesses of downstream
providers, suppliers, and practitioners
that wish to receive donations; thus,
donors are incented to protect
themselves by donating cybersecurity
technology and services that improves
their cybersecurity.
There are a variety of factors integral
to determining the impact of this final
safe harbor’s effect on the cybersecurity
hygiene of the health care industry that
remain too speculative to make a
quantitative estimate of the impact of
this final rule. We cannot predict with
sufficient certainty various elements
that will determine the impact of this
safe harbor. For example, we cannot
predict: (1) How many health care
industry stakeholders will donate
cybersecurity technology or services for
which parties may seek safe harbor
protection; (2) the specific combinations
of items and services that will be
donated or how such donations will
improve the cybersecurity hygiene of
recipients, donors, and the health care
industry as a whole; and (3) external
factors (e.g., other policies promoting
cybersecurity within the health care
industry, how cyber criminals will
proliferate and develop new strategies,
how cyberattack recovery costs and
ransom costs will change) that can
enable or hinder improved
cybersecurity hygiene and potentially
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
result in increased or decreased costs
associated with cyberattacks. Despite
this, we expect that the flexibility to
donate cybersecurity technology and
services will benefit the ecosystem as a
whole, improve cybersecurity across the
industry, and reduce costs associated
with cyberattacks (by improving
prevention and detection of
cybersecurity weaknesses and reducing
successful cyberattacks, and
consequently, ransom fees and recovery
costs). However, we cannot predict the
specific impacts of the flexibility
afforded by the cybersecurity
technology and services safe harbor on
the costs or benefits to Federal health
care programs, beneficiaries, or the
health care industry as a whole.
7. Anticipated Costs
We also acknowledge that there could
be some costs associated with this final
rule. For example, providers and other
stakeholders voluntarily complying
with the safe harbors and exception
finalized here may incur legal and
administrative costs to appropriately
structure an arrangement to satisfy an
applicable safe harbor or exception. In
addition, it is possible providers and
others may misuse the protection
afforded by the safe harbors and
exception which could result in
increased costs to Federal health care
programs or beneficiaries. It also is
possible that providers and other
stakeholders will appropriately use the
safe harbors, but a care coordination or
value-based arrangement developed in
good faith might not result in savings to
the Federal health care programs or
beneficiaries or improvements in quality
of care.
Designing safe harbors with sufficient
safeguards against potential abuses and
harms by those who might misuse the
safe harbors is not without challenges.
In this final rule, we have tried to strike
the right balance between flexibility for
beneficial innovation and safeguards to
protect patients and Federal health care
programs. However, we cannot quantify
whether we have struck the appropriate
balance; in particular, we cannot
quantify whether achievement of the
intended outcomes (e.g., improved
coordination of patient care, improved
quality of patient care, reduced costs to
payers) will outweigh any potential
costs.
B. Executive Order 12866
Executive Order 12866 directs
agencies to assess all costs and benefits
of available regulatory alternatives and
if regulations are necessary, to select
regulatory approaches that maximize
net benefits (including potential
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
economic, environmental, public health
and safety effects; distributive impacts;
and equity). A regulatory impact
analysis must be prepared for major
rules with economically significant
effects (i.e., $100 million or more in any
given year). This final rule codifies a
new exception to the definition of
‘‘remuneration’’ under the Beneficiary
Inducements CMP and implements new
or revised anti-kickback statute safe
harbors. As explained more fully above,
we believe the changes in the final rule
to the safe harbors and the new
exception to the Beneficiary
Inducements CMP will provide
flexibility for providers and others to
enter into certain beneficial
arrangements. In doing so, this final rule
imposes no requirements on any party.
Providers and others will be allowed to
voluntarily seek to comply with these
provisions so that they have assurance
that participating in certain
arrangements will not subject them to
liability under the Federal anti-kickback
statute and the Beneficiary Inducements
CMP. These safe harbors and exception
facilitate providers’ and others’ ability
to provide important health care and
related services to communities in need.
We estimated that this rule would be
‘‘economically significant’’ as measured
by the $100 million threshold, and
hence also a major rule under the
Congressional Review Act. Accordingly,
we prepared an RIA that presented our
estimates of the costs and benefits of
this rulemaking. Thus, this rule has
been reviewed by the Office of
Management and Budget.
C. Regulatory Flexibility Act
The RFA and the Small Business
Regulatory Enforcement and Fairness
Act of 1996, which amended the RFA,
require agencies to analyze options for
regulatory relief of small businesses. For
purposes of the RFA, small entities
include small businesses, nonprofit
organizations, and Government
agencies. Most providers are considered
small entities by having revenues of $7
million to $35.5 million or less in any
one year. For purposes of the RFA, most
physicians and suppliers are considered
small entities.
Comment: We received comments
from two associations representing
small and rural providers or Indian
health care providers regarding the level
of administrative burden and potential
costs associated with implementing the
requirements in certain proposed safe
harbors (e.g., requiring a writing signed
by the parties under certain proposed
safe harbors and requiring a financial
contribution by a recipient of
remuneration under the care
PO 00000
Frm 00203
Fmt 4701
Sfmt 4700
77885
coordination arrangements safe harbor
and EHR safe harbor), particularly for
small and rural providers and Indian
health care providers. For example, a
commenter suggested that if OIG
reduced administrative burden on
physicians under its final rule, it would
allow physicians to focus on the patientphysician relationship and the patient’s
welfare. In addition, a commenter
representing Indian health care
providers expressed concern that its
stakeholders would need to make
changes to current practices and
operations in response to this
rulemaking in order to comply with the
Federal anti-kickback statute and to
avoid severe criminal, civil, and
administrative penalties. The
commenter also raised concerns
regarding potential administrative
burden that may occur if Indian health
care providers revise or amend existing
agreements with the Health Resources
and Services Administration to
participate in arrangements protected
under new safe harbors. The commenter
also asked OIG to exempt Indian health
programs from certain proposed safe
harbor contribution requirements.
Response: We reiterate that this final
rule does not impose any obligations on
any entity, including Indian health care
providers, nor does this final rule
require any entity to make changes to
current practices and operations to
comply with the Federal anti-kickback
statute or Beneficiary Inducements
CMP. This final rule provides additional
flexibilities for providers and others to
enter into care coordination
arrangements with potentially reduced
legal risk. As explained above,
structuring financial arrangements to
satisfy a safe harbor or exception is
voluntary; indeed, even entering into
such financial arrangements is
voluntary. We believe the changes to the
safe harbors and the addition of a new
exception to the definition of
‘‘remuneration’’ under the Beneficiary
Inducements CMP provide industry
stakeholders with additional flexibility
if they desire to enter into certain
beneficial arrangements.
We understand the commenter’s
concern regarding potential costs
associated with contribution
requirements included within certain
safe harbors that we are finalizing.
However, after careful consideration, we
continue to believe that the contribution
requirement is an important safeguard
against fraud and abuse in light of the
specific risks of inappropriate
generation of referrals presented by
donations of EHR items and services
that could be protected by the EHR safe
harbor(paragraph 1001.952(y)) and care
E:\FR\FM\02DER3.SGM
02DER3
77886
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
coordination arrangements safe harbor
(paragraph 1001.952(ee)). As we explain
in our discussion of these safe harbors
in sections III.B.3.g and III.B.9.e above,
when recipients of valuable
remuneration have some responsibility
to contribute to the cost of the items or
services, they are more likely to make
economically prudent decisions and
accept only what they need or will use.
The final rule reflects our efforts to
balance additional flexibility for
beneficial arrangements that have
potential to reduce costs and improve
care with safeguards to protect against
potential abuses, including
inappropriate increases in costs to
Federal health care programs and
beneficiaries.
We recognize that small or rural
entities or Indian health care providers
may incur costs to avail themselves of
the safe harbor and exception
protections under the final rule.
However, we expect the costs to be no
greater than parties currently incur to
comply with the Federal anti-kickback
statute and the Beneficiary Inducements
CMP. We do not expect this final rule
to have a significant impact on a
substantial number of small entities or
Indian health care providers because the
rules are completely voluntary (i.e.,
providers are not required to comply
with the conditions of any safe harbor
in order to avoid violating the Federal
anti-kickback statute). Furthermore, we
believe the net impact on small
businesses that choose to take advantage
of the new flexibilities will be low
because we anticipate that the potential
burden associated with certain
provisions may be mitigated by other
provisions offering greater flexibility to
providers.
We estimate the changes to the
exception to the Beneficiary
Inducements CMP and the Federal antikickback statute safe harbors will
impose no incremental burden on
covered entities. We are providing
covered entities with the option to
adjust their business practices to better
serve patients without adversely
affecting their profitability. As a result,
we have concluded that this final rule
likely will not have a significant impact
on a substantial number of small
providers and that a regulatory
flexibility analysis is not required for
this rulemaking. In addition, section
1102(b) of the Act requires that we
prepare a regulatory impact analysis if
a rule under titles XVIII or XIX or
section B of title XI of the Act may have
a significant impact on the operations of
a substantial number of small rural
hospitals. For the reasons stated above,
we do not believe that any provisions or
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
changes finalized here will have a
significant impact on the operations of
rural hospitals. Thus, an analysis under
section 1102(b) of the Act is not
required for this rulemaking.
D. Unfunded Mandates Reform Act
Section 202 of the Unfunded
Mandates Reform Act of 1995, Public
Law 104–4, also requires that agencies
assess anticipated costs and benefits
before issuing any rule that may result
in expenditures in any one year by State
Governments, Tribal Governments, or
local governments, in the aggregate, or
by the private sector, of $100 million,
adjusted for inflation. We believe that
no significant costs will be associated
with this final rule that would impose
any mandates on State Governments,
Tribal Governments, local governments,
or the private sector that would result in
an expenditure of $154 million (after
adjustment for inflation) in any given
year.
D. Executive Order 13132
Executive Order 13132 establishes
certain requirements that an agency
must meet when it promulgates a rule
that imposes substantial direct
requirements for costs on State and local
governments, preempts State law, or
otherwise has Federalism implications.
In reviewing this rule under the
threshold criteria of Executive Order
13132, we have determined that this
final rule will not significantly affect the
rights, roles, and responsibilities of
State or local governments.
E. Executive Order 13771
Executive Order 13771 (January 30,
2017) requires that the costs associated
with significant new regulations ‘‘to the
extent permitted by law, be offset by the
elimination of existing costs associated
with at least two prior regulations.’’
This final rule has been designated a
significant regulatory action as defined
by Executive Order 12866 but imposes
no more than de minimis costs and is a
deregulatory action under Executive
Order 13771. This designation has been
informed by public comments.
F. Statement of Need
The Department has identified the
broad reach of the Federal anti-kickback
statute and Beneficiary Inducements
CMP as potentially inhibiting beneficial
arrangements that would advance the
ability of providers, suppliers, and
others to transition more effectively and
efficiently to value-based care and to
better coordinate care among providers,
suppliers, and others in both the Federal
health care programs and commercial
sectors. Industry stakeholders have
PO 00000
Frm 00204
Fmt 4701
Sfmt 4700
informed us that, because the
consequences of potential
noncompliance with the Federal antikickback statute and Beneficiary
Inducements CMP could be significant,
providers, suppliers, and others may be
discouraged from entering into
innovative arrangements that could
improve quality outcomes, produce
health system efficiencies, and lower
health care costs (or slow their rate of
growth). To the extent providers are
discouraged from entering into these
innovative arrangements, patient care
may not be provided as efficiently as
possible. In addition, the potential
consequences of noncompliance with
these statutes may impede the ability of
providers, suppliers, and others,
including small providers and suppliers
or those serving rural or medically
underserved populations, to raise
capital to invest in the transition to
value-based care or to obtain
infrastructure necessary to coordinate
patient care, including technology. This
unnecessarily slows the transition
toward more efficient patient care. This
final rule attempts to address these
concerns by removing unnecessary
impediments to the transformation of
the health care system into one that
better pays for and delivers value.
To remove regulatory barriers to care
coordination and support value-based
arrangements, we faced the challenge of
designing safe harbor protections for
emerging health care arrangements, the
optimal form, design, and efficacy of
which remain unknown or unproven.
These arrangements will be driven by
the determinations and experiences of a
wide range of providers, suppliers, and
others as they innovate in delivering
value-based care. This challenge is
further complicated by the substantial
variation in care coordination and
value-based arrangements contemplated
by the health care industry and others
(meaning that one-size-fits-all safe
harbor designs may not be optimal),
variation among patient populations
and provider characteristics, emerging
health technologies and data
capabilities, the still-developing science
of quality and performance
measurement, and our desire not to
have a chilling effect on beneficial
innovations.
As described above, it is difficult to
gauge the effects of this regulatory
action in a rapidly evolving and diverse
health care ecosystem of substantial
innovation, experimentation, and
deployment of technology and digital
data. For example, as explained above,
while a recent article projected potential
savings of $29.6 billion to $38.2 billion
across the U.S. health care system for
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
reducing waste from failure of care
coordination,184 it is difficult, if not
impossible to gauge reductions in
wasteful health care spending and
improved health outcomes as a result of
new arrangements made possible by this
final rule. It is also difficult, if not
impossible, to quantify savings or losses
that could occur as a result of new
fraudulent or abusive conduct that
could increase costs or lead to poor
outcomes as a result of new
arrangements. In some cases,
innovations may enhance program
integrity and protect against fraud and
abuse, reducing costs and increasing
benefits. There is a compelling concern
that uncertainty and regulatory barriers
under current regulations could prevent
the best and most efficacious
innovations from emerging and being
tested in the marketplace. Our goal in
finalizing safe harbors is to protect
arrangements that foster beneficial
arrangements and facilitate value, while
also protecting programs and
beneficiaries against harms cause by
fraud and abuse.
Authority: 42 U.S.C. 1302, 1320a–7,
1320a–7a, 1320a–7b, 1320a–7d, 1395u(j),
1395u(k), 1395w–104(e)(6), 1395y(d),
1395y(e), 1395cc(b)(2)(D), (E) and (F), and
1395hh; and sec. 2455, Pub. L. 103–355, 108
Stat. 3327 (31 U.S.C. 6101 note).
VI. Paperwork Reduction Act
The provisions of this final rule will
not impose any new information
collection and recordkeeping
requirements. Consequently, it need not
be reviewed by the Office of
Management and Budget under the
authority of the Paperwork Reduction
Act of 1995.
2. Section 1001.952 is amended by:
a. Revising paragraphs (d), (g)
introductory text, (g)(1), (3), and (4);
■ b. Adding paragraphs (g)(5) and (g)(6)
before the undesignated text at the end
of paragraph (g);
■ c. Designating the undesignated text at
the end of paragraph (g) as paragraph
(g)(7) and revising newly redesignated
(g)(7);
■ d. Revising paragraph (y) introductory
text, paragraph (y)(1), the second
sentence of paragraph (y)(2);
■ e. Removing and reserving paragraphs
(y)(3) and (7);
■ f. Revising paragraph (y)(11);
■ g. Removing and reserving paragraph
(y)(13);
■ h. Redesignating the note to paragraph
(y) as paragraph (y)(14) and revising
newly redesignated (y)(14);
■ i. Revising paragraphs (bb)(1)(iv)(B)
and (bb)(2)(iii);
■ j. Redesignating the note to paragraph
(bb) as paragraph (bb)(3) and revising
newly redesignated (bb)(3);
■ k. Adding and reserving paragraphs
(cc) and (dd); and
■ l. Adding paragraphs (ee) through
(kk).
The revisions and additions read as
follows:
List of Subjects
§ 1001.952
42 CFR Part 1001
Administrative practice and
procedure, Fraud, Grant programs—
health, Health facilities, Health
professions, Maternal and child health,
Medicaid, Medicare, Social Security.
*
42 CFR Part 1003
Fraud, Grant programs—health,
Health facilities, Health professions,
Medicaid, Reporting, and
recordkeeping.
For the reasons set forth in the
preamble, the Office of Inspector
General, Department of Health and
Human Services, amends 42 CFR parts
1001 and 1003 as follows:
PART 1001—PROGRAM INTEGRITY—
MEDICARE AND STATE HEATH
PROGRAMS
1. The authority citation for part 1001
continues to read as follows:
■
184 William H. Shrank et al., Waste in the US
Health Care System, Estimated Costs and Potential
for Savings, 322 JAMA 1501 (2019), available at
https://jamanetwork.com/journals/jama/articleabstract/2752664.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
■
■
Exceptions.
*
*
*
*
(d) Personal services and
management contracts and outcomesbased payment arrangements. (1) As
used in section 1128B of the Act,
‘‘remuneration’’ does not include any
payment made by a principal to an
agent as compensation for the services
of the agent, as long as all of the
following standards are met:
(i) The agency agreement is set out in
writing and signed by the parties.
(ii) The agency agreement covers all of
the services the agent provides to the
principal for the term of the agreement
and specifies the services to be provided
by the agent.
(iii) The term of the agreement is not
less than 1 year.
(iv) The methodology for determining
the compensation paid to the agent over
the term of the agreement is set in
advance, is consistent with fair market
value in arm’s-length transactions, and
is not determined in a manner that takes
into account the volume or value of any
referrals or business otherwise
generated between the parties for which
payment may be made in whole or in
PO 00000
Frm 00205
Fmt 4701
Sfmt 4700
77887
part under Medicare, Medicaid, or other
Federal health care programs.
(v) The services performed under the
agreement do not involve the counseling
or promotion of a business arrangement
or other activity that violates any State
or Federal law.
(vi) The aggregate services contracted
for do not exceed those which are
reasonably necessary to accomplish the
commercially reasonable business
purpose of the services.
(2) As used in section 1128B of the
Act, ‘‘remuneration’’ does not include
any outcomes-based payment as long as
all of the standards in paragraphs
(d)(2)(i) through (viii) of this section are
met:
(i) To receive an outcomes-based
payment, the agent achieves one or
more legitimate outcome measures that:
(A) Are selected based on clinical
evidence or credible medical support;
and
(B) Have benchmarks that are used to
quantify:
(1) Improvements in, or the
maintenance of improvements in, the
quality of patient care;
(2) A material reduction in costs to or
growth in expenditures of payors while
maintaining or improving quality of care
for patients; or
(3) Both.
(ii) The methodology for determining
the aggregate compensation (including
any outcomes-based payments) paid
between or among the parties over the
term of the agreement is: Set in advance;
commercially reasonable; consistent
with fair market value; and not
determined in a manner that directly
takes into account the volume or value
of any referrals or business otherwise
generated between the parties for which
payment may be made in whole or in
part by a Federal health care program.
(iii) The agreement between the
parties is set out in writing and signed
by the parties in advance of, or
contemporaneous with, the
commencement of the terms of the
outcomes-based payment arrangement.
The writing states at a minimum: A
general description of the services to be
performed by the parties for the term of
the agreement; the outcome measure(s)
the agent must achieve to receive an
outcomes-based payment; the clinical
evidence or credible medical support
relied upon by the parties to select the
outcome measure(s); and the schedule
for the parties to regularly monitor and
assess the outcome measure(s).
(iv) The agreement neither limits any
party’s ability to make decisions in their
patients’ best interest nor induces any
party to reduce or limit medically
necessary items or services.
E:\FR\FM\02DER3.SGM
02DER3
77888
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
(v) The term of the agreement is not
less than 1 year.
(vi) The services performed under the
agreement do not involve the counseling
or promotion of a business arrangement
or other activity that violates any State
or Federal law.
(vii) For each outcome measure under
the agreement, the parties:
(A) Regularly monitor and assess the
agent’s performance, including the
impact of the outcomes-based payment
arrangement on patient quality of care;
and
(B) Periodically assess, and as
necessary revise, benchmarks and
remuneration under the arrangement to
ensure that the remuneration is
consistent with fair market value in an
arm’s length transaction as required by
paragraph (d)(2)(ii) of this section
during the term of the agreement.
(viii) The principal has policies and
procedures to promptly address and
correct identified material performance
failures or material deficiencies in
quality of care resulting from the
outcomes-based payment arrangement.
(3) For purposes of this paragraph (d):
(i) An agent of a principal is any
person other than a bona fide employee
of the principal who has an agreement
to perform services for or on behalf of
the principal.
(ii) Outcomes-based payments are
limited to payments between or among
a principal and an agent that:
(A) Reward the agent for successfully
achieving an outcome measure
described in paragraph (d)(2)(i) of this
section; or
(B) Recoup from or reduce payment to
an agent for failure to achieve an
outcome measure described in
paragraph (d)(2)(i) of this section.
(iii) Outcomes-based payments
exclude any payments:
(A) Made directly or indirectly by the
following entities:
(1) A pharmaceutical manufacturer,
distributor, or wholesaler;
(2) A pharmacy benefit manager;
(3) A laboratory company;
(4) A pharmacy that primarily
compounds drugs or primarily
dispenses compounded drugs;
(5) A manufacturer of a device or
medical supply as defined in paragraph
(ee)(14)(iv) of this section;
(6) A medical device distributor or
wholesaler that is not otherwise a
manufacturer of a device or medical
supply, as defined in paragraph
(ee)(14)(iv) of this section; or
(7) An entity or individual that sells
or rents durable medical equipment,
prosthetics, orthotics, or supplies
covered by a Federal health care
program (other than a pharmacy or a
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
physician, provider, or other entity that
primarily furnishes services); or
(B) Related solely to the achievement
of internal cost savings for the principal;
or
(C) Based solely on patient
satisfaction or patient convenience
measures.
*
*
*
*
*
(g) Warranties. As used in section
1128B of the Act, ‘‘remuneration’’ does
not include any payment or exchange of
anything of value under a warranty
provided by a manufacturer or supplier
of one or more items and services
(provided the warranty covers at least
one item) to the buyer (such as a health
care provider or beneficiary) of the
items and services, as long as the buyer
complies with all of the following
standards in paragraphs (g)(1) and (2) of
this section and the manufacturer or
supplier complies with all of the
following standards in paragraphs (g)(3)
through (6) of this section:
(1) The buyer (unless the buyer is a
Federal health care program beneficiary)
must fully and accurately report any
price reduction of an item or service
(including a free item or service) that
was obtained as part of the warranty in
the applicable cost reporting mechanism
or claim for payment filed with the
Department or a State agency.
*
*
*
*
*
(3) The manufacturer or supplier must
comply with either of the following
standards:
(i) The manufacturer or supplier must
fully and accurately report any price
reduction of an item or service
(including free items and services) that
the buyer obtained as part of the
warranty on the invoice or statement
submitted to the buyer and inform the
buyer of its obligations under
paragraphs (g)(1) and (2) of this section.
(ii) When the amount of any price
reduction is not known at the time of
sale, the manufacturer or supplier must
fully and accurately report the existence
of a warranty on the invoice or
statement, inform the buyer of its
obligations under paragraphs (g)(1) and
(g)(2) of this section, and when any
price reduction becomes known,
provide the buyer with documentation
of the calculation of the price reduction
resulting from the warranty.
(4) The manufacturer or supplier must
not pay any remuneration to any
individual (other than a beneficiary) or
entity for any medical, surgical, or
hospital expense incurred by a
beneficiary other than for the cost of the
items and services subject to the
warranty.
(5) If a manufacturer or supplier offers
a warranty for more than one item or
PO 00000
Frm 00206
Fmt 4701
Sfmt 4700
one or more items and related services,
the federally reimbursable items and
services subject to the warranty must be
reimbursed by the same Federal health
care program and in the same Federal
health care program payment.
(6) The manufacturer or supplier must
not condition a warranty on a buyer’s
exclusive use of, or a minimum
purchase of, any of the manufacturer’s
or supplier’s items or services.
(7) For purposes of this paragraph (g),
the term warranty means:
(i) Any written affirmation of fact or
written promise made in connection
with the sale of an item or bundle of
items, or services in combination with
one or more related items, by a
manufacturer or supplier to a buyer,
which affirmation of fact or written
promise relates to the nature of the
quality of workmanship and affirms or
promises that such quality or
workmanship is defect free or will meet
a specified level of performance over a
specified period of time;
(ii) Any undertaking in writing in
connection with the sale by a
manufacturer or supplier of an item or
bundle of items, or services in
combination with one or more related
items, to refund, repair, replace, or take
other remedial action with respect to
such item or bundle of items in the
event that such item or bundle of items,
or services in combination with one or
more related items, fails to meet the
specifications set forth in the
undertaking which written affirmation,
promise, or undertaking becomes part of
the basis of the bargain between a seller
and a buyer for purposes other than
resell of such item or bundle of items;
or
(iii) A manufacturer’s or supplier’s
agreement to replace another
manufacturer’s or supplier’s defective
item or bundle of items (which is
covered by an agreement made in
accordance with this paragraph (g)), on
terms equal to the agreement that it
replaces.
*
*
*
*
*
(y) Electronic health records items
and services. As used in section 1128B
of the Act, ‘‘remuneration’’ does not
include nonmonetary remuneration
(consisting of items and services in the
form of software or information
technology and training services,
including cybersecurity software and
services) necessary and used
predominantly to create, maintain,
transmit, receive, or protect electronic
health records, if all of the conditions in
paragraphs (y)(1) through (13) of this
section are met:
(1) The items and services are
provided to an individual or entity
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
engaged in the delivery of health care
by:
(i) An individual or entity, other than
a laboratory company, that:
(A) Provides services covered by a
Federal health care program and
submits claims or requests for payment,
either directly or through reassignment,
to the Federal health care program; or
(B) Is comprised of the types of
individuals or entities in paragraph
(y)(1)(i)(A) of this section; or
(ii) A health plan.
(2) * * * For purposes of this
paragraph (y)(2) of this section, software
is deemed to be interoperable if, on the
date it is provided to the recipient, it is
certified by a certifying body authorized
by the National Coordinator for Health
Information Technology to certification
criteria identified in the then-applicable
version of 45 CFR part 170.
*
*
*
*
*
(11) The recipient pays 15 percent of
the donor’s cost for the items and
services. The following conditions
apply to such contribution:
(i) If the donation is the initial
donation of EHR items and services, or
the replacement of part or all of an
existing system of EHR items and
services, the recipient must pay 15
percent of the donor’s cost before
receiving the items and services. The
contribution for updates to previously
donated EHR items and services need
not be paid in advance of receiving the
update; and
(ii) The donor (or any affiliated
individual or entity) does not finance
the recipient’s payment or loan funds to
be used by the recipient to pay for the
items and services.
*
*
*
*
*
(14) For purposes of this paragraph
(y), the following definitions apply:
(i) Cybersecurity means the process of
protecting information by preventing,
detecting, and responding to
cyberattacks.
(ii) Health plan shall have the
meaning set forth at § 1001.952(l)(2).
(iii) Interoperable shall mean able to:
(A) Securely exchange data with and
use data from other health information
technology; and
(B) Allow for complete access,
exchange, and use of all electronically
accessible health information for
authorized use under applicable State or
Federal law.
(iv) Electronic health record shall
mean a repository of consumer health
status information in computer
processable form used for clinical
diagnosis and treatment for a broad
array of clinical conditions.
*
*
*
*
*
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
(bb) * * *
(1) * * *
(iv) * * *
(B) Within 25 miles of the health care
provider or supplier to or from which
the patient would be transported, or
within 75 miles if the patient resides in
a rural area, as defined in this paragraph
(bb) except that, if the patient is
discharged from an inpatient facility
following inpatient admission or
released from a hospital after being
placed in observation status for at least
24 hours and transported to the patient’s
residence, or another residence of the
patient’s choice, the mileage limits in
this paragraph (bb)(1)(iv)(B) shall not
apply; and
*
*
*
*
*
(2) * * *
(iii) The eligible entity makes the
shuttle service available only within the
eligible entity’s local area, meaning
there are no more than 25 miles from
any stop on the route to any stop at a
location where health care items or
services are provided, except that if a
stop on the route is in a rural area, the
distance may be up to 75 miles between
that stop and any providers or suppliers
on the route;
*
*
*
*
*
(3) For purposes of this paragraph
(bb), the following definitions apply:
(i) An eligible entity is any individual
or entity, except for individuals or
entities (or family members or others
acting on their behalf) that primarily
supply health care items.
(ii) An established patient is a person
who has selected and initiated contact
to schedule an appointment with a
provider or supplier, or who previously
has attended an appointment with the
provider or supplier.
(iii) A shuttle service is a vehicle that
runs on a set route, on a set schedule.
(iv) A rural area is an area that is not
an urban area, as defined in paragraph
(bb)(3)(v) of this section.
(v) An urban area is:
(A) A Metropolitan Statistical Area
(MSA) or New England County
Metropolitan Area (NECMA), as defined
by the Executive Office of Management
and Budget; or
(B) The following New England
counties, which are deemed to be parts
of urban areas under section 601(g) of
the Social Security Amendments of
1983 (Pub. L. 98–21, 42 U.S.C. 1395ww
(note)): Litchfield County, Connecticut;
York County, Maine; Sagadahoc County,
Maine; Merrimack County, New
Hampshire; and Newport County,
Rhode Island.
(cc)–(dd) [Reserved]
(ee) Care coordination arrangements
to improve quality, health outcomes,
PO 00000
Frm 00207
Fmt 4701
Sfmt 4700
77889
and efficiency. As used in section 1128B
of the Act, ‘‘remuneration’’ does not
include the exchange of anything of
value between a VBE and VBE
participant or between VBE participants
pursuant to a value-based arrangement
if all of the standards in paragraphs
(ee)(1) through (13) of this section are
met:
(1) The remuneration exchanged:
(i) Is in-kind;
(ii) Is used predominantly to engage
in value-based activities that are directly
connected to the coordination and
management of care for the target
patient population and does not result
in more than incidental benefits to
persons outside of the target patient
population; and
(iii) Is not exchanged or used:
(A) More than incidentally for the
recipient’s billing or financial
management services; or
(B) For the purpose of marketing
items or services furnished by the VBE
or a VBE participant to patients or for
patient recruitment activities.
(2) The value-based arrangement is
commercially reasonable, considering
both the arrangement itself and all
value-based arrangements within the
VBE.
(3) The terms of the value-based
arrangement are set forth in writing and
signed by the parties in advance of, or
contemporaneous with, the
commencement of the value-based
arrangement and any material change to
the value-based arrangement. The
writing states at a minimum:
(i) The value-based purpose(s) of the
value-based activities provided for in
the value-based arrangement;
(ii) The value-based activities to be
undertaken by the parties to the valuebased arrangement;
(iii) The term of the value-based
arrangement;
(iv) The target patient population;
(v) A description of the remuneration;
(vi) Either the offeror’s cost for the
remuneration and the reasonable
accounting methodology used by the
offeror to determine its cost, or the fair
market value of the remuneration;
(vii) The percentage and amount
contributed by the recipient;
(viii) If applicable, the frequency of
the recipient’s contribution payments
for ongoing costs; and
(ix) The outcome or process
measure(s) against which the recipient
will be measured.
(4) The parties to the value-based
arrangement establish one or more
legitimate outcome or process measures
that:
(i) The parties reasonably anticipate
will advance the coordination and
E:\FR\FM\02DER3.SGM
02DER3
77890
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
management of care for the target
patient population based on clinical
evidence or credible medical or health
sciences support;
(ii) Include one or more benchmarks
that are related to improving or
maintaining improvements in the
coordination and management of care
for the target patient population;
(iii) Are monitored, periodically
assessed, and prospectively revised as
necessary to ensure that the measure
and its benchmark continue to advance
the coordination and management of
care of the target patient population;
(iv) Relate to the remuneration
exchanged under the value-based
arrangement; and
(v) Are not based solely on patient
satisfaction or patient convenience.
(5) The offeror of the remuneration
does not take into account the volume
or value of, or condition the
remuneration on:
(i) Referrals of patients who are not
part of the target patient population; or
(ii) Business not covered under the
value-based arrangement.
(6) The recipient pays at least 15
percent of the offeror’s cost for the
remuneration, using any reasonable
accounting methodology, or the fair
market value of the in-kind
remuneration. If it is a one-time cost, the
recipient makes such contribution in
advance of receiving the in-kind
remuneration. If it is an ongoing cost,
the recipient makes such contribution at
reasonable, regular intervals.
(7) The value-based arrangement does
not:
(i) Limit the VBE participant’s ability
to make decisions in the best interests
of its patients;
(ii) Direct or restrict referrals to a
particular provider, practitioner, or
supplier if:
(A) A patient expresses a preference
for a different practitioner, provider, or
supplier;
(B) The patient’s payor determines the
provider, practitioner, or supplier; or
(C) Such direction or restriction is
contrary to applicable law under titles
XVIII and XIX of the Act; or
(iii) Induce parties to furnish
medically unnecessary items or
services, or reduce or limit medically
necessary items or services furnished to
any patient.
(8) The exchange of remuneration by
a limited technology participant and
another VBE participant or the VBE
must not be conditioned on any
recipient’s exclusive use or minimum
purchase of any item or service
manufactured, distributed, or sold by
the limited technology participant.
(9) The VBE, a VBE participant in the
value-based arrangement acting on the
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
VBE’s behalf, or the VBE’s accountable
body or responsible person reasonably
monitors and assesses the following and
reports the monitoring and assessment
of the following to the VBE’s
accountable body or responsible person,
as applicable, no less frequently than
annually or at least once during the term
of the value-based arrangement for
arrangements with terms of less than 1
year:
(i) The coordination and management
of care for the target patient population
in the value-based arrangement;
(ii) Any deficiencies in the delivery of
quality care under the value-based
arrangement; and
(iii) Progress toward achieving the
legitimate outcome or process
measure(s) in the value-based
arrangement.
(10) If the VBE’s accountable body or
responsible person determines, based on
the monitoring and assessment
conducted pursuant to paragraph (ee)(9)
of this section, that the value-based
arrangement has resulted in material
deficiencies in quality of care or is
unlikely to further the coordination and
management of care for the target
patient population, the parties must
within 60 days either:
(i) Terminate the arrangement; or
(ii) Develop and implement a
corrective action plan designed to
remedy the deficiencies within 120
days, and if the corrective action plan
fails to remedy the deficiencies within
120 days, terminate the value-based
arrangement.
(11) The offeror does not and should
not know that the remuneration is likely
to be diverted, resold, or used by the
recipient for an unlawful purpose.
(12) For a period of at least 6 years,
the VBE or VBE participant makes
available to the Secretary, upon request,
all materials and records sufficient to
establish compliance with the
conditions of this paragraph (ee).
(13) The remuneration is not
exchanged by:
(i) A pharmaceutical manufacturer,
distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily
compounds drugs or primarily
dispenses compounded drugs;
(v) Except to the extent the entity is
a limited technology participant, a
manufacturer of a device or medical
supply;
(vi) Except to the extent the entity or
individual is a limited technology
participant, an entity or individual that
sells or rents durable medical
equipment, prosthetics, orthotics, or
supplies covered by a Federal health
PO 00000
Frm 00208
Fmt 4701
Sfmt 4700
care program (other than a pharmacy or
a physician, provider, or other entity
that primarily furnishes services); or
(vii) A medical device distributor or
wholesaler that is not otherwise a
manufacturer of a device or medical
supplies.
(14) For purposes of this paragraph
(ee), the following definitions apply:
(i) Coordination and management of
care (or coordinating and managing
care) means the deliberate organization
of patient care activities and sharing of
information between two or more VBE
participants, one or more VBE
participants and the VBE, or one or
more VBE participants and patients, that
is designed to achieve safer, more
effective, or more efficient care to
improve the health outcomes of the
target patient population.
(ii) Digital health technology means
hardware, software, or services that
electronically capture, transmit,
aggregate, or analyze data and that are
used for the purpose of coordinating
and managing care; such term includes
any internet or other connectivity
service that is necessary and used to
enable the operation of the item or
service for that purpose.
(iii) Limited technology participant
means a VBE participant that exchanges
digital health technology with another
VBE participant or a VBE and that is:
(A) A manufacturer of a device or
medical supply, but not including a
manufacturer of a device or medical
supply that was obligated under 42 CFR
403.906 to report one or more
ownership or investment interests held
by a physician or an immediate family
member during the preceding calendar
year, or that reasonably anticipates that
it will be obligated to report one or more
ownership or investment interests held
by a physician or an immediate family
member during the present calendar
year (for purposes of this paragraph, the
terms ‘‘ownership or investment
interest,’’ ‘‘physician,’’ and ‘‘immediate
family member’’ have the same meaning
as set forth in 42 CFR 403.902); or
(B) An entity or individual that sells
or rents durable medical equipment,
prosthetics, orthotics, or supplies
covered by a Federal health care
program (other than a pharmacy or a
physician, provider, or other entity that
primarily furnishes services).
(iv) Manufacturer of a device or
medical supply means an entity that
meets the definition of applicable
manufacturer in 42 CFR 403.902
because it is engaged in the production,
preparation, propagation, compounding,
or conversion of a device or medical
supply that meets the definition of
covered drug, device, biological, or
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
medical supply in 42 CFR 403.902, but
not including entities under common
ownership with such entity.
(v) Target patient population means
an identified patient population
selected by the VBE or its VBE
participants using legitimate and
verifiable criteria that:
(A) Are set out in writing in advance
of the commencement of the valuebased arrangement; and
(B) Further the value-based
enterprise’s value-based purpose(s).
(vi) Value-based activity. (A) Means
any of the following activities, provided
that the activity is reasonably designed
to achieve at least one value-based
purpose of the value-based enterprise:
(1) The provision of an item or
service;
(2) The taking of an action; or
(3) The refraining from taking an
action; and
(B) Does not include the making of a
referral.
(vii) Value-based arrangement means
an arrangement for the provision of at
least one value-based activity for a target
patient population to which the only
parties are:
(A) The value-based enterprise and
one or more of its VBE participants; or
(B) VBE participants in the same
value-based enterprise.
(viii) Value-based enterprise or VBE
means two or more VBE participants:
(A) Collaborating to achieve at least
one value-based purpose;
(B) Each of which is a party to a
value-based arrangement with the other
or at least one other VBE participant in
the value-based enterprise;
(C) That have an accountable body or
person responsible for financial and
operational oversight of the value-based
enterprise; and
(D) That have a governing document
that describes the value-based enterprise
and how the VBE participants intend to
achieve its value-based purpose(s).
(ix) Value-based enterprise
participant or VBE participant means an
individual or entity that engages in at
least one value-based activity as part of
a value-based enterprise, other than a
patient acting in their capacity as a
patient.
(x) Value-based purpose means:
(A) Coordinating and managing the
care of a target patient population;
(B) Improving the quality of care for
a target patient population;
(C) Appropriately reducing the costs
to or growth in expenditures of payors
without reducing the quality of care for
a target patient population; or
(D) Transitioning from health care
delivery and payment mechanisms
based on the volume of items and
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
services provided to mechanisms based
on the quality of care and control of
costs of care for a target patient
population.
(ff) Value-based arrangements with
substantial downside financial risk. As
used in section 1128B of the Act,
‘‘remuneration’’ does not include the
exchange of payments or anything of
value between a VBE and a VBE
participant pursuant to a value-based
arrangement if all of the following
standards in paragraphs (ff)(1) through
(8) of this section are met:
(1) The remuneration is not
exchanged by:
(i) A pharmaceutical manufacturer,
distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily
compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or
medical supply;
(vi) An entity or individual that sells
or rents durable medical equipment,
prosthetics, orthotics, or supplies
covered by a Federal health care
program (other than a pharmacy or a
physician, provider, or other entity that
primarily furnishes services); or
(vii) A medical device distributor or
wholesaler that is not otherwise a
manufacturer of a device or medical
supplies.
(2) The VBE (directly or through a
VBE participant, other than a payor,
acting on the VBE’s behalf) has assumed
through a written contract or a valuebased arrangement (or has entered into
a written contract or a value-based
arrangement to assume in the next 6
months) substantial downside financial
risk from a payor for a period of at least
1 year.
(3) The VBE participant (unless the
VBE participant is the payor from which
the VBE is assuming risk) is at risk for
a meaningful share of the VBE’s
substantial downside financial risk for
providing or arranging for the provision
of items and services for the target
patient population.
(4) The remuneration provided by, or
shared among, the VBE and VBE
participant:
(i) Is directly connected to one or
more of the VBE’s value-based purposes,
at least one of which must be a valuebased purpose defined in
§ 1001.952(ee)(14)(x)(A), (B), or (C);
(ii) Unless exchanged pursuant to risk
methodologies defined in paragraph
(ff)(9)(i) or (ii) of this section, is used
predominantly to engage in value-based
activities that are directly connected to
the items and services for which the
VBE has assumed (or has entered into a
PO 00000
Frm 00209
Fmt 4701
Sfmt 4700
77891
written contract or value-based
arrangement to assume in the next 6
months) substantial downside financial
risk;
(iii) Does not include the offer or
receipt of an ownership or investment
interest in an entity or any distributions
related to such ownership or investment
interest; and
(iv) Is not exchanged or used for the
purpose of marketing items or services
furnished by the VBE or a VBE
participant to patients or for patient
recruitment activities.
(5) The value-based arrangement is set
forth in writing, is signed by the parties
in advance of, or contemporaneous
with, the commencement of the valuebased arrangement and any material
change to the value-based arrangement,
and specifies all material terms
including:
(i) Terms evidencing that the VBE is
at substantial downside financial risk or
will assume such risk in the next 6
months for the target patient population;
(ii) A description of the manner in
which the VBE participant (unless the
VBE participant is the payor from which
the VBE is assuming risk) has a
meaningful share of the VBE’s
substantial downside financial risk; and
(iii) The value-based activities, the
target patient population, and the type
of remuneration exchanged.
(6) The VBE or VBE participant
offering the remuneration does not take
into account the volume or value of, or
condition the remuneration on:
(i) Referrals of patients who are not
part of the target patient population; or
(ii) Business not covered under the
value-based arrangement.
(7) The value-based arrangement does
not:
(i) Limit the VBE participant’s ability
to make decisions in the best interests
of its patients;
(ii) Direct or restrict referrals to a
particular provider, practitioner, or
supplier if:
(A) A patient expresses a preference
for a different practitioner, provider, or
supplier;
(B) The patient’s payor determines the
provider, practitioner, or supplier; or
(C) Such direction or restriction is
contrary to applicable law under titles
XVIII and XIX of the Act; or
(iii) Induce parties to reduce or limit
medically necessary items or services
furnished to any patient.
(8) For a period of at least 6 years, the
VBE or VBE participant makes available
to the Secretary, upon request, all
materials and records sufficient to
establish compliance with the
conditions of this paragraph (ff).
(9) For purposes of this paragraph (ff),
the following definitions apply:
E:\FR\FM\02DER3.SGM
02DER3
77892
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
(i) Substantial downside financial risk
means:
(A) Financial risk equal to at least 30
percent of any loss, where losses and
savings are calculated by comparing
current expenditures for all items and
services that are covered by the
applicable payor and furnished to the
target patient population to a bona fide
benchmark designed to approximate the
expected total cost of such care;
(B) Financial risk equal to at least 20
percent of any loss, where:
(1) Losses and savings are calculated
by comparing current expenditures for
all items and services furnished to the
target patient population pursuant to a
defined clinical episode of care that are
covered by the applicable payor to a
bona fide benchmark designed to
approximate the expected total cost of
such care for the defined clinical
episode of care; and
(2) The parties design the clinical
episode of care to cover items and
services collectively furnished in more
than one care setting; or
(C) The VBE receives from the payor
a prospective, per-patient payment that
is:
(1) Designed to produce material
savings; and
(2) Paid on a monthly, quarterly, or
annual basis for a predefined set of
items and services furnished to the
target patient population, designed to
approximate the expected total cost of
expenditures for the predefined set of
items and services.
(ii) Meaningful share means the VBE
participant:
(A) Assumes two-sided risk for at
least 5 percent of the losses and savings,
as applicable, realized by the VBE
pursuant to its assumption of
substantial downside financial risk; or
(B) Receives from the VBE a
prospective, per-patient payment on a
monthly, quarterly, or annual basis for
a predefined set of items and services
furnished to the target patient
population, designed to approximate the
expected total cost of expenditures for
the predefined set of items and services,
and does not claim payment in any form
from the payor for the predefined items
and services.
(iii) Manufacturer of a device or
medical supply, target patient
population, value-based activity, valuebased arrangement, value-based
enterprise, value-based purpose, and
VBE participant shall have the meaning
set forth in paragraph (ee) of this
section.
(gg) Value-based arrangements with
full financial risk. As used in section
1128B of the Act, ‘‘remuneration’’ does
not include the exchange of payments or
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
anything of value between the VBE and
a VBE participant pursuant to a valuebased arrangement if all of the standards
in paragraphs (gg)(1) through (9) of this
section are met:
(1) The remuneration is not
exchanged by:
(i) A pharmaceutical manufacturer,
distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily
compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or
medical supply;
(vi) An entity or individual that sells
or rents durable medical equipment,
prosthetics, orthotics, or supplies
covered by a Federal health care
program (other than a pharmacy or a
physician, provider, or other entity that
primarily furnishes services); or
(vii) A medical device distributor or
wholesaler that is not otherwise a
manufacturer of a device or medical
supplies.
(2) The VBE (directly or through a
VBE participant, other than a payor,
acting on behalf of the VBE) has
assumed through a written contract or a
value-based arrangement (or has entered
into a written contract or a value-based
arrangement to assume in the next 1
year) full financial risk from a payor.
(3) The value-based arrangement is set
forth in writing, is signed by the parties,
and specifies all material terms,
including the value-based activities and
the term.
(4) The VBE participant (unless the
VBE participant is a payor) does not
claim payment in any form from the
payor for items or services covered
under the contract or value-based
arrangement between the VBE and the
payor described in paragraph (2).
(5) The remuneration provided by, or
shared among, the VBE and VBE
participant:
(i) Is directly connected to one or
more of the VBE’s value-based purposes;
(ii) Does not include the offer or
receipt of an ownership or investment
interest in an entity or any distributions
related to such ownership or investment
interest; and
(iii) Is not exchanged or used for the
purpose of marketing items or services
furnished by the VBE or a VBE
participant to patients or for patient
recruitment activities.
(6) The value-based arrangement does
not induce parties to reduce or limit
medically necessary items or services
furnished to any patient.
(7) The VBE or VBE participant
offering the remuneration does not take
into account the volume or value of, or
condition the remuneration on:
PO 00000
Frm 00210
Fmt 4701
Sfmt 4700
(i) Referrals of patients who are not
part of the target patient population; or
(ii) Business not covered under the
value-based arrangement.
(8) The VBE provides or arranges for
a quality assurance program for services
furnished to the target patient
population that:
(i) Protects against underutilization;
and
(ii) Assesses the quality of care
furnished to the target patient
population.
(9) For a period of at least 6 years, the
VBE or VBE participant makes available
to the Secretary, upon request, all
materials and records sufficient to
establish compliance with the
conditions of this paragraph (gg).
(10) For purposes of this paragraph
(gg), the following definitions apply:
(i) Full financial risk means the VBE
is financially responsible on a
prospective basis for the cost of all items
and services covered by the applicable
payor for each patient in the target
patient population for a term of at least
1 year.
(ii) Prospective basis means that the
VBE has assumed financial
responsibility for the cost of all items
and services covered by the applicable
payor prior to the provision of items and
services to patients in the target patient
population.
(iii) Items and services means health
care items, devices, supplies, and
services.
(iv) Manufacturer of a device or
medical supply, target patient
population, value-based activity, valuebased arrangement, value-based
enterprise, value-based purpose, and
VBE participant shall have the meaning
set forth in paragraph (ee) of this
section.
(hh) Arrangements for patient
engagement and support to improve
quality, health outcomes, and efficiency.
As used in section 1128B of the Act,
‘‘remuneration’’ does not include a
patient engagement tool or support
furnished by a VBE participant to a
patient in the target patient population
of a value-based arrangement to which
the VBE participant is a party if all of
the conditions in paragraphs (hh)(1)
through (9) of this section are met:
(1) The VBE participant is not:
(i) A pharmaceutical manufacturer,
distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily
compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or
medical supply, unless the patient
engagement tool or support is digital
health technology;
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
(vi) An entity or individual that sells
or rents durable medical equipment,
prosthetics, orthotics, or supplies
covered by a Federal health care
program (other than a pharmacy, a
manufacturer of a device or medical
supply, or a physician, provider, or
other entity that primarily furnishes
services);
(vii) A medical device distributor or
wholesaler that is not otherwise a
manufacturer of a device or medical
supply; or
(viii) A manufacturer of a device or
medical supply that was obligated
under 42 CFR 403.906 to report one or
more ownership or investment interests
held by a physician or an immediate
family member during the preceding
calendar year, or that reasonably
anticipates that it will be obligated to
report one or more ownership or
investment interests held by a physician
or an immediate family member during
the present calendar year, even if the
patient engagement tool or support is
digital health technology (for purposes
of this paragraph, the terms ‘‘ownership
or investment interest,’’ ‘‘physician,’’
and ‘‘immediate family member’’ have
the same meaning as set forth in 42 CFR
403.902).
(2) The patient engagement tool or
support is furnished directly to the
patient (or the patient’s caregiver, family
member, or other individual acting on
the patient’s behalf) by a VBE
participant that is a party to the valuebased arrangement or its eligible agent.
(3) The patient engagement tool or
support:
(i) Is an in-kind item, good, or service;
(ii) That has a direct connection to the
coordination and management of care of
the target patient population;
(iii) Does not include any cash or cash
equivalent;
(iv) Does not result in medically
unnecessary or inappropriate items or
services reimbursed in whole or in part
by a Federal health care program;
(v) Is recommended by the patient’s
licensed health care professional; and
(vi) Advances one or more of the
following goals:
(A) Adherence to a treatment regimen
determined by the patient’s licensed
health care professional.
(B) Adherence to a drug regimen
determined by the patient’s licensed
health care professional.
(C) Adherence to a followup care plan
established by the patient’s licensed
health care professional.
(D) Prevention or management of a
disease or condition as directed by the
patient’s licensed health care
professional.
(E) Ensure patient safety.
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
(4) The patient engagement tool or
support is not funded or contributed by:
(i) A VBE participant that is not a
party to the applicable value-based
arrangement; or
(ii) An entity listed in paragraph
(hh)(1) of this section.
(5) The aggregate retail value of
patient engagement tools and supports
furnished to a patient by a VBE
participant on an annual basis does not
exceed $500. The monetary cap set forth
in this paragraph (hh)(5) is adjusted
each calendar year to the nearest whole
dollar by the increase in the Consumer
Price Index—Urban All Items (CPI–U)
for the 12-month period ending the
preceding September 30. OIG will
publish guidance after September 30 of
each year reflecting the increase in the
CPI–U for the 12-month period ending
September 30 and the new monetary
cap applicable for the following
calendar year.
(6) The VBE participant or any
eligible agent does not exchange or use
the patient engagement tools or supports
to market other reimbursable items or
services or for patient recruitment
purposes.
(7) For a period of at least 6 years, the
VBE participant makes available to the
Secretary, upon request, all materials
and records sufficient to establish that
the patient engagement tool or support
was distributed in a manner that meets
the conditions of this paragraph (hh).
(8) The availability of a tool or
support is not determined in a manner
that takes into account the type of
insurance coverage of the patient.
(9) For purposes of this paragraph
(hh), the following definitions apply:
(i) Eligible agent means any person or
entity that is not identified in
paragraphs (hh)(1)(i) through (viii) of
this section as ineligible to furnish
protected tools and supports under this
paragraph.
(ii) Coordination and management of
care, target patient population, valuebased arrangement, VBE, VBE
participant, manufacturer of a device or
medical supply, and digital health
technology shall have the meaning set
forth in paragraph (ee) of this section.
(ii) CMS-sponsored model
arrangements and CMS-sponsored
model patient incentives.
(1) As used in section 1128B of the
Act, ‘‘remuneration’’ does not include
an exchange of anything of value
between or among CMS-sponsored
model parties under a CMS-sponsored
model arrangement for which CMS has
determined that this safe harbor is
available if all of the following
conditions are met:
PO 00000
Frm 00211
Fmt 4701
Sfmt 4700
77893
(i) The CMS-sponsored model parties
reasonably determine that the CMSsponsored model arrangement will
advance one or more goals of the CMSsponsored model;
(ii) The exchange of value does not
induce CMS-sponsored model parties or
other providers or suppliers to furnish
medically unnecessary items or
services, or reduce or limit medically
necessary items or services furnished to
any patient;
(iii) The CMS-sponsored model
parties do not offer, pay, solicit, or
receive remuneration in return for, or to
induce or reward, any Federal health
care program referrals or other Federal
health care program business generated
outside of the CMS-sponsored model;
(iv) The CMS-sponsored model
parties in advance of or
contemporaneous with the
commencement of the CMS-sponsored
model arrangement set forth the terms of
the CMS-sponsored model arrangement
in a signed writing. The writing must
specify at a minimum the activities to be
undertaken by the CMS-sponsored
model parties and the nature of the
remuneration to be exchanged under the
CMS-sponsored model arrangement;
(v) The parties to the CMS-sponsored
model arrangement make available to
the Secretary, upon request, all
materials and records sufficient to
establish whether the remuneration was
exchanged in a manner that meets the
conditions of this safe harbor; and
(vi) The CMS-sponsored model
parties satisfy such programmatic
requirements as may be imposed by
CMS in connection with the use of this
safe harbor.
(2) As used in section 1128B of the
Act, ‘‘remuneration’’ does not include a
CMS-sponsored model patient incentive
for which CMS has determined that this
safe harbor is available if all of the
following conditions are met:
(i) The CMS-sponsored model
participant reasonably determines that
the CMS-sponsored model patient
incentive will advance one or more
goals of the CMS-sponsored model;
(ii) The CMS-sponsored model patient
incentive has a direct connection to the
patient’s health care unless the
participation documentation expressly
specifies a different standard;
(iii) The CMS-sponsored model
patient incentive is furnished by a CMSsponsored model participant (or by an
agent of the CMS-sponsored model
participant under the CMS-sponsored
model participant’s direction and
control), unless otherwise specified by
the participation documentation;
(iv) The CMS-sponsored model
participant makes available to the
E:\FR\FM\02DER3.SGM
02DER3
77894
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Secretary, upon request, all materials
and records sufficient to establish
whether the CMS-sponsored model
patient incentive was distributed in a
manner that meets the conditions of this
safe harbor; and
(v) The CMS-sponsored model patient
incentive is furnished consistent with
the CMS-sponsored model and satisfies
such programmatic requirements as may
be imposed by CMS in connection with
the use of this safe harbor.
(3) For purposes of this paragraph (ii),
the following definitions apply:
(i) CMS-sponsored model means:
(A) A model being tested under
section 1115A(b) of the Act or a model
expanded under section 1115A(c) of the
Act; or
(B) The Medicare shared savings
program under section 1899 of the Act.
(ii) CMS-sponsored model
arrangement means a financial
arrangement between or among CMSsponsored model parties to engage in
activities under the CMS-sponsored
model that is consistent with, and is not
a type of arrangement prohibited by, the
participation documentation.
(iii) CMS-sponsored model
participant means an individual or
entity that is subject to and is operating
under participation documentation with
CMS to participate in a CMS-sponsored
model.
(iv) CMS-sponsored model party
means:
(A) A CMS-sponsored model
participant; or
(B) Another individual or entity
whom the participation documentation
specifies may enter into a CMSsponsored model arrangement.
(v) CMS-sponsored model patient
incentive means remuneration not of a
type prohibited by the participation
documentation that is furnished to a
patient under the terms of a CMSsponsored model.
(vi) Participation documentation
means the participation agreement, legal
instrument setting forth the terms and
conditions of a grant or cooperative
agreement, regulations, or modelspecific addendum to an existing
contract with CMS that specifies the
terms of a CMS-sponsored model.
(4) For purposes of remuneration that
satisfies this paragraph (ii), the safe
harbor protects:
(i) For a CMS-sponsored model
governed by participation
documentation other than the legal
instrument setting forth the terms and
conditions of a grant or a cooperative
agreement, the exchange of
remuneration between CMS-sponsored
model parties that occurs on or after the
first day on which services under the
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
CMS-sponsored model begin and no
later than 6 months after the final
payment determination made by CMS
under the model;
(ii) For a CMS-sponsored model
governed by the legal instrument setting
forth the terms and conditions of a grant
or cooperative agreement, the exchange
of remuneration between CMSsponsored model parties that occurs on
or after the first day of the period of
performance (as defined at 45 CFR 75.2)
or such other date specified in the
participation documentation and no
later than 6 months after closeout occurs
pursuant to 45 CFR 75.381; and
(iii) For a CMS-sponsored model
patient incentive, an incentive given on
or after the first day on which patient
care services may be furnished under
the CMS-sponsored model as specified
by CMS in the participation
documentation and no later than the last
day on which patient care services may
be furnished under the CMS-sponsored
model, unless a different timeframe is
established in the participation
documentation. A patient may retain
any incentives furnished in compliance
with paragraph (ii)(2) of this section.
(jj) Cybersecurity technology and
related services. As used in section
1128B of the Act, ‘‘remuneration’’ does
not include nonmonetary remuneration
(consisting of cybersecurity technology
and services) that is necessary and used
predominantly to implement, maintain,
or reestablish effective cybersecurity if
all of the conditions in paragraphs (jj)(1)
through (4) of this section are met.
(1) The donor does not:
(i) Directly take into account the
volume or value of referrals or other
business generated between the parties
when determining the eligibility of a
potential recipient for the technology or
services, or the amount or nature of the
technology or services to be donated; or
(ii) Condition the donation of
technology or services, or the amount or
nature of the technology or services to
be donated, on future referrals.
(2) Neither the recipient nor the
recipient’s practice (or any affiliated
individual or entity) makes the receipt
of technology or services, or the amount
or nature of the technology or services,
a condition of doing business with the
donor.
(3) A general description of the
technology and services being provided
and the amount of the recipient’s
contribution, if any, are set forth in
writing and signed by the parties.
(4) The donor does not shift the costs
of the technology or services to any
Federal health care program.
(5) For purposes of this paragraph (jj)
the following definitions apply:
PO 00000
Frm 00212
Fmt 4701
Sfmt 4700
(i) Cybersecurity means the process of
protecting information by preventing,
detecting, and responding to
cyberattacks.
(ii) Technology means any software or
other types of information technology.
(kk) ACO Beneficiary Incentive
Program. As used in section 1128B of
the Act, ‘‘remuneration’’ does not
include an incentive payment made by
an ACO to an assigned beneficiary
under a beneficiary incentive program
established under section 1899(m) of the
Act, as amended by Congress from time
to time, if the incentive payment is
made in accordance with the
requirements found in such subsection.
PART 1003—CIVIL MONEY
PENALTIES, ASSESSMENTS AND
EXCLUSIONS
3. The authority citation for part 1003
continues to read as follows:
■
Authority: 42 U.S.C. 262a, 1302, 1320–7,
1320a–7a, 1320b–10, 1395u(j), 1395u(k),
1395cc(j), 1395w–141(i)(3), 1395dd(d)(1),
1395mm, 1395nn(g), 1395ss(d), 1396b(m),
11131(c), and 11137(b)(2).
4. Section 1003.110 is amended—
a. In the definition of ‘‘Remuneration’’
by adding paragraph (10); and
■ b. By adding in alphabetical order a
definition for ‘‘Telehealth
technologies.’’
The additions read as follows:
■
■
§ 1003.110
Definitions.
*
*
*
*
*
Remuneration * * *
*
*
*
*
*
(10) The provision of telehealth
technologies by a provider of services,
physician, or a renal dialysis facility (as
such terms are defined for purposes of
title XVIII of the Act) to an individual
with end-stage renal disease who is
receiving home dialysis for which
payment is being made under part B of
such title, if:
(i) The telehealth technologies are
furnished to the individual by the
provider of services, physician, or the
renal dialysis facility that is currently
providing the in-home dialysis,
telehealth services, or other end-stage
renal disease care to the individual, or
has been selected or contacted by the
individual to schedule an appointment
or provide services;
(ii) The telehealth technologies are
not offered as part of any advertisement
or solicitation; and
(iii) The telehealth technologies are
provided for the purpose of furnishing
telehealth services related to the
individual’s end-stage renal disease.
*
*
*
*
*
E:\FR\FM\02DER3.SGM
02DER3
Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 / Rules and Regulations
Telehealth technologies, for purposes
of paragraph (10) of the definition of the
term ‘‘remuneration’’ as set forth in this
section, means hardware, software, and
services that support distant or remote
communication between the patient and
provider, physician, or renal dialysis
77895
facility for diagnosis, intervention, or
ongoing care management.
*
*
*
*
*
Christi A. Grimm,
Principal Deputy, Inspector General.
Alex M. Azar II,
Secretary.
[FR Doc. 2020–26072 Filed 11–20–20; 4:30 pm]
BILLING CODE 4152–01–P
VerDate Sep<11>2014
18:30 Dec 01, 2020
Jkt 253001
PO 00000
Frm 00213
Fmt 4701
Sfmt 9990
E:\FR\FM\02DER3.SGM
02DER3
]]>Agencies
[Federal Register Volume 85, Number 232 (Wednesday, December 2, 2020)]
[Rules and Regulations]
[Pages 77684-77895]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-26072]
[[Page 77683]]
Vol. 85
Wednesday,
No. 232
December 2, 2020
Part III
Department of Health and Human Services
-----------------------------------------------------------------------
Office of Inspector General
-----------------------------------------------------------------------
42 CFR Parts 1001 and 1003
Medicare and State Health Care Programs: Fraud and Abuse; Revisions to
Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary
Penalty Rules Regarding Beneficiary Inducements; Final Rule
��Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 /
Rules and Regulations��
[[Page 77684]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Inspector General
42 CFR Parts 1001 and 1003
RIN 0936-AA10
Medicare and State Health Care Programs: Fraud and Abuse;
Revisions to Safe Harbors Under the Anti-Kickback Statute, and Civil
Monetary Penalty Rules Regarding Beneficiary Inducements
AGENCY: Office of Inspector General (OIG), Department of Health and
Human Services (HHS).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This final rule amends the safe harbors to the Federal anti-
kickback statute by adding new safe harbors and modifying existing safe
harbors that protect certain payment practices and business
arrangements from sanctions under the anti-kickback statute. This rule
is issued in conjunction with the Department of Health and Human
Services' (HHS's) Regulatory Sprint to Coordinated Care and focuses on
care coordination and value-based care. This rule also amends the civil
monetary penalty (CMP) rules by codifying a revision to the definition
of ``remuneration'' added by the Bipartisan Budget Act of 2018 (Budget
Act of 2018).
DATES: These regulations are effective January 19, 2021.
FOR FURTHER INFORMATION CONTACT: Stewart Kameen or Samantha Flanzer,
Office of Counsel to the Inspector General, (202) 619-0335.
SUPPLEMENTARY INFORMATION:
------------------------------------------------------------------------
Social Security Act citation United States Code citation
------------------------------------------------------------------------
1128B, 1128D, 1102, 1128A................. 42 U.S.C. 1320a-7b, 42
U.S.C. 1320a-7d, 42 U.S.C.
1302, 42 U.S.C. 1320a-7a.
------------------------------------------------------------------------
I. Executive Summary
A. Purpose of the Regulatory Action
The Secretary of HHS (the Secretary) has identified transforming
the U.S. health care system to one that pays for value as a top
priority. Unlike the traditional fee-for-service (FFS) payment system,
which rewards providers for the volume of care delivered, a value-
driven health care system is one that pays for health and outcomes.
Delivering better value from the health care system will require the
transformation of established practices and enhanced collaboration
among providers and other individuals and entities. The purpose of this
rulemaking is to finalize modifications to existing safe harbors to the
Federal anti-kickback statute and finalize the addition of new safe
harbors and a new exception to the civil monetary penalty provision
prohibiting inducements to beneficiaries, ``Beneficiary Inducements
CMP,'' to remove potential barriers to more effective coordination and
management of patient care and delivery of value-based care.
The Department launched the Regulatory Sprint with the express
purpose of removing potential regulatory barriers to care coordination
and value-based care created by certain key health care laws and
associated regulations, including the Federal anti-kickback statute and
Beneficiary Inducements CMP.\1\ Through the Regulatory Sprint, HHS aims
to encourage and improve patients' experience of care, providers'
coordination of care, and information sharing to facilitate efficient
care and preserve and protect patients' access to data.
---------------------------------------------------------------------------
\1\ The Federal anti-kickback statute is codified at 42 U.S.C.
1320a-7b(b); the Beneficiary Inducements CMP is codified at 42
U.S.C. 1320a-7a(a)(5). Additionally, the Regulatory Sprint includes
the physician self-referral law, 42 U.S.C. 1395nn, 42 CFR part 2,
and provisions of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA).
---------------------------------------------------------------------------
The Federal anti-kickback statute is an intent-based, criminal
statute that prohibits intentional payments, whether monetary or in-
kind, in exchange for referrals or other Federal health care program
business. Safe harbor regulations describe various payment and business
practices that, although they potentially implicate the Federal anti-
kickback statute, are not treated as offenses under the statute.
Compliance with a safe harbor is voluntary. The Beneficiary Inducements
CMP is a civil, administrative statute that prohibits knowingly
offering something of value to a Medicare or State health care program
beneficiary to induce them to select a particular provider,
practitioner, or supplier.
Stakeholders have raised concerns that these statutes have chilling
effect on innovation and value-based care because arrangements in which
providers and others coordinate the care of patients with other
providers, share resources among themselves to facilitate better care
coordination, share in the benefits of more efficient care delivery,
and engage and support patients can implicate these statutes.
B. The Proposed Rule
On October 17, 2019, OIG published a notice of proposed rulemaking
\2\ (OIG Proposed Rule) to add or amend various regulatory protections
under the Federal anti-kickback statute and Beneficiary Inducements CMP
with the goal of proposing protections for certain value-based
arrangements that would improve quality, outcomes, and efficiency. The
proposals focused on arrangements to advance the coordination and
management of patient care, with an aim to support innovative methods
and novel arrangements, including the use of digital health technology
such as remote patient monitoring and telehealth. We proposed safe
harbors for value-based arrangements where the parties assume full
financial risk, substantial downside financial risk, and no or lower
risk. The proposed safe harbors offered more flexibility for
arrangements where the parties assumed more financial risk. Consistent
with OIG's law enforcement mission and section 1128D(a)(2)(I) of the
Act, the proposals included safeguards tailored to protect Federal
health care programs and beneficiaries from the risks of fraud and
abuse associated with kickbacks, such as overutilization and
inappropriate patient steering, as well as risks associated with risk-
based payment mechanisms, such as stinting on care.
---------------------------------------------------------------------------
\2\ 84 FR 55694 (Oct. 17, 2019). In connection with the
Regulatory Sprint, and to help develop the proposals in the OIG
Proposed Rule, OIG published a Request for Information (OIG RFI)
seeking input on new or modified safe harbors to promote care
coordination and value-based care and protect patients and taxpayer
dollars from harms cause by fraud and abuse. 83 FR 43607 (Aug. 27,
2018).
---------------------------------------------------------------------------
The OIG Proposed Rule proposed new terminology to define the
universe of value-based arrangements that could qualify for the new
safe harbors, proposing to require that providers, suppliers,
practitioners, and others would form value-based enterprises (VBEs) to
collaborate to achieve value-based purposes, such as coordinating and
managing a target patient population, improving quality of care for a
target patient population, and reducing costs. VBEs could be large or
small. VBEs could be formal corporate structures or looser
affiliations. Under the proposed definition, VBEs would be required to
have an accountable body and transparent governance. We proposed that
some types of entities would not be eligible to use the value-based
safe harbors because of heightened fraud risk and because the entities
did not play a central, frontline role in coordinating and managing
patient care.
[[Page 77685]]
The OIG Proposed Rule proposed to modify existing safe harbors that
advance coordinated care for patients, including information sharing.
OIG proposed modifications to existing safe harbors for local
transportation, electronic health records arrangements, and personal
services and management contracts. Further, the OIG Proposed Rule
proposed new protections for outcomes-based payments, cybersecurity
technology and services arrangements, remuneration in connection with
CMS-sponsored models (largely supplanting the need for separate OIG
fraud and abuse waivers for these models), telehealth technologies for
in-home dialysis patients (statutory), and Medicare Shared Savings
Program ACO beneficiary incentives (statutory). For each new safe
harbor or exception, OIG proposed a set of conditions designed to
ensure that the safe harbor or exception protected beneficial
arrangements and reduced risks of fraud and abuse.
Taken as a whole, the OIG Proposed Rule proposed significant new
flexibilities for value-based arrangements and modernization of the
safe harbor regulations to account for the ongoing evolution of the
health care delivery system. OIG developed its proposals in
coordination with the Centers for Medicare & Medicaid Services (CMS),
which concurrently issued proposed regulations in connection with the
Regulatory Sprint (CMS NPRM).\3\ OIG solicited comments on the wide
range of issues raised by the proposals. We received 337 timely
comments, 327 of which were unique, from a broad range of stakeholders.
---------------------------------------------------------------------------
\3\ 84 FR 55766 (Oct. 17, 2019).
---------------------------------------------------------------------------
C. The Final Rule
We are finalizing the proposed new and modified anti-kickback
statute safe harbors and exception to the Beneficiary Inducements CMP,
with modifications and clarifications explained in the preamble to this
rule. Stakeholder reaction was largely positive, although many
commenters raised concerns and expressed preferences about specific
provisions. Some commenters raised concerns about potential risks of
fraud and impacts on competition.
In this final rule, we sought to strike the right balance between
flexibility for beneficial innovation and better coordinated patient
care with necessary safeguards to protect patients and Federal health
care programs. Many beneficial arrangements do not implicate the anti-
kickback statute and do not need protection. For example, the parties
may be exchanging nothing of value between them or the arrangements
might involve no Federal health care program patients or business.
Other beneficial arrangements might implicate the statute (for example,
the arrangement might involve parties that are exchanging something of
value and are in a position to refer Federal health care program
business between them) but will not fit in these or other available
safe harbors. Arrangements are not necessarily unlawful because they do
not fit in a safe harbor. Arrangements that do not fit in a safe harbor
are analyzed for compliance with the Federal anti-kickback statute
based on the totality of their facts and circumstances, including the
intent of the parties. Some care coordination and value-based
arrangements can be structured to fit in existing safe harbors.
Flexibilities to engage in new business, care delivery, and digital
health technology arrangements with lowered compliance risk may assist
industry stakeholders in their response to and recovery from the
current public health emergency resulting from the novel coronavirus
disease 2019 (COVID-19) pandemic. The final rule may also help
providers and others develop sustainable value-based care delivery
models for the future.
1. Final Anti-Kickback Statute Safe Harbors
We are finalizing the following regulations, as explained in
section III of this preamble.
Terminology and Framework. We are finalizing, with modifications,
the proposed terminology that describes VBEs and VBE participants
eligible to use the value-based safe harbors and the tiered framework
of three value-based safe harbors that vary based on the level of risk
assumed by the parties, with more flexibility associated with
assumption of more risk. See section III.2.1-2 for further discussion.
Safe Harbors for Value-Based Arrangements. We are finalizing, with
modifications, three new safe harbors for remuneration exchanged
between or among participants in a value-based arrangement (as further
defined) that fosters better coordinated and managed patient care:
(i) Care coordination arrangements to improve quality, health
outcomes, and efficiency (paragraph 1001.952(ee)) without requiring the
parties to assume risk;
(ii) value-based arrangements with substantial downside financial
risk (paragraph 1001.952(ff)); and,
(iii) value-based arrangements with full financial risk (paragraph
1001.952(gg)).
These safe harbors address a broad range of potential value-based
arrangements for care coordination activities, including use of digital
health technology. We discuss each safe harbor in more detail in
section III.B.3-5. The value-based safe harbors vary, among other ways,
by the types of remuneration protected (in-kind or in-kind and
monetary), the types of entities eligible to rely on the safe harbors,
the level of financial risk assumed by the parties, and the types of
safeguards included as safe harbor conditions. By design, these safe
harbors offer flexibility for innovation and customization of value-
based arrangements to the size, resources, needs, and goals of the
parties to them. The safe harbors allow for emerging arrangements that
reflect up-to-date understandings in medicine, science, and technology.
These three new safe harbors are not the exclusive, available safe
harbors for care coordination or value-based arrangements. All three
value-based safe harbors offer protection for in-kind remuneration,
such as technology or services. However, only the safe harbors for
value-based arrangements with substantial assumption of risk
(paragraphs 1001.952(ff) and (gg)) protect monetary remuneration. The
care coordination arrangements safe harbor at paragraph 1001.952(ee),
which requires little or no assumption of risk, does not. However,
parties to arrangements involving monetary remuneration, such as shared
savings or performance bonus payments, may be eligible for the new
protection for outcomes-based payments at paragraph 1001.952(d)(2).
Parties to arrangements under CMS-sponsored models may prefer to look
to the new safe harbor specifically for those models at paragraph
1001.952(ii).
As explained at section III.B.2.e below, entities ineligible to use
the value-based safe harbors are: Pharmaceutical manufacturers,
distributors, and wholesalers; pharmacy benefit managers (PBMs);
laboratory companies; pharmacies that primarily compound drugs or
primarily dispense compounded drugs; manufacturers of devices or
medical supplies; entities or individuals that sell or rent durable
medical equipment, prosthetics, orthotics and supplies (DMEPOS) (other
than a pharmacy or a physician, provider, or other entity that
primarily furnishes services); and medical device distributors and
wholesalers. However, the care coordination arrangements safe harbor
includes a separate pathway, with specific conditions, that protects
digital technology arrangements (as
[[Page 77686]]
defined at paragraph 1001.952(ee)(14)) involving manufacturers of
devices or medical supplies and DMEPOS.
Patient Engagement and Support Safe Harbor. We are finalizing, with
modifications, a new safe harbor (paragraph 1001.952(hh)) for patient
engagement tools and supports furnished by a participant in a value-
based enterprise to a patient in a target patient population (discussed
in section III.B.6). This safe harbor uses the same ineligible entities
list as the value-based safe harbors, above, but includes a pathway for
manufacturers of devices or medical supplies to provide digital health
technology.
CMS-Sponsored Models Safe Harbor. We are finalizing, with
modifications, a new safe harbor (paragraph 1001.952(ii)) for CMS-
sponsored model arrangements and CMS-sponsored model patient incentives
that would require OIG fraud and abuse waivers. This safe harbor
(discussed at section III.B.7) is intended to provide greater
predictability model participants and uniformity across models. It will
reduce the need for separate OIG fraud and abuse waivers for new CMS-
sponsored models.
Cybersecurity Technology and Services Safe Harbor. We are
finalizing, with modifications, a new safe harbor (paragraph
1001.952(jj)) for remuneration in the form of cybersecurity technology
and services (discussed at section III.B.8). This safe harbor will
facilitate improved cybersecurity in health care and is available to
all types of individuals and entities.
Electronic Health Records Safe Harbor. We are finalizing our
proposal to modify the existing safe harbor for electronic health
records items and services (paragraph 1001.952(y)). We are finalizing,
with modifications, changes to update and remove provisions regarding
interoperability, remove the sunset provision and prohibition on
donation of equivalent technology, and clarify protections for
cybersecurity technology and services included in an electronic health
records arrangement (discussed at section III.B.9).
Personal Services and Management Contracts and Outcomes-Based
Payments. We are finalizing our proposal to modify the existing safe
harbor for personal services and management contracts (paragraph
1001.952(d)(1)). We are finalizing, without modification, changes to
increase flexibility for part-time or sporadic arrangements and
arrangements for which aggregate compensation is not known in advance.
We are also a finalizing, with modifications, new protection for
outcomes-based payments (paragraph 1001.952(d)(2)). These changes are
discussed at section III.B.10. The new safe harbor for outcomes-based
payments protects payments tied to achieving measurable outcomes that
improve patient or population health or appropriately reduce payor
costs. It makes ineligible the same entities that are ineligible for
the value-based safe harbors.
Warranties. We are finalizing our proposal to modify the existing
safe harbor for warranties (paragraph 1001.952(g)). We are finalizing,
without modification, revisions to the definition of ``warranty'' and
to provide protection for warranties for one or more items and related
services (discussed at section III.B.11). This safe harbor is available
to any type of entity.
Local Transportation. We are finalizing our proposal to modify the
existing safe harbor for local transportation furnished to
beneficiaries (paragraph 1001.952(bb)). We are finalizing, with
modifications, changes to expand mileage limits for rural areas (up to
75 miles) and eliminate mileage limits for transportation to convey
patients discharged from the hospital to their place of residence
(discussed at section III.B.12). We also clarify that the safe harbor
is available for transportation provided through rideshare
arrangements.
ACO Beneficiary Incentives. We are codifying, without modification
to our proposal, the statutory exception to the definition of
``remuneration'' at section 1128B(b)(3)(K) of the Act related to ACO
Beneficiary Incentive Programs for the Medicare Shared Savings Program
(paragraph 1001.952(kk)) (discussed at section III.B.13).
2. Beneficiary Inducements CMP
The final rule amends the Beneficiary Inducements CMP regulations
at 42 CFR 1003 as follows:
Telehealth Technologies for In-Home Dialysis Patients. We are
codifying the statutory exception for ``telehealth technologies''
furnished to certain in-home dialysis patients, pursuant to section
50302(c) of the Budget Act of 2018 (discussed at section III.C.1). We
are finalizing our proposal with modifications.
By operation of law, arrangements that fit in the new and modified
Federal anti-kickback statute safe harbors for patient engagement and
support, paragraph 1001.952(hh), and local transportation, paragraph
1001.952(bb), are also protected under the Beneficiary Inducements CMP.
II. Background
A. Purpose and Need for Regulatory Action
HHS's Regulatory Sprint aims to remove potential regulatory
barriers to care coordination and value-based care created by four key
health care laws and associated regulations: (i) The physician self-
referral law, (ii) the Federal anti-kickback statute, (iii) the Health
Insurance Portability and Accountability Act of 1996 (HIPAA),\4\ and
(iv) rules under 42 CFR part 2 related to substance use disorder
treatment.
---------------------------------------------------------------------------
\4\ Public Law 104-191, 110 Stat. 1936.
---------------------------------------------------------------------------
Through the Regulatory Sprint, HHS aims to encourage and improve:
A patient's ability to understand treatment plans and make
empowered decisions;
providers' alignment on end-to-end treatment (i.e.,
coordination among providers along the patient's full care journey);
incentives for providers to coordinate, collaborate, and
provide patients tools and supports to be more involved in their own
care; and
information sharing among providers, facilities, and other
stakeholders in a manner that facilitates efficient care while
preserving and protecting patient access to data.
Since the enactment in 1972 of the Federal anti-kickback statute,
there have been significant changes in the delivery of, and payment
for, health care items and services both within the Medicare and
Medicaid programs and also for non-Federal payors and patients. Such
changes include modifications to traditional FFS Medicare (i.e.,
Medicare Parts A and B), Medicare Advantage, and States' Medicaid
programs. The Department has a longstanding commitment to aligning
Medicare payment with quality of care delivered to Federal health care
program beneficiaries.
The Department identified the broad reach of the Federal anti-
kickback statute \5\ and the CMP law provision prohibiting inducements
to beneficiaries, the ``Beneficiary Inducements CMP'' \6\ as
potentially inhibiting beneficial arrangements that would advance the
transition to value-based care and improve the coordination of patient
care among providers and across care settings in both the Federal
health care programs and commercial sectors.
---------------------------------------------------------------------------
\5\ 42 U.S.C. 1320a-7b(b).
\6\ 42 U.S.C. 1320a-7a(a)(5).
---------------------------------------------------------------------------
[[Page 77687]]
B. Federal Anti-Kickback Statute and Safe Harbors
Section 1128B(b) of the Act, (42 U.S.C. 1320a-7b(b), the anti-
kickback statute), provides for criminal penalties for whoever
knowingly and willfully offers, pays, solicits, or receives
remuneration to induce or reward the referral of business reimbursable
under any of the Federal health care programs, as defined in section
1128B(f) of the Act (42 U.S.C. 1320a-7b(f)). The offense is classified
as a felony and is punishable by fines of up to $100,000 and
imprisonment for up to 10 years. Violations of the Federal anti-
kickback statute also may result in the imposition of CMPs under
section 1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program
exclusion under section 1128(b)(7) of the Act (42 U.S.C. 1320a-
7(b)(7)), and liability under the False Claims Act (31 U.S.C. 3729-33).
The types of remuneration covered specifically include, without
limitation, kickbacks, bribes, and rebates, whether made directly or
indirectly, overtly or covertly, in cash or in kind. In addition,
prohibited conduct includes not only the payment of remuneration
intended to induce or reward referrals of patients but also the payment
of remuneration intended to induce or reward the purchasing, leasing,
or ordering of, or arranging for or recommending the purchasing,
leasing, or ordering of, any good, facility, service, or item
reimbursable by any Federal health care program.
Because of the broad reach of the statute and concerns that some
relatively innocuous business arrangements were covered by the statute
and therefore potentially subject to criminal prosecution, Congress
enacted section 14 of the Medicare and Medicaid Patient and Program
Protection Act of 1987, Public Law 100-93 (note to section 1128B of the
Act; 42 U.S.C. 1320a-7b). This provision specifically requires the
development and promulgation of regulations, the so-called safe harbor
provisions, that would specify various payment and business practices
that would not be subject to sanctions under the anti-kickback statute,
even though they potentially may be capable of inducing referrals of
business for which payment may be made under a Federal health care
program.
Section 205 of HIPAA established section 1128D of the Act (42
U.S.C. 1320a-7d), which includes criteria for modifying and
establishing safe harbors. Specifically, section 1128D(a)(2) of the Act
provides that, in modifying and establishing safe harbors, the
Secretary may consider whether a specified payment practice may result
in:
An increase or decrease in access to health care services;
an increase or decrease in the quality of health care
services;
an increase or decrease in patient freedom of choice among
health care providers;
an increase or decrease in competition among health care
providers;
an increase or decrease in the ability of health care
facilities to provide services in medically underserved areas or to
medically underserved populations;
an increase or decrease in costs to Federal health care
programs;
an increase or decrease in the potential overutilization
of health care services;
the existence or nonexistence of any potential financial
benefit to a health care professional or provider, which benefit may
vary depending on whether the health care professional or provider
decides to order a health care item or service or arranges for a
referral of health care items or services to a particular practitioner
or provider; or
any other factors the Secretary deems appropriate in the
interest of preventing fraud and abuse in Federal health care programs.
In giving the Department the authority to protect certain
arrangements and payment practices under the anti-kickback statute,
Congress intended the safe harbor regulations to be updated
periodically to reflect changing business practices and technologies in
the health care industry.\7\ Since July 29, 1991, there have been a
series of final regulations published in the Federal Register
establishing safe harbors in various areas.\8\ These safe harbor
provisions have been developed to limit the reach of the statute
somewhat by permitting certain non-abusive arrangements, while
encouraging beneficial or innocuous arrangements.\9\
---------------------------------------------------------------------------
\7\ H.R. Rep. No. 100-85, Pt. 2, at 27 (1987).
\8\ Medicare and State Health Care Programs: Fraud and Abuse;
OIG Anti-Kickback Provisions, 56 FR 35952 (July 29, 1991); Medicare
and State Health Care Programs: Fraud and Abuse; Safe Harbors for
Protecting Health Plans, 61 FR 2122 (Jan. 25, 1996); Federal Health
Care Programs: Fraud and Abuse; Statutory Exception to the Anti-
Kickback Statute for Shared Risk Arrangements, 64 FR 63504 (Nov. 19,
1999); Medicare and State Health Care Programs: Fraud and Abuse;
Clarification of the Initial OIG Safe Harbor Provisions and
Establishment of Additional Safe Harbor Provisions Under the Anti-
Kickback Statute, 64 FR 63518 (Nov. 19, 1999); 64 FR 63504 (Nov. 19,
1999); Medicare and State Health Care Programs: Fraud and Abuse;
Ambulance Replenishing Safe Harbor Under the Anti-Kickback Statute,
66 FR 62979 (Dec. 4, 2001); Medicare and State Health Care Programs:
Fraud and Abuse; Safe Harbors for Certain Electronic Prescribing and
Electronic Health Records Arrangements Under the Anti-Kickback
Statute, 71 FR 45109 (Aug. 8, 2006); Medicare and State Health Care
Programs: Fraud and Abuse; Safe Harbor for Federally Qualified
Health Centers Arrangements Under the Anti-Kickback Statute, 72 FR
56632 (Oct. 4, 2007); Medicare and State Health Care Programs: Fraud
and Abuse; Electronic Health Records Safe Harbor Under the Anti-
Kickback Statute, 78 FR 79202 (Dec. 27, 2013); and Medicare and
State Health Care Programs: Fraud and Abuse; Revisions to the Safe
Harbors Under the Anti-Kickback Statute and Civil Monetary Penalty
Rules Regarding Beneficiary Inducements, 81 FR 88368 (Dec. 7, 2016).
\9\ Medicare and State Health Care Programs: Fraud and Abuse;
OIG Anti-Kickback Provisions, 56 FR at 35958 (July 21, 1991).
---------------------------------------------------------------------------
Health care providers and others may voluntarily seek to comply
with final safe harbors so that they have the assurance that their
business practices would not be subject to any anti-kickback
enforcement action. Compliance with an applicable safe harbor insulates
an individual or entity from liability under the Federal anti-kickback
statute and the Beneficiary Inducements CMP only; individuals and
entities remain responsible for complying with all other laws,
regulations, and guidance that apply to their businesses.
C. Civil Monetary Penalty Authorities
1. Overview of OIG Civil Monetary Penalty Authorities
In 1981, Congress enacted the CMP law, section 1128A of the Act, 42
U.S.C. 1320a-7a, as one of several administrative remedies to combat
fraud and abuse in Medicare and Medicaid. The law authorized the
Secretary to impose penalties and assessments on persons who defrauded
Medicare or Medicaid or engaged in certain other wrongful conduct. The
CMP law also authorized the Secretary to exclude persons from Federal
health care programs (as defined in section 1128B(f) of the Act, 42
U.S.C. 1320a-7b(f)) and to direct the appropriate State agency to
exclude the person from participating in any State health care programs
(as defined in section 1128(h) of the Act, 42 U.S.C. 1320a-7(h)).
Congress later expanded the CMP law and the scope of exclusion to apply
to all Federal health care programs, but the CMP applicable to
beneficiary inducements remains limited to Medicare and State health
care program beneficiaries. Since 1981, Congress has created various
other CMP authorities covering numerous types of fraud and abuse.
2. The Definition of ``Remuneration''
Section 1128A(a)(5) of the Act, 42 U.S.C. 1320a-7a(a)(5), the
``Beneficiary Inducements CMP,'' provides for the
[[Page 77688]]
imposition of civil monetary penalties against any person who offers or
transfers remuneration to a Medicare or State health care program
(including Medicaid) beneficiary that the benefactor knows or should
know is likely to influence the beneficiary's selection of a particular
provider, practitioner, or supplier of any item or service for which
payment may be made, in whole or in part, by Medicare or a State health
care program (including Medicaid). Section 1128A(i)(6) of the Act, 42
U.S.C. 1320a-7a(i)(6), defines ``remuneration'' for purposes of the
Beneficiary Inducements CMP as including transfers of items or services
for free or for other than fair market value. Section 1128A(i)(6) of
the Act also includes a number of exceptions to the definition of
``remuneration.''
Pursuant to section 1128A(i)(6)(B) of the Act, any practice
permissible under the anti-kickback statute, whether through statutory
exception or safe harbor regulations issued by the Secretary, is also
excepted from the definition of ``remuneration'' for purposes of the
Beneficiary Inducements CMP. However, no parallel exception exists in
the anti-kickback statute. Thus, the exceptions in section 1128A(i)(6)
of the Act apply only to the definition of ``remuneration'' applicable
to section 1128A.
Relevant to this rulemaking, the Budget Act of 2018 created a new
exception to the definition of ``remuneration'' for purposes of the
Beneficiary Inducements CMP. This statutory exception applies to
``telehealth technologies'' provided on or after January 1, 2019, by a
provider of services or a renal dialysis facility to an individual with
end stage renal disease (ESRD) who is receiving home dialysis for which
payment is being made under Medicare Part B.
D. Summary of the OIG Proposed Rule
On October 17, 2019, OIG published a proposed rule in the Federal
Register (84 FR 55694) setting forth certain proposed amendments to the
safe harbors under the anti-kickback statute and a proposed amendment
to the Beneficiary Inducements CMP exceptions (the OIG Proposed Rule).
With respect to the anti-kickback statute, we proposed seven new safe
harbors and modifications to four existing safe harbors. Specifically,
we proposed new protection for:
A safe harbor for care coordination arrangements to
improve quality, health outcomes, and efficiency (1001.952(ee));
A safe harbor for value-based arrangements with
substantial downside financial risk (1001.952(ff));
A safe harbor for value-based arrangements with full
financial risk (1001.952(gg));
A safe harbor for arrangements for patient engagement and
support to improve quality, health outcomes, and efficiency
(1001.952(hh));
A safe harbor for CMS-sponsored model arrangements and
CMS-sponsored model patient incentives (1001.952(ii));
A safe harbor for cybersecurity technology and related
services (1001.952(jj)); and
A safe harbor that would codify the statutory exception to
the definition of ``remuneration'' at section 1128B(b)(3)(K) of the Act
related to ACO Beneficiary Incentive Programs for the Medicare Shared
Savings Program (1001.952(kk)).
An exception to the Beneficiary Inducements CMP for
telehealth technologies for in-home dialysis patients (1003.110).
We proposed to modify:
The safe harbor for personal services and management
contracts and outcomes-based payment arrangements (1001.952(d));
The safe harbor for warranties (1001.952(g));
The safe harbor for electronic health records items and
services (1001.952(y)); and
The safe harbor for local transportation (1001.952(bb)).
An overarching goal of our proposals was to develop final rules
that protect low-risk, beneficial arrangements without opening the door
to fraudulent or abusive conduct that increases Federal health care
program costs or compromises quality of care for patients or patient
choice. We solicited comments on our proposed policies to obtain the
benefit of public input from affected stakeholders.
Our proposals are summarized in greater detail in section III of
this preamble, organized by topic, along with summaries of the final
decisions, and summaries of the related comments and our responses.
E. Summary of the Final Rulemaking
In this final rule, we modify existing as well as add new safe
harbors pursuant to our authority under section 14 of the Medicare and
Medicaid Patient and Program Protection Act of 1987 by specifying
certain payment practices that will not be subject to prosecution under
the anti-kickback statute. We intend to protect practices that pose a
low risk to Federal health care programs and beneficiaries, as long as
specified conditions are met. In doing so, we considered the factors
cited by Congress in granting statutory authority to the Secretary
under Section 1128D(a)(2) of the Social Security Act.\10\ Specifically,
the new and modified safe harbors are designed to further the goals of
access, quality, patient choice, appropriate utilization, and
competition, while protecting against increased costs, inappropriate
steering of patients, and harms associated with inappropriate
incentives tied to referrals. We also codify into our regulations a
statutory safe harbor for patient incentives offered by accountable
care organizations (ACOs) to assigned beneficiaries under ACO
Beneficiary Incentive Programs and an exception to the definition of
``remuneration'' in 42 CFR 1003.110 for certain telehealth technologies
for in-home dialysis.
---------------------------------------------------------------------------
\10\ 42 U.S.C. 1320a-7d(a)(2).
---------------------------------------------------------------------------
To facilitate review of the new and modified safe harbors and
exception in context, we summarize the proposals and final regulations
by topic in section III.B below. The following are the safe harbors and
the exception that we are finalizing, together with the citation to
where they appear in our regulations and a reference to the preamble
section of this final rule where they are discussed in greater detail:
Modifications to the existing safe harbor for personal
services and management contracts, including outcomes-based payments,
at paragraph 1001.952(d) (preamble section III.B.10);
modifications to the existing safe harbor for warranties
at paragraph 1001.952(g) (preamble section III.B.11);
modifications to the existing safe harbor for electronic
health records items and services at paragraph 1001.952(y) (preamble
section III.B.9);
modifications to the existing safe harbor for local
transportation at paragraph 1001.952(bb) (preamble section III.B.12)
a new safe harbor for care coordination arrangements to
improve quality, health outcomes, and efficiency at paragraph
1001.952(ee) (preamble sections III.B.1, III.B.2, and III.B.3);
a new safe harbor for value-based arrangements with
substantial downside financial risk at paragraph 1001.952(ff) (preamble
sections III.B.1, III.B.2, and III.B.4);
a new safe harbor for value-based arrangements with full
financial risk at paragraph 1001.952(gg) (preamble sections III.B.1,
III.B.2, and III.B.5);
a new safe harbor for arrangements for patient engagement
and support to improve quality, health outcomes, and
[[Page 77689]]
efficiency at paragraph 1001.952(hh) (preamble section III.B.6);
a new safe harbor for CMS-sponsored model arrangements and
CMS-sponsored model patient incentives at paragraph 1001.952(ii)
(preamble section III.B.7);
a new safe harbor for cybersecurity technology and related
services at paragraph 1001.952(jj) (preamble section III.B.8);
a new safe harbor for accountable care organization (ACO)
beneficiary incentive program at paragraph 1001.952(kk) (preamble
section III.B.13); and
an exception for telehealth technologies for in-home
dialysis at paragraph 1003.110 (preamble section III.C.1)
III. Summary of Final Provisions, Public Comments, and OIG Responses
A. General
OIG received 337 comments, 327 of which were unique, in response to
the OIG Proposed Rule. A range of individuals and entities submitted
these comments, including: Physicians and other types of clinicians,
hospitals and health systems, other health care providers (e.g., post-
acute providers, laboratories, durable medical equipment suppliers, and
dialysis providers), accountable care organizations, pharmaceutical and
medical device manufacturers, health technology entities, pharmacies,
third-party payors, trade associations, law firms, and consumer and
patient advocacy groups.
As a general matter, most commenters strongly supported the
proposed safe harbors and the need for regulatory reform to the safe
harbors and exceptions to the definition of ``remuneration'' under the
Beneficiary Inducements CMP. While the majority of commenters
recommended various revisions to the proposed safe harbors to increase
regulatory flexibility, some commenters acknowledged that increased
regulatory flexibility could increase the risk of harms associated with
fraud and abuse and recommended revisions to add or strengthen
safeguards in the safe harbor proposals. A few did not support the
proposed safe harbor protections for value-based arrangements as
proposed in paragraphs 1001.952(ee), (ff), (gg), primarily citing fraud
and abuse risks. We have considered these comments carefully in
developing the final rule, as described in more detail in responses to
comments.
1. Alignment With CMS
Several of the final safe harbors intersect with the physician
self-referral law exceptions that CMS is finalizing as part of the
Regulatory Sprint: The three new safe harbors for value-based
arrangements at paragraphs 1001.952(ee), (ff), and (gg), the new
cybersecurity safe harbor at paragraph 1001.952(jj), and the
modifications to the electronic records safe harbor at paragraph
1001.952(y).
Comment: We received comments asking OIG and CMS to align our final
rules in connection with the Regulatory Sprint to the greatest extent
possible. Some commenters believed that the CMS and OIG proposals would
perpetuate a dual regulatory environment (where, e.g., an arrangement
could potentially violate one law but meet the requirements for
protection under the other) and that a lack of consistency would make
it more challenging for entities to navigate an already-complex
regulatory framework. Some commenters suggested that the OIG Proposed
Rule was too narrow compared to the CMS NPRM and requested that OIG
protect what they described as a broader universe of arrangements that
would be protected under the CMS proposals. Another commenter asked
that OIG clarify in the final rule that compliance with the physician
self-referral law would rebut any implication of intent under Federal
anti-kickback statute.
Response: We are mindful of reducing burden on providers and other
industry stakeholders, and we have sought to align value-based
terminology and safe harbor conditions with those being adopted by CMS
in its physician self-referral regulations as part of the Regulatory
Sprint wherever possible (CMS Final Rule).\11\ However, complete
alignment is not feasible because of fundamental differences in
statutory structures and sanctions across the two laws. As
aforementioned, the Federal anti-kickback statute is an intent-based,
criminal statute that covers all referrals of Federal health care
program business (including, but not limited to, physician referrals).
In contrast, the physician self-referral law is a civil, strict-
liability statute that prohibits payment by CMS for a more limited set
of services referred by physicians who have certain financial
relationships with the entity furnishing the services. As a result, the
value-based exceptions adopted by CMS do not need to contemplate the
broad range of conduct that implicates the Federal anti-kickback
statute.
---------------------------------------------------------------------------
\11\ The CMS Final Rule is being published elsewhere in this
version of the Federal Register.
---------------------------------------------------------------------------
Federal anti-kickback statute safe harbors and physician self-
referral law exceptions also operate differently. Because the physician
self-referral law is a strict-liability statute, when an arrangement
implicates the law, compliance with an exception is the only option to
avoid overpayment liability. In other words, the exceptions define the
full universe of acceptable arrangements that implicate the physician
self-referral law. Even minor or erroneous deviations from the specific
terms of a physician self-referral law exception can result in non-
compliance and, because of the statute's strict liability,
overpayments. In contrast, compliance with an anti-kickback statute
safe harbor is voluntary, and there are many arrangements that do not
fit in a safe harbor that are lawful under the anti-kickback statute.
Deviating from a safe harbor does not mean that an arrangement violates
the anti-kickback statute. For arrangements that do not fit in a safe
harbor, liability is determined based on the totality of facts and
circumstances, including the intent of the parties.
Because the Federal anti-kickback statute is not a strict liability
law, the value-based safe harbors we are adopting need not capture the
full universe of value-based arrangements that are legal under the
Federal anti-kickback statute in order to accomplish the goals of
removing barriers to more effective coordination and management of
patient care. Thus, in designing our safe harbors, rather than mirror
CMS's exceptions, we have included safe harbor conditions designed to
ensure that protected arrangements are not disguised kickback schemes.
We recognize that, for purposes of those arrangements that implicate
both the physician self-referral law and the Federal anti-kickback
statute, the value-based safe harbors may therefore protect a narrower
universe of such arrangements than CMS's exceptions.
To protect Federal health care programs and beneficiaries, we
believe that it is important for the Federal anti-kickback statute to
serve as ``backstop'' protection against abusive arrangements that
involve the exchange of remuneration intended to induce or reward
referrals and that might be protected by the physician self-referral
law exceptions. In this way, the OIG and CMS rules, operating together,
create pathways for parties entering into value-based arrangements that
are subject to both laws to develop and implement value-based
arrangements that avoid strict liability for technical noncompliance,
while ensuring that the Federal Government can pursue those parties
engaging in arrangements that are intentional kickback schemes.
[[Page 77690]]
Further, many requirements of the final safe harbors and exceptions
are consistent, particularly in the cybersecurity and electronic health
records areas. In addition, the value-based terminology that describes
the value-based enterprises and value-based arrangements that are
eligible for protection under a value-based safe harbor under the anti-
kickback statute or a value-based exception under the physician self-
referral law are aligned in nearly all respects, except with respect to
the definition of ``value-based activities'' and where slightly
different language was required to integrate the new rules into the
existing regulatory structures (points of difference are discussed
later in this preamble). As a practical matter, this means that the
same value-based enterprise or value-based arrangement can seek
protection under both regulatory schemes, provided the relevant
conditions of a safe harbor and an exception are satisfied.
In sum, because of statutory distinctions, compliance with a value-
based safe harbor may require satisfaction of conditions additional to,
or different from, those in a corresponding physician self-referral law
exception. This is by design. We have endeavored to ensure that an
arrangement that fits in a value-based safe harbor has a viable pathway
for protection under a physician self-referral law exception. However,
an arrangement that fits under a physician self-referral law exception
might not fit in an anti-kickback statute safe harbor or might not fit
unless additional features are added to the arrangement. That said, it
is the Department's belief that compliance with one regulatory
structure should not preclude compliance with the other.
We disagree that compliance with the physician self-referral law
rebuts any implication of intent under the Federal anti-kickback
statute. Indeed, it is possible, depending on the facts and
circumstances, that an arrangement may comply with an exception to the
physician self-referral law but violate the Federal anti-kickback
statute. The fact that a party complies with the requirements of the
physician self-referral law is not evidence that the party does or does
not have the intent to induce or reward referrals for purposes of the
Federal anti-kickback statute. Parties may achieve compliance with an
applicable exception to the physician self-referral law regardless of
the intent of the parties. In addition, other differences between the
physician self-referral law and Federal anti-kickback statute could
lead to compliance with the physician self-referral law but not with
the Federal anti-kickback statute. For example, parties may conclude
that there are no ``referrals,'' as that term is defined for purposes
of the physician self-referral law, but such assessment is inconclusive
with respect to whether there are referrals, or the requisite intent to
induce or reward referrals, for purposes of the Federal anti-kickback
statute.
2. Comments Outside the Scope of the Rulemaking
We received some comments that were outside the scope of this
rulemaking. In some cases, comments (e.g., a request to update the
physician self-referral law's in-office ancillary services exception)
were outside the scope of our authority. Other comments and suggestions
were outside the scope of this rulemaking but could be considered for
future guidance or rulemaking. For example, some commenters urged OIG
to modify existing safe harbors or develop entirely new safe harbors
that were not related to the safe harbors and modifications proposed in
the OIG Proposed Rule (e.g., an amendment to the referral services safe
harbor, new safe harbors specific to Indian health care providers, and
a new safe harbor specific to value-based contracting with
manufacturers for the purchase of pharmaceutical products). Others
requested sub-regulatory guidance outside the rule, such as a
Frequently Asked Question feature to respond to specific questions or
common scenarios from stakeholders. These or other topics that are
outside the scope of this particular rulemaking are not summarized or
discussed in detail in this final rule.
In the next sections of this preamble, we summarize each proposal
from the OIG Proposed Rule (full detail of the proposals can be found
at 84 FR 55694); summarize the final rule, including significant
changes from the proposals; and respond to public comments.
B. Federal Anti-Kickback Statute Safe Harbors
1. Value-Based Framework for Value-Based Arrangements
Summary of OIG Proposed Rule: We proposed a set of value-based
terminology, detailed in the next section, to describe the universe of
value-based arrangements that would, as a threshold matter, be eligible
to seek safe harbor protection under three safe harbors specific to
value-based arrangements between VBEs and one or more of their VBE
participants or between or among VBE participants: (i) The care
coordination arrangements to improve quality, health outcomes, and
efficiency safe harbor at 42 CFR 1001.952(ee), (ii) the value-based
arrangements with substantial downside financial risk safe harbor at 42
CFR 1001.952(ff), (iii) and the full financial risk safe harbor at 42
CFR 1001.952(gg) (collectively referred to as the ``value-based safe
harbors''). The value-based safe harbors would offer greater
flexibilities to parties as they assume more downside financial risk.
We proposed this tiered structure to support the transformation of
industry payment systems and in recognition that arrangements involving
higher levels of downside financial risk for those in a position to
make referrals or order products or services could curb, at least to
some degree, FFS incentives to order medically unnecessary or overly
costly items and services.
Summary of Final Rule: We are finalizing the tiered value-based
framework of three safe harbors that vary based on risk assumption of
the parties. Modifications to specific value-based terminology are
discussed in the next section.
Comment: Many commenters expressed support for our value-based
framework. For example, a commenter stated that OIG had achieved a
proper balance between flexibility for beneficial innovation and
safeguards to protect patients and Federal health care programs against
fraud and abuse risks. Others commended OIG for embracing the
transition from no risk to downside financial risk as a central
component of the value-based framework. In particular, commenters
supported OIG's proposal under the care coordination arrangements safe
harbor to afford protection to value-based arrangements in which
parties had yet to take on downside financial risk.
Response: We have finalized the value-based framework of three safe
harbors, as proposed. We have made modifications to some of the value-
based terminology as discussed in Section III.B.2 below. We explain the
specific reasons for the modifications to the value-based terminology
in responses to comments in section III.B.2.
Comment: Several commenters expressed general support for the
proposed value-based safe harbors, while also recommending that OIG
proceed with caution. For example, a payor urged us to maintain in the
final rule the level of rigor reflected in the proposed value-based
safe harbor and not increase the leniency provided under the proposed
regulations.
[[Page 77691]]
Similarly, a trade association suggested that OIG take a limited
``phased-in'' approach to the safe harbors to facilitate identification
of appropriate patient protection and program integrity guardrails.
Another commenter recommended that, at least once every 3 years, OIG
assess and report on the effects of the value-based safe harbors, e.g.,
review clinical benefits, analyze cost savings, and solicit stakeholder
input. A commenter also cautioned that giving more flexible safe harbor
protection to value-based arrangements that include greater risk may
push providers into assuming risk before they are ready to do so.
Response: With this final rule, we have sought to find the
appropriate balance between the policy goals of the Regulatory Sprint
and the need to protect both patients and Federal health care programs.
We decline to adopt the commenters' specific recommendations related to
a potential phased-in approach or the regular publication of related
reports, but we note that we may undertake future reviews of value-
based arrangements in Federal health care programs as part of our
oversight mission. We have included robust safeguards in the value-
based safe harbors to address the commenters' concerns. We note that we
are affording greater flexibilities under the substantial downside and
full financial risk safe harbors in recognition of parties' assumption
of the requisite level of downside financial risk. Others who may not
be ready or willing to assume risk, or who are only ready or willing to
assume risk at a level below that required by the substantial downside
financial risk or full financial risk safe harbors, may look to the
care coordination arrangements safe harbor, which does not require the
assumption of risk, structure arrangements to fit in another safe
harbor that might apply, or enter into arrangements that are not
protected by a safe harbor, given that structuring an arrangement to
satisfy a safe harbor is voluntary.
Comment: Other commenters expressed concerns about potential fraud
and abuse, with several asserting that the value-based safe harbors
would foster an environment vulnerable to fraud and anticompetitive
effects. Commenters had varying rationales for their position,
including, for example, that existing safe harbors would be sufficient
to advance value-based models; evaluation was warranted before
finalizing these safe harbors; and the care coordination focus of the
value-based safe harbors would lead to further industry consolidation.
A state health department broadly asserted that the proposals lacked
sufficient detail and, if finalized, would pose enforcement challenges.
That commenter requested that we add more detail in our rulemaking,
rather than through sub-regulatory guidance, to assist the state with
developing comprehensive policies to support the rule.
Several radiology trade associations expressed concern that the
safe harbors omitted the guiding principle of fair market value and the
restriction on determining the amount or nature of the remuneration
based on the volume or value of referrals, and consequently, the value-
based arrangements could be abused or used as a means for referring
providers to pay less for radiology or imaging services. Generally,
these commenters supported the creation of value-based safe harbors
only to the extent parties to a value-based arrangement had assumed
significant downside financial risk. They recommended that each value-
based safe harbor include provisions prohibiting referring VBE
participants from underpaying for radiology and imaging services within
a VBE or otherwise leveraging their ability to direct referrals.
Response: The commenters raise important concerns about potential
harms resulting from fraud and abuse; we considered these harms
carefully in developing the final rule. In response to comments,
throughout this final rule we have clarified regulatory text to
minimize confusion; offered additional explanations in preamble to
expound upon OIG's interpretation of provisions in the value-based safe
harbors; and provided illustrative examples for the value-based
terminology, which we believe will aid in both enforcement and
compliance. Parties also may request an advisory opinion from OIG to
determine whether an arrangement meets the conditions of a safe harbor
or is otherwise sufficiently low risk under the Federal anti-kickback
statute to receive prospective immunity from administrative sanctions
by OIG.
This final rule aims to protect value-based arrangements that
enhance patient care and deliver value, and we have included safeguards
designed to preclude from protection arrangements that lead to
medically unnecessary care, might involve coercive marketing, or limit
clinical decision-making. These safeguards are described in greater
detail below and throughout this preamble. In addition, certain
entities that present heightened program integrity risk and are less
likely to be at the front lines of care coordination are not eligible
to rely on the value-based safe harbors or subject to additional
safeguards. We believe the potential benefits of the final value-based
safe harbors (e.g., facilitating the transition to value-based care and
encouraging greater care coordination) outweigh the potential risks
related to fraud and competition.
The value-based safe harbors, as finalized, do not include the
traditional fraud and abuse safeguards of fair market value or a broad
prohibition on taking into account the volume or value of any
referrals. However, we have included other safeguards in each of the
value-based safe harbors that are intended to address potential fraud
and abuse risks, e.g., a prohibition on taking into account the volume
or value of referrals outside the target patient population, limits on
directed referrals, and others described elsewhere in this preamble.
The risk sharing required by the substantial downside financial risk
and full financial risk safe harbors reduces some fraud and abuse
concerns associated with a traditional fee-for-service payment system.
We also included safeguards specific to the care coordination
arrangements safe harbor, e.g., a contribution requirement for
recipients, in recognition, in part, of the fact that this value-based
safe harbor does not require parties to assume financial risk or meet
certain traditional safeguards, such as a fair market value
requirement. The care coordination arrangements safe harbor does not
protect monetary payments, including payments for services such as
radiology or imaging. Nothing in the risk-based safe harbors prevents
parties from negotiating fair market value arrangements for services or
from using the personal services and management contracts and outcomes-
based payments safe harbor at paragraph 1001.952(d), which includes
fair market value requirements.
While existing safe harbors could protect many care coordination
arrangements, comments we received in response to the OIG RFI reflected
that existing safe harbors are insufficient to protect the range of
care coordination arrangements envisioned by the Regulatory Sprint. For
example, apart from employment, there is no existing safe harbor
protection for the sharing of personnel or infrastructure at below-
market-value rates. Thus, the value-based safe harbors will provide
protection to a broader range of care coordination arrangements than is
presently available under existing safe harbors. With respect to the
commenter that suggested evaluation was warranted prior to implementing
the value-based safe harbors, we solicited feedback on the anticipated
approach for rulemaking
[[Page 77692]]
in the RFI and solicited comments on specific safe harbors, an
exception, and relevant considerations in the OIG Proposed Rule. We do
not believe further evaluation is needed to inform the issuance of this
final rule; indeed, further formal evaluation could delay regulatory
flexibilities designed to facilitate innovative value-based care and
care coordination arrangements.
With respect to concerns regarding industry consolidation, it is
not the intent of this final rule to foster industry consolidation. The
rule aims to increase options for parties to create a range of care
coordination and value-based arrangements eligible for safe harbor
protection, whether through employment, ownership, or contracts among
otherwise unaffiliated, independent entities that wish to coordinate
care. As explained elsewhere, the definition of a ``value-based
enterprise'' is flexible, allowing for a broad range of participation
and business structures. In addition, ``value-based arrangements'' are
defined such that they can be among many participants or as few as two.
The safe harbors are available to large and small systems and to rural
and urban providers. We intend for this flexibility to ensure that
smaller providers still have the opportunity to develop and enter into
care coordination arrangements.
Comment: Several commenters highlighted the potential harms the
proposed value-based safe harbors could pose to patients, e.g., cherry-
picking, provision of medically unnecessary care, or stinting on care.
Commenters also expressed concern that the safe harbors could
negatively impact patient freedom of choice or impinge on the patient-
physician relationship. To address these concerns, commenters had
varying suggestions. For example, some commenters urged OIG to insert
patient transparency requirements in the value-based safe harbor that
would mirror similar requirements in the Medicare Shared Savings
Program. One such commenter stated transparency is necessary to ensure
public confidence that the benefits of a value-based arrangement would
not be exclusive to those party to the agreement.
Response: We share the commenters' interests in protecting patients
against cherry-picking, the provision of medically unnecessary care,
stinting on care, patient steering, and any inappropriate infringement
on the patient-doctor relationship. Accordingly, we have finalized
safeguards in each of the three value-based safe harbors related to
these issues. We did not propose patient transparency or notice
requirements in the OIG Proposed Rule for the value-based safe harbors
because we believed it potentially would impose undue administrative
burden on providers, and we are not including any such condition in
this final rule.
Comment: We received a number of comments stating that our approach
to the value-based safe harbors was not bold enough and would act as a
barrier to advancing the coordination and management of care. For
example, a commenter stated that the proposals, as drafted, would not
advance care coordination and better quality outcomes because the OIG
sets too many limits and boundaries within the value-based safe
harbors. In addition, several commenters asserted that our definitions
of certain key terms, such as value-based enterprise and VBE
participant, were overly prescriptive. Other commenters asserted that
our view of financial risk was too narrow and failed to recognize,
among other things, that providers are already at substantial financial
risk under existing financial incentives and penalties created by
payment structures.
Response: We disagree with those commenters who stated that our
definitions are too narrow or prescriptive and that the proposed value-
based safe harbors are not bold enough because they would impose limits
on the types of arrangements that are protected.
As discussed in section III.B.2, we have defined the value-based
terminology to allow for a wide range of individuals and entities to
participate in value-based arrangements. The value-based safe harbors
do not attempt to cover the entire universe of potentially beneficial
arrangements, nor the entire universe of what may constitute risk.
Indeed, we acknowledged in the OIG Proposed Rule, and confirm here,
that we understood that participants in value-based arrangements might
assume certain types of risk other than downside financial risk for
items and services furnished to a target patient population (e.g.,
upside risk, clinical risk, operational risk, contractual risk, or
investment risk).\12\ We continue to believe our focus on downside
financial risk is warranted because the assumption of downside
financial risk incentivizes those making the referral and ordering
decisions to control costs and deliver efficient care in a way the
other types of risk may not.
---------------------------------------------------------------------------
\12\ 84 FR 55699 (Oct. 17, 2019).
---------------------------------------------------------------------------
Further, the care coordination arrangements safe harbor requires no
assumption of downside risk by parties to a value-based arrangement.
Accordingly, parties that do not meet the definition of taking on
``substantial downside financial risk'' or ``full financial risk'' may
seek protection for certain value-based arrangements under the care
coordination arrangements safe harbor. They may also look to the new
safe harbor protection for outcomes-based payments at paragraph
1001.952(d)(2).
We have included parameters in the value-based safe harbors to
protect against risks of fraud and abuse, such as overutilization,
inappropriate patient steering, or stinting on care. Nothing in the
rulemaking changes the premise of safe harbors themselves: They offer
protection to certain arrangements that meet safe harbor conditions,
but they do not purport to define all lawful arrangements. Parties with
arrangements that do not fit in a value-based safe harbor may look to
other safe harbors or the language of the statute itself. Parties also
may request an advisory opinion from OIG to determine whether an
arrangement meets the conditions of a safe harbor or is otherwise
sufficiently low risk under the Federal anti-kickback statute to
receive prospective immunity from administrative sanctions by OIG.
Comment: Multiple commenters recommended that, in lieu of a tiered
approach to the value-based framework (i.e., three value-based safe
harbors, based upon the level of risk assumed by parties), OIG should
create a single value-based arrangements safe harbor. The commenters
asserted that such an approach would reduce the complexity of the
value-based safe harbors.
Response: We appreciate the commenters' suggestion regarding ways
to reduce complexity; however, we disagree with the commenters'
recommendations to develop a single value-based arrangements safe
harbor. The tiered approach we are finalizing in this rule supports the
policy goals of the Regulatory Sprint regarding the transformation to
value and offers parties flexibility to undertake arrangements that
suit their needs. We do not believe that a one-size-fits-all approach
would be feasible or effective to promote the transformation to value
because we recognize there are many dimensions of value in health care
that may look different for various stakeholders. To support the
transformation to value, reflect that program integrity vulnerabilities
change as parties assume more risk, and prevent unscrupulous behavior,
we have adopted a tiered approach where the safeguards included in each
of the value-based safe harbors are tailored according to, among other
things, the
[[Page 77693]]
degree of downside financial risk assumed by the parties.
Comment: In response to our solicitation of comments on whether to
define the term ``value,'' we received varying comments. Some
commenters supported our proposal to use the term in a non-technical
way, with one asserting the term ``value'' is not a one-size-fits-all
term of art. Others suggested that we reference--in the final
definitions or otherwise--financial arrangements under advanced
alternative payment models (APMs) to make clear that value-based
arrangements in CMS-sponsored programs would receive protection under
the value-based safe harbors.
Response: We agree with those commenters that noted that ``value''
is not a one-size-fits all term. We decline to use or define the term
``value'' for the purposes of these safe harbors because we believe
industry stakeholders and those participating in value-based
arrangements potentially protected by these safe harbors are best-
positioned to determine value. Notably, however, we define other terms
critical to the value-based safe harbors, including ``value-based
purpose,'' ``value-based activity,'' and ``value-based arrangement.''
These defined terms adequately capture the concept of value without
prescriptively defining ``value,'' which could inhibit flexibility and
innovation. We also are not adopting the commenters' suggestion to
define any term by referencing financial arrangements under advanced
APMs. Financial arrangements under CMS-sponsored APMs may satisfy the
definition of ``value-based arrangement'' and may serve as one of many
sources for considering value in the delivery of care. In addition,
organizations already participating in CMS-sponsored models may wish to
look to the new safe harbor for those models at paragraph 1001.952(ii).
Comment: Several commenters requested that we offer additional
clarity on key terms and concepts used throughout the value-based
framework. For example, some commenters encouraged OIG to issue sub-
regulatory guidance with respect to the value-based safe harbors, while
others requested specific examples of the types of value-based
arrangements that could be protected. Another commenter suggested that,
in order to avoid confusion, OIG more closely align its value-based
safe harbors with the requirements in the Medicare Shared Savings
Program fraud and abuse waivers (e.g., governing body approval of
protected arrangements). Collectively, these commenters expressed
concern that without further guidance from OIG, individuals and
entities would remain too risk-averse to leverage the new safe harbors
for value-based arrangements or would incur significant time and
expense in creating a value-based enterprise that might not meet the
required standards.
Response: Based on these comments, throughout this final rule, we
have endeavored to provide additional clarity and examples of key terms
and concepts. Parties also may use OIG's advisory opinion process to
obtain a legal opinion on the application of OIG's fraud and abuse
authorities to a particular arrangement. Regarding the request for
greater alignment with the Medicare Shared Savings Program, we note
that we drew from our experience with the waivers issued for the
Medicare Shared Savings Program in drafting the value-based safe
harbors, but we do not believe alignment with the waiver conditions
would be appropriate for a number of reasons. First, CMS provides
programmatic oversight of the Medicare Shared Savings Program that it
would not provide to all value-based enterprises under this final rule.
In addition, the waivers apply to certain remuneration related to one
type of alternative payment model, whereas the safe harbors finalized
in this final rule apply to a broader range of arrangements focused on
value-based care. Finally, as discussed in more detail below, all
individuals and entities can be VBE participants, whereas participation
in the Medicare Shared Savings Program is more limited. Parties
participating in CMS-sponsored models may wish to look at the new safe
harbor for those models at paragraph 1001.952(ii), which is closely
aligned with model requirements and takes into account CMS's oversight
of those models and the Medicare Shared Savings Program.
Comment: Multiple commenters requested that OIG speak to the
intersection of the proposed value-based safe-harbors with existing:
(i) Financial arrangements that may not meet the four corners of the
value-based safe harbors, despite otherwise being similar in concept;
(ii) safe harbors; and (iii) state law and corporate practice of
medicine requirements.
Response: By promulgating value-based safe harbors, we are not
opining, directly or indirectly, on the legality of existing financial
arrangements that may be similar in concept to value-based arrangements
that may be protected under the new value-based safe harbors.
Arrangements that do not meet all conditions of an applicable safe
harbor are not protected by that safe harbor. Whether such an
arrangement violates the Federal anti-kickback statute is a fact-
specific inquiry. In addition, and as stated in the OIG Proposed Rule,
parties to value-based arrangements may choose whether to protect such
arrangements under existing safe harbors or under the new value-based
safe harbors finalized in this final rule.
We have attempted to create significant flexibility under the
Federal anti-kickback statute while recognizing that parties still must
comply with applicable State laws. Nothing in these safe harbors
preempts any applicable State law (unless such State law incorporates
the Federal law by reference).
Comment: We received several comments that touched upon the
applicability of the value-based safe harbors to commercial
arrangements. For example, at least two commenters expressed support
for extending the value-based safe harbor protections to participants
in arrangements involving only commercial payor patients. Another
commenter strongly recommended that OIG clarify in the final rule that
the Federal anti-kickback statute is not implicated if a financial
arrangement is strictly limited to commercial payor patients.
Response: Generally speaking, the Federal anti-kickback statute is
not implicated for financial arrangements limited solely to patients
who are not Federal health care program beneficiaries. However, to the
extent the offer of remuneration pursuant to an arrangement involving
only non-Federal health care program beneficiaries is intended to pull
through referrals of Federal health care program beneficiaries or
business, the Federal anti-kickback statute would be implicated and
potentially violated. While nothing in the value-based safe harbors
precludes financial arrangements limited solely to patients who are not
Federal health care program beneficiaries, the parties would need to
meet all requirements of the applicable value-based safe harbor, and a
pull-through arrangement would not meet the requirement, in each value-
based safe harbor found at (ee), (ff), and (gg), that the offeror of
remuneration does not take into account the volume or value of, or
condition the remuneration of referrals of, patients who are not part
of the target patient population, or business not covered under the
value-based arrangement.
Comment: A commenter recommended that OIG apply the value-based
safe harbors retrospectively.
Response: As stated in the OIG Proposed Rule, the value-based safe
[[Page 77694]]
harbors will be prospective only and will be effective as of 60 days
from the date this rule is published in the Federal Register. It is
neither feasible nor desirable to confer safe harbor protection
retrospectively under a criminal statute. Conduct is evaluated under
the statute and regulations in place at the time of the conduct.
Comment: A commenter supported OIG addressing value-based
contracting and outcomes-based contracting for the purchase of
pharmaceutical products in future rulemaking, including rules around
medication adherence. Another commenter urged OIG to promulgate a safe
harbor in this final rule specific to value-based arrangements with
manufacturers for the purchase of pharmaceutical products (as well as
medical devices and related services).
Response: We did not propose, and thus are not finalizing, a safe
harbor specifically for value-based arrangements with manufacturers for
the purchase of their products. We may consider this topic, along with
value-based contracting and outcomes-based contracting, for future
rulemaking.
Comment: Separate and apart from outcomes-based contracting, a
handful of commenters requested that we create new safe harbors or
issue certain guidance. For example, a hospital association urged us to
create a safe harbor to facilitate non-CMS advanced payment models.
Another commenter suggested we issue guidance affording parties
additional regulatory flexibility to the extent their financial
arrangements are consistent with the goals of the value-based safe
harbors but do not otherwise satisfy all conditions.
Response: We did not propose and are not finalizing a safe harbor
specific to non-CMS advanced payment models. However, we refer the
commenter to our substantial downside financial risk safe harbor at
paragraph 1001.952(ff), as remuneration exchanged by the parties to the
advanced payment model arrangement may be eligible for protection under
that safe harbor.
We likewise are not issuing guidance to provide parties with
additional regulatory flexibility to protect financial arrangements
that are consistent with the goals of, but do not meet the requirements
of, a value-based safe harbor. An arrangement must meet all conditions
of the applicable value-based safe harbor for remuneration exchanged
pursuant to the arrangement to receive protection.
Comment: A commenter asserted that the value-based safe harbors do
not satisfy the requirements set forth in section 1128D of the Act for
the promulgation of new safe harbors. Specifically, the commenter
asserted that the value-based safe harbors do not specify payment
practices that are protected under the Federal anti-kickback statute,
as required by section 1128D, because they only outline a set of
general principles.
Response: We disagree with the commenter. Section 1128D of the Act
requires the Secretary to publish a notice soliciting proposals for,
among other things, additional safe harbors specifying payment
practices that shall not be treated as a criminal offense under section
1128B(b) and shall not serve as the basis for an exclusion under
section 1128(b)(7) and to publish proposed additional safe harbors, if
appropriate, after considering such proposals. Consistent with that
authority, the value-based safe harbors specify payment practices that
will be protected if they meet a series of specific, enumerated
requirements. Although a value-based safe harbor may protect
remuneration exchanged pursuant to a diverse universe of value-based
arrangements, all value-based arrangements within that universe share
the features required by the applicable safe harbor.
For example, the payment practice specified in the care
coordination arrangements safe harbor is the exchange of in-kind
remuneration pursuant to value-based arrangement, where, among several
other requirements, the parties establish legitimate outcome measures
to advance the coordination and management of care for the target
patient population; the arrangement is commercially reasonable; and the
recipient contributes at least 15 percent of either the offeror's cost
or the fair market value of the remuneration. If an arrangement fails
to meet any one of the safe harbor's requirements, it cannot receive
protection under the safe harbor. This approach is consistent with the
approach taken in other safe harbors that are not specific as to the
type of arrangement. For example, the personal services and management
contracts safe harbor protects any payments from a principal to an
agent, as long as a series of standards are met.
Comment: Numerous commenters requested that OIG and CMS seek
greater alignment across their respective value-based rules. According
to some of these commenters, further alignment would reduce
administrative burden, confusion, and regulatory uncertainty.
Commenters were generally in favor of OIG revising its proposed value-
based safe harbors to more closely parallel CMS's proposed value-based
exceptions to the physician self-referral law. Commenters suggested
that CMS's proposed value-based exceptions would protect a broader
universe of beneficial innovative arrangements, without greater fraud
and abuse risk. Accordingly, commenters urged OIG to create a safe
harbor for any value-based arrangement that otherwise met a physician
self-referral law exception or, alternatively, state that compliance
with the physician self-referral law would rebut any implication of
intent under the Federal anti-kickback statute. Commenters also
advocated that OIG adopt certain CMS proposed definitions, e.g., CMS's
``volume or value'' definition.
Response: As explained in more detail in section III.A.1 of this
preamble, we are mindful of reducing burden on providers and other
industry stakeholders, and we have sought to align value-based
terminology and safe harbor conditions with those being adopted by CMS
as part of the Regulatory Sprint wherever possible. However, complete
alignment is not feasible because of fundamental differences in
statutory structures and penalties across the two laws, as well as
differences in how anti-kickback statute safe harbors and physician
self-referral law exceptions operate. For example, the physician self-
referral law applies to referrals by physicians for specified
designated health services, whereas the anti-kickback statute applies
to referrals by anyone of any Federal health care program business.
Fitting in an exception to the physician self-referral law is
mandatory, whereas using safe harbors is voluntary. In designing our
safe harbors, we have included conditions designed to ensure that
protected arrangements are not disguised kickback schemes, and we
recognize that, for purposes of those arrangements that implicate both
the physician self-referral law and the Federal anti-kickback statute,
the value-based safe harbors may therefore protect a narrower universe
of arrangements than CMS's exceptions.
We do not agree as a matter of law that compliance with the
physician self-referral law would rebut any implication of intent under
the Federal anti-kickback statute. We did not propose to, and do not,
adopt CMS's proposed interpretation of the term ``takes into account
the volume or value of referrals or other business generated.'' We have
aligned terminology used in the value-based framework and set forth at
paragraph 1001.952(ee) in our rule, as described below.
2. Value-Based Terminology (42 CFR 1001.952(ee))
[[Page 77695]]
We proposed to define at paragraph 1001.952(ee)(12) the following
terms: ``value-based enterprise'' (``VBE''), ``value-based
arrangement,'' ``target patient population,'' ``value-based activity,''
``VBE participant,'' ``value-based purpose,'' and ``coordination and
management of patient care.'' We summarize the proposal for each of
these definitions and the final rule in turn below. These definitions
are now located at paragraph 1001.952(ee)(14) of the final rule and
cross-referenced in the safe harbors at paragraphs 1001.952(ff), (gg),
and (hh). In this final rule, we have added definitions at paragraph
1001.952(ee)(14) for the following terms that are used in connection
with determining eligibility of certain types of entities to use the
safe harbors at paragraphs 1001.952(d)(2), (ee), (ff), (gg), and (hh):
``limited technology participant,'' ``digital health technology,'' and
``manufacturer of a device or medical supply.'' These definitions are
discussed in section III.B.2.e.
a. Value-Based Enterprise (VBE)
Summary of OIG Proposed Rule: We proposed to define the term
``value-based enterprise'' or ``VBE'' as two or more VBE participants:
(i) Collaborating to achieve at least one value-based purpose; (ii)
each of which is a party to a value-based arrangement with the other or
at least one other VBE participant in the value-based enterprise; (iii)
that have an accountable body or person responsible for financial and
operational oversight of the value-based enterprise; and (iv) that have
a governing document that describes the value-based enterprise and how
the VBE participants intend to achieve its value-based purpose(s).
Summary of Final Rule: We are finalizing, with modification, the
definition of ``value-based enterprise.''
i. General
Comment: Multiple commenters supported the definition of ``value-
based enterprise,'' as proposed, and the flexibility the definition
offers. A commenter appeared to ask OIG to revise the definitions of
``value-based enterprise,'' ``value-based arrangement,'' and ``value-
based activity'' so that they do not incorporate and rely on other
defined terms. Another commenter suggested a broader definition of
``VBE'' that would allow affiliates of a VBE to participate within the
VBE without becoming VBE participants.
Response: The definition of ``value-based enterprise'' is intended
to be broad and flexible to encompass a wide range of VBEs, from
smaller VBEs comprised of only two or three parties to large VBEs, such
as entities that function similar to ACOs. We decline to expand the
definition further to allow affiliates of VBE participants to
participate in a VBE without becoming VBE participants. We designed the
value-based framework, including the requirement for parties to be
either a VBE or a VBE participant, to ensure the remuneration that the
safe harbors protect is exchanged pursuant to a value-based arrangement
where all parties are striving to achieve value-based purposes. VBE
participants can continue to enter into arrangements with affiliates
and other non-VBE participants and may look to other available safe
harbors for potential protection for those arrangements.
We also decline to revise the definitions of ``value-based
enterprise,'' ``value-based arrangement,'' and ``value-based activity''
to omit references to other defined terms. The value-based terminology
we are finalizing works in concert to explain the universe of value-
based arrangements under which the exchange of remuneration may receive
safe harbor protection. For example, because the terms ``VBE
participant,'' ``value-based purpose,'' and ``value-based arrangement''
are fundamental to the definition of ``value-based enterprise,'' we are
finalizing a definition of ``value-based enterprise'' that references
those terms.
Comment: A commenter asked whether parties could prove
collaboration to achieve one or more value-based purposes by measuring
the amount of time a VBE participant has been taking part in a value-
based activity.
Response: To accommodate a broad range of VBEs, from small to
large, this final rule does not prescribe how VBE participants prove
that they are collaborating to achieve at least one value-based
purpose, as required by the definition of ``value-based enterprise'';
it is incumbent on the VBE participants to demonstrate that they are
meeting this requirement. For example, time spent on value-based
activities, records of collaboration between parties, and participation
in applicable meetings, could all be relevant factors, depending on the
unique nature and circumstance of the VBE and the arrangements among
the VBE participants.
Comment: A commenter expressed concern that the costs of forming a
VBE could be prohibitive for small and rural providers and providers
serving underserved populations, and it appeared to ask OIG to create
an online portal that parties could use to create VBEs. Another
commenter asked OIG to state expressly that a VBE may add individual
physicians and other clinicians as VBE participants on an ongoing basis
and still meet the definition of ``VBE.''
Response: The definition of ``VBE'' is intended to be both broad
and flexible to accommodate providers, suppliers, and other entities of
varying sizes and financial means seeking to participate in value-based
arrangements. The definition, as finalized, will allow small and rural
providers and providers serving underserved populations to form VBEs
that correspond in scope and design with the VBE participants'
resources. For example, we anticipate that parties could form a VBE
with a single value-based arrangement, and a VBE could be comprised of
only two VBE participants. We did not propose to create an online
portal for the creation of VBEs, and we are therefore not establishing
an online portal in this final rule. We also confirm that VBE
participants may join and leave a VBE throughout the existence of the
VBE, but we note that a VBE always must have two or more VBE
participants to meet the definition of ``value-based enterprise.''
Comment: A commenter recommended that we require a value-based
enterprise to utilize electronic health records so that each entity
participating in the value-based enterprise has a strong data platform
to track and evaluate the VBE's inputs and outcomes. According to the
commenter, data from the EHR systems is critical to care delivery and
care coordination.
Response: We agree that EHR systems can help individuals and
entities within the VBE facilitate the coordination and management of
care but did not propose to require, and thus are not requiring, VBEs
or VBE participants to use them. Moreover, we intend for entities of
varying sizes and with different levels of funding and access to
technology to be able to utilize the value-based safe harbors. While we
continue to support the Department's goal of continued adoption and use
of interoperable EHR technology that benefits patient care, we are
concerned that requiring utilization of EHR may unduly limit the
ability of some entities to form a VBE. Donations of EHR by VBEs to VBE
participants can be protected by the value-based safe harbors if all
conditions are met. Alternatively, VBE and VBE participants may use the
EHR safe harbor that this final rule makes permanent.
Comment: Commenters asked how the definition of ``value-based
enterprise'' would apply to integrated delivery systems, with a
commenter specifically inquiring as to how entities within a
[[Page 77696]]
larger integrated delivery system that enter into arrangements with a
payor for shared savings and losses could subsequently share such
savings or losses with downstream contracted or employed physicians.
The commenter asked whether each party offering or receiving
remuneration would be required to be a party to an agreement with the
payor or if separate agreements between the downstream entities would
suffice. Another commenter asked OIG to confirm whether an already
existing integrated delivery system, ACO, or similar entity could meet
the requirements of a VBE or whether that entity must establish a new
value-based enterprise to use the value-based safe harbors. A commenter
asserted that the value-based definitions and safe harbors should
include integrated delivery systems, accountable care, team-based care,
coordinated care (including for dual eligible beneficiaries), bundled
payments, payments linked to quality or outcomes, Medicaid waiver
programs, and Medicare managed care, value-based, or delivery system
reform directed payments. A commenter recommended that the final rule
deem an existing ACO to be compliant with the requirements of an
applicable safe harbor to help retain ACOs as a central organizational
structure, reduce regulatory burden, reduce risk of whistleblower or
regulatory challenges, and minimize the need for creation of
arrangements outside the ACOs. For each value-based safe harbor the
commenter made specific suggestions: That OIG deem ACO outcome measures
to meet the outcome measures requirement for care coordination
arrangements; and for the substantial downside financial risk and full
financial risk safe harbors, that all safe harbor conditions would be
deemed met if the requisite level of downside financial risk were
present.
Response: The final rule, including the value-based terminology,
value-based safe harbors, and other safe harbors we are finalizing,
offers several potential pathways for protection for the types of
arrangements noted by the commenters, provided all applicable
definitions and safe harbor conditions are satisfied. An existing
integrated delivery system, ACO, or comparable entity could potentially
qualify as a ``value-based enterprise'' and meet all of the
requirements of the definition to use the value-based safe harbors we
are finalizing. Arrangements for shared savings or losses and certain
bundled payments could be protected under the substantial downside and
full financial risk safe harbors, which protect in-kind and monetary
remuneration exchanged between a VBE and a VBE participant. Under these
safe harbors, a hospital that is a VBE participant could enter into a
value-based arrangement with a VBE, pursuant to which the VBE shares
savings or losses with the hospital VBE participant. However, this
arrangement could not be protected under the care coordination
arrangements safe harbor, which does not protect the exchange of
monetary remuneration. Monetary remuneration, including payments linked
to outcomes, could qualify for protection under the safe harbor for
personal services and management contracts and outcomes-based payments
at paragraph 1001.952(d)(2). Neither the substantial downside financial
risk safe harbor nor the full financial risk safe harbor protects the
exchange of remuneration between entities downstream of the VBE (i.e.,
between VBE participants, a VBE participant and a downstream
contractor, or downstream contractors). Apart from the value-based safe
harbors, some managed care arrangements could be structured to fit in
the existing managed care safe harbors at paragraphs 1001.952(t) and
1001.952(u). ACOs and others in CMS-sponsored models could use the new
safe harbor at paragraph 1001.952(ii).
We did not propose and are not adopting a deeming provision for
ACOs, as recommended by the commenter. Under the final value-based safe
harbors, ACOs would need to meet all applicable safe harbor conditions.
We have designed the value-based terminology and safe harbors to be
flexible to accommodate a range of VBE types, structures, and
arrangements, including ACOs. Moreover, when participating in a CMS-
sponsored model, an ACO might rely on an existing fraud and abuse
waiver or the new safe harbor for CMS-sponsored models at paragraph
1001.952(ii), rather than a value-based safe harbor.
To the commenter's question regarding separate agreements, although
the substantial downside financial risk and full financial risk safe
harbors would not protect any shared savings or losses (or other
remuneration) between the hospital VBE participant and its downstream
employed or contracted physicians, the VBE could enter into value-based
arrangements directly with physicians who are VBE participants in order
to share savings or losses with the physicians. We note, however, that,
consistent with all other safe harbors, compliance with the value-based
safe harbors is not compulsory. Parties may enter into lawful
arrangements for value-based care that do not meet a safe harbor. Other
safe harbors may be relevant to protect remuneration exchanged in a
value-based arrangement, such as the personal services and management
contracts safe harbor or a managed care safe harbor, depending on the
circumstances. The OIG advisory opinion process also remains available.
Comment: A commenter asked whether VBEs must undergo a formal
process to receive protection under the new safe harbors.
Response: All safe harbors to the Federal anti-kickback statute,
including the new safe harbors we are finalizing in this final rule,
are voluntary, and parties do not need to undergo any process or
receive any affirmation from the Federal Government in order to receive
protection. We note that qualifying as a value-based enterprise is not
sufficient to obtain protection under the value-based safe harbors. To
be protected, the remuneration exchanged between or among parties to
the VBE must squarely meet all conditions of an available safe harbor.
Parties that wish for OIG to opine on whether an arrangement satisfies
the criteria of a safe harbor may submit an advisory opinion request.
Comment: A commenter stated that an entity that qualifies as a VBE
should be deemed to meet the Federal Trade Commission (FTC) and
Department of Justice (DOJ) requirements for clinical integration.
Response: Whether a value-based enterprise meets the FTC and DOJ
requirements for clinical integration is outside the scope of this
rulemaking and thus the issue raised by the commenter is not addressed
in this rule.
Comment: Several commenters asked OIG to include references to free
clinics, charitable clinics, and charitable pharmacies in the
definition of ``value-based enterprise,'' stating that hospitals
otherwise will remain risk averse to establishing or continuing
partnerships with such entities. Another commenter asked OIG to confirm
that the terms ``value-based enterprise,'' ``value-based arrangement,''
and ``value-based activity'' apply exclusively to the new safe harbors
and not in other contexts, such as state Medicaid programs, to ensure
the new value-based terminology does not disrupt the administration of
existing value-based arrangements.
Response: We do not believe it is necessary to include references
to any specific entities in the definition of ``value-based
enterprise.'' While the commenter requested that we reference these
entities in the definition of ``VBE,'' we note that under this final
rule all individuals and entities are eligible to
[[Page 77697]]
be VBE participants (other than a patient acting in their capacity as a
patient). The definitions we are finalizing for the value-based
terminology, including the terms ``value-based enterprise,'' ``value-
based arrangement,'' and ``value-based activity,'' do not apply outside
of the safe harbors being finalized in this rule. Given OIG's limited
authority in the context of this rulemaking, we do not purport to
define these terms for other purposes, including for State Medicaid
programs; however, the safe harbors could protect remuneration
resulting from value-based arrangements involving Medicaid
beneficiaries (to the extent that all applicable safe harbor conditions
are satisfied). CMS is using the same terminology for its new value-
based exceptions under the physician self-referral law.
Comment: A commenter asserted that the proposed definitions of
``value-based enterprise,'' ``value-based arrangement,'' ``value-based
activity,'' and ``VBE participant'' apply only to the care coordination
arrangements safe harbor and not to the substantial downside financial
risk safe harbor or the full financial risk safe harbor.
Response: The commenter's apparent confusion arises from the
language in proposed paragraph 1001.952(ee) that states, ``[f]or
purposes of this paragraph (ee), the following definitions apply.''
Notwithstanding this language, the substantial downside financial risk
safe harbor and the full financial risk safe harbor expressly
incorporate the definitions of ``value-based enterprise,'' ``value-
based arrangement,'' ``value-based activity,'' and ``VBE participant''
set forth in paragraph 1001.952(ee).
Comment: While supporting the proposed definition of ``value-based
enterprise,'' several commenters requested that OIG and CMS align any
modifications to the final definition of ``VBE.'' According to the
commenter, identical definitions would allow stakeholders to place more
focus on the delivery of value-based care because they would not need
to navigate different legal frameworks under the Federal anti-kickback
statute and the physician self-referral law.
Response: We are finalizing a definition of ``value-based
enterprise'' that remains aligned with the definition finalized by CMS.
Comment: Some commenters asserted that Indian health programs
should be deemed to meet the definition of ``value-based enterprise''
even if they do not meet each requirement of the definition because
Tribes, as sovereign governments, do not enter into agreements in which
another entity has governing authority or control over any part of the
Tribe. In addition, they explained that Indian health programs have
several features of the proposed definition (e.g., Indian health
programs are held accountable by the governing body of the Tribe or the
United States Congress, in the case of IHS-run programs). Such
commenters asserted that requiring Indian health programs to meet any
additional requirements would exclude or unnecessarily burden those
programs.
Similarly, several commenters requested that OIG address whether
Indian health programs could be a VBE participant and recommended that
the definition expressly state that Indian health programs may be VBE
participants. Another commenter expressed concern that Indian health
programs may not meet the proposed definition of VBE participant
because Tribes are sovereign nations that will not enter into
agreements with another entity with authority over the Tribe.
Response: Indian health programs, as well as other individuals and
entities, may themselves constitute VBEs or may form VBEs if they meet
all requirements in the definition of such term. We are not
promulgating any exceptions to the requirement that parties form a VBE
in order to use one of the value-based safe harbors or the patient
engagement and support safe harbor because we believe the definition of
``value-based enterprise'' is sufficiently broad and flexible to allow
Indian health programs to qualify as or form VBEs.
In addition, under our revised definition of a ``VBE participant,''
all types of entities can be VBE participants, including Indian health
programs and Indian health care providers that engage in at least one
value-based activity as part of a VBE.
ii. Accountable Body
Comment: Multiple commenters supported the proposed requirement
that a VBE have an accountable body that is responsible for financial
and operational oversight of the VBE, while some expressed concerns
regarding the requirement. For example, some commenters asserted that
parties would incur significant legal expenses to create an accountable
body, which could discourage participation in VBEs, and questioned
whether small or rural practices have the resources necessary to
implement an accountable body. A commenter suggested OIG exempt smaller
VBEs from the requirement to have an accountable body, particularly
where the VBE is comprised only of individuals or small physician
practices. Another noted that the requirement to have an accountable
body could create tension between VBE participants when determining who
will assume such role.
Response: We do not believe the requirement for a VBE to have an
accountable body or responsible person places an undue financial or
administrative burden on VBEs or VBE participants, particularly because
the definition of ``value-based enterprise'' affords parties the
flexibility to create VBEs and accountable bodies that range in scope
and complexity. We are not exempting small or other VBEs from the
requirement to have an accountable body or responsible person. We do
not expect that small VBEs would have the same resources as larger VBEs
for this function or would structure the function in the same way. A
VBE should have an accountable body or responsible person that is
appropriate for its size and resource and is capable of carrying out
the associated responsibilities. Any potential for conflict among VBE
participants is a matter for the parties to address in their private
contractual or other arrangements and does not warrant an exception to
the accountable body requirement, which serves an important oversight
and accountability function in the VBE.
Comment: Commenters generally supported the flexibility for parties
to tailor the accountable body to the complexity and sophistication of
the VBE. Multiple commenters requested additional clarification on the
nature and composition of the accountable body, including how and by
whom the accountable body would be organized and whether the
accountable body must be comprised of at least one representative from
each VBE participant.
A commenter asked OIG to clarify whether ACOs that already have
governing bodies in place need to establish an additional accountable
body or responsible person to meet the definition of ``VBE.'' Another
commenter asked whether the safe harbor conditions applicable to
accountable bodies are at least as rigorous as the conditions
applicable to governing bodies in the fraud and abuse waivers issued
for purposes of the Medicare Shared Savings Program.
Response: We are not prescribing how VBE participants or VBEs form
or otherwise designate an accountable body or responsible person in
order to give parties flexibility to do so in a manner conducive to the
scope and objectives of the VBE and its resources. For instance, a
representative from each VBE participant in a VBE could, but is not
required to, be part of the VBE's
[[Page 77698]]
accountable body. Where parties already have a governing body that
constitutes an accountable body or responsible person, such parties are
not required to form a new accountable body or designate a responsible
person for purposes of creating a VBE. While the requirements for the
accountable body or responsible person are not as stringent as the
requirements for an ACO's governing body in the fraud and abuse waivers
issued for purposes of the Medicare Shared Savings Program, we have
concluded that the safe harbor requirements for the accountable body
strike the right balance between allowing for needed flexibility for
parties wanting to form and operate VBEs and providing for appropriate
VBE oversight and accountability.
Comment: Multiple commenters supported a range of additional
requirements for VBE participants related to the accountable body,
including requirements to: (i) Recognize the oversight role of the
accountable body affirmatively; (ii) agree in writing to cooperate with
the accountable body's oversight efforts; and (iii) report data to the
accountable body to enable it to access and verify VBE participant data
related to performance under value-based arrangements. Another
commenter opposed additional requirements on VBE participants, stating
that they would be unnecessary formalities that would constrain use of
the value-based safe harbors for existing arrangements that might
otherwise meet a value-based safe harbor's terms. Other commenters also
asked what, if any, oversight OIG would expect from VBE participants,
themselves, in addition to the oversight conducted by the accountable
body.
Response: It is important for the parties to a value-based
arrangement to support and cooperate with the accountable body or
responsible person. However, we are not finalizing requirements for VBE
participants to recognize affirmatively the oversight role of the
accountable body, agree in writing to cooperate with its oversight
efforts, or report data. On balance, such requirements would introduce
a level of unnecessary administrative detail and impose unnecessary
administrative burden on many VBEs, particularly small or rural
entities. Parties can themselves establish mechanisms to ensure the
ability of the accountable body or responsible person to fulfill its
obligations through, by way of example only, a term in arrangements
between the VBE and its VBE participants that requires VBE participants
to cooperate with the accountable body or responsible person's
oversight efforts.
Whether VBE participants must conduct additional oversight depends
on the applicable safe harbor. Parties relying on safe harbor
protection may want to ensure all applicable safe harbor requirements,
including those related to oversight, are met because failure to
satisfy these requirements would result in the loss of safe harbor
protection for the remuneration at issue. Notwithstanding this fact,
where a VBE participant or VBE has done everything that it reasonably
could to comply with the safe harbor requirements applicable to that
party but the remuneration exchanged loses safe harbor protection as a
result of another party's noncompliance, the compliant party's efforts
to take all reasonable steps would be relevant in a determination of
whether such party had the requisite intent to violate the Federal
anti-kickback statute.
Comment: We received support for, and opposition to, a requirement
for the accountable body to have more specific responsibilities for
overseeing certain aspects of the VBE, including utilization of items
and services; cost; quality of care; patient experience; adoption of
technology; and quality, integrity, privacy, and accuracy of data
related to each value-based arrangement. However, several commenters
cautioned against overly prescriptive oversight obligations, with many
commenters noting that the appropriate scope, methodology, and risk
areas for monitoring and oversight will vary significantly based on the
activities an entity is undertaking. According to several commenters,
the program integrity benefits of any additional requirements on the
accountable body would be outweighed by increased administrative
burden.
Response: We are not requiring more specific oversight
responsibilities for the accountable body. The type of data the
accountable body should monitor and assess could vary by VBE and by
value-based arrangement, and therefore we are not imposing more
prescriptive requirements on the accountable body with respect to its
oversight responsibilities. However, in the full financial risk safe
harbor, we are finalizing a requirement that the VBE provide or arrange
for a quality assurance program for services furnished to the target
patient population that protects against underutilization and assesses
the quality of care furnished to the target patient population.
Comment: Multiple commenters supported a requirement for VBEs to
institute a compliance program to facilitate the accountable body's or
responsible person's obligation to identify program integrity issues,
with some also favoring requirements for periodic review of patient
medical records to ensure compliance with clinical standards or for the
designation of a compliance officer to oversee the VBE and its value-
based arrangements. One commenter recommended that VBE participants
agree to a code of ethics related to compliance oversight.
In contrast, multiple commenters opposed a requirement for the VBE
to have a compliance program. Some asserted it would create an
additional burden on VBEs without substantially reducing the risk of
fraud and abuse. Commenters expressed concern that a compliance program
requirement could result in inconsistent policies or duplicative
administrative obligations if VBE participants already have compliance
programs in place. Another commenter stated that such a requirement is
unnecessary because VBEs are independently at risk for safe harbor
compliance. A commenter recommended that, if OIG requires a VBE to have
a compliance program, OIG should permit the VBE to meet such a
requirement by: (i) Developing a compliance program specific to the VBE
and its VBE participants, (ii) adopting an existing compliance program
held by one of the VBE participants, or (iii) requiring an attestation
from each VBE participant that it has a compliance program and conducts
annual compliance reviews. Another commenter recommended that OIG
provide model compliance provisions that could be included in
agreements between parties in a VBE.
Response: For purposes of these safe harbors, we are not requiring
the VBE or its accountable body or responsible person to have a
compliance program or to review patient medical records periodically.
We also are not requiring an attestation or other agreements from each
VBE participant that it has a compliance program and conducts annual
compliance reviews. Compliance programs are an important tool for,
among other things, monitoring arrangements, identifying fraud and
abuse risks, and, where necessary, implementing corrective action
plans. While it is our view that robust compliance programs are a best
practice for all VBEs and VBE participants, we are not including
specific compliance program requirements or providing model compliance
provisions because VBEs of varying sizes and scopes may have and need
different types of compliance programs. We anticipate many VBE
participants already have compliance programs and may want to
[[Page 77699]]
consider updating these programs to reflect any new arrangements
entered into as part of the VBE.
A compliance program requirement for VBEs would necessitate that we
articulate specific compliance program criteria, which we do not
believe would be feasible or desirable, particularly in light of the
expected variation of VBEs. We also are not requiring the VBE to
designate an individual to serve as a compliance officer. For purposes
of this rule, the accountable body or responsible person acts as an
oversight body that performs a compliance function. In this respect,
and as we stated in the OIG Proposed Rule, we believe the accountable
body or responsible person would be well-positioned to identify program
integrity issues and to initiate action to address them, as necessary
and appropriate. VBEs may elect to have designated compliance officers
if they so wish.
Comment: A commenter asked whether the accountable body and VBE
participants should expect a higher degree of auditing and oversight
from OIG than entities not involved in a value-based enterprise.
Response: OIG provides independent and objective oversight of the
programs and operations of the Department. We anticipate that
individuals and entities that are part of a value-based enterprise will
be subject to OIG's program integrity and oversight activities to the
same extent as other individuals and entities that receive Federal
health care program funds or treat Federal health care program
beneficiaries.
Comment: Some commenters supported a requirement for the
accountable body or responsible person to have a duty of loyalty to the
VBE, particularly for accountable bodies serving larger VBEs. The
commenters asserted that a duty of loyalty would be appropriate given
the lack of programmatic oversight as compared to CMS-sponsored models
and would help reduce certain risks (e.g., stinting on care or
providing medically unnecessary care). Other commenters suggested that
the accountable body should have a duty of loyalty to the patients
within the VBE.
Multiple commenters opposed requiring the accountable body or
responsible person to have a duty of loyalty to the VBE, stating that
it would create conflicts of interest for accountable body members that
are, or are employed by, a VBE participant. Some commenters asserted
that a duty of loyalty would necessitate the use of a third-party
entity to serve as the accountable body, which could be cost
prohibitive for small and rural providers, while others noted that
large VBE participants may be unwilling to cede oversight
responsibilities to an independent third party. A commenter proposed an
alternative requirement for the accountable body or responsible person
to act in furtherance of the VBE's value-based purpose(s).
Response: We are not requiring the accountable body or responsible
person to have a duty of loyalty to the VBE because we agree with
commenters that a duty of loyalty often could create conflicts of
interest for VBE participants and employees of VBE participants who
otherwise would serve as members of the accountable body. We also agree
that a duty of loyalty requirement could necessitate the use of
independent third parties to serve as the accountable body, which could
be cost prohibitive for smaller VBEs. While we are not implementing a
requirement for the accountable body or responsible person to have a
duty of loyalty or to act in furtherance of the VBE's value-based
purpose(s), we believe the accountable body or responsible person
necessarily must act in furtherance of the VBE's value-based purpose(s)
to fulfill its oversight responsibilities. Parties are free to include
this duty in their contractual arrangements.
Comment: A commenter asked OIG to require the accountable body to
submit data to the Department to demonstrate continued compliance with
the applicable safe harbor and progress in improving outcomes and
reducing costs. A commenter also asserted that OIG should require the
accountable body or responsible person to implement a process for
patients to express concerns and for the VBE to resolve such concerns,
and others recommended that OIG ensure that VBE participants secure
informed consent for each patient treated within a VBE.
Response: We are not requiring accountable bodies or responsible
persons to submit data to the Department for purposes of safe harbor
compliance because we do not think the program integrity benefits of
requiring data submission for safe harbor compliance would outweigh the
administrative burden on both the government and the individuals and
entities serving as accountable bodies or responsible persons.
Notwithstanding the foregoing, we remind readers that OIG provides
independent, objective oversight of HHS programs. Nothing in this rule
changes OIG's authorities to request data for its oversight purposes.
In addition, and as explained further below in section III.3.n.v, OIG
will continue to evaluate whether to modify the care coordination
arrangements safe harbor in the future to include a requirement that
the VBE affirmatively submit certain data or information.
Due to administrative burden concerns, we are not requiring the
accountable body or responsible person to implement a process for
patients to express concerns or ensure that VBE participants secure
informed consent for each patient treated within a VBE. Such
requirements may be useful processes for VBEs to consider in ensuring
safe harbor compliance.
iii. Governing Document
Comment: Commenters expressed general support for a governing
document requirement. Some commenters asked whether the written
document forming the value-based arrangement could also constitute the
governing document, and another commenter questioned whether an
existing payor contract could serve as a governing document. Another
commenter requested that OIG permit a collection of documents to
constitute a governing document.
Response: A single document could constitute both the VBE's
governing document and the writing required for a value-based
arrangement so long as it includes all of the requisite requirements
for each writing. In addition, an existing payor contract could qualify
as a governing document so long as it describes the value-based
enterprise and how the VBE participants intend to achieve the VBE's
value-based purpose(s). However, we decline to permit a governing
document for a VBE to be set forth in multiple writings. We permit the
writing requirement in each new value-based safe harbor to be satisfied
by a collection of writings because each party to a value-based
arrangement must sign the writing; in contrast, the governing document
of the VBE does not require any signatures. Creation of one governing
document, that may be amended over time as the value-based activities,
VBE participants, or other features of the VBE evolve, will help ensure
that there is a clearly identifiable governance structure for the VBE.
Comment: Some commenters expressed concern that the requirement for
a VBE to have a governing document could be burdensome, particularly
for small and rural practices and practices serving underserved areas.
Another commenter requested a checklist or model terms for a governing
document, and another commenter asked for clarification of requirements
for the document.
Response: We appreciate commenters' concerns regarding the burden
that
[[Page 77700]]
developing a governing document may place on certain individuals or
entities. We are finalizing the proposed definition of ``value-based
enterprise,'' which does not prescribe a specific format or content for
the governing document, other than it must describe the VBE and how the
VBE participants intend to achieve its value-based purpose(s). This
definition is designed to be flexible so that small and rural practices
and practices serving underserved areas wishing to establish VBEs can
craft governing documents appropriate to their size and the nature of
their VBE. We anticipate that VBEs of different sizes and purposes will
have different types of governing documents with different terms. The
core requirement is that the governing document must describe the
value-based enterprise and how the VBE participants intend to achieve
the VBE's value-based purpose(s), regardless of the format of the
document. This definition offers parties significant flexibility to
craft a value-based enterprise and a governing document commensurate
with the scope and sophistication of the VBE.
As we stated in the preamble to the OIG Proposed Rule, the
governing document requirement provides transparency regarding the
structure of the VBE, the VBE's value-based purpose(s), and the VBE
participants' roadmap for achieving the purpose(s). We do not believe a
checklist for creating a governing document is necessary because the
requirements for the governing document are set forth in the definition
of ``value-based enterprise,'' itself. In addition, we decline to
provide model terms because they could inhibit parties from developing
terms that appropriately reflect the unique nature and circumstances of
their value-based enterprises.
b. Value-Based Arrangement
Summary of OIG Proposed Rule: We proposed to define the term
``value-based arrangement'' to mean an arrangement for the provision of
at least one value-based activity for a target patient population
between or among: (i) The value-based enterprise and one or more of its
VBE participants; or (ii) VBE participants in the same value-based
enterprise. This proposed definition reflected our intent to ensure
that each value-based arrangement is aligned with the VBE's value-based
purpose(s) and is subject to its financial and operational oversight.
It further reflected our intent for the value-based arrangement's
value-based activities to be undertaken with respect to a target
patient population.
We noted in the OIG Proposed Rule that we were considering whether
to address a concern about potentially abusive practices that could be
characterized as the coordination and management of care by precluding
some or all protection under the proposed value-based safe harbors for
arrangements between entities that have common ownership, either
through refinements to the definition of ``value-based arrangement'' or
by adding restrictions on common ownership to one or more of the
proposed safe harbors at paragraphs 1001.952(ee), (ff), or (hh).
Summary of Final Rule: We are finalizing, with modification, the
definition of ``value-based arrangement.'' We are modifying the
regulatory text to clarify that only the value-based enterprise and one
or more of its VBE participants, or VBE participants in the same value-
based enterprise, may be parties to a value-based arrangement. We are
not precluding protection for arrangements between entities that have
common ownership in the definition of ``value-based arrangement,'' nor
in the individual safe harbors.
Comment: Many commenters supported the proposed definition of
``value-based arrangement'' and, in particular, appreciated the
flexibility afforded by the definition, which the commenters posited
will allow parties to design a range of arrangements that may qualify
for protection under the value-based safe harbors, including
arrangements between two providers that include only a single value-
based activity. Commenters also supported our proposal in the OIG
Proposed Rule that the definition covers commercial and private insurer
arrangements.
Response: We reiterate in this final rule that the definition of
``value-based arrangement'' is broad enough to capture commercial and
private insurer arrangements. The definition is intended to afford
parties significant flexibility. In addition, in response to comments,
we are modifying the definition text to clarify our intent that
``value-based arrangement'' capture arrangements for care coordination
and certain other value-based activities among VBE participants within
the same VBE, as indicated in the OIG Proposed Rule,\13\ by revising
the definition so that the value-based arrangement may only be between:
(i) The value-based enterprise and one or more of its VBE participants;
or (ii) VBE participants in the same value-based enterprise.
---------------------------------------------------------------------------
\13\ 84 FR 55702 (Oct. 17, 2019).
---------------------------------------------------------------------------
We emphasize that qualification as a value-based arrangement is
necessary, but not sufficient, to protect remuneration exchanged
pursuant to that arrangement; all conditions of an applicable safe
harbor must be met.
Comment: A commenter opposed the definition of ``value-based
arrangement,'' expressing concern that it is too broad and vague and
could be used as a mechanism to force the exclusive use of a particular
product or particular provider. In addition, the commenter believed the
definition could allow health care entities to engage in abusive
practices by using a value-based safe harbor to funnel remuneration
under the guise of a value-based arrangement.
Response: We have addressed the commenter's concern with respect to
exclusive use through a condition in the care coordination arrangements
safe harbor at paragraph 1001.952(ee). We acknowledge and agree with
the commenter's concern that parties might engage in abusive practices
under the guise of a value-based arrangement; to that end, we have
included robust safeguards in each value-based safe harbor to mitigate
these concerns.
Comment: A commenter requested clarification as to whether current
arrangements would be affected and would need to be restructured to
meet the definition of a ``value-based arrangement.''
Response: There is nothing in this final rule that requires parties
to an existing arrangement to restructure that arrangement to meet the
new definition of a ``value-based arrangement.'' Parties to an existing
arrangement that wish to rely on the protection of one of the value-
based safe harbors may want to review their arrangement to assess
whether it fully meets the definition of a ``value-based arrangement''
and, thus, could be eligible for protection under a value-based safe
harbor if all safe harbor conditions are met.
Comment: Several commenters requested clarification regarding the
statement in the OIG Proposed Rule that the definition of ``value-based
arrangement'' is intended to capture arrangements for care coordination
and certain other value-based activities among VBE participants within
the same VBE.\14\ Specifically, commenters requested clarification
regarding how this statement corresponds with the requirement in each
proposed value-based safe harbor that the value-based arrangement have
as a value-based
[[Page 77701]]
purpose the coordination and management of care.
---------------------------------------------------------------------------
\14\ 84 FR 55702 (Oct. 17, 2019).
---------------------------------------------------------------------------
Response: The definition of ``value-based arrangement'' and the
requirements for protection under the value-based safe harbors are
consistent when read together. The term ``value-based arrangement''
means an arrangement for the provision of at least one ``value-based
activity'' for a target patient population. The definition does not
specify which value-based purpose(s) the value-based activity (or
activities) must be designed to achieve. In this respect, the
definition of ``value-based arrangement'' is broader than the
requirements of some of the value-based safe harbors.
Value-based arrangements are not de facto safe harbor protected.
Rather, an arrangement that meets the definition of a ``value-based
arrangement'' is eligible to seek protection in a value-based safe
harbor. For safe harbor protection, it must squarely satisfy all safe
harbor conditions. For reasons explained elsewhere in this preamble,
the care coordination arrangements safe harbor requires a direct
connection to the first value-based purpose, the coordination and
management of patient care, which is a central focus of this
rulemaking. The substantial downside financial risk arrangements safe
harbor requires a direct connection to any one of the first three
value-based purposes, and the full financial risk arrangements safe
harbor requires a connection to any one of the four value-based
purposes, in recognition of the parties' assumption of risk and the
lower risk of traditional fee-for-service fraud. The substantial
downside financial risk safe harbor and the full financial risk safe
harbor, as finalized, do not require a direct connection to the
coordination and management of care for the target patient population.
In addition, the definition of ``value-based arrangement'' is
consistent with the definition used in CMS's final rule. We anticipate
this alignment may ease compliance burden for parties.
Comment: A commenter asserted that neither VBEs nor VBE
participants should be prohibited from entering into non-disclosure
agreements with parties to a value-based arrangement because otherwise
parties could use information learned in an arrangement against another
party in an anticompetitive manner.
Response: Neither the definition of ``value-based arrangement'' nor
other safe harbor provisions in this final rule preclude parties to a
value-based arrangement from entering into non-disclosure agreements.
Comment: Most commenters opposed our proposal to preclude entities
under common ownership from protecting remuneration that they exchange
under the value-based safe harbors, whether through a change to the
definition of ``value-based arrangement'' or by adding restrictions to
one or more of the value-based safe harbors. Commenters asserted that
entities under common ownership (e.g., through an integrated delivery
system) are often best positioned to improve health outcomes and lower
costs through coordinated care. Several commenters also asserted that
such a requirement may preclude protection for entities participating
in large value-based models, like clinically integrated networks or
accountable care organizations. Some commenters also explained that
rural and Indian health care providers are frequently operated through
common ownership models. Others noted that hospitals in states that
restrict direct physician employment often have arrangements with
medical groups under common ownership, and another commenter raised
concerns about the impact on physician-owned hospitals.
Response: We appreciate commenters' responses. To address
commenters' concerns, we are not limiting protection for entities under
common ownership in this final rule. We continue to be concerned that
there is potential for entities under common ownership to use value-
based arrangements to effectuate payment-for-referral schemes, but we
also believe that the combinations of safeguards we are adopting in the
safe harbors should mitigate these risks. For example, the requirement
in the care coordination arrangements safe harbor that the value-based
arrangement is commercially reasonable, considering both the
arrangement itself and all value-based arrangements within the VBE,
helps to ensure that the arrangements, taken as a whole, are calibrated
to achieve the parties' legitimate business purposes.
Comment: A commenter raised concerns about the timing of VBE
participants entering into value-based arrangements and recommended
that VBE participants not be prevented from providing value-based care
to patients before a formal value-based arrangement has been executed.
The same commenter recommended that we adopt a 90-day grace period for
situations of technical non-compliance related to the timing of VBE
participants entering into value-based arrangements.
Response: First, we remind readers that failure to comply with a
safe harbor provision (or any attendant, defined term) does not mean
that an arrangement is per se illegal. Consequently, the value-based
safe harbors do not prevent a physician, clinician, or other VBE
participant from providing value-based care to patients prior to
entering into a value-based arrangement, or at any other time. In
addition, the Federal anti-kickback statute, which focuses on the
knowing and willful offer, solicitation, payment, or receipt of
remuneration in exchange for Federal health care program business,
likely would not be implicated by the provision of only clinical care
to patients. OIG appreciates that many physicians and others currently
furnish value-based care to patients, and nothing in this rule changes
their ability to do so. Stakeholders should assess whether arrangements
that do not satisfy the definition of ``value-based arrangement,'' as
defined in paragraph 1001.952(ee), implicate the statute. Any
arrangements that are not value-based arrangements, as defined, would
not qualify for protection under the value-based safe harbors, but
could qualify under other safe harbors, depending on the facts and
circumstances, or they might not need safe harbor protection. As
finalized in this rule, a provider or other individual or entity
furnishing value-based care may also become a VBE participant, but the
value-based arrangements in which it participates might not need safe
harbor protection if they do not implicate the statute.
We are not adopting a 90-day grace period to execute value-based
arrangements because it is our belief that it is not necessary. When a
VBE participant must execute a value-based arrangement to receive safe
harbor protection is based on the writing requirements of each safe
harbor. For example, in the care coordination arrangements safe harbor
as finalized at paragraph 1001.952(ee), the writing that documents the
value-based arrangement must be set forth in advance of, or
contemporaneous with, the commencement of the value-based arrangement
and any material change to the value-based arrangement. Additionally,
the writing may be a collection of documents. These flexibilities allow
VBE participants to document their participation in a value-based
arrangement with minimal burden. A VBE can add a new VBE participant to
an existing arrangement in a separate document that becomes part of the
collection of documents for that value-based arrangement.
c. Target Patient Population
Summary of OIG Proposed Rule: We proposed to define ``target
patient population'' as an identified patient
[[Page 77702]]
population selected by the VBE or its VBE participants using legitimate
and verifiable criteria that: (i) Are set out in writing in advance of
the commencement of the value-based arrangement; and (ii) further the
value-based enterprise's value-based purpose(s). The proposal would
protect only those value-based arrangements that serve an identifiable
patient population for whom the value-based activities likely would
improve health outcomes or lower costs (or both). In the OIG Proposed
Rule, we noted that the definition was not limited to Federal health
care program beneficiaries but could encompass, for example, all
patients with a particular disease state.
Summary of Final Rule: We are finalizing, without modification, the
definition of ``target patient population.''
Comment: Many commenters supported our proposed definition of
``target patient population,'' including our requirement that the
identified patient population be selected by the VBE or its VBE
participants using ``legitimate and verifiable criteria.'' However, we
received numerous comments about the use of the term ``legitimate'' to
describe the criteria used to identify the target patient population in
the proposed regulatory text, as well as the alternative proposal in
the preamble to use the term ``evidence-based.'' Some commenters
expressed support for the legitimate criteria standard and stated, for
example, that it facilitated a holistic focus on patients' health. This
category of commenters generally expressed opposition to the
alternative evidence-based standard, arguing that it is too restrictive
and would chill innovative value-based arrangements.
Other commenters opposed the use of the term ``legitimate,''
stating that the term is ambiguous. Another commenter suggested that
OIG enumerate the types of specific behavior that it wishes to preclude
in lieu of using the term ``legitimate''; as an example, the commenter
recommended that we state expressly in the definition of ``target
patient population'' that it would preclude selection criteria designed
to avoid costly or non-compliant patients. Multiple commenters
requested that OIG provide additional clarification on the scope and
application of the term, such as whether it could encompass criteria
based on social determinants of health.
Response: We are finalizing the definition of ``target patient
population,'' as proposed, including the ``legitimate and verifiable
criteria'' standard. As stated in the OIG Proposed Rule, we used this
standard, and in particular, the term ``legitimate,'' to ensure the
target patient population selection process is based upon bona fide
criteria that further a value-based arrangement's value-based
purpose(s), and we confirm that, depending on the facts and
circumstances, legitimate criteria could be based on social
determinants of health, such as safe housing or transportation needs.
We are not including an exhaustive list of legitimate or non-legitimate
selection criteria because there are various types of criteria that
parties could use to select a target patient population; moreover, some
criteria may be legitimate for some value-based arrangements but not
for others. For example, as we stated in the OIG Proposed Rule, VBE
participants seeking to enhance access to, and usage of, primary care
services for patients concentrated in a certain geographic region might
base the target patient population on ZIP Code or county of residence.
In contrast, a value-based arrangement focused on enhancing care
coordination for patients with a particular chronic disease might
identify the target patient population based on patients who have been
diagnosed with that disease. Other VBE participants, such as a social
service organization working in conjunction with a pediatric practice,
may identify their target patient population using income and age
criteria, e.g., pediatric patients who have a household income below
200 percent of the Federal poverty level and who are below the age of
18, in an effort to boost pediatric vaccination rates in a given
community.
We are adopting the proposed ``legitimate and verifiable'' standard
in lieu of the alternative we proposed, which would have required the
use of ``evidence based'' criteria, because we believe requiring
``legitimate and verifiable'' criteria will afford parties
comparatively greater flexibility in determining the target patient
population and aligns with CMS's definition of the same term.
Comment: We received at least two comments requesting that we
expressly state in regulatory text that establishing criteria in a
manner that leads to cherry-picking or lemon-dropping would not
constitute ``legitimate and verifiable'' selection criteria. These
commenters expressed concern that the mere promise by VBE participants
not to engage in such behavior would be sufficient to meet the
definition of ``target patient population'' and receive safe harbor
protection. Another commenter urged that OIG clarify the regulatory
language to directly address concerns about cherry-picking or lemon-
dropping certain patient populations, in order to avoid unnecessary
litigation and legal expense.
Response: In response to the commenters' concerns, we confirm that
if VBE participants establish criteria to target particularly lucrative
patients (``cherry-picking'') or avoid high-cost or unprofitable
patients (``lemon-dropping''), such criteria would not be legitimate
for purposes of the target patient population definition. As we stated
in the OIG Proposed Rule, if VBE participants selectively include
patients in a target patient population for purposes inconsistent with
the objectives of a properly structured value-based arrangement, we
would not consider such a selection process to be based on legitimate
and verifiable criteria that further the VBE's value-based purposes, as
required by the definition.\15\ We are not adopting further
modifications to the proposed definition because the definition's
requirement that the criteria be legitimate and verifiable is clear and
would not include VBE participants that establish criteria to cherry-
pick or lemon-drop patients.
---------------------------------------------------------------------------
\15\ See 84 FR 55702 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: The vast majority of commenters on this topic opposed our
statement in the OIG Proposed Rule that we were considering narrowing
the definition of ``target patient population'' to patients with a
chronic condition, patients with a shared disease state, or both.
Commenters stated that such an approach would restrict the ability of
value-based arrangements to adapt to different communities and patient
needs and would ignore the importance of preventive care interventions.
For example, a commenter highlighted the fact that many underserved and
at-risk patient populations are defined not by chronic conditions or
shared disease states but instead are identified by socio-economic,
geographic, and other demographic parameters that are synonymous with
need, poor outcomes, or increased cost.
Response: We are retaining our proposed definition of ``target
patient population'' and are not narrowing the definition to include
only individuals with chronic conditions or shared disease states. We
agree with commenters that were we to narrow the definition, we might
exclude underserved and at-risk patient populations who would likely
benefit from care coordination and management activities. We also
recognize and acknowledge that finalizing our proposed definition will
allow for
[[Page 77703]]
value-based arrangements that focus on important preventive care
interventions.
Comment: We received a variety of comments on the role of payors in
identifying or selecting a target patient population. While some
commenters supported requiring payors to select the target patient
population, the majority of commenters urged OIG to make their
involvement optional. For example, a commenter expressed concern that
if OIG were to make payor involvement a requirement, it would impede
collaboration between payors and providers. Others expressed
uncertainty as to how a requirement that payors select or approve the
target patient population would be implemented for Medicare fee-for-
service patients and questioned whether CMS would need to affirmatively
approve each VBE's or value-based arrangement's target patient
population selection criteria.
Response: We are persuaded by commenters that it would not be
operationally feasible to require payor involvement in the target
patient population selection process. Not all value-based enterprises
will include a payor as a VBE participant. Accordingly, while we
encourage payor involvement in the target patient population selection
process, it is not a requirement in this final rule. It is a
requirement that the target patient population be selected by a VBE or
its VBE participant.
Comment: We received comments requesting wholesale changes to our
proposed definition. For example, a commenter recommended that ``target
patient population'' be defined as any set or subset of patients in
which the accountable party of a VBE takes significant or full downside
risk and is focusing efforts to improve their health and well-being.
Another suggested that we eliminate the ``target patient population''
definition altogether and make the value-based safe harbors provider-,
not patient-population-, specific.
Response: We are not adopting the commenter's alternative
definition of ``target patient population,'' which we did not propose
and which would be too narrow to address the use of the term across all
of our value-based safe harbors, one of which does not require the VBE
participants to take on, or meaningfully share in, any risk. We are
also not eliminating the ``target patient population'' definition in
favor of making the value-based safe harbors provider-, not patient-
population-, specific because orienting the value-based safe harbors
around patients is consistent with the goals of value-based care.
Comment: At least two commenters requested that the definition of
``target patient population'' afford parties the flexibility to modify
the target patient population over time. Another commenter sought
clarification that the definition could include patients retroactively
attributed to the target patient population. Another commenter urged
OIG to adopt a flexible definition but suggested that if OIG narrows
its definition, the term should include underserved patients, such as
uninsured and low-income patients; patients with social risk factors;
and those with limited English proficiency.
Response: The definition of ``target patient population'' requires,
among other criteria, that parties identify a patient population using
legitimate and verifiable criteria in advance of the commencement of
the value-based arrangement. The selection criteria--not the individual
patients--must be identified in advance. Whereas parties seeking to
modify their selection criteria may only make such modifications
prospectively (and upon amending their existing value-based
arrangement), no amendment would be required to attribute patients
retroactively to the target patient population, provided such patients
meet the selection criteria established prior to the commencement of
the value-based arrangement.
Comment: Several commenters sought clarification as to whether a
VBE participant's entire patient population could meet the definition
of ``target patient population.''
Response: Nothing in the definition precludes the parties to a
value-based arrangement from identifying the target patient population
as the entire patient population that a VBE participant serves. We
recognize that, in limited cases, such broad selection criteria may be
appropriate. For example, a VBE may identify all patients in a ZIP Code
in order to address an identified population health need specific to
that ZIP Code, and it may be that a practice also draws most or all
patients from that ZIP Code. Certain specialists, such as
geriatricians, might also identify all or most of their patients as
needing improved care coordination and management due to their multiple
comorbidities and complex care needs. In circumstances where a VBE has
assumed full financial risk, as defined in paragraph 1001.952(gg), a
VBE might select an even broader target patient population comprised of
all patients served by its VBE participants in an effort to more
meaningfully control payor costs.
However, we caution that, depending on the value-based arrangement,
selecting a target patient population by selecting the parties' entire
patient population would need to be closely scrutinized for compliance
with the definition to ensure that such broad selection criteria is
``legitimate'' and necessary to achieve the arrangement's value-based
purpose.
Comment: Multiple commenters requested that OIG address whether
specific categories of patients would be covered by the definition of
``target patient population'' or provide examples of permissible target
patient populations. For example, commenters requested confirmation
that a target patient population could include all patients covered by
a certain payor, such as Medicare. Another commenter expressed concern
that transient patient populations who may have different providers in
different geographic locations would not be covered by the definition.
Response: As described above, a target patient population based on
patients who have been diagnosed with a particular disease could, based
on the specific selection criteria, be a permissible target patient
population. Whether a particular patient population, including
transient patient populations with different providers in different
geographic locations, meets the definition of ``target patient
population'' is a fact-specific determination that turns on whether the
VBE participants used legitimate and verifiable selection criteria and
met the other requirements set forth in the definition. While there may
be circumstances, e.g., the assumption of full financial risk (as
defined in paragraph 1001.952(gg)), where a VBE identifies all of the
patients of a particular payor as the target patient population, we
caution that relying on this criterion, without sufficient
justification for such a broad approach, could raise questions
regarding whether it is legitimate or, instead, is a way to capture
referrals of, for example, Medicare business.
d. Value-Based Activity
Summary of OIG Proposed Rule: We proposed to define ``value-based
activity'' as any of the following activities, provided that the
activity is reasonably designed to achieve at least one value-based
purpose of the value-based enterprise: (i) The provision of an item or
service; (ii) the taking of an action; or (iii) the refraining from
taking an action. We further proposed that the making of a referral is
not a value-based activity.
Summary of Final Rule: We are finalizing, without modification, the
definition of ``value-based activity.''
[[Page 77704]]
OIG's final definition of ``value-based activity'' differs from the
definition in the CMS Final Rule because CMS does not specify that the
making of a referral is not a value-based activity. As explained in
CMS's final rule, CMS has not included a comparable restriction because
of the physician self-referral law's separate definition of referral.
Comment: Many commenters supported the definition of ``value-based
activity,'' as proposed. Several commenters asked OIG to clarify the
definition of ``value-based activity'' further by specifying what
activities would or would not qualify as value-based; how VBEs would
demonstrate that the activities they select are reasonably designed to
achieve a value-based purpose; and what it means to refrain from taking
an action. A few commenters asked whether providing services to
patients constitutes a value-based activity.
Response: The term ``value-based activity'' is intended to be broad
and to include the actions parties take or refrain from taking pursuant
to a value-based arrangement and in furtherance of a value-based
purpose. By way of example, where a VBE participant offeror provides a
type of health technology under a value-based arrangement for the
recipient to use to track patient data in order to spot trends in
health care needs and to improve patient care planning, the provision
of the health technology by the offeror would constitute a value-based
activity, and the use of the health technology by the recipient to
track patient data would constitute a value-based activity. If the
remuneration a VBE participant offeror provides is care coordination
services, a value-based activity might be the recipient working with a
care coordinator provided by the offeror to help transition certain
patients between care settings. Giving something of value to patients,
such as a fitness tracker, also may constitute a value-based activity
if doing so is reasonably designed to achieve a value-based purpose.
However, we note that, where VBE participants exchange remuneration
that the recipient VBE participant then transfers to its patients (for
example, where one VBE participant provides fitness trackers to another
VBE participant, who in turn furnishes the fitness tracker to the
patient), the care coordination arrangements safe harbor would be
available only to protect the remuneration exchanged between the VBE
participants. The parties may look to the patient engagement and
support safe harbor to protect the remuneration from the VBE
participant to the patient. An inaction that constitutes a value-based
activity might be refraining from ordering certain items or services in
accordance with a medically appropriate care protocol that reduces the
number of required steps in a given procedure. This final rule does not
prescribe how parties prove that a particular action or inaction
constitutes a value-based activity. Similarly, it is incumbent on the
parties to demonstrate that they selected value-based activities that
are reasonably designed to achieve a value-based purpose. Both of these
analyses would be fact-specific determinations.
Comment: A commenter asked whether this definition could be
combined with the definition of ``value-based purpose'' to reduce
administrative complexity. Another commenter asserted that the
definition of ``value-based activity'' should recognize the importance
of maintaining patient care and outcomes at an acceptable level.
Response: We are finalizing the definition of ``value-based
activity,'' as proposed, and are not combining it with the definition
of value-based purpose. In our view, separate definitions do not
increase administrative complexity, and we have coordinated terminology
with CMS to reduce complexity. We are not changing the definition of
``value-based activity'' to include the maintenance of patient care and
outcomes at an acceptable level because the definition of ``value-based
activity'' is tied to the definition of ``value-based purpose,'' which
sets forth four purposes toward which parties may be striving pursuant
to value-based arrangements. While maintaining patient care and
outcomes at an acceptable level is clearly desirable, we note that
doing so, without more, is not one of the four value-based purposes
needed to establish a VBE for this rulemaking.
Comment: Many commenters supported the alternate proposal to
expressly exclude any activity that results in information blocking
from the definition of ``value-based activity.'' A commenter
recommended that, if OIG expressly excludes information blocking from
the definition of ``value-based activity,'' OIG should do so by
referencing only statutory definitions and requirements in the Cures
Act and not those set forth in ONC's proposed rule, whereas another
commenter noted that, as an alternative to expressly excluding
information blocking activities in the definition of ``value-based
activity,'' OIG could assume that information blocking will no longer
be tolerated and leave the enforcement of information blocking
restrictions to the regulation finalized in 45 CFR part 171.
Response: The final rule does not include the proposed language
regarding information blocking. Regardless of whether parties seek safe
harbor protection, if parties to value-based arrangement are subject to
the regulations prohibiting information blocking, they must comply with
those regulations. This final rule does not change the individuals and
entities subject to the information blocking prohibition in 45 CFR part
171.
Comment: A commenter expressed concern that the definition of
``value-based activity'' is too broad and vague and that VBE
participants will characterize abusive remuneration-for-referral
arrangements as value-based activities. The commenter suggested
requiring that an activity achieve a value-based purpose, as opposed to
requiring that an activity be reasonably designed to achieve a value-
based purpose.
Comments varied regarding how to interpret whether an activity is
``reasonably designed'' to achieve a value-based purpose. While a
commenter supported interpreting ``reasonably designed'' to mean that
the value-based activities are expected to further one or more value-
based purposes, another commenter suggested that such a determination
be based on all relevant facts and circumstances. Other commenters
recommended establishing a rebuttable presumption that value-based
activities are reasonably designed to meet their stated value-based
purpose. Another commenter urged OIG to require that value-based
activities be directly connected to and directly further the
coordination and management of care; not interfere with the
professional judgment of health care providers; not induce stinting on
care; and not incentivize cherry-picking lucrative or adherent patients
or lemon-dropping costly or noncompliant patients.
Lastly, while at least one commenter supported a requirement for
parties to use an evidence-based process to design value-based
activities, several commenters opposed this requirement, stating that
such a standard would be too rigorous and would restrict innovative
activities.
Response: We are finalizing our definition as proposed. We
intentionally crafted a broad definition of ``value-based activity'' to
encourage parties to innovate when developing these activities. For
that reason, we are not requiring that an activity achieve a value-
based purpose but rather are requiring that a value-based activity be
reasonably designed to achieve a value-based purpose. By ``reasonably
[[Page 77705]]
designed,'' we mean that parties should fully expect the value-based
activities they develop to further one or more value-based purposes.
Because any such determination would be fact specific, we do not
believe it is appropriate to establish a rebuttable presumption that
value-based activities are reasonably designed to meet their stated
value-based purpose, as suggested by a commenter.
We note that, while this definition offers parties significant
flexibility, it is not intended to facilitate parties' attempts to mask
fraudulent referral schemes presented under the guise of a value-based
activity. We highlight that the definition provides that merely making
a referral, without more, is not a value-based activity for purposes of
this rule.
Lastly, we do not intend for the value-based safe harbors to
protect activities that inappropriately influence clinical decision-
making, induce stinting on care, or lead to targeting particularly
lucrative patients or avoiding high-cost or unprofitable patients. We
have incorporated a range of safeguards in the safe harbors that are
designed to guard against these abusive practices. In light of these
safeguards, we do not believe that revisions to the definition of
``value-based activity'' are necessary.
Comment: Several commenters asked OIG to clarify what
differentiates care coordination services from inappropriate referrals
and to modify the definition to make clear that a referral could be one
part of a broader value-based activity. Some commenters expressed
concern that the definition of ``value-based activity'' prohibits safe
harbor protection for value-based arrangements in which payments or
other remuneration depend, in part, on referrals made within a
preferred provider network. A commenter asked whether documenting that
a referral was made and the reason for the referral would constitute a
``value-based activity.''
Response: Making referrals, or documenting reasons for referrals,
would not constitute value-based activities. Parties to a value-based
arrangement may make referrals and document the reasons for the
referrals as part of a value-based arrangement without losing safe
harbor protection under an applicable safe harbor, but the parties also
must be performing one or more value-based activities. Thus, making
referrals or documenting reasons for referrals, without also engaging
in a value-based activity, would not be sufficient to meet the
requirements of the definition because making referrals is not itself a
value-based activity. Absent at least one value-based activity, parties
would not have a viable value-based arrangement and would thus not be
eligible for any of the value-based safe harbors.
The provision excluding referrals from the scope of value-based
activities is not intended to interfere with preferred provider
networks; rather, we intend to require parties to engage in activities
other than making referrals, such as coordinating care plans across
providers for a target patient population, to be eligible for safe
harbor protection.
e. VBE Participant
Summary of OIG Proposed Rule: We proposed to define ``value-based
enterprise participant'' or ``VBE participant'' as an individual or
entity that engages in at least one value-based activity as part of a
value-based enterprise. Based on historical concerns regarding fraud
and abuse risk and our understanding that certain types of entities
were less critical to coordinated care, we proposed that the term ``VBE
participant'' would not include a pharmaceutical manufacturer; a
manufacturer, distributor, or supplier of durable medical equipment,
prosthetics, orthotics, or supplies; or a laboratory. We stated that we
were considering and thus seeking comments as to whether other types of
entities should also be ineligible, including pharmacies (including
compounding pharmacies), PBMs, wholesalers, distributors, and medical
device manufacturers. As a result of this proposed definition, these
entities would not be able to participate in VBEs or seek protection
under the value-based safe harbors or the patient engagement and
support safe harbor.
We stated our intent to offer safe harbor protection for
remuneration exchanged by companies that offer digital technologies to
physicians, hospitals, patients, and others for the coordination and
management of patients and their health care. We recognized that
companies providing these technologies may be new entrants to the
health care marketplace or may be existing companies such as medical
device manufacturers. We explained that we would consider for the final
rule several ways to effectuate our desire to ensure safe harbor
protection for remuneration exchanged by health technology companies,
including through modifications to the value-based terminology;
distinctions drawn among entities based on product-types or other
characteristics; or modifications to the safe harbors themselves.
In the OIG Proposed Rule, we considered and solicited comments on
potential additional safeguards to incorporate into the value-based
safe harbors to mitigate risks of abuse that might be presented should
a broader range of entities be eligible to enter into value-based
arrangements, including restrictions on the parties' use of exclusivity
and minimum purchase requirements.
For additional background and rationale for our proposals, we refer
readers to the discussion of the definition of ``VBE participant'' in
the OIG Proposed Rule.\16\
---------------------------------------------------------------------------
\16\ 84 FR 55703-06 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications, the
definition of ``VBE participant.'' We are finalizing our proposed
policy that a ``VBE participant'' is an individual or entity that
engages in at least one value-based activity as part of a value-based
enterprise. We are not finalizing our proposed regulatory text to make
certain entity types ineligible under the definition of ``VBE
participant.'' However, we are finalizing our proposed policy to make
certain entities ineligible for safe harbor protection under the value-
based safe harbors and the patient engagement and support safe harbor
(see section III.B.e.ii for details). We are also finalizing our
proposed policy to protect some arrangements involving digital health
technologies provided by certain entities that would otherwise be
ineligible for safe harbor protection (see section III.B.e.iii).
To effectuate these objectives, we are finalizing a different
approach to the definition of ``VBE participant'' in the following four
respects.
First, we are revising the definition of ``VBE participant'' to
allow all types of individuals (other than patients) and entities to be
VBE participants. This revision makes our definition more similar to
CMS's corresponding definition and removes a potential impediment to
existing organizations that wish to qualify as VBEs but may include
types of entities we proposed to disallow as VBE participants. We now
define the term ``VBE participant'' to mean an individual or entity
that engages in at least one value-based activity as part of a value-
based enterprise, other than a patient when acting in their capacity as
a patient. This does not, however, mean that every VBE participant will
receive protection under the applicable safe harbors; it is intended to
avoid a barrier to the formation and operation of the VBE itself. The
new definition also makes clear that patients cannot be VBE
participants, consistent with our intent in the OIG Proposed Rule.
Entities seeking safe harbor protection for
[[Page 77706]]
remuneration provided to patients should look to the patient engagement
and support safe harbor for protection, not to the value-based safe
harbors.
Second, rather than making certain entities ineligible under the
definition of ``VBE participant,'' as described in the OIG Proposed
Rule, the final rule takes a different approach to achieve the proposed
policy to make some entities ineligible for safe harbor protections. In
the final rule, within each value-based safe harbor (and the patient
engagement and support safe harbor, as discussed further at section
III.B.6), we identify entities that are not eligible to rely on the
safe harbor to protect remuneration exchanged with a VBE or other VBE
participants. Specifically, the value-based safe harbors each include
an ineligible entity list. Remuneration exchanged by entities on the
list in each safe harbor is not eligible for protection under the safe
harbor.
The following entities are included on the ineligible entity lists
in all of the value-based safe harbors: (i) Pharmaceutical
manufacturers, distributors, and wholesalers (referred to generally
throughout this preamble as ``pharmaceutical companies''); (ii) PBMs;
(iii) laboratory companies; (iv) pharmacies that primarily compound
drugs or primarily dispense compounded drugs (sometimes referred to
generally in this rule as ``compounding pharmacies''); (v)
manufacturers of devices or medical supplies; (vi) entities or
individuals that sell or rent DMEPOS, other than a pharmacy or a
physician, provider, or other entity that primarily furnishes services,
all of which remain eligible (referred to generally throughout this
preamble as ``DMEPOS companies''); and (vii) medical device
distributors or wholesalers that are not otherwise manufacturers of
devices or medical supplies (for example, some physician-owned
distributors).
Third, we proposed to address safe harbor protection for technology
companies by considering how and whether they could fit in the
definition of a VBE participant. In the final rule, we instead focus on
safe harbor protection for the remuneration exchanged with or by them.
Specifically, the care coordination arrangements safe harbor at
paragraph 1001.952(ee) permits protected remuneration in the form of
digital health technology (or other technologies) exchanged between VBE
participants eligible to use the safe harbor. To address protection
under this safe harbor for arrangements with manufacturers of devices
and medical supplies and DMEPOS companies that involve digital health
technology, we have taken a tailored, risk-based approach.
Manufacturers of devices and medical supplies and DMEPOS companies that
are otherwise ineligible for the value-based safe harbors are
nonetheless eligible to rely on the care coordination arrangements safe
harbor for digital health technology arrangements that meet all safe
harbor conditions, including an additional one. Under this pathway, we
define ``limited technology participant'' to include, as further
discussed below, a manufacturer of a device or medical supply or a
DMEPOS company that is a VBE participant that exchanges digital health
technology with another VBE participant or a VBE.
Our revised approach effectively divides the universe of VBE
participants into three categories: (i) VBE participants that are
eligible to rely on the value-based safe harbors for all types of
arrangements that meet safe harbor conditions; (ii) limited technology
participants that are only eligible to rely on the care coordination
arrangements safe harbor for arrangements involving digital health
technology; and (iii) VBE participants that are ineligible to rely on
any of the value-based safe harbors for any types of arrangements. The
first category is the default category, capturing all entities and
individuals who are not expressly included in the second and third
categories. For a discussion of ineligible entities and the treatment
of digital health technology under the patient engagement and support
safe harbor, see the discussion in section III.B.6.b and f. For a
discussion of ineligible entities under the personal services and
management contracts and outcomes-based payments safe harbor, see
sections III.B.10.c and d.
Fourth, to address heightened risk of fraud and abuse and to help
ensure that protected remuneration meets the policy goals of this
rulemaking, we require that the exchange of digital health technology
by a limited technology participant is not conditioned on any
recipient's exclusive use of, or minimum purchase of, any item or
service manufactured, distributed, or sold by the limited technology
participant. Rather than finalizing this condition in the definition of
a VBE participant as contemplated in the OIG Proposed Rule, this is now
a separate condition at paragraph 1001.952(ee)(8).
i. Approach To Defining ``VBE Participant''
Comment: While we received some support for our proposed definition
of ``VBE participant,'' many commenters expressed concerns regarding
the proposed categorical exclusion of certain entities. Several
commenters asserted that no entities should be precluded from
participating in value-based arrangements, and many encouraged us to
adopt an alternative approach based on product type, company structure,
fraud risk, the legitimacy of the party's objectives and deliverables,
or other features. Commenters also noted that many existing value-based
arrangements include entities that we were considering making
ineligible to be a VBE participant. Another commenter asserted that
allowing entities to participate as VBE participants will incentivize
them to understand and expand cost mitigation strategies, which will
help lower the cost of care. Others emphasized that the health care
industry is highly dynamic, with frequent corporate transactions. They
expressed concern that an entire value-based arrangement may
inadvertently fall out of compliance with a safe harbor because one VBE
participant acquires an entity that is not eligible to be a VBE
participant. Other commenters supported placing exclusions directly in
the safe harbor, rather than in the definition, to create greater
flexibility. A commenter recommended that OIG create a new defined
term, ``VBE partner,'' to designate individuals and entities that
provide social determinants of health support and services at the
direction of a VBE or VBE participant but are not themselves part of
the VBE. According to the commenter, this would allow many services
providers, such as rideshare companies, social service organizations,
and foodbanks that already have direct partnerships with a VBE
participant to participate in protected arrangements without having to
become full participants in a VBE.
Response: We recognize that there may be benefits to allowing all
entities to participate as VBE participants, and we also appreciate the
concerns raised by these commenters. In response to comments, our
revised approach, in which any individual (other than a patient) or
entity is eligible to be a VBE participant, will alleviate many of
them.
In the OIG Proposed Rule, we described several approaches we were
considering for determining entities that could be VBE participants in
the final rule and, as such, able to rely on the value-based safe
harbors. We are adopting the approach of making entities ineligible
under the value-based safe harbors rather than through the definition
of ``VBE participant.'' This approach allows for closer alignment with
CMS's terminology, addresses concerns about unintended impacts of
[[Page 77707]]
otherwise ineligible VBE participants on the makeup of a VBE, and does
not impede VBEs from engaging in a wide range of value-based payment
and delivery arrangements, regardless of whether those arrangements
qualify for safe harbor protection. By addressing eligibility in
specific safe harbors rather than through the VBE participant
definition, the final rule creates flexibility for all health care
stakeholders to be part of a VBE and reduces any need for parties to
form VBEs structured solely for purposes of using the new safe harbors.
This approach also facilities our final policy on providing safe harbor
protection for digital health technology arrangements with limited
technology participants (described in more detail later).
While all entities are eligible to be VBE participants, each value-
based safe harbor and the patient engagement and support safe harbor
incorporates a list of entities that are ineligible for safe harbor
protection. As discussed in greater detail below, we determined which
entities should be ineligible based on multiple factors, including the
extent to which the entities are involved in front line care
coordination and program integrity concerns.
Under this final rule, a VBE will not cease to meet the definition
of a ``VBE'' solely because a VBE participant merges with or acquires a
different type of entity or develops a new business line. Nor would a
VBE participant necessarily cease to be eligible to use a value-based
safe harbor solely because it acquires an entity that is not eligible.
To the extent a transaction causes a VBE participant to become an
ineligible entity, the safe harbor would no longer be available to
protect any remuneration exchanged by that entity under a value-based
arrangement.
Consistent with the OIG Proposed Rule discussion of alternatives
for determining which entities are eligible and ineligible for safe
harbor protection, we have adopted a risk-based, policy-focused
approach to determine the scope and applicability of the final safe
harbors. With respect to the ineligible entities in the value-based
safe harbors, those entities are identified based on a number of
attributes, including the products and services they offer, how they
structure their business, and the extent to which they are on the front
line of care coordination and treatment decisions. In the care
coordination arrangements safe harbor, we further distinguish among
entities in part on the basis of product or arrangement type. These
considerations are directly related to the goals of the Regulatory
Sprint and the design of the conditions in each safe harbor to protect
against fraud and abuse.
With respect to the recommendation that we create a new category of
``VBE partners,'' we are not adopting this suggestion. The proposed and
final value-based safe harbors were and are designed for value-based
arrangements between VBEs and one or more of their VBE participants or
between or among VBE participants in the same VBE. The ability to
determine with specificity which individuals and entities are in a VBE
and which are not enhances transparency, certainty, and accountability
for arrangements seeking safe harbor protection. Social services
agencies, rideshare companies, foodbanks, and others are eligible to be
VBE participants if they wish for their arrangements to be eligible for
protection under the value-based safe harbors. If for any reason they
do not wish to be VBE participants or cannot become VBE participants,
nothing in this rule would prevent them from engaging in care
coordination or other arrangements that do not fit in these new safe
harbors. In some cases, the arrangements might fit in other safe
harbors, such as the local transportation safe harbor (e.g., for
rideshare arrangements). For other arrangements, the parties would need
to review the specific facts of the arrangement, including the intent
of the parties, to ensure compliance with the Federal anti-kickback
statute.
Notably, if there is nothing of value given by a social services
agency or foodbank, for example, to an individual or entity in exchange
for or to induce or reward referrals of items or services for which
payment may be made under a Federal health care program, the statute
would not be implicated. We would expect this to be the case for many
social services agencies, foodbanks, and other entities that provide
social services, food, or other supports to patients and (1) do not
bill Federal health care programs and (2) do not refer Federal health
care patients to health care providers for reimbursable services or
otherwise recommend or arrange for such services.
Comment: Several commenters requested that we either confirm in the
preamble, or revise the definition of ``VBE participant'' to state
expressly, that certain types of entities or providers, such as retail
health clinics, charitable clinics and pharmacies, federally qualified
health centers, credentialed orthotists and prosthetists, payors,
physician shareholders and employees of medical groups, and non-
traditional health care entities, among others, qualify as VBE
participants.
Response: Under our revised definition of a ``VBE participant,''
all types of entities can be VBE participants. Entities would need to
refer to the specific safe harbors to determine whether they are
eligible to rely on the safe harbor.
Comment: Some commenters noted that CMS's proposed value-based
terminology does not make any entities ineligible to be a VBE
participant.
Response: Our final definition of ``VBE participant'' is aligned
with CMS's definition, with the exception of a detail around the use of
the term ``individual'' in our rule and ``person'' in CMS's rule and
our policy that patients may not be VBE participants. The
``individual'' versus ``person'' verbiage relates to the difference in
language used elsewhere in the two regulatory schemes and promotes
overall consistency across safe harbors for OIG and exceptions for CMS.
For clarity, we have included an express statement in regulatory
text, not included in CMS's definition, carving patients out of the
definition of ``VBE participant.'' This carve out would extend to the
patient's family members or others acting on the patient's behalf,
consistent with the approach we take elsewhere in this final rule with
respect to the coordination and management of care with patients. The
context and framework of the value-based provisions in the OIG Proposed
Rule made clear that we did not intend patients to be VBE participants
who could engage in value-based arrangements under the value-based safe
harbors. In the proposed regulations, we described VBE participants as
engaging in at least one value-based activity as part of a VBE and
being part of at least one value-based arrangement to provide at least
one value-based activity for a target patient population. The role of
VBE participants in health care business activities of VBEs is not a
role assumed by patients and families, who play a critical role in
patient care in other ways. Our modification in the final rule
clarifies this point.
Under our proposed rule and this final rule, VBE participants
providing remuneration to patients would look to the patient engagement
and support safe harbor for protection, not to the value-based safe
harbors. Our reference to ``individuals'' in the proposed definition
was meant to capture physicians, nurses, and other practitioners,
providers, and suppliers in the health care ecosystem involved in
caring for patients. Our revised regulatory text recognizes that all
individuals will likely be a patient at one point or another and that
our carve-
[[Page 77708]]
out of patients is limited to patients when acting in their capacity as
patients. In other words, a physician remains eligible to be a VBE
participant even if he or she is also sometimes a patient.
Comment: Several commenters encouraged us to consider requiring
additional safeguards within each safe harbor to address concerns
regarding particular types of entities, rather than categorical
exclusions from the definition of ``VBE participant.'' Others opposed
applying additional safeguards, believing the existing safeguards in
the OIG Proposed Rule were sufficient for all types of entities.
Response: For reasons noted above, including input from comments,
we are not adopting categorical exclusions from the definition of ``VBE
participant.'' Instead, relying on factors such as fraud and abuse risk
and level of participation in front line care of patients, we identify
certain entities as ineligible for protection in specified safe
harbors, and include a tailored additional condition for certain high-
risk entities engaged in arrangements involving digital health
technology. The entities that are ineligible for protection and the
rationale for carving them out are addressed in greater detail below in
response to comments specific to these entities. We also provide
greater detail below regarding the entity-specific safeguard we are
adopting in the care coordination arrangements safe harbor for
arrangements involving digital health technology.
Comment: Several commenters challenged OIG's assertion that its
history of law enforcement activities involving certain types of
entities should form the basis for whether entities are entitled to
protection under the value-based safe harbors. Some of these commenters
noted that many other types of parties, including hospitals and
physicians, have likewise been the subject of enforcement actions.
Others asserted that the past bad acts of a few should not dictate the
future compliance risks of the many, particularly where many of the
historic enforcement actions resulted in settlements without admission
of guilt, rather than actual convictions.
Response: We agree with the commenters that the bad acts of the few
should not dictate the compliance risks of the many. We proposed and
are finalizing new safe harbors intended to aid the majority of
stakeholders that are honest and trying to do the right thing for
patients and the health care system. The fact that an entity type is
categorically ineligible for safe harbor protection does not mean that
all entities in the category are bad actors. In crafting the value-
based safe harbors, we have balanced new flexibility under a criminal
statute with protections where we identified elevated risk of fraud and
abuse. Our experience investigating fraud and enforcing the anti-
kickback statute necessarily informs our approach to establishing safe
harbors for specific payment practices consistent with the criteria set
forth at section 1128D(a)(2) of the Act (safe harbor authority under
the Federal anti-kickback statute). Our enforcement and oversight work
offer insights into common fraud schemes, trends, and methods used by
bad actors to circumvent rules. In bringing this experience to bear, we
considered multiple types of entities and arrangements that have been
the subject of our work. The risk of fraud and abuse is one factor in
determining the types of entities eligible for protection under the
safe harbors. Others include, for example, the degree of participation
of the entity type in the care coordination arrangements that are
central to this rulemaking and the level of need for the entity type to
have safe harbor protection to effectuate the policy goals of the
Regulatory Sprint. We acknowledged in the OIG Proposed Rule and
reiterate here that the new safe harbors do not address all beneficial
value-based arrangements.
Comment: A commenter requested confirmation that the definition of
``VBE participant'' would not bar an integrated delivery system from
creating a value-based arrangement within its own system.
Response: There is nothing in the definition of ``VBE participant''
that would preclude an integrated delivery system from creating a
value-based arrangement within its own system.
Comment: A commenter requested that OIG make clear that the safe
harbors do not preclude entities that are ineligible to be VBE
participants from contributing to value-based activities or contracting
with VBEs.
Response: We believe our revised approach, where all entities are
eligible to be a VBE participant, addresses the commenter's concern. We
wish to clarify further that the value-based safe harbors do not
prohibit the VBE from entering into contractual arrangements with any
type of entity, including an entity that is not a VBE participant.
However, an entity that is not a VBE participant will not be eligible
for safe harbor protection. Remuneration exchanged by certain types of
entities, including non-VBE participants and VBE participants on the
carve-out list, will not be protected by a value-based safe harbor, and
parties would need to look to other safe harbors to the extent they
want to protect it.
Comment: A commenter supported the fact that the proposed
definition of ``VBE participant'' did not require VBE participants to
be equity owners of the VBE.
Response: We did not propose requirements related to equity
ownership of VBEs. However, we note that the value-based safe harbors
do not protect remuneration in the form of ownership interests or
returns on those interests.
Comment: A commenter recommended that, if OIG finalizes the
definition of ``VBE participant'' as proposed, it also modify the
advisory opinion process so that opinions may be relied upon by parties
other than just the requesting party.
Response: Modifying the OIG advisory opinion process is beyond the
scope of this rulemaking.
ii. Entities Ineligible for Safe Harbor Protection
The value-based safe harbors deem certain entities ineligible for
safe harbor protection. Those entities are: Pharmaceutical companies;
PBMs; laboratory companies; compounding pharmacies; manufacturers of
devices or medical supplies; DMEPOS companies; and medical device
distributors and wholesalers. Notwithstanding, under the care
coordination arrangements safe harbor (paragraph 1001.952(ee)),
manufacturers of devices and medical supplies and DMEPOS companies are
eligible as limited technology participants to protect certain digital
health technology arrangements to allow them to participate in such
arrangements, along with other types of eligible VBE participants. As
explained in more detail below, these distinctions are rooted in a
functional approach focusing on the items, services, and products
furnished by the different entity types and their roles in care
coordination, along with assessment of program integrity risk based on
enforcement experience. We aim to balance flexibility to achieve the
Regulatory Sprint goals with protection against fraud and abuse.
This preamble section responds to comments about each of these
entity types in turn. The outcomes-based payments safe harbor at
paragraph (d)(2) and the patient engagement and support safe harbor at
paragraph 1001.952(hh) reference these same entities and rely on the
same definitions when doing so.
[[Page 77709]]
(a) Pharmaceutical Manufacturers, Wholesalers, and Distributors
Comment: Many commenters agreed with our proposal not to include
pharmaceutical manufacturers in the definition of ``VBE participant.''
These commenters articulated a variety of supporting rationales,
including that manufacturers are less involved in care coordination and
present an increased risk of abusive arrangements. Many other
commenters encouraged OIG to allow pharmaceutical manufacturers to
participate as VBE participants, arguing, among other things, that
manufacturers are well-positioned to contribute to value-based
arrangements and that their participation is essential given the role
of medications in improving care. For example, commenters noted that
manufacturers can leverage data analytics and technology to improve
both outcomes measurement and care management. Several commenters also
emphasized that manufacturers can provide a variety of services
relating to medication adherence, which may play a central role in
value-based arrangements by managing care and reducing costs.
Commenters also emphasized that manufacturers often know their product
best and are thus in an ideal position to bring value through continued
involvement.
Response: Under the revised framework we are adopting in this final
rule, pharmaceutical companies can be VBE participants, and existing
VBEs that include pharmaceutical companies do not need to be
restructured for purposes of this rulemaking. However, we are
effectuating our intent that pharmaceutical companies would not be
eligible to use the value-based safe harbors by including
pharmaceutical companies on the ineligible entity list in each safe
harbor. We agree with the commenters that pharmaceutical manufacturers
are not as likely as other entities to be involved with front line care
coordination, and we remain concerned, as noted in the OIG Proposed
Rule, about the potential for pharmaceutical manufacturers to use the
value-based safe harbors to protect arrangements that are intended to
market their products or inappropriately tether clinicians to the use
of a particular product rather than as a means to create value by
improving the coordination and management of patient care. As a result,
protection under the value-based safe harbors does not extend to
remuneration that pharmaceutical manufacturers exchange with other VBE
participants.
We recognize that pharmaceutical manufacturers can play important
roles in delivering efficient, high quality care to patients,
including, for example, through medication adherence programs and data
sharing. However, like any arrangement that does not qualify for a safe
harbor, such arrangements would need to be analyzed for compliance with
the anti-kickback statute based on their specific facts, including the
intent of the parties. They are not eligible for protection under these
new safe harbors.
As noted in the OIG Proposed Rule, we continue to consider the role
of pharmaceutical manufacturers in coordinating and managing care as
well as how to address value-based contracting and outcomes-based
contracting for pharmaceutical products and medical devices, including
devices that do not meet the definition of ``digital health
technology'' under this rule.
Comment: Many commenters encouraged OIG to allow pharmaceutical
manufacturers to participate in value-based contracting arrangements
where they take on financial risk. Several of these commenters
specifically supported arrangements where payment for prescription
drugs is tied to clinical endpoints or patient outcomes, such as where
a manufacturer agrees to provide a full or partial refund on a product
if a course of treatment fails to achieve the desired outcome. Other
commenters expressed skepticism about value-based contracting and
encouraged OIG to adopt safeguards to protect against potentially
abusive arrangements. Another commenter suggested that OIG adopt
manufacturer-specific safe harbors with a sliding scale of risk. Among
commenters who supported protecting value-based contracting, many
raised concerns that existing best price requirements in the Medicaid
Drug Rebate Program operate as an actual or perceived impediment to
these types of arrangements and encouraged OIG to work with CMS to
resolve these issues.
Response: We did not propose either a value-based contracting safe
harbor or pharmaceutical manufacturer-specific safe harbors with a
sliding scale of risk in this rulemaking. With respect to commenters'
concerns regarding the potential impact of value-based contracting on
Medicaid best price reporting obligations, those issues are outside the
scope of this rulemaking.
Comment: A trade association representing pharmaceutical
manufacturers requested that OIG clarify that any exclusion of
pharmaceutical manufacturers from the value-based safe harbors is not
intended to discourage manufacturers from participating in arrangements
for value-based care. Another commenter asserted that pharmaceutical
manufacturers' participation in care coordination may be necessary with
the advancement of therapies like personalized cell therapies, which
use a modified version of the patient's own cells to treat disease. A
commenter recommended that a nonprofit generic drug company that
addresses drug shortages in the marketplace be permitted to participate
as a VBE participant, even if pharmaceutical manufacturers are not
eligible.
Response: Nothing in this final rule is intended to discourage
pharmaceutical manufacturers from participating in arrangements for
value-based care. Under this rule as finalized, a pharmaceutical
company can be a VBE participant collaborating with others in a VBE.
Nothing prevents a pharmaceutical company (or any other type of entity)
from participating in care coordination arrangements, but remuneration
exchanged by the pharmaceutical company under those arrangements would
not qualify for protection under the value-based safe harbors. For
example, we appreciate that pharmaceutical companies can work to
address shortages in the marketplace and could enter into arrangements
with a VBE and VBE participants to address those issues. Those
arrangements would need to be analyzed based on their specific facts
for compliance with the anti-kickback statute. The failure to fit in a
safe harbor does not mean an arrangement is unlawful under the anti-
kickback statute. Moreover, safe harbor protection is irrelevant to the
extent that an arrangement does not implicate the anti-kickback
statute. We reiterate that parties may structure arrangements to meet
other safe harbors, such as the safe harbor for personal services
arrangements or the warranties safe harbor and may also use OIG's
advisory opinion process to the extent they want prospective protection
for arrangements they wish to undertake.
Comment: Commenters were divided on whether pharmaceutical
wholesalers and distributors should be eligible to be VBE participants.
Some stated that these entities present the same types of risks and
concerns that manufacturers present (e.g., inappropriately increased
costs to Federal health care programs) and should be ineligible for the
same reasons. Many commenters who supported allowing manufacturers to
be VBE participants also supported allowing wholesalers and
distributors to be VBE participants.
[[Page 77710]]
Response: All entities are permitted to be VBE participants under
this final rule. However, remuneration exchanged by pharmaceutical
companies, including distributors and wholesalers, is not protected by
the value-based safe harbors, consistent with our proposal to make them
ineligible. We adopt this policy for reasons comparable to those for
making manufacturers ineligible, including that wholesalers and
distributors are less likely to have a direct role in front line
patient care coordination. We are not persuaded that pharmaceutical
distributors' and wholesalers' indirect role in support of coordinating
care warrants protection under the value-based safe harbors.
(b) Pharmacy Benefit Managers
Comment: In response to our consideration in the OIG Proposed Rule
related to PBMs, several commenters urged us to make PBMs ineligible to
be VBE participants. A few of these commenters supported making PBMs
ineligible based on concerns about potentially abusive PBM practices
that they believe affect drug prices and limit treatment options for
patients. Other reasons that commenters provided include that PBMs are
not front-line health providers and protecting arrangements involving
PBMs in the value-based safe harbors may inappropriately affect
treatment decisions by health care practitioners. A commenter also
suggested we require VBEs that establish relationships with PBMs to
include information regarding such relationships in relevant VBE
documents and reports.
Conversely, many commenters urged us to allow PBMs to be eligible
to be VBE participants. Commenters asserted that PBMs are engaged in a
number of activities that relate to care coordination and the value-
based purposes we proposed, including, for example, developing
formularies to select drugs based on relative value, leveraging health
information technology to assist in coordinating care and managing
benefits, and operating a variety of care coordination programs, such
as medication adherence, medication therapy management, and chronic
condition education. Commenters emphasized the role that PBMs play with
respect to controlling pharmaceutical costs and promoting quality by
ensuring clinical efficacy. Several commenters sought to distinguish
PBMs from pharmaceutical manufacturers, noting that pharmacy benefit
managers have no connection to any particular drug product and do not
rely on prescriptions or referrals for any particular product. Another
commenter asserted that PBMs are well-suited to enter into risk bearing
arrangements because their business model already involves helping
their clients manage insurance risk.
Response: As described above, all types of entities are eligible to
be VBE participants under this final rule. However, we are finalizing
our proposal for PBMs to be ineligible to rely on the value-based safe
harbors to protect remuneration.
PBMs are less likely to be on the front line of care coordination
and treatment decisions in the same way as other types of VBE
participants eligible to use the value-based safe harbors. We recognize
and appreciate the information that commenters provided on the role
that PBMs serve in supporting value-based care and coordinating care,
for example, by designing formularies based on relative value, using
their expertise to improve medication adherence, and managing insurance
risk. However, we are not persuaded that PBM's indirect role in support
of coordinating care or managing risk warrants protection under the
value-based safe harbors, which focus significantly on the coordination
and management of patient care. PBMs play a unique role in establishing
benefit networks and associated management services connected to
payors, pharmaceutical manufacturers, and pharmacies. As a result, PBM
arrangements raise different program integrity issues from the types of
value-based arrangements contemplated by this rulemaking and would
likely require different safeguards.
Under the final rule, PBMs, as with all individuals (except for
patients) and entities, are eligible to be VBE Participants. This will
allow PBMs to continue supporting value-based care, even though they
are not eligible to rely on the value-based care safe harbors. We note
that some PBMs' value-based activities may not implicate the Federal
anti-kickback statute, depending on the specific facts and
circumstances of each arrangement. Parties may also use OIG's advisory
opinion process to the extent they want prospective protection for
arrangements involving the exchange of remuneration with PBMs.
In response to the suggestion that VBEs that have relationships
with PBMs be required to document and disclose such relationships, the
value-based definitions have relevant documentation and oversight
conditions, including a requirement that the VBE governing
documentation describe how the VBE participants intend to achieve the
VBE's value-based purpose(s).
We recognize that many PBMs are owned, affiliated with, or under
common ownership structures with other entities, particularly payors
and health benefit plans. Considering the role that payors have in the
substantial downside risk and full financial risk safe harbors, it is
important to note that payors would be eligible for safe harbor
protection even if they own, are affiliated with, or are under common
ownership with a PBM. Additionally, a payor would be eligible for safe
harbor protection if it does not contract out its pharmacy benefit
management services and instead performs those functions as part of its
administration of a health benefit plan more broadly. We would consider
the PBM functions, in that context, to be ancillary to the payor's
predominant or core business, which is administering a health benefit
plan. Thus, such a payor would not be considered to be a PBM for
purposes of eligibility for protection under the value-based safe
harbors, notwithstanding the fact that it performs some PBM activities.
See the discussion at section III.B.2.e.5, below regarding entities
with multiple lines of business for further details regarding the
predominant or core business standard.
(c) Laboratory Companies
Comment: While some commenters supported our proposal to make
clinical laboratories ineligible to be VBE participants or suggested
that we only allow them to be VBE participants if we included
additional safeguards, many commenters urged OIG to include clinical
laboratories as VBE participants. Several commenters noted that
laboratories are increasingly providing precision diagnostic services
and posited that this type of personalized medicine is the future of
both preventive medicine and modern oncology care. Commenters expressed
concern that making laboratories ineligible to be VBE participants may
inhibit integration of these types of diagnostic services into
practice. Others asserted that existing safeguards are sufficient to
protect against any risk of fraud and abuse.
Commenters provided various examples of value-based arrangements
involving laboratories. A commenter provided one example of a
laboratory that entered into an arrangement with a payor under which it
reviewed historical test results for a patient population to identify
those likely to have a condition such as diabetes or chronic kidney
disease so as to facilitate patients' enrollment in a disease
management program.
[[Page 77711]]
Response: Under this final rule, laboratory companies may be VBE
participants in a VBE and collaborate with other VBE participants
without affecting the ability of other VBE participants to be eligible
for safe harbor protection. However, laboratory companies are included
on the list of carved out entities for which protection is not
available under value-based safe harbors. As a result, any remuneration
exchanged by a laboratory company will not be protected by a value-
based safe harbor. We expressed our intent in the OIG Proposed Rule to
make clinical laboratories ineligible for safe harbor protection
because of heightened risk of fraud and abuse based on historical
enforcement experience and because they are, like pharmaceutical
companies and DMEPOS companies, heavily dependent on practitioner
prescriptions and referrals. We were, and remain, concerned that these
entities might misuse the value-based safe harbors as a means of
offering remuneration primarily to market their products rather than as
a means to create value for patients, providers, and payors by
improving the coordination and management of patient care, reducing
inefficiencies, or lowering costs. We also continue to believe that
offering protection for remuneration exchanged by a laboratory company
under the value-based safe harbors is unnecessary to effectuate the
goals of the Regulatory Sprint because, as compared to other types of
entities such as hospitals, physicians, and remote patient monitoring
companies, laboratory companies are not on the front lines of care
coordination.
We appreciate the input from commenters who pointed out various
ways in which laboratories may be participating in care coordination.
We are not persuaded that these examples warrant revisiting our policy.
However, we want to be clear that nothing in this rulemaking is
intended to discourage or prevent a laboratory from participating in
care coordination arrangements such as those described by the
commenters so long as the arrangements comply with the anti-kickback
statute. A laboratory may look to other safe harbors, such as the
personal services and management contracts safe harbor, as modified in
this rule, to protect remuneration, and the advisory opinion process
also remains available.
Comment: Several commenters requested that OIG clarify how clinical
laboratories that are owned and operated by entities with other
regulatory classifications, including hospitals, physician group, and
medical device manufacturers, would be treated.
Response: We do not intend for the ineligibility of laboratory
companies to extend to clinical laboratories that are owned and
operated through other types of entities, such as hospitals and
physician practices. Other types of entities, such as hospitals and
physician practices, that operate clinical laboratories that are not
the entity's predominant or core line of business are eligible to use
the value-based safe harbors. This approach ensures that hospitals,
physicians, and other entities with core care coordination roles are
not precluded from using the safe harbors because they happen to
provide some laboratory services, which we understand to be common in
the industry. We also believe that this approach would preclude any
suggestion that entities which have a predominant or core line of
business other than a clinical laboratory (or other ineligible entity),
such as a hospital, need to restructure their operations or corporate
structure or otherwise need to modify the manner in which these
entities operate.
In this final rule, we use the term ``laboratory companies'' to
describe the intended category of ineligible entities, rather than the
term ``clinical laboratory'' that was proposed, because the term
``laboratory company'' better describes the types of entities we intend
to make ineligible to rely on the value-based safe harbors. We have
long used the same terminology in the electronic health records safe
harbor at paragraph 1001.952(y), and we intend for the term to have the
same meaning here. Specifically, it describes independent companies
that operate clinical laboratories and bill for the laboratory services
they furnish through their own billing numbers. Thus, for example, if a
hospital furnishes laboratory services through a laboratory that is a
department of the hospital for Medicare purposes (including cost
reporting) and the laboratory services are billed through the
hospital's provider number, then the hospital would not be considered a
laboratory company for purposes of determining eligibility to rely on a
value-based safe harbor. In contrast, a hospital affiliated or
hospital-owned laboratory company with its own supplier number that
furnishes laboratory services that are billed using a billing number
assigned to the company and not the hospital would not be eligible for
safe harbor protection. This approach is consistent with the approach
we describe in the discussion on entities with multiple business lines,
below, in that it focuses on both the corporate structure and the
predominant or core business function of an entity.
(d) Medical Device Manufacturers, Distributors, and Wholesalers
Comment: Many commenters encouraged OIG to allow medical device
manufacturers, distributors, and wholesalers to be VBE participants,
emphasizing, among other things, the role that these entities play in
collecting, aggregating, analyzing, and sharing data to assist
clinicians with care coordination and management. Others disagreed with
our characterization of medical device manufacturers as not being on
the front line of care coordination.
Another commenter asserted that our concerns that manufacturers may
use value-based arrangements to tether clinicians or patients to a
particular product are misplaced and disregard the improved cost and
clinical outcomes that derive from standardizing the use of a superior
product. Similarly, a commenter objected to the suggestion that
manufacturers' participation in value-based arrangements is driven by
marketing objectives. An integrated delivery system described existing
value-based partnerships with medical device companies that it believes
foster value by optimizing care pathways, improving patient experience,
and sharing accountability for the results; according to this
commenter, the medical device companies have been responsible,
effective, and essential in providing high quality care at a low cost.
Response: We appreciate commenters' perspectives, and we recognize
that manufacturers of devices and medical supplies may play an
important role in some value-based arrangements, including by offering
digital health technologies that can improve coordination and
management of care. However, we continue to believe, as a general
matter, that they are not as directly engaged in care coordination as
other entities, such as providers and clinicians. We continue to have
concerns, as described in the OIG Proposed Rule, based on our
historical law enforcement experience, that manufacturers of devices
and medical supplies could misuse the flexibilities afforded by the
value-based safe harbors to offer kickbacks under the guise of care
coordination activities or to tether a clinician to a particular
product. Further, we believe there is a risk that these arrangements
could result in providers selecting products that may not be clinically
appropriate for, or in the best interest of, a patient. Based on our
enforcement experience, these
[[Page 77712]]
concerns are heightened with respect to implantable devices used in a
hospital or ambulatory surgical care setting, for which there is an
elevated risk for patients undergoing implant surgery if devices are
selected because of financial incentives rather than patients' best
interests.
As discussed at section III.B.2.e.iii, we are adopting a pathway to
protect the exchange of digital health technologies by manufacturers of
devices and medical supplies under the care coordination arrangements
safe harbor, which addresses some of the commenters' concerns. This
pathway, which imposes an additional safeguard that applies only to
manufacturers of devices and medical supplies and DMEPOS companies,
balances our program integrity concerns with our interest in
facilitating the deployment of health technologies for care
coordination.
Comment: Many commenters encouraged OIG not to include device
manufacturers, distributors, and wholesalers as VBE participants.
Several of these commenters asserted that medical device manufacturers
are not on the front line of care coordination. Another commenter
asserted that, while larger companies may be well-positioned to engage
in data-driven care coordination activities, most device manufacturers
do not offer these types of services. The commenter was concerned that
allowing medical device manufacturers to engage as VBE participants
would unfairly advantage large manufacturers over smaller
manufacturers, with larger companies using their size and scale to
leverage their care coordination capabilities in a manner that
disincentivizes purchasers from considering competing products. The
commenter expressed concern that this dynamic may suppress medical
innovation by smaller companies and encouraged OIG to consider a pilot
program to assess potential impacts on smaller manufacturers.
Response: We appreciate the concerns raised by commenters, and, as
we have explained, we share some of them. However, we also believe that
digital health technologies hold great promise for improving
coordination and management of care and achieving the goals of the
Regulatory Sprint, and we believe that many of these promising
technologies are either currently being developed, or will in the
future be developed, by manufacturers of devices and medical supplies.
We also believe that there will be instances where these digital health
technologies are inextricably linked to a medical device. To that end,
we are affording safe harbor protection to the exchange of digital
health technologies by manufacturers of medical devices under the care
coordination arrangements safe harbor.
With respect to the commenter's concerns about potential
anticompetitive effects from allowing manufacturers of devices and
medical supplies to participate, we are adopting a safeguard in the
care coordination arrangements safe harbor that applies to
manufacturers of devices and medical supplies, as limited technology
participants, that prohibits exclusivity provisions and minimum
purchase requirements. We designed this condition to prevent limited
technology participants from locking-in use of their digital health
technology, which may have beneficial effects for competition. For
example, VBE participants may have increased opportunities to use
multiple of types of digital health technology that best fits their
needs.
In response to the commenter's concern about competition between
large manufacturers and small manufacturers, nothing in this safe
harbor is intended to favor large entities over small entities. We
recognize that large manufacturers are likely to have additional
resources to assess arrangements and determine whether they meet this
safe harbor. We have strived to limit potential administrative burden
as much as possible, while also including necessary safeguards against
fraud and abuse. We believe that this safe harbor and the limited
technology participant pathway will not require significant resources
to ensure an arrangement meets all applicable conditions. Furthermore,
use of these safe harbors and associated compliance is only one factor
that may affect competition and innovation. There are several other
factors that impact competition and innovation, but are not subject to
the Federal anti-kickback statute and thus are outside the scope of
this rulemaking.
Comment: With respect to adopting a definition for purposes of
identifying the category of entities not eligible to be VBE
participants, several commenters cautioned that it would be virtually
impossible to define device manufacturers in a manner that would not
preclude the types of digital health technologies that we stated we
wished to include. Some commenters recommended that any definition that
OIG adopts be limited to devices that are separately reimbursed by
Medicare and not include companies that incorporate medical devices as
part of their service offerings.
Many commenters encouraged us not to adopt a new definition, but
instead to rely on existing definitions adopted by other divisions
within the Department of Health and Human Services. However, a
commenter asserted that OIG should not use CMS's definition of
``applicable manufacturer'' in 42 CFR 403.902, which relates to the
Open Payments provisions of the Patient Protection and Affordable Care
Act \17\ (ACA), because that definition would not include manufacturers
that do not have operations in the United States and reliance on this
definition would be confusing because it includes manufacturers of
durable medical equipment, which we proposed not to include in the
definition of ``VBE participant.''
---------------------------------------------------------------------------
\17\ Public Law 111-148, 124 Stat. 119, as amended by the Health
Care and Education Reconciliation Act of 2010 (Pub. L. 111-152, 124
Stat. 1029).
---------------------------------------------------------------------------
Response: Notwithstanding the changes to the definition of ``VBE
participant,'' it remains necessary for us to adopt a definition of
``manufacturer of a device or medical supply'' to identify entities
that are limited technology participants for purposes of the care
coordination arrangements safe harbor.
The definition we are adopting at paragraph 1001.952(ee)(14)(iv)
provides that ``manufacturer of a device or medical supply'' means an
entity that meets the definition of applicable manufacturer in 42 CFR
403.902 because it is engaged in the production, preparation,
propagation, compounding, or conversion of a device or medical supply
that meets the definition of covered drug, device, biological, or
medical supply in 42 CFR 403.902, but not including entities under
common ownership with such entity. For purposes of this definition, we
incorporate and adopt all of the related terminology in 42 CFR 403.902.
We opted to rely on the ``applicable manufacturer'' terminology
described in the Open Payments program and its implementing regulations
because it effectively captures the universe of entities we designate
as limited technology participants and those that will otherwise be
carved out of safe harbor protection. Similarly, we opted to rely on
this terminology because relying on an existing regulatory definition
promotes consistency across the Department and minimizes additional
potential regulatory burden. We are not adopting the alternative
proposed definition that would include any entity that manufacturers
any item that requires premarket approval by, or premarket notification
to, the FDA, or that is classified by the FDA as a medical device
because we believe the
[[Page 77713]]
``applicable manufacturer'' terminology used in the Open Payments
program provides a more fulsome definition that addresses not only the
nature of the product (i.e., whether it is regulated by the FDA as a
device) but also the nature of the entity's functions vis a vis that
product (e.g., production, preparation, propagation, compounding, or
conversion). We also intend to include medical device distributors or
wholesalers on the list of ineligible entities because they are less
likely to have a direct role in front line patient care coordination,
and the ``applicable manufacturer'' definition at 42 CFR 403.902
includes distributors and wholesalers that hold title to the device or
medical supply. Thus, it is a more comprehensive definition that aligns
with our objectives. In order to capture distributors and wholesalers
that do not hold title to the device or medical supply on the
ineligible entity list, the ineligible entity list in each value-based
safe harbor includes a separate category for ``a medical device
distributor or wholesaler that is not otherwise a manufacturer of a
device or medical supplies.''
With respect to the commenter who cautioned that reliance on the
definitions from the Open Payments program would not include
manufacturers that do not have operations in the United States, we
refer the commenter to CMS regulations and guidance regarding how
foreign companies can become subject to reporting obligations under
section 1128G of the Act.
Comment: Many commenters shared our concerns regarding physician-
owned distributorships and encouraged us to make them ineligible to be
VBE participants. A commenter suggested that an entity that generates
more than forty percent of its business from its physician owners
should be not be eligible to be a VBE participant. Another commenter
suggested that we require all VBE participants--regardless of whether
or not they meet the definition of ``applicable manufacturer''--to meet
the reporting obligations under section 1128G of the Act.
Response: We are adopting our proposed policy that physician-owned
distributorships would not be eligible for safe harbor protection.
Physician-owned distributors will be captured by one of two categories
on the ineligible entity lists in each of the value-based safe harbors:
Manufacturers of devices or medical supplies or medical device
distributors or wholesalers that are not otherwise manufacturers of
devices or medical supplies. As described above, the term
``manufacturer of devices or medical supplies'' is defined in paragraph
1001.952(ee).
As we stated in the OIG Proposed rule, physician-owned
distributorships are inherently suspect under the anti-kickback statute
because the financial incentives these companies offer their physician
owners may induce physician owners to perform more procedures (or more
extensive procedures) and to use the devices the physician-owned
distributorships sell in lieu of other, potentially more clinically
appropriate devices. Therefore, as described in greater detail below,
physician-owned distributorships are also ineligible to rely on the
care coordination arrangements safe harbor to protect digital health
technology arrangements, even if they otherwise fit the definition of a
manufacturer of a device or medical supply.
With respect to the commenter that suggested that we require all
VBE participants to meet the reporting obligations under section 1128G
of the Act, such a requirement is outside the scope of this rulemaking.
(e) DMEPOS Companies
Comment: Many commenters encouraged us to include DMEPOS companies
in the definition of ``VBE participant.'' Commenters asserted that
DMEPOS companies are on the front line of care coordination. Many
commenters highlighted, for example, the role of DMEPOS companies in
supporting care coordination through home infusion, home respiratory,
and diabetes management services; others stated that DMEPOS companies
engage directly with patients in a variety of ways, including visiting
patients in their home. Commenters emphasized that DMEPOS companies are
particularly critical in facilitating transitions from one care setting
to another. Commenters also noted that the expansion of remote
monitoring technologies has enhanced the role that DMEPOS companies
play in care coordination and that device manufacturers are
increasingly integrating digital technologies into medical devices that
are classified as DMEPOS. With respect to these and other technologies,
commenters noted that DMEPOS companies may provide useful data to
support care coordination. Other commenters encouraged us to make
DMEPOS companies ineligible for protection under the value-based safe
harbors because they are not involved in front line patient care
coordination. Others encouraged us to adopt additional safeguards
specific to DMEPOS companies.
Response: We are persuaded by commenters that DMEPOS companies may
have an important role in value-based arrangements, particularly in the
context of post-acute care, and that they provide an array of health
technology services, such as remote patient monitoring, that may
facilitate the coordination and management of patient care. We believe
that we must balance the role of these DMEPOS companies with our
continued concerns, informed by our historical law enforcement
experience, that some of these entities might misuse the protections
afforded in the value-based safe harbors as a way to offer kickbacks
under the guise of care coordination.
Given our stated interest in the deployment of digital health
technologies to enhance coordination and management of care and
consistent with the OIG Proposed Rule as explained elsewhere, we have
defined the term limited technology participant to include
manufacturers of medical supplies and entities or individuals that sell
or rent DMEPOS. Limited technology participants, such as DMEPOS
companies, may rely on the care coordination arrangements safe harbor
to protect digital health technologies that they exchange with another
VBE participant or the VBE, provided the arrangement satisfies an
additional safe harbor condition that does not apply to other VBE
participants, discussed in greater detail below. Our approach to DMEPOS
in the final rule strikes a balance between encouraging the use of
beneficial digital health technology, which may be offered by DMEPOS
companies, for care coordination and protecting programs from potential
fraud and abuse.
Comment: Some commenters asserted that DMEPOS companies would be
willing to enter into risk-based arrangements and encouraged OIG to
provide safe harbor protection for these types of arrangements.
Response: We believe the commenter is inquiring as to whether risk-
based arrangements involving DMEPOS companies could satisfy the
conditions of a value-based safe harbor. For the reasons described
above and in the OIG Proposed Rule, DMEPOS companies are not eligible
to rely on the value-based safe harbors, except under the limited
technology participant pathway we have created in the care coordination
arrangements safe harbor.
Comment: A commenter recommended that ``distribution vendors'' not
be considered DMEPOS companies for purpose of any exclusion. The
commenter argued that these vendors are needed to deploy digital
medicine programs effectively by directly supporting patients through
[[Page 77714]]
home delivery of digital medical program items.
Response: All entities can be VBE participants under our revised
approach, but entities that sell or rent covered DMEPOS are included in
the ineligible entity lists in each value-based safe harbor and are
thus ineligible to rely on those safe harbors, except under the limited
technology participant pathway in the care coordination arrangements
safe harbor. In the OIG Proposed Rule we listed manufacturer,
distributor, or supplier of DMEPOS as an ineligible entity type. The
final rule instead lists an entity or individual that sells or rents
DMEPOS as ineligible for safe harbor protection (except that a limited
technology participant is eligible under the care coordination
arrangements safe harbor). The language in the final rule focuses on
the nature of an entity's business--selling and renting DMEPOS--to
better capture the higher risk entities that cannot use the safe
harbors, and avoids potentially broad terms, such as ``supplier,'' that
are defined elsewhere in Medicare regulations for different purposes.
The language ``sells or rents'' is derived from a CMS definition of
DMEPOS supplier.\18\
---------------------------------------------------------------------------
\18\ 42 CFR 424.57(a).
---------------------------------------------------------------------------
We removed the reference to DMEPOS manufacturers because entities
that manufacture DMEPOS would fall under the final rule's definition of
``manufacturer of a device or medical supply,'' and it would have been
duplicative to include these entities under both definitions. Some
DMEPOS distributors will also be captured by the definition of
``manufacturer of a device or medical supply'' and would similarly be
ineligible on that basis. We believe that the universe of entities that
we intended to capture under the ``manufacturer, distributor, or
supplier of DMEPOS'' terminology used in the OIG Proposed Rule will now
be captured by one or both of the categories ``manufacturer of a device
or medical supply'' and ``an entity that sells or rents [DMEPOS].''
Comment: Several commenters noted that many types of providers and
entities, including physician practices, dentists, hospitals, and
pharmacies, may be enrolled in the Medicare program as DMEPOS suppliers
and questioned how an exclusion of DMEPOS companies, or requirements
specific to DMEPOS companies, would apply to them. A commenter
suggested that OIG should distinguish DMEPOS companies who derive only
a small portion of their revenues from furnishing DMEPOS.
Response: In the final rule, the carve-out for DMEPOS companies in
each of the value-based safe harbors does not apply to a pharmacy or to
a physician, provider, or other entity that primarily furnishes
services. In the OIG Proposed Rule, we sought comments on how to ensure
that these types of entities would remain eligible for safe harbor
protection even if they own or operate an entity that is ineligible,
such as a DMEPOS company.\19\ By specifically carving these entities
out of the definition of DMEPOS companies, we ensure that these
entities will not become ineligible for safe harbor protection. These
entities and individuals are likewise not treated as ``limited
technology participants.'' Thus, physicians, dentists, physician
practices, and other providers (including, for example, hospitals), who
primarily furnish services, as well as pharmacies, would not be
considered DMEPOS companies for purposes of either the ineligible
entities list or the ``limited technology participant'' definition.
These parties are therefore able to rely on the three value-based safe
harbors to the same extent as all other eligible VBE participants
(including for arrangements involving digital health technologies), and
they are not required to satisfy the additional condition that applies
only to limited technology participants.
---------------------------------------------------------------------------
\19\ 84 FR 55706 (Oct. 17, 2019).
---------------------------------------------------------------------------
(f) Compounding Pharmacies
Comment: Several commenters responded to our solicitation of
comments regarding the treatment of compounding pharmacies in the rule.
Some commenters encouraged OIG not to distinguish between retail
pharmacies, specialty pharmacies, and compounding pharmacies. One
commenter expressed concern about generally offering protections to all
compounding pharmacies, stating that ongoing vigilance for fraud and
abuse is warranted for the compounding pharmacy industry. The commenter
added that a more nuanced approach that screens for and offers
protections in value-based arrangements for demonstrably good actors
may further access to customized treatments, particularly for patients
with rare diseases as well as pediatric patients. The commenter also
described the risks of compounding without rigorous safety and quality
practices. The commenter suggested that, to address quality, safety,
and program integrity concerns with compounding pharmacies, OIG could
limit participation to compounding pharmacies that exemplify good
compounding practices through adherence to the U.S. Pharmacopeia (USP)
Chapter 795 and attainment of Pharmacy Compounding Accreditation Board
(PCAB) accreditation from the Accreditation Commission for Health Care
(ACHC).
Other commenters believed that compounding is an essential part of
patient care, including for specialty pharmacies such as infusion
pharmacies that treat patients with severe conditions. Commenters
suggested that pharmacists at compounding pharmacies may play a key
role in helping coordinate individualized patient care. Commenters
urged OIG to not exclude pharmacies from the proposed safe harbor based
on the compounding services they provide. Some commenters raised
concerns that excluding compounding pharmacies from the value-based
safe harbors would expose the pharmacies to liability under the Federal
anti-kickback statute for any remuneration they receive for providing
prescription compounded medications or pharmacist-approved care
services.
Some commenters explained their understanding that compounding is
the preparation of a specific medication to meet the prescriber's exact
specifications and to be dispensed directly to an individual patient,
pursuant to a valid prescription for that patient. Such drugs are
prescribed when commercially available products do not meet patient
needs. Commenters noted that compounding should not be confused with
manufacturing or the mass production of drug products, nor should it be
confused with making copies of commercially available drug products,
which is not allowed by law under section 503A(b)(1)(D) of the Federal
Food, Drug, and Cosmetic Act (21 U.S.C. 353a(b)(1)(D)).
Response: We agree that pharmacists, including pharmacists at
compounding pharmacies, can play important roles in coordinating and
managing patient care and as members of care teams, including for
patients with rare and serious conditions. Under the final rule, all
pharmacies and pharmacists can participate in VBEs. As explained
further below, most pharmacies and pharmacists will be eligible to rely
on the value-based safe harbors to protect remuneration, even if the
pharmacy engages in some compounding of drugs.
However, under the final rule, for reasons explained below,
pharmacies that primarily compound drugs or primarily dispense
compounded drugs are ineligible to protect remuneration under the
value-based safe harbors, as well as the safe harbor protections for
patient engagement tools and supports
[[Page 77715]]
(paragraph 1001.952(hh)) and outcomes-based payments (amended paragraph
1001.952(d)). When we refer to compounded drugs in this rule, we refer
to the common industry understanding of them as drugs that are
specifically combined, mixed, or altered and prepared for individual
patients, or that purport to be such drugs. As noted by the commenters,
compounded drugs are often prescribed or dispensed for patients for
whom commercially available products are not clinically suitable.\20\
We are not defining ``compounding'' or ``compounded drugs'' in
regulatory text in this rule. For purposes of this rule, compounding
pharmacies include entities that primarily compound drugs or primarily
dispense compounded drugs, such as topical pain creams, with or without
licensure or valid prescriptions. Accordingly, we are not adopting the
narrower definitional suggestions made by commenters.
---------------------------------------------------------------------------
\20\ See, e.g., FDA, Compounding and the FDA: Questions and
Answers, available at https://www.fda.gov/drugs/human-drug-compounding/compounding-and-fda-questions-and-answers (addressing
what is compounding and why some patients need compounded drugs).
---------------------------------------------------------------------------
We explained in the OIG Proposed Rule that we were considering
whether specific types of pharmacies, such as compounding pharmacies,
should be carved out of safe harbor protection even if others, such as
retail and community pharmacies, are eligible for safe harbor
protection. The OIG Proposed Rule states that pharmacies that
specialize in compounding pharmaceuticals may pose a heightened risk of
fraud and abuse, as evidenced by our enforcement experience, and may
not play a direct role in patient care coordination.\21\ We remain
deeply concerned about fraud and abuse in the compounding pharmacy
industry.
---------------------------------------------------------------------------
\21\ 84 FR 55704 (Oct. 17, 2019).
---------------------------------------------------------------------------
Our recent criminal, civil, and administrative enforcement history
shows an increasing number of fraud allegations, investigations, and
cases related to compounded drugs, including topical compounded drugs
such as creams, gels, and ointments to relieve pain.\22\ OIG's
oversight experience also has found that Medicare Part D spending for
compounded topical drugs was 24 times higher in 2016 than it was in
2010, which raises concerns about fraud and abuse.\23\ According to the
FDA, there are also safety and effectiveness concerns related to
compounded drugs, which are not FDA approved.\24\ This is also an area
of significant growth in Medicare Part D spending; spending for
compounded topical drugs was 24 times higher in 2016 than it was in
2010, some of which may be attributed to suspect billing practices. In
2016, OIG found that about 550 pharmacies had engaged in questionable
Part D billing practices for compounded topical drugs and warranted
further scrutiny. Each pharmacy billed extremely high amounts for at
least one of five measures that OIG has developed as indicators of
possible fraud, waste, and abuse.\25\ In light of this enforcement and
oversight experience, we conclude that the risks of allowing pharmacies
that primarily compound drugs or primarily dispense compounded drugs to
rely on the value-based arrangements, patient engagement tools and
supports, and outcomes-based payments safe harbors outweigh the
potential benefits. As explained further below, other pharmacies are
eligible to rely on the safe harbors. As with other entities ineligible
for protection under the value-based, patient engagement tools and
supports, and outcomes-based payments safe harbors, compounding
pharmacies can still be VBE participants.
---------------------------------------------------------------------------
\22\ See, e.g., Press Release, U.S. Department of Justice,
Compounding Pharmacy, Two of Its Executives, and Private Equity Firm
Agree to Pay $21.36 Million to Resolve False Claims Act Allegations
(Sept. 18, 2019), https://www.justice.gov/opa/pr/compounding-pharmacy-two-its-executives-and-private-equity-firm-agree-pay-2136-million; Press Release, U.S. Department of Justice, Four Florida Men
Charged for Their Roles in a $54 Million Compound Pharmacy Kickback
Scheme (June 5, 2020), https://www.justice.gov/opa/pr/four-florida-men-charged-their-roles-54-million-compound-pharmacy-kickback-scheme; OIG, Civil Monetary Penalties and Affirmative Exclusions,
Texas Company and Owner Agree to Voluntary Exclusion (July 20,
2020).
\23\ OIG, Questionable Billing for Compounded Topical Drugs in
Medicare Part D (Aug. 2018), available at https://oig.hhs.gov/oei/reports/oei-02-16-00440.asp.
\24\ FDA, Compounding and the FDA: Questions and Answers,
available at https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/PharmacyCompounding/ucm339764.htm.
\25\ OIG, Questionable Billing for Compounded Topical Drugs in
Medicare Part D (Aug. 2018), available at https://oig.hhs.gov/oei/reports/oei-02-16-00440.asp.
---------------------------------------------------------------------------
We recognize that many pharmacies may dispense some compounded
drugs. For purposes of this rule, a pharmacy is only considered to be a
compounding pharmacy (and ineligible for protection under certain safe
harbors) if it primarily compounds drugs or primarily dispenses
compounded drugs. We anticipate that most retail pharmacies and
community pharmacies that offer care coordination and management
services will not be covered by this category and will be eligible to
rely on the safe harbors.
We are not adopting the commenters' suggestions to provide safe
harbor protection for remuneration exchanged by compounding pharmacies
that demonstrate that they are good actors or that exemplify good
compounding practices through adherence to USP Chapter 795 and
attainment of PCAB accreditation from ACHC. We believe the suggested
approaches would introduce additional complexity and uncertainty into
the safe harbors by further attempting to distinguish among different
types of compounding pharmacies.
We do not prescribe a specific standard or test for assessing
whether a pharmacy primarily compounds drugs or primarily dispenses
compounded drugs. Entities may use a variety of different
methodologies, depending on their circumstances. We expect parties to
use a reasonable methodology, which they may wish to document. If an
entity has multiple lines of business, with one line of business being
a compounding pharmacy, the entity should use the multiple lines of
business test as laid out in section III.B.2.e.v of this preamble to
determine whether it is eligible to rely on the safe harbors or a
compounding pharmacy ineligible to rely on the safe harbors.
Entities seeking safe harbor protection that are uncertain as to
whether they are eligible to rely on the value-based safe harbors or
any other safe harbor for a particular arrangement may wish to use the
OIG advisory opinion process.
Finally, we want to clarify that nothing in this rulemaking should
affect patients' access to medically necessary compounded drugs. The
dispensing of compounded drugs pursuant to applicable coverage and
billing rules does not implicate the Federal anti-kickback statute. Nor
does this rule speak to the pricing of such products. With respect to
remuneration paid to compounding pharmacies or pharmacists for services
furnished to patients, whether such payments implicate the statute is a
case-by-case determination and the safe harbors for employment and
personal services and management contracts remain available. As noted
elsewhere, with respect to value-based contracting with pharmaceutical
manufacturers, we may consider safe harbor protection for such
arrangements in future rulemaking.
iii. Digital Health Technologies and Limited Technology Participants
As explained in more detail below, the final rule includes a
pathway for protection of ``digital health technology'' arrangements
involving ``limited technology participants,'' as those terms are
defined under the care coordination arrangements safe harbor.
[[Page 77716]]
This pathway responds to comments supporting protection of digital
technology arrangements involving medical device manufacturers and
DMEPOS companies. VBE participants that are not on the ineligible
entity list may exchange digital health technologies (and any other
technologies) under the care coordination arrangements safe harbor, and
they are not subject to the additional safe harbor condition that
applies to limited technology participants. Further, the pathway for
limited technology participants does not apply to the substantial
downside risk and full financial risk safe harbors. The care
coordination arrangements safe harbor is available for digital health
technology arrangements between limited technology participants and VBE
participants in risk-based arrangements.
For purposes of the pathway for limited technology participants, we
are defining the term ``limited technology participant'' at paragraph
1001.952(ee)(14)(iii) to mean a VBE participant that exchanges digital
health technology with another VBE participant or a VBE and that is:
(A) A manufacturer of a device or medical supply, but not including a
manufacturer of a device or medical supply that was obligated under 42
CFR 403.906 to report one or more ownership or investment interests
held by a physician or an immediate family member during the preceding
calendar year, or that reasonably anticipates that it will be obligated
to report one or more ownership or investment interests held by a
physician or an immediate family member during the present calendar
year (for purposes of this paragraph, the terms ``ownership or
investment interest,'' ``physician,'' and ``immediate family member''
have the same meaning as set forth in 42 CFR 403.902); or (B) an entity
or individual that sells or rents durable medical equipment,
prosthetics, orthotics, or supplies covered by a Federal health care
program (other than a pharmacy or a physician, provider, or other
entity that primarily furnishes services). In short, many manufacturers
of medical devices and supplies (but not physician-owned distributors)
and DMEPOS companies are eligible to be limited technology participants
if they fit in this definition.
We are defining ``digital health technology'' at paragraph
1001.952(ee)(14)(ii) broadly to mean hardware, software, or services
that electronically capture, transmit, aggregate, or analyze data and
that are used for the purpose of coordinating and managing care; such
term includes any internet or other connectivity service that is
necessary and used to enable the operation of the item or service for
that purpose. Importantly, this definition specifies the types of
technology a limited technology participant can exchange under the safe
harbor. It does not constrain the types of technology that can be
exchanged by other VBE participants eligible to use the safe harbor.
Comment: Several commenters emphasized the importance of allowing
health technology companies to participate as VBE participants and
asserted that making medical device manufacturers ineligible to be VBE
participants may impact the availability of digital technologies for
purposes of coordinating and managing care because no meaningful line
can be drawn between medical device companies and health technology
companies. For example, a commenter explained that they offer both
traditional medical devices and other digital health technologies, the
latter of which includes clinical decision support tools and artificial
intelligence-assisted diagnostic support tools. Another commenter noted
that manufacturers of implantable devices often pair their products
with software solutions to support patient diagnosis and treatment. A
trade association representing device manufacturers described a program
where a manufacturer of automated external defibrillators and cardiac
monitoring devices with transmitting capabilities offers a device-
agnostic software solution that permits coordination between EMS
providers and hospitals. According to the commenter, the software
enables receiving hospitals to access cardiac data in real time so they
can have advance notice of patients en route and provide consultation
back to EMS personnel to direct the patient to the appropriate
treatment location (e.g., community hospital, hospital with specialized
services). Another commenter explained how digital health technology is
integrated with medical devices used by patients to provide data to
patients and providers for patient engagement and treatment adherence
purposes. Other commenters emphasized the difficulty of clearly
distinguishing between device manufacturers and digital health
technology companies, and that both may provide a mix of traditional
medical devices and digital health technology. Commenters supported an
approach that would not unintentionally exclude beneficial digital
health technology from protection under the safe harbor.
Response: In the OIG Proposed Rule, we expressed interest in
protecting remuneration in the form of a wide range of mobile and
digital technologies for the coordination and management of patient
care, including, by way of example, remote monitoring, predictive
analytics, data analytics, care consultations, patient portals,
telehealth and other communications, and software and applications that
support services to coordinate and monitor patient care and health
outcomes (for individuals and populations). We noted diabetes
management services that leverage devices and cloud storage services to
monitor blood sugar levels and transmit data as an example.
While recognizing the promise that digital health technologies have
for improving care coordination and health outcomes, in the OIG
Proposed Rule we also raised fraud and abuse concerns associated with
medical device manufacturers based on our historical law enforcement
experience. Section III.B.2.e.d. explains those concerns in more
detail. Recognizing these factors, we solicited comments generally on
how best to protect beneficial digital technologies and mitigate fraud
and abuse risks. This included requesting comment on definitions and
factors to consider for specific types of entities that would protect
digital technology and not be too narrow or broad.
Consistent with this request for comments, the intent in the OIG
Proposed Rule, and to address comments received, we define the term
``digital health technology'' at paragraph 1001.952(ee)(14)(ii) and we
define ``limited technology participant'' at paragraph
1001.952(ee)(14)(iii). These definitions balance the interests we
raised in the OIG Proposed Rule by protecting beneficial digital health
technology and mitigating the fraud and abuse risks by specifying the
types of technology that limited technology participants can furnish
under the care coordination arrangements safe harbor. This approach
also addresses concerns raised by commenters regarding unintentionally
excluding beneficial digital health technology from safe harbor
protection. We discuss each definition in more detail below in this
section.
Digital health technology is defined as hardware, software, or
services that electronically capture, transmit, aggregate, or analyze
data and that are used for the purpose of coordinating and managing
care; such term includes any internet or other connectivity service
that is necessary and used to
[[Page 77717]]
enable the operation of the item or service for that purpose. We intend
for this term to encompass a wide range of digital health technologies,
including technologies that are not yet developed or available. It also
includes associated internet or other connectivity services, including
dial-up, that are necessary and used to enable the operation of the
item or service for the purpose of coordinating and managing care. The
term ``digital health technology'' includes, for example, the software
solution described by the commenter that enables hospitals to access
data from cardiac devices used by EMS providers in the field so that
they can coordinate and manage the care of patients undergoing a
cardiac emergency, including connectivity services, such as mobile
hotspots and plans, necessary to enable the EMS providers to transmit
data from the field to the hospital.
Only limited technology participants are limited to the types of
technology set out in the definition of ``digital health technology.''
Other VBE participants eligible for the safe harbor may provide
additional types of technology so long as the value-based arrangement
squarely meets all safe harbor conditions.
We share commenters' views regarding the desirability of enabling
VBE and VBE participants to leverage digital health tools to support
the coordination and management of care. All individuals (except for
patients) and entities are eligible to be VBE Participants, and this
includes health technology companies, including those that are not
traditionally involved in health care or may be new entrants to health
care. Except as otherwise provided in the safe harbor regulations,
health technology companies are eligible to rely on the protection of
the safe harbors for value-based arrangements with other VBE
participants, provided that their arrangements squarely meet all
applicable safe harbor conditions.
The question arose in the OIG Proposed Rule, and remains relevant
here, whether manufacturers of devices and medical supplies and DMEPOS
companies are health technology companies. For most purposes, as
described above, these entities are carved out of the value-based safe
harbors and are ineligible to rely on them. However, we are creating a
pathway to enable these entities to deploy digital health technologies
under the care coordination arrangements safe harbor at paragraph
1001.952(ee). For purposes of this safe harbor, manufacturers of
devices or medical supplies (as defined in paragraph 1001.952(ee)) and
DMEPOS companies (i.e., entities or individuals that sell or rent
covered DMEPOS, not including physicians or providers that primarily
furnish services and pharmacies) that exchange digital health
technologies with another VBE participant or the VBE are collectively
termed ``limited technology participants'' in paragraph 1001.952(ee).
Limited technology participants may use the care coordination
arrangements safe harbor to protect the exchange of digital health
technologies with other VBE participants or the VBE if the arrangement
meets an additional safe harbor condition, described below. Limited
technology participants may not, by definition, rely on the care
coordination arrangements safe harbor to exchange other forms of
remuneration. All other entities eligible to use the safe harbor can
also exchange remuneration in the form of digital health technology,
and they do not have to meet the additional safe harbor conditions that
apply only to limited technology participants at paragraph
1001.952(ee)(8). For example, physicians and providers that primarily
furnish services are not treated as limited technology participants and
are therefore not obligated to meet the additional conditions that
apply to limited technology participants.
In short, remuneration in the form of digital health technology may
be exchanged under the care coordination arrangements safe harbor by
all entities that are not carved out of the safe harbor, as well as
limited technology participants.
Consistent with our statements in the OIG Proposed Rule reflecting
our intent that physician-owned distributorships not be eligible to
rely on the value-based safe harbors, we do not intend for physician-
owned distributorships to be able to use the limited technology
participant pathway in the care coordination arrangements safe harbor.
To foreclose this possibility, we clarify in paragraph 1001.952(ee)(14)
that the term ``limited technology participant'' does not include
manufacturers of devices or medical supplies that were obligated under
42 CFR 403.906 to report one or more ownership or investment interests
held by a physician or an immediate family member during the preceding
calendar year, or that reasonably anticipate that they will be
obligated to report one or more ownership or investment interests held
by a physician or an immediate family member during the present
calendar year. For purposes of this definition, the term ``manufacturer
of a device or medical supply'' has the meaning set forth in paragraph
1001.952(ee)(14), and the terms ``ownership or investment interest,''
``physician,'' and ``immediate family member'' have the meaning set
forth in 42 CFR 403.902. We take this opportunity to make clear that
this regulatory provision should not be construed as an official
definition of unlawful physician-owned distributorships or physician-
owned entities more broadly. This regulation does not alter our long-
standing guidance regarding physician-owned distributorships, and we
specifically reaffirm the guidance in our 2013 Special Fraud Alert on
Physician-Owned Entities.\26\
---------------------------------------------------------------------------
\26\ See OIG, Special Fraud Alert: Physician-Owned Entities
(Mar. 26, 2013), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/2013/POD_Special_Fraud_Alert.pdf.
---------------------------------------------------------------------------
iv. Pharmacies Other Than Compounding Pharmacies
Comment: The overwhelming majority of commenters on this topic
supported allowing pharmacies to be VBE participants. Commenters cited
a wide range of reasons, including that pharmacies and pharmacists are
already involved in many aspects of care coordination and management
and that they are on the front line of care coordination because they
often serve as the key point of contact between patients and the health
care system due to their geographic proximity to patients. Commenters
emphasized that pharmacies provide many services to patients, not just
items. A commenter also noted that an ACO may be a VBE and that a
number of ACOs currently integrate pharmacists for medication
management and other services. Conversely, another commenter suggested
that pharmacies should not be eligible because they present many of the
same concerns as pharmaceutical manufacturers, wholesalers, and
distributors.
Response: With the exception of compounding pharmacies (as
explained in section III.2.e.ii.f of this preamble), pharmacies can
utilize each of the final value-based safe harbors for value-based
arrangements and are not subject to any pharmacy-specific restrictions
or limitations. Pharmacies other than compounding pharmacies also are
eligible for safe harbor protection under the safe harbors for patient
engagement tools and supports (paragraph 1001.952(hh)) and outcomes-
based payments (amended paragraph 1001.952(d)). We are persuaded that
many pharmacies and pharmacists have the potential to facilitate
coordination and management of care for patients and
[[Page 77718]]
that their participation in value-based arrangements may further the
purposes of this final rulemaking. Except in the case of compounding
pharmacies, these potential benefits outweigh our program integrity
concerns, which are adequately addressed by the requirements of the
value-based safe harbors.
v. Entities With Multiple Business Lines
Comment: We received several comments seeking guidance on how
entities with multiple business lines or with multiple regulatory
classifications would be viewed for purposes of safe harbor
eligibility. Some commenters requested clarification on how the
eligibility standards would be impacted by corporate affiliations or
shared ownership. Another commenter noted that some health systems are
involved in device and technology development.
Some questioned how OIG would view an entity that operates both
eligible and ineligible business lines through separate business units,
with certain commenters suggesting that it would be impossible to
distinguish between types of entities because the health care industry
is not siloed in this manner. Others asserted that the fact that many
companies have multiple business lines is reason enough for OIG not to
make any types of business lines ineligible to be VBE participants.
Another commenter requested that clinical quality improvement and data
registries be eligible to be VBE participants, regardless of their
ownership or other status.
Response: Under the final rule, the question of whether a
particular entity is eligible to rely on a safe harbor, or whether an
entity fits the definition of a limited technology participant, is
assessed at the corporate entity level by considering the corporate
entity's predominant or core line of business. We did not propose, and
we are not finalizing, standards relating to common ownership or
corporate affiliation. Corporate affiliation, whether by majority
ownership, common ownership, or another structure, has no bearing on
eligibility.
For example, a pharmacy (other than a compounding pharmacy as
explained in section III.2.e.ii.f) that is under common ownership with
a PBM would be eligible to rely on the value-based safe harbors,
notwithstanding the fact that the pharmacy is related to a PBM, which
is ineligible to rely on those safe harbors. Likewise, within a health
system that is comprised of multiple corporate entities, the fact that
one or more of those entities might engage in activities that make it a
manufacturer of devices or medical supplies would not impact the
availability of the safe harbor to other corporate entities in the
health system that do not engage in such activities.
Where a single corporate entity operates multiple business lines,
eligibility turns on the entity's predominant or core business. For
example, a pharmacy that is operated within the same corporate entity
as a pharmaceutical manufacturer would not be eligible to rely on these
safe harbors to the extent the corporate entity's core function is the
manufacturing of pharmaceuticals and the pharmacy operation merely
supports the manufacturing line of business. Similarly, where a single
corporate entity manufactures both pharmaceuticals and medical devices,
the question of eligibility would focus on which line of business is
the predominant or core line of business of that corporate entity. For
example, if a corporation's predominant function is the manufacturing
of devices (including, for example, preparation, propagation, assembly,
and processing of devices) and it also manufactures a pharmaceutical
product that is incorporated into and integral to a medical device (for
example, a drug-eluting medical device), the entity would be treated as
a manufacturer of devices or medical supplies because that remains its
core business and function. The question of whether a quality
improvement or data registry will be eligible will similarly turn on
whether it is housed within a corporate entity whose predominant
function places it on the carve-out list.
Large corporations that are organized with multiple business lines
within a single corporate entity will need to assess whether they have
a predominant or core business. We do not prescribe a specific standard
or test for assessing an entity's predominant or core business
function, and we expect that entities may use a variety of different
methodologies, depending on their circumstances. We would expect
parties to use a reasonable methodology, which they may wish to
document. For example, share of revenues may be a relevant metric for
some entities, but for others where one or more products are still in
development, revenues may not be an appropriate metric. Entities
seeking safe harbor protection that are uncertain as to whether they
are eligible to rely on the value-based safe harbors for a particular
arrangement may wish to use the OIG advisory opinion process.
Parties seeking protection under the safe harbors may first need to
assess the regulatory text for ineligible entities in the specific safe
harbor of interest. For example, where an entity's business includes
the sale or rental of DMEPOS covered by a Federal health care program,
the question of eligibility is addressed by the regulatory text, which
specifies that the ineligibility of DMEPOS companies does not apply to
a pharmacy or a physician, provider, or other entity that primarily
furnishes services. Thus, for example, a disease management company
that primarily furnishes a suite of disease management services (e.g.,
wellness coaching, patient education, health technology tools to
promote medication adherence) and also sells or rents DMEPOS in support
of these services would be eligible to rely on the value-based safe
harbors and would not be subject to the constraints imposed on limited
technology participants. Conversely, an entity that sells or rents
covered DMEPOS and does not primarily furnish services would be
ineligible, except as a potential limited technology participant under
the care coordination arrangements safe harbor.
We also note that, wholly apart from any value-based arrangement,
transfers of remuneration from one entity to another may implicate the
Federal anti-kickback statute if those transfers of remuneration are
intended to induce or reward referrals for items and services covered
by a Federal health care program. This potential liability arises even
where the recipient subsequently uses the remuneration in a manner that
is protected by a safe harbor. Thus, for example, if an ineligible
entity transferred remuneration to a VBE participant in order for the
recipient VBE participant to induce or reward referrals back to the
ineligible entity, the initial transfer may result in liability under
the Federal anti-kickback statute, even if the recipient VBE
participant's subsequent transfer of the remuneration to other VBE
participants or to patients is protected under a safe harbor.
Comment: Several commenters noted that many providers, including
hospitals and health systems, often own or operate pharmacies and
questioned how an exclusion of pharmacies would apply to them.
Response: Other than pharmacies that primarily compound drugs or
primarily dispense compounded drugs, pharmacies are not subject to any
limitations or restrictions under this final rule, and thus ownership
or operation of many pharmacies by another provider would have no
impact on eligibility. Should a compounding pharmacy exist within a
health system that is comprised of multiple corporate entities, the
fact that one of the entities may be a pharmacy that primarily
compounds drugs or primarily
[[Page 77719]]
dispenses compounded drugs would not impact the availability of the
safe harbor to other corporate entities in the health system. Moreover,
should a compounding pharmacy exist within a single entity that also
furnishes other services, such as health clinic that furnishes
physician services, the entity would apply the multiple lines of
business test to determine whether or not the entity would be
characterized as a compounding pharmacy.
Comment: Some commenters described companies that are regulated as
both CLIA laboratories and manufacturers of devices or medical supplies
because they perform their own FDA-regulated in-vitro diagnostic tests
at their own CLIA-certified laboratories and sought clarification
regarding how they would be viewed.
Response: We have replaced the term ``clinical laboratory'' with
the term ``laboratory company'' in this final rule to clarify the type
of entities that we intend to make ineligible to rely on the value-
based safe harbors. The term ``laboratory company'' refers to
independent companies that operate clinical laboratories and bill for
the laboratory services they furnish through their own billing numbers.
Consistent with the approach described above, the entity would need to
consider what its predominant or core business function is--
manufacturing (e.g., preparation, propagation, assembly, processing) a
medical device or furnishing laboratory services. Without further
details regarding the commenters' specific business operations, we are
unable to provide a precise response here.
Comment: A commenter noted that a pharmacy is included as a
``laboratory'' under CLIA. Other commenters noted that pharmacies may
be co-located with health clinics or owned and operated by other types
of providers. The commenters sought guidance on how these relationships
between entity types would impact eligibility for protection under the
safe harbors.
Response: As discussed above, and based upon the comments, we have
revised the terminology in this final rule to refer to laboratory
companies rather than clinical laboratories, and we intend for
``laboratory companies'' to mean independent companies that operate
clinical laboratories and bill for the laboratory services they furnish
through their own billing numbers. Consistent with the approach set
forth above, because a pharmacy's predominant or core business function
is to provide pharmacy services, not laboratory services, we would not
consider the fact that pharmacies are treated as laboratories for other
regulatory purposes to impact their eligibility to rely on the value-
based safe harbors. As noted previously, pharmacies that primarily
compound drugs or primarily dispense compounded drugs would not be
eligible for safe harbor protection.
vi. New Safe Harbor Conditions
Comment: With respect to potential additional safeguards for VBE
participants generally, commenters suggested a wide range of options,
some of which we stated that we were considering in the OIG Proposed
Rule (e.g., prohibitions on exclusivity, required data reporting or
monitoring). Some commenters also recommended that we implement these
additional safeguards for certain types of entities (e.g., medical
device manufacturers).
Response: Consistent with the proposal within the OIG Proposed
Rule, we are adopting an additional safeguard in the care coordination
arrangements safe harbor targeted to manufacturers of devices and
medical supplies and DMEPOS companies that exchange digital health
technologies to mitigate the increased risk of abuse presented by
allowing these entities to use this safe harbor.
As discussed above, we have created a new category of VBE
participants, ``limited technology participants,'' which is comprised
of manufacturers of devices and medical supplies and DMEPOS companies
that exchange digital health technology with another VBE participant or
the VBE. Consistent with our proposal in the OIG Proposed Rule, we are
adopting a requirement in the care coordination arrangements safe
harbor that the exchange of digital health technologies by limited
technology participants may not be conditioned on any recipient's
exclusive use, or minimum purchase, of any item or service
manufactured, distributed, or sold by the limited technology
participant. This additional safeguard addresses the specific program
integrity concerns presented by manufacturers of devices and medical
supplies and DMEPOS companies, which are heavily dependent on
practitioner referrals and who might use value-based arrangements to
tether clinicians to their products or to secure guaranteed referral
streams.
Comment: Some commenters suggested that applying safeguards to
specific types of entities, and not others, might deter those entities
from participating in value-based arrangements.
Response: First, we note that we have not imposed any additional
conditions on specific types of entities in the substantial downside
financial risk safe harbor or the full financial risk safe harbor.
Second, we do not concur with the commenter's assertion that the
limited technology participant pathway will disincentivize
participation in value-based arrangements; this framework allows
manufacturers of devices and medical supplies and DMEPOS companies to
participate in value-based arrangements involving digital health
technology and benefit from protection under the care coordination
arrangements safe harbor if they satisfy all safe harbor conditions.
Comment: In response to our proposal to include a safeguard that
prohibits exclusivity provisions, many commenters expressed support for
such a safeguard. Others cautioned that exclusivity provisions in
contractual arrangements can be appropriate in certain situations, such
as where substantial financial investments are required or where
exclusivity is consistent with intellectual property rights and
protections. Some commenters encouraged us to investigate the pros and
cons of prohibiting exclusivity provisions before adopting this
safeguard. At least two commenters opposed any potential prohibition of
exclusivity requirements. One commenter asserted that no manufacturer
has the capability or resources to ensure that all of its value-based
arrangement offerings always operate as a ``plug and play,'' always
interchangeable, product agnostic system. Another commenter stated that
parties to value-based arrangements should have flexibility to require
use of a medical device where clinical evidence dictates that a
particular practice not currently in use would vastly improve outcomes.
Response: We are adopting our proposal to preclude protection for
the exchange of remuneration conditioned on a recipient's exclusive
use, or minimum purchase, of any item or service manufactured,
distributed, or sold by a limited technology participant in the care
coordination arrangements safe harbor. We are only applying this
condition to remuneration exchanged by limited technology participants;
it does not apply to any other VBE participants. We are only adopting
this condition in the care coordination arrangements safe harbor, not
the other value-based safe harbors. We recognize that exclusivity
provisions may be appropriate business terms in certain contexts.
However, precluding safe harbor protection for arrangements that
include exclusivity provisions tied to products offered by limited
technology participants is an important safeguard. This safeguard
mitigates risk that these entities, which
[[Page 77720]]
are heavily dependent on practitioner referrals to sell their products,
will attempt to use the care coordination arrangements safe harbor to
protect arrangements intended to generate product sales or arrangements
that lock practitioners and patients into using products that may not
be in the patients' best interests in the clinical judgment of the
practitioners.
The safe harbor requirement that remuneration exchanged by limited
technology participants may not be conditioned on any recipient's
exclusive use or minimum purchase of the limited technology
participant's products does not prevent use of products based on
clinical best evidence. Nor does it prevent requirements in value-based
arrangements that providers use products based on clinical evidence
showing improved outcomes, when those products are in a patient's best
interests in the judgment of their practitioners. Nor does the
provision require that all value-based arrangements be product-agnostic
or that the digital technology provided under such an arrangement be
fully interchangeable with other products. The provision does mean
that, where remuneration is exchanged by a limited technology
participant, the VBE participants will not be entitled to safe harbor
protection under the care coordination arrangements safe harbor if the
limited technology participant conditions the remuneration on the
exclusive use of its product or a minimum purchase amount. This safe
harbor requirement does not apply to remuneration exchanged by VBE
participants that are not limited technology participants.
f. Value-Based Purpose
Summary of OIG Proposed Rule: We proposed to define a ''value-based
purpose'' as: (i) Coordinating and managing the care of a target
patient population; (ii) improving the quality of care for a target
patient population; (iii) appropriately reducing the costs to, or
growth in expenditures of, payors without reducing the quality of care
for a target patient population; or (iv) transitioning from health care
delivery and payment mechanisms based on the volume of items and
services provided to mechanisms based on the quality of care and
control of costs of care for a target patient population.
Summary of Final Rule: We are finalizing, without modification, our
definition of ``value-based purpose.''
Comment: While several commenters expressed support for our
proposed definition of ``value-based purpose'' as drafted, the majority
of commenters sought clarification on the term. For example, commenters
sought clarification on how quality would be defined and measured under
the value-based purpose and, more specifically, whether certain
measures would be seen as reducing quality. Another commenter requested
that OIG address how parties to a value-based arrangement would need to
document that the arrangement met a value-based purpose. Other
commenters sought confirmation that the definition of ``value-based
purpose'' does not require parties to succeed in achieving the
applicable purpose.
Response: As a threshold matter, the definition of ``value-based
purpose'' was crafted to provide parties with flexibility to develop
innovative care arrangements and strategies specific to the needs of
their target patient populations. We are not prescribing how parties
define and measure quality to qualify for the definition or how parties
document the ways in which they intend to achieve the VBE's value-based
purpose(s). Whether certain measures reduce quality is a fact-specific
inquiry. Further, neither the definition of ``value-based purpose'' nor
the value-based safe harbors requires parties to achieve the VBE's
value-based purpose(s); rather, the definition of ``value-based
purpose'' should be read in conjunction with the definition of ``value-
based activity,'' which requires value-based activities to be
reasonably designed to achieve the VBE's value-based purpose(s).
Documentation requirements are specified in individual safe harbors.
Comment: Multiple commenters requested further guidance on the
fourth value-based purpose of transitioning from health care delivery
and payment mechanisms based on the volume of items and services
provided to mechanisms based on the quality of care and control of
costs of care for a target patient population.
Response: We are finalizing the fourth value-based purpose in
recognition that parties transitioning to value-based care may need to
provide infrastructure and perform other activities necessary to
transition to the assumption of downside financial risk. For example,
as discussed in section III.B.5 below, parties to value-based
arrangements that meet the requirements of the full financial risk safe
harbor may exchange remuneration during a twelve-month phase-in period,
where the VBE is contractually obligated to assume full financial risk
in the next 12 months but has not yet assumed such risk. During this
phase-in period, the parties may have, as a value-based purpose, the
purpose of transitioning from health care delivery and payment
mechanisms based on the volume of items and services provided to
mechanisms based on the quality of care and control of costs of care
for a target patient population, and the parties may exchange, among
other things, remuneration necessary to enable the VBE to transition to
the assumption of full financial risk.
Comment: Other commenters advocated for revisions to the definition
of ``value-based purpose.'' These comments generally focused on two
issues related to the value-based purpose of appropriately reducing the
costs to, or growth in expenditures of, payors without reducing the
quality of care for a target patient population: Whether the definition
of ``value-based purpose'' should protect: (i) Cost-reduction efforts
more broadly, rather than only to the benefit of payors; and (ii) cost-
reduction efforts only when paired with improved quality or maintenance
of already-improved quality of care.
With respect to the first issue, commenters generally were in favor
of expanding the third purpose to cover all cost-reduction efforts, not
just those that benefit payors. At least two commenters asserted that
this expansion would be necessary to protect gainsharing arrangements.
Commenters' opinions varied on the second issue, related to our
proposal that reducing costs to, or the growth in expenditures of,
payors must be accomplished without reducing the quality of care for
the target patient population, with some expressing support and others
opposition. Many commenters opined on our alternative proposal to
include the reduction of costs to, or growth in expenditures of, payors
in the definition of ``value-based purpose'' only where there is also
an improvement in patient quality of care or the parties are
maintaining an improved level of care. On the one hand, certain
commenters believed this alternative standard would be overly
prescriptive and difficult to measure; others expressed support, with
one stating that a reduction in costs alone is not true value and that
the improvement of care should be the first priority.
Response: We are finalizing this portion of the definition, as
proposed. A goal of this rulemaking is to support quality improvements
and cost efficiencies achieved through better care coordination that
benefit patients and the health care delivery system. In our view,
arrangements that do not result in a reduction in costs to, or growth
in expenditures of, payors--such as reductions in surgical suite costs
for a
[[Page 77721]]
hospital--do not further this goal sufficiently to warrant protection
under the third value-based purpose definition. The definition of
``value-based purpose'' that we are finalizing is not intended to
foreclose internal-cost savings arrangements, such as gainsharing, in
their entirety; however, parties must consider whether such
arrangements would further other purposes in the ``value-based
purpose'' definition and the conditions of the applicable value-based
safe harbor. We also do not believe a higher standard of improving or
maintaining already improved quality of care is necessary. We are
persuaded that preventing reductions in quality of care, paired with
the safeguards in each of the value-based safe harbors, provides both
flexibility and sufficient protection against the potential for patient
harm.
Comment: A commenter asserted that VBEs should have at least one
value-based purpose related to patient care improvement and expressed
concern that allowing VBEs to focus solely on cost reduction would
compromise patient care and have a disproportionate impact on patients
with rare conditions.
Response: While a VBE or value-based arrangement may, but is not
required to, have as a value-based purpose improving the quality of
care for a target patient population, none of the value-based purposes
protect value-based arrangements that compromise patient quality of
care. Of the two value-based purposes that incorporate cost control or
cost reduction concepts, one requires the appropriate reduction in
costs to, or growth in expenditures of, payors without reducing the
quality of care for a target patient population; the other requires the
transition of health care delivery and payment mechanisms based on the
volume of items and services provided to mechanisms based on the
quality of care and control of costs of care to payors for a target
patient population. Both of these value-based purposes emphasize the
importance of ensuring patient quality of care.
We further highlight that each of the value-based safe harbors
includes a safeguard precluding safe harbor protection for value-based
arrangements that stint on medically necessary patient care; this
safeguard provides that the value-based arrangement may not induce
parties to furnish medically unnecessary items or services or reduce or
limit medically necessary items or services furnished to any patient.
Comment: A commenter expressed concern that the ``value-based
purpose'' definition may lead to patient harm, fails to protect
adequately against abusive cycling of patients for financial gain, and
potentially impinges on the professional judgment of health care
professionals.
Response: We share the commenter's concerns about patient harm,
abusive cycling of patients for financial gain and compromised
professional judgment. We have addressed these concerns through various
safeguards and requirements of the value-based safe harbors and the
patient engagement and support safe harbor. We note that compliance
with the value-based purpose definition does not necessarily qualify
parties or arrangements for safe harbor protection.
g. Coordination and Management of Care
Summary of OIG Proposed Rule: We proposed to define ``coordination
and management of care,'' the first of the four value-based purposes,
as the deliberate organization of patient care activities and sharing
of information between two or more VBE participants or VBE participants
and patients, tailored to improving the health outcomes of the target
patient population, in order to achieve safer and more effective care
for the target patient population. In defining this term, we sought to
distinguish between referral arrangements, which would not be
protected, and legitimate care coordination arrangements, which
naturally involve referrals across provider settings but also include
beneficial activities beyond the mere referral of a patient or ordering
of an item or service. We expressed particular concern about
distinguishing between coordinating and managing patient care
transitions for the purpose of improving the quality of patient care or
appropriately reducing costs, on one hand, and churning patients
through care settings to capitalize on a reimbursement scheme or
otherwise generate revenue. We proposed in preamble that we would not
consider the provision of billing or administrative services to be the
coordination and management of patient care.
Summary of Final Rule: We are finalizing, with modifications, the
definition of ``care coordination and management.'' First, we have
revised the definition to clarify that the deliberate organization of
patient care activities and sharing of information must occur between
two or more VBE participants, one or more VBE participants and the VBE,
or one or more VBE participants and patients. Second, in response to
comments, we have revised the description of the required goals to
state that the parties' efforts (i.e., the deliberate organization of
patient care activities and sharing of information) must be designed to
achieve safer, more effective, or more efficient care to improve the
health outcomes of the target patient population. These two changes
clarify the regulatory language with respect to the parties that engage
in the care coordination and management to include the VBE itself,
which can be party to a value-based arrangement, and make clear that
efforts to improve efficiency can be part of coordination and
management of care. Third, also in response to comments, we have
revised the definition to clarify that the term does not require
achievement of the stated goals, but rather that the efforts must be
designed to achieve such goals.
Comment: Commenters on this topic varied in their responses to our
proposed definition of ``coordinating and managing care.'' While we
received some comments expressing support, others asserted that the
definition was superfluous. A commenter highlighted that existing CMS
programs already rely on similar terminology and encouraged OIG to
align its definition.
Response: For the reasons stated in the OIG Proposed Rule, we are
finalizing a definition of ``coordination and management of care.''
Among other things, this definition helps ensure that protected
arrangements serve patients and the goals of coordinated care. Further,
given the importance of this value-based purpose in the safe harbors,
the definition provides a standard against which safe harbor compliance
can be measured. This is intended to help providers seeking to comply
with the safe harbors. As noted in the OIG Proposed Rule, we considered
other agency definitions in crafting ours.\27\
---------------------------------------------------------------------------
\27\ 84 FR 55707 (Oct. 17, 2019). For example, the Agency for
Healthcare Research and Quality explains that ``[c]are coordination
is identified by the Institute of Medicine as a key strategy that
has the potential to improve the effectiveness, safety, and
efficiency of the American health care system. Well-designed,
targeted care coordination that is delivered to the right people can
improve outcomes for everyone: patients, providers, and payers.''
https://www.ahrq.gov/ncepcr/care/coordination.html.
---------------------------------------------------------------------------
Although other laws and regulations, including the physician self-
referral law and associated regulations, may utilize the same or
similar terminology, the definition and interpretations we are adopting
in this rule would not affect CMS's (or any other governmental
agency's) interpretation or ability to interpret such term.
Comment: At least two commenters opposed our proposed definition
because they believe it would require
[[Page 77722]]
constant achievement. As an alternative, these commenters proposed
revising the definition of ``coordination and management of care'' from
the deliberate organization of patient care activities and sharing of
information in order to improve health outcomes, to the deliberate
organization of patient care activities and sharing of information in
an attempt to improve health outcomes.
Response: We thank commenters for highlighting this issue. It was
not our intent for the definition of ``coordination and management of
care'' to require constant achievement of improved health outcomes. To
address the issue raised by the commenters and reduce the potential for
confusion, we have revised the definition to clarify that the
organization of patient care activities and the sharing of information
must be designed to achieve safer, more effective, or more efficient
care to improve the health outcomes of the target patient population.
Actual achievement of safer, more effective, or more efficient care
that improves health outcomes is not required. However, the parties
must ensure that their efforts (i.e., deliberate organization of
patient care activities and sharing of information) are designed to
achieve these goals.
Comment: Several commenters questioned whether: (i) Patient
monitoring, patient diagnostic activities, patient treatment, and
communication related to such patient activities; or (ii) predictive
analytics, would constitute the coordination and management of care.
Response: Depending on the facts and circumstances, each of the
actions listed above could qualify as the coordination and management
of care. We intend for the coordination and management of care to
require beneficial activities beyond the mere referral of a patient or
ordering of an item or service. Coordination and management of care
requires some additional, deliberate effort and sharing of information,
across two or more parties, that is designed to augment care delivery
to achieve safer, more effective, or more efficient care to improve
health outcomes.\28\ For example, the ordering of a diagnostic test,
such as an imaging study, by a provider and the sharing of the test
results back to the ordering provider would not, without additional
beneficial activities, constitute the coordination and management of
care under the finalized definition. If, however, the ordering of the
imaging study and the sharing of results was part of a more deliberate,
organized effort between or among the parties to achieve safer and more
effective care and improve health outcomes, such as by implementing
protocols to reduce the number of redundant tests or ensuring that test
results are readily shared with and available to the patient and all
members of the patient's caregiver team and used to inform care
decisions, then the arrangement may constitute coordination and
management of care. We also emphasize that the definition requires not
only the deliberate organization of patient care activities, but also
the sharing of information between (or among) the parties who are
coordinating and managing care. This information sharing must be part
of a design to achieve safer, more effective, or more efficient care to
improve the health outcomes of the target patient population.
---------------------------------------------------------------------------
\28\ See, e.g., NEJM Catalyst, What is Care Coordination? (Jan.
1, 2018), https://catalyst.nejm,org/what-is-care-coordination/
(providing examples and noting that ``[c]are coordination
synchronizes the delivery of a patient's health care from multiple
providers and specialists. The goals of coordinated care are to
improve health outcomes by ensuring that care from disparate
providers is not delivered in silos, and to help reduce health care
costs by eliminating redundant tests and procedures.'').
---------------------------------------------------------------------------
Our final rule endeavors to encompass a wide range of beneficial
care coordination activities, with limitations. As described in the OIG
Proposed Rule, coordination might occur between hospitals and post-
acute care providers, specialists and primary care providers, or
hospitals and physician practices and patients. It could involve using
care managers, providing care or medication management, creating a
patient-centered medical home, helping with effective transitions of
care, sharing and using health data to improve outcomes, or sharing
accountability for the care of a patient across the continuum of care.
These arrangements often naturally involve referrals across provider
settings but include beneficial activities beyond the mere referral of
a patient or ordering of an item or service. We see a clear distinction
between coordinating and managing patient care transitions for the
purpose of improving the quality of care or improving efficiencies,
which would fit in the definition, and churning patients through care
settings to capitalize on a reimbursement scheme or otherwise generate
revenue, which would not fit in the definition. The OIG Proposed Rule
cites a relevant example of cycling patients through skilled nursing
facilities (SNFs) to maximize revenue as the kind of arrangement we do
not intend to fit in the definition or receive protection under any
safe harbor.
Comment: In response to OIG's solicitation of comments on the
intersection of coordination and management of care and cybersecurity,
a commenter stated that cybersecurity items or services should meet the
definition of ``coordination and management of care.'' According to the
commenter, cybersecurity items or services may be needed to share
information between or among VBE participants, and the commenter
expressed concern that parties would overlook opportunities to work
with small practices that cannot afford proper cybersecurity tools.
Response: We appreciate the commenters' input; however, we
respectfully disagree with their recommendation. As a general matter,
the use or sharing of cybersecurity items and services alone would not
meet the definition of ``coordination and management of care.'' Having
reviewed the comments and upon further consideration of the issue, we
view the use or sharing of such items and services to be focused on
ensuring the security of patient care items and related information
exchange, rather than the deliberate organization of patient care
activities and sharing of information, as required by the definition of
``coordination and management of care.'' That being said, an
arrangement involving the exchange of health information technology
that incorporates cybersecurity items and services could meet the
definition of ``coordination and management of care.'' For example,
where a VBE participant provides data analytics software to another VBE
participant to facilitate the VBE participants' coordination and
management of care, security features to control access to data
included within that software would not preclude the data analytics
software from meeting the definition of ``coordination and management
of care.'' However, we note that meeting the definition of
``coordination and management of care'' does not, de facto, afford safe
harbor protection; for safe harbor protection, the remuneration
exchanged must squarely satisfy all safe harbor conditions.
The use or sharing of cybersecurity items and services alone may
meet other value-based purposes, and such remuneration may be eligible
for protection under the substantial downside financial risk safe
harbor (paragraph 1001.952(ff)) or full financial risk safe harbor
(paragraph 1001.952(gg)). The cybersecurity technology and related
services safe
[[Page 77723]]
harbor, paragraph 1001.952(jj), also is available to protect the
exchange of cybersecurity items and services, provided all safe harbor
requirements are met.
Comment: In lieu of making the coordination and management of
patient care a requirement specific to the value-based safe harbors and
arrangements for patient engagement and support safe harbor, a
commenter requested that OIG revise the definition of ``value-based
purpose'' to reflect that one of the value-based purposes must be the
coordination and management of patient care.
Response: We appreciate the commenter's input; however, we decline
to adopt the commenter's suggestion for two reasons. First, the current
structure facilitates alignment between OIG's and CMS's value-based
terminology to ease burden on providers and others working to comply
with both sets of rules. In addition, as finalized, the substantial
downside financial risk and full financial risk safe harbors already
provide parties with additional flexibility to identify value-based
purposes other than the coordination and management of care, in defined
circumstances.
Comment: A commenter requested clarification as to the types of
activities that constitute the provision of billing or administrative
services. This commenter asserted certain administrative services, such
as the more effective management of patient records, could improve the
coordination and management of patient care and should be not be
excluded from the definition of ``value-based purpose.''
Response: Administrative services, depending on the facts and
circumstances, may meet the definition of ``coordination and management
of care.'' We are clarifying our statement in the OIG Proposed Rule
that we would not consider the provision of billing or administrative
services to be the management of patient care \29\ to make clear that
we view any billing or financial management services arrangement that
is characterized as facilitating the coordination and management of
patient care to be outside the scope of this definition for purposes of
this rule. By financial management services, we mean services such as
bookkeeping operations, contract management, revenue cycle management,
or other similar activities. These activities might complement the
organization of patient care activities, but they are not the type of
care coordination activities contemplated in our proposed rule or
covered by the final definition.
---------------------------------------------------------------------------
\29\ 84 FR 55707 (Oct. 17, 2019).
---------------------------------------------------------------------------
We also are mindful that, in certain situations, the remuneration
exchanged by the parties might incidentally assist the recipient with
performing certain of these administrative functions. However, we
believe that any benefit that the remuneration has on the
administrative activities of the recipient should be incidental, at
most. This approach helps ensure that value-based arrangements eligible
for safe harbor protection focus on the delivery of care to patients.
Arrangements that focus on billing and financial management services
arrangements may be structured to fit in another safe harbor, such as
the safe harbor for personal services and management contracts, which
includes protections such as a fair market value requirement. The
value-based safe harbors are not intended to protect billing and
financial management services arrangements, even those that might help
support care coordination and management, that are not fair market
value under the guise of a value-based arrangement.
We address this issue through a new provision in the care
coordination arrangements safe harbor at paragraph
1001.952(ee)(1)(iii)(A), which provides that the remuneration exchanged
pursuant to a value-based arrangement may not be exchanged or used more
than incidentally by the recipient for the recipient's billing or
financial management services. We are not adopting parallel provisions
in the substantial downside financial risk or full financial risk safe
harbors because there are circumstances in which billing and financial
management services could be included in the remuneration that is
protected by those safe harbors. For this same reason, we are not
incorporating this limitation into the definition of coordination and
management of care, which applies across all of the value-based safe
harbors.
Comment: A commenter suggested that we revise this term to require
the ``coordination or management of care'' instead of the
``coordination and management of care.''
Response: We appreciate the commenter's input; however, we are not
adopting the commenter's suggestion. The coordination and management of
care reflects an integrated set of activities for patients, as set out
in the definition we are finalizing in this rule. We are concerned that
management activities, standing alone, would not be appropriately
patient-focused to achieve the intent of the value-based safe harbors.
Comment: A commenter appeared to request that OIG revise its
definition of ``coordination and management of care'' to provide that
the deliberate organization of patient care activities and sharing of
information may be between VBE participants and patients' family
members or caregivers, in addition to those activities being conducted
between VBE participants and patients.
Response: We would consider the deliberate organization of patient
care activities and sharing of information between VBE participants and
patients' family members or others acting on the patients' behalf to
meet the definition of ``coordination and management of care.'' This
may include, for example, intervening caregivers, and family members,
such as for patients who are children. We note that an arrangement that
is solely between a VBE participant and a patient might constitute the
coordination and management of care, but it would not fit in the value-
based safe harbors because those safe harbors do not protect the
exchange of remuneration with patients. Other safe harbors may protect
the exchange of remuneration with patients, including the patient
engagement and support safe harbor at paragraph 1001.952(hh).
Arrangements between VBEs and one or more of their VBE participants or
between or among VBE participants that engage patients in efforts to
coordinate and manage care could qualify under the value-based safe
harbors with respect to remuneration flowing between a VBE and VBE
participant or between VBE participants if all safe harbor conditions
are met. For purposes of the care coordination arrangements safe
harbor, parties exchanging remuneration pursuant to the value-based
arrangement would need to be part of the coordination and management of
care of the target patient population in some fashion, although levels
of involvement in care coordination may differ among VBE participants,
depending on the scope and nature of the arrangement.
3. Care Coordination Arrangements To Improve Quality, Health Outcomes,
and Efficiency Safe Harbor (42 CFR 1001.952(ee))
a. General Comments
Summary of OIG Proposed Rule: We proposed a new safe harbor at
proposed paragraph 1001.952(ee) to protect in-kind remuneration
exchanged between qualifying VBE participants with value-based
arrangements that squarely satisfy all of the proposed safe harbor's
requirements. We developed this safe
[[Page 77724]]
harbor to facilitate value-based care and improved care coordination
for patients by providers and others that may be assuming no or less
than substantial downside financial risk.
Proposed conditions included commercial reasonableness (proposed
paragraph 1001.952(ee)(2)), written documentation (proposed paragraph
1001.952(ee)(3)), record retention (proposed paragraph
1001.952(ee)(11)), and establishment and monitoring of outcomes
measures (proposed paragraph 1001.952(ee)(1)). We proposed that
protected remuneration would be used primarily to engage in value-based
activities that are directly connected to the coordination and
management of patient care for the target patient population (proposed
paragraph 1001.952(ee)(4)(ii)). We further proposed that arrangements
could not induce VBE participants to furnish medically unnecessary care
or reduce or limit medically necessary care (proposed paragraph
1001.952(ee)(4)(iii)); could not be funded by outside sources (proposed
paragraph 1001.952(ee)(4)(iv)); could not limit medical decision-making
or patient freedom of choice (proposed paragraphs 1001.952(ee)(7)(ii)-
(iii)); could not take into account the volume or value of business
outside the value-based arrangement (proposed paragraph
1001.952(ee)(5)); and could not include marketing of items or services
to patients or patient recruitment activities (proposed paragraph
1001.952(ee)(7)(iv)). We proposed a requirement that the recipient of
the remuneration would pay at least 15 percent of the offeror's cost of
the remuneration (proposed paragraph 1001.952(ee)(6)). We also proposed
a requirement that arrangements be terminated within 60 days if the
VBE's accountable body or person determined that the arrangements were
unlikely to further coordination and management of care, were not
achieving the value-based purpose or were resulted in material
deficiencies in quality of care (proposed paragraph 1001.952(ee)(9)).
In addition, we proposed that an exchange of remuneration would not be
protected under the care coordination arrangements safe harbor if the
offeror knows or should know that the remuneration is likely to be
diverted, resold, or used by the recipient for an unlawful purpose
(proposed paragraph 1001.952(ee)(10)). These conditions were proposed
to minimize risks of traditional fee-for-service fraud and abuse and
pay-for-referral schemes, particularly in arrangements where the
parties are not assuming downside risk.
Summary of Final Rule: We are finalizing, with modifications, this
safe harbor. The safe harbor continues to protect in-kind remuneration
exchanged between a VBE and VBE participant or between VBE participants
pursuant to a value-based arrangement that squarely satisfies all of
the proposed safe harbor's requirements. We have modified and clarified
many of the safe harbor requirements in response to public comments, as
described below. The safe harbor includes conditions related to
commercial reasonableness, outcomes measures, written documentation,
record retention, monitoring, termination, marketing and patient
recruitment, and diversion and reselling of remuneration. The safe
harbor requires that protected remuneration be used predominately to
engage in value-based activities that are directly connected to the
coordination and management of care for the target patient population.
Protected arrangements cannot induce VBE participants to furnish
medically unnecessary care or reduce or limit medically necessary care;
cannot limit medical decision-making or patient freedom of choice; and
cannot take into account the volume or value of business outside the
value-based arrangement. Under the final rule, all recipients must pay
15 percent of the offeror's cost or 15 percent of the fair market value
of the remuneration. We are not finalizing the proposed condition
related to outside funding of the remuneration.
As detailed in section III.B.2.e and III.B.2.g of this preamble
relating to the VBE participant definition, we are carving out patients
and certain entities from the safe harbor; those entities are listed at
paragraph 1001.952(ee)(13). We are finalizing a limited pathway for
safe harbor protection in the care coordination arrangements safe
harbor for manufacturers of devices and medical supplies and DMEPOS
companies participating in digital health technology arrangements at
paragraph 1001.952(ee)(13). As discussed in section III.B.2.e.vi of
this preamble, we are finalizing a condition in the care coordination
arrangements safe harbor that restricts those entities from
conditioning the exchange of remuneration on any recipient's exclusive
use, or minimum purchase, of any item or service manufactured,
distributed, or sold by those entities.
This safe harbor protects in-kind remuneration only. Some monetary
compensation associated with care coordination or value-based
activities may be protected under other safe harbors, such as the other
value-based safe harbors or the safe harbor for personal services and
management contracts and outcomes-based payments at paragraph
1001.952(d).
Comment: Many commenters expressed support for the care
coordination arrangements safe harbor and the existence of a value-
based safe harbor that did not mandate the assumption of downside
financial risk. These commenters stated the safe harbor would
facilitate innovative arrangements to improve care coordination and
facilitate community partnerships. Other commenters, while generally
supportive of the safe harbor, asserted that it included too many
burdensome, complex, and subjective conditions; these commenters urged
OIG to reduce the number of requirements in the safe harbor.
Conversely, some commenters opposed the safe harbor, with their
concerns largely falling into two categories: (i) The potential for
fraud and abuse because the safe harbor does not require the parties to
assume downside risk or that there are not strong enough program
integrity guardrails; and (ii) negative effects on competition, i.e.,
unduly benefiting larger providers.
Response: We thank commenters for their feedback. The safe harbor
is intended to protect arrangements by parties who are transitioning to
higher levels of risk or who are engaging in care coordination that
improves quality and efficiency, without assuming risk. We agree with
commenters that there could be increased risk of fraudulent or abusive
behavior (e.g., overutilization) where providers who order items or
services are not at substantial downside financial risk. We structured
the care coordination arrangements safe harbor to reflect and mitigate
that increased risk. The safe harbor includes requirements tailored to
ensure that arrangements protected by the safe harbor--which could
apply to remuneration exchanged between parties who refer Federal
health care program business to each other and where both parties are
paid by Federal health care programs on a fee-for-service basis--do not
result in the traditional FFS fraud and abuse risks. As described in
the OIG Proposed Rule, traditional FFS fraud and abuse risks include
inappropriately increased costs to the Federal health care programs or
patients, corruption of practitioners' medical judgment,
overutilization, inappropriate patient steering, unfair competition, or
poor-quality care.\30\
---------------------------------------------------------------------------
\30\ 84 FR 55696 (Oct. 17, 2019).
---------------------------------------------------------------------------
We aimed to finalize a safe harbor that is not administratively
burdensome, overly complex, or subjective, but we
[[Page 77725]]
acknowledge that parties must satisfy a number of criteria to receive
safe harbor protection and that some parties may find the safe harbor
administratively burdensome, overly complex, and subjective with
respect to their particular arrangements. However, we believe that
these conditions, taken together, ensure the safe harbor protects
legitimate value-based arrangements, fosters improved care
coordination, allows for innovation, adequately addresses the
traditional FFS risks described above, and limits potentially
problematic referral schemes. We acknowledge that larger entities may
be better positioned to afford some types of investments required by
value-based activities, but we have intentionally crafted this safe
harbor for a wide range of care coordination arrangements, including
arrangements between small entities, providers serving rural and
underserved communities, or both, that might not require substantial
investment. As we describe elsewhere, many of the conditions are
flexible (i.e., not one-size-fits-all) and can be satisfied in ways
that take into account the size of, and resources available to, VBE
participants.
Comment: A commenter proposed that, in lieu of the care
coordination arrangements safe harbor, OIG enumerate acceptable value-
based arrangements that are of minimal monetary value to the referral
source.
Response: We did not propose to adopt a list of acceptable value-
based arrangements of minimal monetary value in lieu of the care
coordination arrangements safe harbor, and we are not adopting any such
list as part of this final rule.
Comment: A primary care provider requested that we address whether
or not it would be permissible to waive cost-sharing amounts for select
services under the care coordination arrangements safe harbor.
Response: As a threshold matter, whether cost-sharing is owed for a
particular service covered by Medicare or Medicaid is programmatic
policy under the auspices of CMS and state Medicaid programs. If cost-
sharing is owed by the beneficiary under the applicable programmatic
rules and a provider or supplier waives any such obligations, then a
question arises about whether any benefit stemming from the waiver of
the beneficiary's cost-sharing obligations implicates the Federal anti-
kickback statute or the Beneficiary Inducements CMP.
Cost-sharing waivers furnished to patients would not qualify for
protection under the care coordination arrangements safe harbor. First,
cost-sharing waivers are not in-kind remuneration, and the care
coordination arrangements safe harbor is limited to exchanges of in-
kind remuneration. Second, as explained further in section III.2.e.i of
this preamble, the context and framework of the value-based provisions
in the OIG Proposed Rule made clear that we did not intend patients to
be VBE participants who could engage in value-based arrangements under
the value-based safe harbors. We are finalizing, as proposed, that the
care coordination arrangements safe harbor is available to protect only
the exchange of in-kind remuneration between parties to a value-based
arrangement, not remuneration exchanged with patients. In response to
comments and for clarity, we have: (i) Revised the definition of ``VBE
participant'' to expressly exclude patients; and (ii) revised the
introductory language of the paragraph to expressly limit protection to
exchanges of remuneration between a VBE and VBE participant or between
VBE participants.
In some cases, other existing protections may be available for some
cost-sharing waivers, including cost-sharing waivers by certain
entities that are not offered as part of any advertisement or
solicitation; are not routine; and are made following an individual
determination of financial need.\31\
---------------------------------------------------------------------------
\31\ See, e.g., 42 U.S.C. 1320a-7b(b)(3)(D), (G); 42 CFR
1001.952(k); OIG, Special Fraud Alert: Routine Wavier of Copayments
or Deductible Under Medicare Part B, 59 FR 65372, 65377 (Dec. 19,
1994), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/121994.html.
---------------------------------------------------------------------------
Comment: A hospital association requested that the care
coordination arrangements safe harbor include a 12-month preparation
period that would be analogous to the ''phase-in'' periods in the
substantial downside financial risk and full financial risk safe
harbors. Similarly, at least two commenters requested that OIG protect
initial investments in value-based arrangements or activities by
parties exploring the creation of a VBE, with a commenter requesting
that OIG protect such remuneration prior to any terms being set forth
in a written agreement.
Response: We are not adopting the suggestion for a preparation or
``phase-in'' period for the care coordination arrangements safe harbor.
There may be practical or operational reasons for parties to engage in
financial arrangements or make ``phase-in'' investments as they explore
creating a VBE or before committing to a particular value-based
arrangement with partners. On balance, however, these considerations do
not outweigh the heightened risk of fraud or abuse during a ``phase-
in'' period in advance of the commencement of a value-based
arrangement, particularly in situations where parties have not yet
created a VBE with its attendant accountability and transparency
protections. Moreover, it is OIG's belief that the need for a ``phase-
in'' period is lower in the context of this safe harbor compared to the
risk-based safe harbors because this safe harbor is limited to in-kind
remuneration and does not require the assumption of risk. We allow for
a preparation or ``phase-in'' period in the two risk-based safe harbors
because we recognize that parties to a value-based arrangement may need
to exchange remuneration during a period of time before the VBE
formally takes on downside financial risk in order to prepare the VBE
and the VBE participants for that assumption of risk. The same context
does not exist for the care coordination arrangements safe harbor
because it does not require the assumption of risk. We note, however,
that parties may be able to structure some preparatory arrangements to
fit in this safe harbor, provided that a proper VBE and value-based
arrangement have been established and all other safe harbor
requirements are met, including the requirement that any exchange of
remuneration be used predominantly to engage in value-based activities.
Parties may also look to other potentially available safe harbors for
preparatory arrangements.
Comment: Multiple commenters requested clarification on, and
examples regarding, the types of entities and activities that could
qualify for protection under the care coordination arrangements safe
harbor. For example, a commenter requested that OIG expressly protect
income guarantees for physicians transitioning from traditional
compensation schemes to value-based models.
Response: With respect to the question regarding income guarantees,
income guarantees are not in-kind remuneration and would therefore not
qualify for protection under the care coordination arrangements safe
harbor. While neither exhaustive nor sufficiently detailed to allow for
a comprehensive analysis of the arrangement under the Federal anti-
kickback statute and the care coordination arrangements safe harbor, we
provide the following high-level examples to illustrate arrangements
that could be structured to satisfy the conditions of the care
coordination arrangements safe harbor.
First, to coordinate care and better manage the care of their
shared patients,
[[Page 77726]]
a specialty physician practice may wish to provide data analytics items
(e.g., software designed to present certain data) and services (e.g.,
conducting data analysis) to the primary care physician practice with
which it works closely and from which it receives referrals for
consultations and federally reimbursable items and services. The data
analytics items and services could, for example, identify practice
patterns that deviate from evidence-based protocols or confirm whether
followup care recommended by the specialty physician practice is being
sought by patients or furnished by the primary care physician group.
This provision of data analytics items and services could be structured
to satisfy the care coordination arrangements safe harbor.
Second, hospitals and physicians could work together in new ways to
coordinate and manage care for patients being discharged from the
hospital. The hospital might provide a physician group with care
managers (who identify the physician group's high-risk patients and
help manage patients' care transitions, medications, and home-based
care) to ensure patients receive appropriate followup care post-
discharge; data analytics systems to help the group's physicians ensure
that their patients are achieving better health outcomes; and remote
monitoring technology to alert the group's physicians when a patient
needs a health care intervention to prevent unnecessary emergency room
visits and readmissions.
Third, a medical technology company could partner with physician
practices, to better coordinate and manage care for patients discharged
from a hospital with digitally-equipped devices that collect and
transmit data to the physicians to help monitor the patients' recovery
and flag the need to intervene in real time (e.g., a device that
monitors range of motion that could inform what an appropriate physical
therapy intervention may be). The technology company could provide the
physician group with necessary digital health technology that improves
the physician group's ability to observe recovery and intervene, as
necessary.
We remind parties seeking to structure an arrangement to satisfy
the care coordination arrangements safe harbor that compliance with the
safe harbor requires a fact-specific assessment. In addition, we remind
stakeholders that the advisory opinion process remains available for
parties seeking to determine whether a particular arrangement satisfies
the care coordination arrangements safe harbor or for parties that
would like to request prospective protection for an arrangement that
does not squarely satisfy the terms of the safe harbor.
Comment: A commenter appeared to believe that the statement in the
OIG Proposed Rule that ``each offer of remuneration must be analyzed
separately for compliance with the safe harbor'' \32\ requires each
value-based arrangement to be reviewed by the Department, with the
potential for the Department to deny safe harbor protection for any
proposal.
---------------------------------------------------------------------------
\32\ 84 FR 55708 (Oct. 17, 2019).
---------------------------------------------------------------------------
Response: If there are multiple streams of remuneration flowing
under a single value-based arrangement, the parties would need to
evaluate each such stream separately to assess compliance with the safe
harbor (or, as appropriate, other available safe harbors). In the
context of an enforcement action, the government would likewise analyze
each such stream separately, and consider the totality of the
arrangement, to assess potential liability under the Federal anti-
kickback statute. The care coordination arrangements safe harbor does
not require, nor do any of our other value-based safe harbors require,
the submission of the value-based arrangement to the Department for
review.
Comment: Many commenters urged OIG to align the care coordination
arrangements safe harbor with CMS's value-based exception to the
physician self-referral law, with some asserting that the different
requirements in each would increase regulatory complexity and pose a
barrier to the advancement of value-based care. To facilitate
alignment, commenters suggested that OIG permit monetary remuneration,
remove any contribution requirement, or adopt CMS's definition of
``commercial reasonableness.'' A commenter appeared to request that OIG
and CMS both include a provision requiring a signed agreement.
Response: We aligned our safe harbors with the exceptions being
adopted by CMS as part of the Regulatory Sprint wherever possible. For
the reasons discussed in greater detail in section III.A.1, complete
alignment is not appropriate, including with respect to most of the
provisions of the care coordination arrangements safe harbor referenced
by commenters. In particular, the contribution and exclusion of
monetary remuneration serve to reduce risk of intentional kickback
schemes for reasons explained more fully in the preamble discussions of
each requirement, sections III.B.3.g (contribution requirement) and
III.B.3.e.i (in-kind remuneration). Specific to the recommended
expansion of the safe harbor to protect monetary remuneration, we
continue to believe that providing safe harbor protection for monetary
remuneration presents heightened fraud and abuse risks that outweigh
the potential benefits to Federal health care programs and patients.
This is particularly true where remuneration is exchanged between
parties that are not required to assume substantial financial risk, and
the protected remuneration is not required to be fair market value and
may take into account the volume or value of referrals for the target
patient population. Consistent with this concern, the new safe harbor
for outcomes-based payments at paragraph 1001.952(d)(2), which is
available for monetary remuneration, includes a fair market value
requirement and a limitation on directly taking into account the volume
or value of referrals. With respect to the commenter's request that OIG
and CMS align their respective signed writing requirements, we are
finalizing a requirement that the terms of the value-based arrangement
must be set forth in writing and signed by the parties, and we make
clear that the writing requirement can be satisfied by a collection of
documents, which aligns with the writing requirement in CMS's value-
based exception.
b. Outcome Measures
Summary of OIG Proposed Rule: We proposed to provide flexibility in
selecting outcome measures given the range of arrangements that may be
covered by the proposed safe harbor. We proposed in proposed paragraph
1001.952(ee)(1) to require parties to establish one or more specific
evidence-based, valid outcome measures to serve as benchmarks for
assessing the recipient's performance under the value-based arrangement
and advancement toward achieving the coordination and management of
care for the target population. The measures would not include patient
satisfaction or convenience measures. We expressed our view that
outcome measures should reflect more than maintenance of the status quo
and considered requiring that outcomes measures drive meaningful
improvements in quality, health outcomes, or efficiencies, whether by
driving improvements that are measurable or that are more than nominal
in nature. We indicated that we were considering for the final rule and
solicited comment on whether we should require rebasing of the outcome
[[Page 77727]]
measure (e.g., resetting the benchmark).\33\
---------------------------------------------------------------------------
\33\ 84 FR 55708 (Oct. 17, 2020).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications, the
outcome measures requirement at paragraph 1001.952(ee)(4). The
modifications are based on public comments. The final rule requires
that the parties to a value-based arrangement establish one or more
legitimate outcome or process measures that the parties reasonably
anticipate will advance the coordination and management of care for the
target patient population based on clinical evidence or credible
medical or health science support. The measure(s) must: (i) Include one
or more benchmarks related to improving, or maintaining improvement, in
the coordination and management of care for the target patient
population; (ii) relate to the remuneration exchanged under the value-
based arrangement; and (iii) not be based solely on patient
satisfaction or patient convenience. The outcome or process measure and
its benchmark must be monitored, periodically assessed, and
prospectively revised, as necessary, so that working towards the
measure continues to advance the coordination and management of care of
the target patient population.
Comment: Commenters generally supported the outcome measures
requirement, as proposed. However, some commenters opposed requiring
the parties to establish outcome measures against which a party would
be measured under a value-based arrangement. For example, the
commenters asserted that requiring the establishment of outcome
measures would be administratively burdensome, would be confusing, and
would not reflect the lack of valid outcome measures for many specialty
practices. Some commenters asked OIG for an exception to the
requirement for small and rural-based VBE participants and Indian
health care providers. A commenter representing Indian health care
providers requested that they be carved out from the outcome measures
requirement because of a concern that the outcome measures would not be
aligned with already reported Tribal outcome measures and would become
an unnecessary administrative burden on understaffed Indian health care
providers. Other commenters suggested that OIG should not finalize the
outcome measures requirement because the writing requirement in the
care coordination arrangements safe harbor is sufficient to protect
against fraud and abuse.
Response: As noted in the OIG Proposed Rule, inclusion of a
meaningful outcome measure in a protected value-based arrangement will
help ensure that the arrangement is designed to advance care
coordination and serves the needs of the target patient population. As
explained below, we have revised the requirement in the final rule to
increase flexibility, broaden options for meeting the requirement, and
reduce administrative burden, including on rural and small providers
and on Indian health care providers. Our revised approach also
addresses the comment regarding lack of standards for specialty
practices because we are not requiring use of industry standard
measures. Specialty practices may create measures using a range of
data, information, and sources, including internally generated data and
information, provided that, among other requirements, the measures are
based on clinical evidence, credible medical support, or credible
health science support, include an appropriate benchmark, and relate to
the remuneration being provided under the arrangement. This last
requirement helps ensure, as we explained in the OIG Proposed Rule,
that the measure bears a close nexus to the value-based activities in
the value-based arrangement and the needs of the target patient
population.
We are not aware of any impediment to Indian health care providers
using existing outcomes measures that they are already required to
report; nothing in the safe harbor requires development of new measures
if existing measures meet the final rule requirements.
We do not agree that a writing requirement is a sufficient
safeguard against fraud or abuse based on our enforcement experience.
While documentation is important for transparency and compliance
verification, it does not prevent fraud or abuse or ensure that
arrangements are carried out in accordance with their terms or serve
their intended purposes.
Comment: Commenters varied in their responses to the terminology we
proposed in the outcome measures requirement (``specific evidenced-
based, valid outcome measures''). For example, commenters asked OIG to
define ``outcome measure'' and ``evidence-based.'' A commenter
supported the concept of ``evidence-based'' outcome measures, stating
that OIG's proposal would provide needed flexibility to allow both
clinical and non-clinical outcome measures and to allow participants to
select up-to-date outcome measures, such as measures related to social
determinants of health. Other commenters pointed out the significant
time and resources needed, particularly for smaller VBEs and VBE
participants, to undertake studies or gather and document evidence for
novel interventions and to develop, implement, and monitor evidence-
based measures. Some commenters explained that using ``evidence-based''
as the standard would chill innovation by precluding innovative models
for which evidence does not already exist or value-based arrangements
that are currently pilots or demonstrations intended to develop
evidence. A commenter expressed concern that conditioning safe harbor
protection on ``valid'' outcome measures was too subjective and
recommended the outcome measures be ``clinically meaningful,'' which
could be based on measurable data or real-world evidence.
Response: We have reconsidered our use of the term ``evidence-
based'' in this rule. Our use of the term may have indicated a level of
scientific rigor and resource investment beyond what we intended for
purposes of this safe harbor, which is intended to be available for
experienced and new entrants into value-based care, including those not
yet ready to assume financial risk, and to promote innovation in care
delivery. We intended to include a standard that captured clinical and
non-clinical measures (including measures related to quality of care,
process improvements, efficiency in care delivery, and social
determinants of health), while also allowing for innovation. We did not
intend to require that protected arrangements be grounded in
experimental research, randomized clinical trials, best available
evidence, or other similar characteristics often associated with the
term ``evidence-based'' in common definitions. We did not intend to be
overly restrictive or to require strict scientific evidence of the
utility of an outcome measure. Having considered the comments, common
definitions, and input from Department experts, we are persuaded that
the term ``evidence-based'' was overly restrictive and not the best
term to describe the outcome measures we envisioned for purposes of
this rule.
We have likewise reconsidered our use of the terms ``valid'' and
``specific'' in the OIG Proposed Rule. These terms dovetailed with our
use of ``evidence-based'' and were intended to convey that the selected
outcome measures needed to be grounded in legitimate, verifiable data,
or other information. That is, we intended that selected measures be
legitimate and not sham measures used to justify an illegitimate
[[Page 77728]]
exchange of remuneration. Our intent is that selected measures be
credible and appropriate for the care coordination and management
purpose of the arrangement. Upon further consideration, the term
``legitimate''--and its common sense meaning--better effectuates our
intent, and we use that term in the final rule.
Accordingly, in this final rule, we are revising the requirement
that parties establish one or more specific evidence-based, valid
outcome measures. Under the final rule, the parties to a value-based
arrangement must establish one or more legitimate outcome or process
measures that the parties reasonably anticipate will advance the
coordination and management of care for the target patient population
based on clinical evidence or credible medical or health science
support. The terms ``clinical evidence or credible medical or health
science support,'' better reflect our intent to have a reasonable,
flexible standard applicable to a wide range of arrangements and to
allow selection of measures based on scientific, clinical, medical,
social science, or industry quality standards, or other legitimate,
verifiable data or information, whether internal to the VBE or
externally generated. By use of the term ``health science'' we intend
to include public health, health informatics, research and development,
and sciences that look at the treatment and prevention of diseases.
Unlike the new protection provided within the personal services and
management contracts safe harbor for outcomes-based payments, in this
safe harbor parties may rely on credible health science as well as
credible medical support, reflecting that this safe harbor covers a
wider variety of care coordination arrangements (including remuneration
in the form of health technology) and protects only in-kind
remuneration, rather than monetary payments, presenting relatively
lower overall risk.
The revised requirement continues to encompass both clinical and
non-clinical measures, and internal or externally generated measures,
and will allow participants to select up-to-date outcome or process
measures over time. Under the final rule, parties will be required to
document the measures they select and the clinical evidence, credible
medical support, or credible health science support upon which they
relied in making the selection by providing a description of the
measures in a signed writing.
Comment: Some commenters requested clarification from OIG regarding
how parties should select outcome measures, and others asked for
additional flexibility in the selection of outcome measures. For
example, parties asked OIG to permit both internally developed
measures, i.e., measures that do not require validation in a medical
journal or by another third-party source, and process-based measures,
such as providing or not providing a specific treatment to improve
patient outcomes or safety. A commenter asserted that outcome measures
should be anticipated to advance the coordination or management of care
of the target patient population rather than the coordination and
management of care of individual patients. Another commenter opposed
the requirement for outcome measures to advance the coordination and
management of care altogether, stating that care coordination is
process-based, not outcomes-based.
Other commenters expressed concern that too much flexibility for
parties to select outcome measures could lead parties to use subjective
measures that do not improve patient outcomes or are otherwise abusive.
A commenter suggested OIG require that: (i) Value-based arrangements
advance the coordination and management of care for the target patient
population; and (ii) in any dispute concerning the applicability of
this safe harbor, the VBE will bear the burden of proving, based upon
objective evidence, that the value-based arrangement advanced the
coordination and management of care of the target patient population.
Some commenters asked OIG to include an express requirement in the
final rule that outcome measures be designed to drive meaningful
improvements in quality, health outcomes, or efficiencies in care
delivery. Others supported a requirement for parties to establish more
than one outcome measure or only measures reflecting the outcomes most
important to patients.
A commenter recommended that parties be able to assess performance
toward achieving outcome measures with respect to the entire patient
population of an integrated delivery system instead of a subset of that
population. A commenter asked OIG to address issues regarding
individual physician participant measurement compared to group
measurement. The commenter expressed concern that individual physicians
may not have sufficient influence on the development of outcome
measures for their target patient population and that physician-level
measures can be challenging to develop (including because of small
sample size and appropriate accountability of individual physicians).
Response: We are modifying the requirement to clarify that parties
must select one or more legitimate outcome or process measures based on
clinical evidence, credible medical support, or credible health science
support. Parties must reasonably anticipate that the measures they
select will advance the coordination and management of the care of the
target patient population, which is the focus of this safe harbor. The
revised measure selection standard offers greater flexibility and
opportunities for innovation over time. The final rule permits clinical
and non-clinical measures, internally or externally developed.
Under the final rule, the outcome or process measures do not need
to be independently validated by a medical or other journal or another
third-party source. They can be process-based, such as, for example, a
measurement of the number of patients with diabetes that had their
blood pressure tested, and we are modifying the regulatory text to
clarify this. Unlike the new protection under the personal services and
management contracts safe harbor for outcomes-based payments, which
requires parties to achieve an outcome measure to receive payment (the
outcome measure may have a process component), the care coordination
arrangements safe harbor measure requirement offers greater
flexibility. It is broader in recognition that the safe harbor: (i)
Protects only in-kind remuneration, such as health technology, for
which process measures may be the most legitimate and useful type of
measure; and (ii) is available to VBE participants that are not taking
on risk for achieving outcomes.
In response to the assertion that outcome measures should be
anticipated to advance the coordination or management of care of the
target patient population rather than the coordination and management
of care, we addressed, and rejected, a similar suggestion in section
III.2.B.g regarding changing ``and'' to ``or'' in the definition of
coordination and management of care. Because the condition requiring
parties to establish outcome measures incorporates the definition of
``coordination and management of care'', it is appropriate to use that
defined term, which, for the reasons offered above, includes an ``and''
rather than an ``or.''
Where available, use of measures validated by a credible third
party would be a prudent practice, but this is not required. We confirm
that parties can select a measure applicable to the entire target
patient population or select a different outcome or process measures
for different segments of the target patient population (e.g., the
measure for
[[Page 77729]]
organ transplant patients within a target patient population may differ
from the appropriate measure for a non-transplant patient). In such
circumstances, the parties must (among other criteria) reasonably
anticipate that all such measures collectively will advance the
coordination and management of care for the entire target patient
population. With respect to selecting the target patient population, we
refer readers to that section of this preamble, section III.B.2.c.
We are further modifying our proposed rule to respond to the
comments and our own concerns regarding parties selecting measures in a
way that does not improve patient care or that could be abusive. In the
OIG Proposed Rule, we considered requiring that outcome measures drive
meaningful improvements in quality, health outcomes, or efficiencies,
whether by driving improvements that are measurable or that are more
than nominal in nature. We expressed concern about measures that merely
reflected the status quo. Arrangements that merely drive nominal change
or reflect only the status quo could be less likely to serve the care
coordination aims of this rulemaking and more likely to be vehicles to
reward referrals than arrangements in which parties receive
remuneration designed to drive meaningful, more than nominal, change in
patient care.
Accordingly, under the final rule, the outcome or process measures
must include one or more benchmarks related to improvements in, or the
maintenance of improvements in, the coordination and management of care
for the target patient population. The measures must relate to the
remuneration exchanged under the value-based arrangement so that there
is a close nexus between the value-based activities under the
arrangement and what the parties are measuring. Further, the measures
cannot be based solely on patient satisfaction or patient convenience,
both of which can be subjective, uninformative with respect to quality
or efficiency of care, and gamed with relative ease, including through
use of rewards or incentives to patients. On this last point, we are
aware that some legitimate patient satisfaction or patient convenience
measurement tools provide valuable information to providers and others
managing patient care. This safe harbor does not preclude use of such
tools (or any other form of measurement) as parties to value-based
arrangements see fit and find useful. But patient satisfaction or
patient convenience cannot be the only measure for purposes of
satisfying the safe harbor. Lastly, we are finalizing a requirement for
monitoring, periodically assessing, and prospectively revising an
outcome or process measure and its benchmark, as necessary, as
described below. This suite of requirements, taken together, is
intended to reduce the likelihood of abuses and ensure that the
selected measures relate to the protected remuneration and aim to
foster meaningful advancements in the coordination and management of
care.
Our revisions to the outcomes measure provision should address the
concerns raised regarding measurement at the individual or group
levels. This rule provides flexibility for parties to design legitimate
measures appropriate to the arrangement, using internal or external
data, and to account for characteristics such as available sample size
and ability of individual physicians to effect change. It is up to the
parties to determine which individual or entity that is a party to the
arrangement, e.g., a VBE participant, is accountable for assessing
progress on measures.
We are not prescribing how many measures parties must use; while we
anticipate value-based arrangements often would have more than one
outcome or process measure (or measures that include process measures
as a component of an outcome measure), some arrangements may lend
themselves to only one measure. Additionally, we are not requiring that
parties use only measures related to those outcomes or processes most
important to patients or that value-based arrangements must, in fact,
successfully advance the coordination and management of care for the
target patient population. The standard we are finalizing is designed
to encourage the selection of outcome and process measures that will
result in improved care for patients. To the comment about the VBE's
burden of proof in matters of dispute about the safe harbor, as with
all safe harbors in the criminal Federal anti-kickback statute, any
party seeking to avail themselves of the protection of a safe harbor
generally bears the burden of proof that they meet the requirements of
the safe harbor.
Comment: Some commenters expressed concern regarding whether
parties must meet the outcome measures in order to have safe harbor
protection, with a few commenters stating such a requirement would
disadvantage providers treating higher-risk patient populations who may
be less likely to meet outcome measures.
Response: We clarify that under the final rule, for purposes of
this safe harbor, parties need not successfully achieve the outcome or
process measure they select to qualify for safe harbor protection (and
if they select more than one, they need not meet any of them). However,
parties will need to monitor and periodically assess their arrangements
and potentially revise measures and benchmarks, as described below.
This will ensure that the selected measures remain a meaningful tool to
advance care coordination goals. Without the requirement to establish
and track progress toward achieving measures, the risk increases that
parties could abuse the care coordination arrangements safe harbor to
inappropriately drive referrals rather than patient care improvement.
We recognize that, despite best efforts, parties to a value-based
arrangement may not always achieve their selected measures due to a
variety of factors, such as uncertainty of patient behavior, lack of
control of results by a VBE participant, or misjudgments.
We note a key distinction between this safe harbor and the
protection of outcomes-based payments under the personal services and
management contracts safe harbor. The personal services and management
contracts safe harbor requires that agents achieve the outcome measure
established for their payments in order to receive those payments. This
is in keeping with a core purpose of the outcomes measure, which is to
be the basis for a party to receive a protected outcomes-based payment.
Comment: A commenter supported adding a requirement for parties to
make information regarding any outcome measures they establish
transparent to the public.
Response: We are not requiring that the outcomes or process
measures for value-based arrangements be made public under this safe
harbor, although parties are free to do so. We did not propose a public
transparency requirement and do not finalize one here. We recognize
transparency serves important accountability and integrity goals.
Consequently, we have included other conditions in the final safe
harbor intended to foster transparency while balancing the potential
burden on the parties seeking safe harbor protection. With respect to
outcome or process measures, we are finalizing the requirement that
parties include a description of the measures in a signed writing and
make available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of the
care coordination arrangements safe harbor.
Comment: Several commenters stated that OIG should not require the
use of
[[Page 77730]]
measures from CMS's Quality Payment Program (QPP) in the outcome
measure requirement, arguing that existing QPP measures are inadequate
for many specialties. Some commenters suggested OIG could encourage,
but not require, participants to utilize the criteria for the QPP
measures as a framework for establishing outcome measures.
Alternatively, some commenters requested that OIG require the use of
certain measures, such as measures promulgated by the National Quality
Forum, or require all quality and cost measures to be independently
assessed and approved by a third-party, multi-stakeholder organization.
Response: To provide flexibility and avoid triggering concerns that
any specified measures may be inadequate or inappropriate for certain
types of individuals or entities (e.g., specialists), we are not
requiring parties to utilize QPP measures or measures developed by any
particular organizations or to receive third-party approval for the
measures. Parties may use these measures at their discretion for
purposes of this safe harbor.
Comment: Several commenters encouraged OIG to allow patient
satisfaction and experience of care measures, such as timeliness of
care, to qualify as outcome measures under the care coordination
arrangements safe harbor. Along these same lines, a commenter suggested
that OIG include patient satisfaction and efficiency of care measures,
such as creating systems that prevent visits to the emergency room (for
example, rapid outpatient testing and evaluation services) that would
improve outcomes and reduce costs. This commenter observed that
satisfied patients are more likely to keep follow up appointments and
be compliant with care. Some commenters asserted that patient
satisfaction and experience measures reflect quality of care and noted
that CMS recognizes patient satisfaction as a quality measure that
affects reimbursement. Other commenters supported using convenience
measures, such as the availability of treatment times or timeliness of
patient's access to care, as outcome measures because they asserted
that patient adherence to treatment improves when care is convenient.
Another commenter stated that, while convenience, alone, may not be a
valid measure, OIG should permit parties to use convenience measures
when they are tied to other measures, such as utilization. On the other
hand, some commenters did not consider patient satisfaction or
convenience to be a valid outcome measure, noting a lack of evidence
tying patient satisfaction to better clinical outcomes.
Response: The commenters variously describe efficiency of care,
patient satisfaction, patient convenience, and patient experience of
care measures. As explained elsewhere, we have modified the outcomes
measures requirement to include process measures, which addresses the
commenters' suggestions regarding experience of care and efficiency of
care measures, such as rapid access to outpatient testing and
evaluation services. To assist commenters in appropriately categorizing
their outcome or process measures, we provide additional clarification
on patient satisfaction, patient convenience, and patient experience
measures. For purposes of this rulemaking, patient satisfaction is
about whether a patient's expectations for a health care encounter were
met, e.g., a patient's assessment of the responsiveness of hospital
staff. Different patients with different expectations can experience
the exact same care but report different degrees of satisfaction.\34\
Patient convenience could include measures that assess patient access
to care and accessibility of care, or the factors involved in arranging
for the provision of care, e.g., the distance or proximity to a site of
care or the hours during which care can be obtained.
In applying our regulation, patient experience can involve finding
out whether something that should happen in a health care setting
happened, for example, whether all hospital discharge planning
protocols were followed for certain patients. Patient experience
measures can overlap with patient satisfaction or convenience measures;
in particular, patient satisfaction or patient convenience could be a
sub-part of a patient experience measure. Accordingly, whereas patient
satisfaction or patient convenience cannot be the sole measure for
purposes of the care coordination arrangements safe harbor, the same
may not be true for patient experience measures, depending on the facts
and circumstances.
As stated in the OIG Proposed Rule, we are concerned that patient
satisfaction and patient convenience measures may not reflect actual
improvement in the quality of patient care, health outcomes, or
efficiency in the delivery of care. In some cases, such measures can be
subjective, uninformative with respect to quality or efficiency of
care, and potentially gamed with relative ease, including through use
of rewards or incentives to patients. That said, some patient
satisfaction or patient convenience measurement tools provide valuable
information to government programs, providers, and others managing
patient care. This safe harbor does not preclude use of such tools (or
any other form of measurement) as parties to value-based arrangements
see fit and find useful. As noted previously, while patient
satisfaction or patient convenience cannot be the sole measure for
purposes of the care coordination arrangements safe harbor, patient
satisfaction or patient convenience can be tied to other legitimate
measures or can exist alongside such other measures.
Comment: Several commenters encouraged OIG not to require regular
rebasing of outcome measures, and in particular, they opposed specific
timing for when parties must rebase these measures. These commenters
asserted that any timing requirement would be arbitrary, might
discourage participation in value-based arrangements, or may not be
clinically appropriate in all circumstances. A commenter expressed
concern that requiring rebased outcome measures could lead to the
unintended consequence of providers abandoning proven care coordination
programs once they have achieved a maximized performance level. On the
other hand, some commenters supported this requirement; for example, a
commenter supported rebasing pursuant to a specified timeframe, such as
every year, as long as the VBE participants determined that rebasing is
feasible.
Response: In the OIG Proposed Rule, we considered whether to
require parties to rebase outcomes measures (i.e., reset benchmarks
used to determine whether the outcome measure was achieved) where
rebasing is feasible. We indicated our intent to consider specifying a
timeline for rebasing or requiring that it be done periodically. We
solicited comments on whether rebasing should depend on the type of
outcome measure or the nature of the arrangement. We also explained in
the preamble to the OIG Proposed Rule that revisions to outcomes
measures (i.e., modification of outcomes measures) would need to
continue to incentivize the recipient of the remuneration to make
meaningful improvements. We expressed concern that retrospective
revisions could obscure a lack of meaningful improvement.
Upon further consideration of the terminology in the OIG Proposed
Rule, we conclude that we can best express our intended policy by using
the term ``revise'' rather than ``rebase'' in the final rule. The term
``revise'' has a broader common meaning and better reflects the goal
that measures be
[[Page 77731]]
changed or updated to advance improvements in care coordination. In
addition, we view ``rebase'' as a subcategory of ``revise''; in other
words, we recognize that the rebasing of benchmarks may be the best way
to ``revise'' the measure. Because we intended for parties to have the
flexibility to either ``revise'' measures, i.e., modify or update
measures to advance improvements in care coordination, or ``rebase''
benchmarks, and because ``revise'' could serve as an umbrella term
which would include ``rebase,'' we believe ``revise'' encapsulates our
intent.
In practice, parties can meet the requirement by revising the
measure itself or by rebasing the benchmarks for the measure. We
recognize that rebasing may not be necessary for all legitimate outcome
or process measures that advance the coordination and management of
care for a target patient population. For the final rule, measures must
be monitored, periodically assessed, and prospectively revised as
necessary to ensure that the measure and its benchmark continues to
advance the coordination and management of care of the target patient
population. We emphasize that any revisions must be prospective, not
retrospective.
We are requiring a periodic assessment and, as necessary based on
such assessment, revision of outcome or process measures and
benchmarks. Recognizing that different measures should be assessed on
different timelines, we are not implementing a specific timeframe for
assessing or revising measures, as in some cases, outcome measures
could be reviewed annually, whereas for others significant benefits to
patients could reasonably take 2 to 3 years to achieve.
As evidenced by the above discussion, we are also finalizing a
requirement for parties to a care coordination arrangement to have one
or more benchmarks for each outcome or process measure that are related
to improving or maintaining improvements in the coordination and
management of care of the target patient population. Benchmarks help
ensure that the remuneration exchanged pursuant to the value-based
arrangement continues to drive meaningful improvements, or the
maintenance of improvements, in the coordination and management of care
for the target patient population.
Comment: Some commenters opposed a requirement for payors to
identify outcome measures, positing that such a top-down approach would
limit providers that are best situated to identify value-driving
activities and may be impractical when payors are not parties to a
value-based arrangement. Another commenter suggested that the adoption
of payor-identified outcome measures by a VBE should be a favorable
factor when evaluating a value-based arrangement for compliance with
the proposed safe harbor. According to the commenter, payors have
unique capabilities to: (i) Give providers the information they need to
identify patient populations that may benefit most from management and
care coordination interventions; and (ii) recommend benchmarks based on
experience and access to data that are used to assess outcome measures.
Response: The final rule allows, but does not require, the use of
payor-driven or developed outcome measures. Parties are free to use
payor measures if they find them useful or if doing so is required by a
payor.
Comment: We solicited comments on using a different outcomes
measures standard for information technology than for other care
coordination arrangements. Commenters were generally supportive of an
alternative standard, such as an adoption and use standard, stating
that it would allow more flexibility, which is important for
arrangements that are centered on an ever-changing and developing
industry. At least one commenter suggested language for this
alternative standard, namely, ``the parties determine in good faith
that the technology is expected to meaningfully advance achievement of
the targeted health outcomes, patient care quality improvements, or the
appropriate reduction in costs . . . [etc.],'' while another commenter
suggested that VBE participants should have the option, but not be
required, to designate utilization and adoption measures in IT
arrangements as alternatives to outcome measures. A commenter who
supported the use of alternative measures for IT advocated against
OIG's proposal to implement a time frame after which the recipient of
IT would be required to pay fair market value for continued use of the
IT, stating that suddenly requiring fair market value payments may
unnecessarily cause drastic and costly changes to an entire system and
could disrupt continuity of care.
Response: The final rule for establishing the required outcomes or
process measures is flexible enough to address information technology
arrangements. Legitimate process measures (including use and adoption)
or performance measures can be used so long as the parties reasonably
anticipate that the measures will advance the coordination and
management of care of the target patient population and the benchmark
and other requirements are met. No separate outcome measures
requirement is needed for information technology arrangements. We are
not finalizing our proposal that outcomes measures be evidence-based,
which we acknowledged could have been a difficult standard for some
information technology arrangements. Measures must be selected based on
clinical evidence or credible medical or health science support. This
support may be based on external sources or generated internally. The
specific addition of health science as a basis for selection reflects
our intent, among other things, to allow remuneration in the form of
information technology under the care coordination safe harbor. Since
we are not including an IT-specific standard, we are not placing a time
limit on the use of IT-related remuneration in care coordination
arrangements. In light of our modifications to the measurement standard
and other safeguards against fraud and abuse in the safe harbor,
adopting the additional requirements we considered in the OIG Proposed
Rule related to outcomes measures for the exchange of health
information technology is not necessary.
c. Commercial Reasonableness
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ee)(2) to require that the value-based arrangement pursuant to
which the remuneration is exchanged be commercially reasonable,
considering both the arrangement itself and all value-based
arrangements within the VBE. We indicated that we were considering for
the final rule whether to define a ``commercially reasonable
arrangement'' as an arrangement that would make commercial sense if
entered into by reasonable entities of a similar type and size, even
without the potential for referrals. We solicited comments on the need
for a definition of a ``commercially reasonable arrangement.''
Summary of Final Rule: We are finalizing, without modification, our
proposed requirement at paragraph 1001.952(ee)(2). We are not defining
a ``commercially reasonable arrangement'' in the final rule.
Comment: Some commenters supported a commercial reasonableness
requirement while others opposed it. Several commenters noted that this
requirement is inconsistent with the value-based arrangements exception
to the physician self-referral law, which does not require that the
value-based arrangement be commercially reasonable. Others emphasized
that the
[[Page 77732]]
standard introduces complexity and uncertainty that may require parties
to consult with legal counsel, with some of these commenters asserting
that this burden could have a disproportionate impact on small and
rural providers.
Response: In the context of care coordination arrangements where
parties are not required to take on financial risk, the remuneration
does not need to be consistent with fair market value, and the
remuneration may take into account the volume of patients in the target
patient population or the value of referrals or other business
generated between the parties resulting from referrals of the target
patient population, we believe requiring the value-based arrangement to
be commercially reasonable is an important safeguard to ensure that
safe harbor protection is limited to remuneration exchanged pursuant to
value-based arrangements that are designed and implemented to achieve
legitimate objectives rather than merely to induce or reward referrals.
The commercial reasonableness requirement focuses on ensuring that
parties structure the terms of their value-based arrangement, including
but not limited to the amount of the remuneration, in a manner that is
calibrated to achieve the parties' legitimate business purposes. For
example, as described in the OIG Proposed Rule, if VBE participants
were to enter into a value-based arrangement to facilitate the sharing
of patient-outcome data, it may be commercially reasonable for a
hospital VBE participant to donate technology to a group practice VBE
participant to facilitate this process. However, it may not be
commercially reasonable for that same hospital VBE participant to
donate technology substantially more sophisticated, or with enhanced
functionality, beyond that necessary for communicating data on shared
patients between the two parties.\35\ We are concerned that, absent the
commercial reasonableness requirement, the other conditions in this
safe harbor will not sufficiently mitigate the risk of one party
offering more remuneration than is necessary, such as in the example
above, to reward the other party for referrals of target patient
population patients, which is why we are finalizing the requirement in
this final rule that the value-based arrangement itself be commercially
reasonable. Further, the commercial reasonableness requirement is the
only safeguard in the care coordination arrangements safe harbor that
directly addresses the risk that parties might use a series of value-
based arrangements to effectuate a payment-for-referral scheme. For
this reason, we are finalizing the second prong of the commercial
reasonableness requirement that the value-based arrangement must be
commercially reasonable when considering all value-based arrangements
in the VBE.
---------------------------------------------------------------------------
\35\ 84 FR 55709. In the OIG Proposed Rule, we noted in
connection with this example that nothing would prevent the donation
of technology with enhanced functionality when a value-based
arrangement requires that capability or when technology without that
functionality is not practicable.
---------------------------------------------------------------------------
In sum, the commercial reasonableness requirement in this safe
harbor: (i) Helps to ensure that the value-based arrangement, and all
value-based arrangements within in the VBE, serve legitimate
objectives; (ii) mandates that parties structure the terms of their
value-based arrangement, including but not limited to the amount of the
remuneration, in a manner that is calibrated to achieve the parties'
legitimate business purposes; and (iii) reduces the likelihood that the
value-based arrangement might be a payment-for-referral scheme.
With respect to the complexities associated with assessing
commercial reasonableness and the potential need to consult with legal
counsel, we appreciate those concerns and note that the inclusion of a
commercial reasonableness condition in safe harbors is not new. Several
existing safe harbors require protected remuneration to be commercially
reasonable. We believe parties, including small and rural providers,
can apply this concept and that including it as a condition of this
safe harbor will not impose significant additional burden.
In response to those commenters who noted that the proposed safe
harbor is inconsistent with CMS's proposed exception for value-based
arrangements, we note that CMS's exception for value-based arrangements
(42 CFR 411.357(aa)(3)), as finalized, includes a commercial
reasonableness requirement.
Comment: A commenter asserted that the move to value-based care
helps to eliminate many of the program integrity concerns that OIG
might seek to address through a commercial reasonableness requirement.
Response: We agree that a shift to value-based payment models may
curb some of the traditional program integrity concerns associated with
a fee-for-service payment system. However, this safe harbor offers
protection for care coordination arrangements without requiring that
the parties assume financial risk or otherwise participate in a value-
based payment model. As a result, the traditional program integrity
risks resulting from fee-for-service payment are likely to persist. For
example, we are concerned that, in some circumstances and in the
absence of safe harbor guardrails, remuneration furnished pursuant to a
value-based arrangement may lead to overutilization, corruption of
practitioners' medical judgment, inappropriate patient steering, or
unfair competition. By requiring the value-based arrangement to be
commercially reasonable with respect to both the arrangement itself and
all value-based arrangements within the VBE, this condition helps to
safeguard against these program integrity concerns by requiring that
the terms of the value-based arrangement be calibrated to achieve the
parties' legitimate business purposes.
For example, we explained in the OIG Proposed Rule that a single
value-based arrangement in which a hospital VBE participant provides a
necessary number of care coordinators for the target patient population
to a SNF VBE participant may be commercially reasonable. However, if a
VBE includes multiple similar value-based arrangements, each of which
involves the same hospital VBE participant furnishing care coordinators
to the same SNF VBE participant for the same or a similar target
patient population, the commercial reasonableness of the remuneration
exchanged within the value-based arrangements in the aggregate may be
suspect if it lacks a legitimate business purpose.\36\ This arrangement
could lead to the program integrity concerns identified above (e.g.,
inappropriate patient steering) and, absent a commercial reasonableness
requirement, the conditions of the safe harbor might otherwise be met.
---------------------------------------------------------------------------
\36\ 84 FR 55709.
---------------------------------------------------------------------------
Comment: Some commenters asserted that a commercial reasonableness
requirement will create an obstacle to value-based care. Others
asserted that few arrangements would ever satisfy this criterion
because value-based arrangements do not make any commercial sense
without the potential for referrals. These commenters noted that
changes in referral patterns alone are not the goal of a value-based
arrangement but that they may well be the consequence.
Response: We are not persuaded that a commercial reasonableness
requirement will impede the transition to value-based care. We believe
that it is eminently feasible to structure value-based arrangements to
meet the commercial reasonableness requirement by ensuring that the
terms of the value-
[[Page 77733]]
based arrangement, and all value-based arrangements within the VBE, are
reasonably calculated to achieve the VBE participants' legitimate
business purposes.
The framing of the commercial reasonableness condition in the final
rule, which allows for the possibility of referrals, addresses the
commenters' concerns. Specifically, we recognize that a value-based
arrangement may, and often will, result in referrals. The commercial
reasonableness requirement is intended to ensure that the terms of the
value-based arrangement, considering both the arrangement itself and
all value-based arrangements within the VBE, are calibrated to achieve
the value-based purpose(s) of the arrangement, not the generation of
referrals. We agree with the commenters' related assertion that changes
in referral patterns alone are not the goal of a value-based
arrangement but may be the consequence.
For example, a value-based arrangement that provides remuneration
in excess of what is reasonably necessary to coordinate and manage the
care of the target patient population, as contemplated by the terms of
that arrangement, would not be commercially reasonable. Likewise, terms
that are calibrated to secure referrals, rather than to achieve the
value-based purposes of the value-based arrangement, would result in an
arrangement that is not commercially reasonable for purposes of this
safe harbor. The mere fact that referral patterns may change as a
result of a value-based arrangement does not necessarily preclude the
arrangement from meeting the commercial reasonableness requirement.
Comment: With respect to whether we should adopt a definition for a
commercially reasonable arrangement, several commenters expressed
support, but these commenters did not agree on a definition. Some
commenters supported the definition presented in the preamble to the
OIG Proposed Rule, which defined a ``commercially reasonable
arrangement'' as an arrangement that would make commercial sense if
entered into by reasonable entities of a similar type and size, even
without the potential for referrals. Others encouraged us to adopt
CMS's proposed definition, which states that commercially reasonable
means the particular arrangement furthers a legitimate business purpose
of the parties and is on similar terms and conditions as like
arrangements. Other commenters suggested that OIG should focus on
whether the arrangement makes ``value-based'' sense in the context of a
value-based arrangement instead of whether it makes ``commercial''
sense. Other commenters provided alternative definitions that varied in
scope. A commenter asserted that the definition should not preclude
consideration of referrals not covered by Medicare.
Commenters also requested various clarifications and affirmative
statements from OIG, including that: (i) Commercial reasonableness
refers primarily to the non-financial elements of a transaction or
arrangement while the concept of fair market value addresses the
financial aspects, and (ii) an arrangement may be commercially
reasonable even if it operates at a loss.
Response: While we are not adopting a definition of ``commercially
reasonable arrangement,'' we appreciate commenters' requests for
guidance. There are multiple dimensions to commercial reasonableness,
including both the financial and non-financial terms of an arrangement.
The fact that an arrangement generates a loss for a party is one
factor, among many, that could be considered in analyzing whether an
arrangement is commercially reasonable. An arrangement may be
commercially reasonable even if it does not result in profit for one or
more of the parties. Any determination whether a particular value-based
arrangement is commercially reasonable would be based on the totality
of the facts and circumstances of such arrangement, and the financial
aspects of the value-based arrangement would be relevant to that
inquiry.
With respect to the assertion that the commercial reasonableness
definition should not preclude consideration of referrals of non-
Medicare business, as we stated above, we are not adopting this
definition. We reiterate that the commercial reasonableness requirement
in this safe harbor requires that the VBE participants structure the
terms of the value-based arrangement in a manner that is calibrated to
achieve the parties' legitimate business purposes. We also reiterate
our longstanding guidance that arrangements that do not involve
referrals of Federal health care program beneficiaries or business
generated by Federal health care programs may implicate the Federal
anti-kickback statute by disguising remuneration for Federal health
care program business through the payment of amounts purportedly
related to non-Federal health care program business. Arrangements with
this type of disguised remuneration would not be calibrated to achieve
a legitimate business purpose and would thus not be commercially
reasonable. Whether any particular arrangement reflects this type of
disguised remuneration would depend on the specific facts of the
arrangement.
Comment: Some commenters asserted that the definition of
``commercially reasonable arrangement'' in the preamble to the OIG
Proposed Rule, which considered defining such an arrangement as one
that would make commercial sense if entered into by reasonable entities
of a similar type and size, even without the potential for referrals,
is inconsistent with OIG's prior commentary relating to the requirement
in certain other safe harbors that the remuneration must be reasonably
necessary to accomplish the commercially reasonable business purpose of
the arrangement.
Response: We are not further defining a ``commercially reasonable
arrangement'' in this final rule, beyond the test for commercial
reasonableness articulated in the regulatory text (i.e., that
commercial reasonableness must be evaluated by considering both the
value-based arrangement itself and all value-based arrangements within
the VBE). As explained above, the test for commercial reasonableness is
tailored to this particular safe harbor for care coordination
arrangements and is meant to be both flexible to allow for innovative
arrangements that serve legitimate objectives and sufficiently
constrained to limit the risk of schemes to pay for referrals. That
said, our prior guidance remains instructive on the application of the
term ``commercially reasonable'' in the safe harbor context,
particularly with respect to having a legitimate business purpose.\37\
---------------------------------------------------------------------------
\37\ See, e.g., Medicare and State Health Care Programs: Fraud
and Abuse; Clarification of the Initial OIG Safe Harbor Provisions
and Establishment of Additional Safe Harbor Provisions Under the
Anti-Kickback Statute; Final Rule, 64 FR 63518, 63425 (Nov. 19,
1999) available at https://oig.hhs.gov/fraud/docs/safeharborregulations/getdoc1.pdf.
---------------------------------------------------------------------------
d. Writing
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee)(3) to require that each value-based arrangement, pursuant
to which the remuneration is exchanged, be set forth in a signed
writing, established in advance of, or contemporaneous with, the
commencement of the value-based arrangement or any material change to
the value-based arrangement. We proposed in the same paragraph that the
writing state, at a minimum: (i) The value-based activities to be
undertaken
[[Page 77734]]
by the parties to the value-based arrangement; (ii) the term of the
value-based arrangement; (iii) the target patient population; (iv) a
description of the remuneration; (v) the offeror's cost for the
remuneration; (vi) the percentage of the offeror's cost contributed by
the recipient; (vii) if applicable, the frequency of the recipient's
contribution payments for the offeror's ongoing costs; and (viii) the
specific evidence-based, valid outcome measure(s) against which the
recipient would be measured.
Summary of Final Rule: We are finalizing, with modifications, the
writing requirement in paragraph 1001.952(ee)(3). The following
modifications respond to public comments: (i) The writing requirement
can be satisfied by a collection of documents; (ii) parties must
document the fair market value of the remuneration or, alternatively,
the offeror's cost of the remuneration and the accounting methodology
utilized to determine such cost; and (iii) parties must document the
value-based purpose(s) of the value-based activities provided for in
the value-based arrangement. We are also clarifying that the terms of
the value-based arrangement must be established in advance of, or
contemporaneous with, the commencement of the value-based arrangement
``and any material change,'' instead of ``or any material change.'' In
the preamble to OIG Proposed Rule, we described a writing requirement
that would promote transparency of the value-based arrangement, both at
its commencement and when there is a material change. These are the
logical junctures where the writing requirement particularly serves its
transparency purposes. Our proposed regulatory text did not make clear
that the writing was needed at both junctures; our modifications more
clearly express that policy. Lastly, we are modifying the writing
requirement for consistency with changes to the language of the outcome
and process measures condition, discussed in section III.3.b. The
remaining requirements of the writing requirement are finalized as
proposed.
Comment: While several commenters expressed support for the writing
requirement, numerous commenters were concerned that this requirement
does not afford parties the flexibility to document their value-based
arrangement in a ``collection of documents'' and instead requires a
single signed writing.
Response: We have revised the writing requirement to permit a
``collection of documents'' approach in response to commenters'
concerns. To receive safe harbor protection, the terms of the value-
based arrangement must be set forth in writing and signed by the
parties in advance of, or contemporaneous with, the commencement of the
value-based arrangement and any material change to the value-based
arrangement. Under this approach, parties are not required to have a
single, signed writing setting forth the terms of the agreement, but
there must be either a single, signed writing or a collection of
documents in place--in advance of, or contemporaneous with, the
commencement of the value-based arrangement--in order to meet this
condition. In addition, if any material term (e.g., an outcome or
process measure) changes during the course of the value-based
arrangement, the parties would need to set forth such changes in a
signed writing or collection of documents in advance of, or
contemporaneous with, the commencement of the modified value-based
arrangement. We note that, while the terms do not need to be set forth
in a single, signed writing, we believe this approach is a best
practice from a compliance perspective.
Comment: A commenter requested that OIG permit a VBE to sign the
writing required by this safe harbor on behalf of all parties to the
applicable value-based arrangement because, according to the commenter,
it would be challenging to arrange for all parties to sign a single
document in advance of the commencement of the value-based arrangement.
Response: We decline to adopt the commenter's suggestion. To
promote transparency and accountability, each value-based arrangement
must be set forth in writing and signed by all parties to the value-
based arrangement. While the VBE may be a signatory to the value-based
arrangement, its signature alone would not meet the writing requirement
for this or any of the other value-based safe harbors. We believe there
is sufficient flexibility in this requirement insofar as we do not
require the writing to be a single document (i.e., the parties can sign
separate documents), and we allow it to be signed in advance of, or
contemporaneous with, the commencement of the value-based arrangement.
Comment: Some commenters disagreed with the proposed writing
requirement, stating that it was burdensome, was too prescriptive, or
would increase the risk of inadvertent non-compliance. Commenters took
particular issue with the requirement that parties document the
offeror's cost for the remuneration. A commenter asserted that this
provision is unnecessary in light of the condition to maintain and make
available to the Secretary, upon request, all materials and records
sufficient to establish compliance with the conditions of this safe
harbor, while at least two commenters expressed concern that it could
result in the inappropriate disclosure of competitively sensitive
information. One such commenter provided the example of an offeror that
might furnish certain in-kind remuneration to a VBE participant to
benefit the VBE and further its value-based purpose, but who might want
to offer the same in-kind remuneration to the recipient at market rates
for use in other lines of business. According to the commenter, it
would be commercially unreasonable to require the offeror to disclose
its cost structure and requested that we allow parties to satisfy this
condition through a written representation that the contribution amount
equals at least 15 percent of the offeror's cost.
Response: We are not persuaded that our writing requirement is
overly prescriptive or burdensome, rather it is an essential safeguard.
The required contents are of the kind commonly part of business
agreements: The parties, purposes, services, financial and business
terms, duration, and metrics. In addition, for safe harbor purposes, we
view the requirement that the writing set forth the offeror's cost for
the remuneration or the fair market value of the remuneration--detailed
in section III.B.3.g--as a material term to the parties' arrangement
because of the safe harbor's 15 percent contribution requirement. The
inclusion of this term in the writing ensures a transparent
understanding of the arrangement agreed to by the parties.
Accordingly, we are finalizing the writing requirement, including a
requirement that parties document: (i) Either the fair market value of
the remuneration or the offeror's cost of the remuneration, dependent
upon the methodology used by the parties to determine the contribution
amount; and (ii) the percentage and amount contributed by the
recipient. Consistent with revisions to the contribution requirement
methodology discussed in detail in section III.B.3.g, we require that
parties who choose to document the offeror's cost of the remuneration,
instead of the fair market value, also must document the reasonable
accounting methodology used to calculate such costs.
We believe requiring parties to calculate and document the
contribution amount based on the fair
[[Page 77735]]
market value of the remuneration or the offeror's cost of the
remuneration addresses commenters' confidentiality concerns and, for
this reason, we are not adopting the commenter's suggestion to use
written representations of the offeror's cost for the purposes of
satisfying the writing requirement. We understand that information
relating to an offeror's cost may include proprietary or competitively
sensitive information that parties might not wish to put in their
written agreements. We do not believe the same holds true for fair
market value.
In response to commenters' concerns that the writing requirement
increases the risk of inadvertent non-compliance, we note that our
modification to permit a collection of documents to satisfy the
requirement should help address compliance concerns by incorporating
more flexibility in this requirement. Further, should an arrangement
inadvertently fail to comply with a safe harbor condition that would
not mean that the arrangement violates the Federal anti-kickback
statute. Rather, the arrangement would not have safe harbor protection
and would need to be analyzed based on its facts, including the intent
of the parties, for compliance with the statute.
Comment: A commenter requested that we address how parties to a
value-based arrangement would need to document a value-based
arrangement's value-based purpose.
Response: We did not expressly propose--as part of the writing
requirement--that the parties document the value-based purpose(s) of
the value-based activities provided for in the value-based arrangement.
However, such requirement, which we are including in the final rule,
effectuates our intent and logically flows from the intersection of the
following proposals, each which is finalized here: (i) That the writing
state, among other things, the value-based activities to be undertaken
by the parties to the value-based arrangement; (ii) the ``value-based
activity'' definition, which would require, in part, that the activity
is reasonably designed to achieve at least one value-based purpose of
the value-based enterprise; and (iii) the requirement that protected
remuneration be used predominantly to engage in value-based activities
that are directly connected to the coordination and management of care
for the target patient population. In particular, it seems sensible
that in describing the value-based activity--which, by definition, are
reasonably designed to achieve at least one value-based purpose of the
value-based enterprise--and to confirm that one purpose is the
coordination and management of care, the writing would specify the
value-based purpose that the activities are designed to achieve.
Consequently, we finalize a condition requiring that parties
document the value-based purpose(s) of the value-based activities
provided for in the value-based arrangement as part of the required
writing. In particular, we view the documentation of the value-based
purpose(s)--and specifically, documentation of the care coordination
and management of care purpose--to be an important component of a
writing designed to ensure transparency and accountability.
e. Limitations on Remuneration
i. In-Kind Remuneration
Summary of OIG Proposed Rule: We proposed that the remuneration
exchanged must be in-kind under the proposed condition at paragraph
1001.952(ee)(4)(i).
Summary of Final Rule: We are finalizing, without modification, the
requirement that the remuneration be in-kind, and moving it to
paragraph 1001.952(ee)(1)(i).
Comment: While some commenters supported limiting protection under
the care coordination arrangements safe harbor to in-kind remuneration,
a number of commenters requested that OIG expand the safe harbor to
protect monetary remuneration of any amount or, alternatively, monetary
remuneration up to a certain amount annually. Many commenters asserted
that the proposed safe harbor would not protect financial arrangements
that incentivize behavior change, such as shared savings payments or
payments to adhere to care protocols, and further asserted that the
other safeguards in the safe harbor are sufficient to protect against
fraud and abuse. A commenter suggested that OIG only protect shared
savings distributed after the VBE has satisfied its expenses. Some
commenters requested that the safe harbor protect monetary remuneration
distributed under upside-only risk arrangements, particularly where the
remuneration is tied directly or indirectly to achievement under a
value-based arrangement with a payor. Other commenters asserted that
the care coordination arrangements safe harbor should protect
ownership, investment interests, loan arrangements (including interest
payments), and similar transactions to fund infrastructure for the VBE
that will facilitate the development and operation of a value-based
arrangement.
Other commenters asserted that the safe harbor should permit the
exchange of monetary remuneration, so physician practices can receive
remuneration and purchase their own clinical tools or services and
select staff members who best meet the needs of the practice. For
example, a primary care practice explained that it would like to engage
a psychologist or behavioral health professional to assist with
patients presenting with depressive symptoms or needing additional
assistance managing mental health conditions and that expanding this
safe harbor to protect monetary remuneration would allow the practice
to select a behavioral health professional who, among other things,
best meets the needs of the practice's patient population. They
explained that, otherwise, the offeror of in-kind remuneration would
make those purchasing decisions and selections for the recipient.
Another commenter asserted that OIG's and CMS's final rules should
align to protect both in-kind and monetary remuneration or only in-kind
remuneration, arguing that any inconsistency would result in a barrier
to the advancement of value-based care. A commenter suggested that the
safe harbor protect monetary remuneration for specific services; for
example, a hospital might offer to cover the costs of a nurse navigator
at a SNF, instead of providing the nurse navigator directly, because it
wants the SNF to have the contractual relationship with the nurse
navigator. Lastly, several commenters requested that OIG expand the
safe harbor to protect monetary remuneration exchanged under
arrangements involving Indian health programs.
Response: We are finalizing the requirement that the remuneration
exchanged pursuant to this safe harbor must be in-kind. We continue to
believe that providing safe harbor protection to monetary remuneration
exchanged under arrangements where: (i) The parties are not required to
assume financial risk, and (ii) the protected remuneration is not
required to be fair market value and may take into account the volume
or value of referrals for the target patient population, presents
heightened fraud and abuse risks that outweigh the potential benefits
to Federal health care programs and patients. OIG's longstanding
guidance makes clear that remuneration in the form of cash and cash
equivalents pose a higher risk of interfering with clinical decision-
making, incentivizing overutilization or inappropriate utilization, and
increasing costs to Federal health care programs. We do not
[[Page 77736]]
view protection for ownership or investment interests as fundamental to
parties entering into value-based arrangements for the coordination and
management of care for a target patient population. Parties seeking to
protect a particular investment interest may look to existing safe
harbors (e.g., the safe harbor for investment interests at paragraph
1001.952(a)); in addition, the advisory opinion process remains
available. Further, while we understand recipients' desire to select
their own care coordination items and services rather than receiving
items and services an offeror selects, we note that parties do not have
to enter into value-based arrangements and might agree to enter into
such arrangements only where the item(s) or service(s) being offered
are satisfactory to the recipient. We also note that, where a party
offering remuneration desires for the recipient to contract directly
for items and services, the recipient may do so as long as the offeror
pays the vendor of the items and services directly. Further, while we
understand recipients' desire to select their own care coordination
items and services rather than receiving items and services an offeror
selects, we note that parties do not have to enter into value-based
arrangements and might agree to enter into such arrangements only where
the item(s) or service(s) being offered are satisfactory to the
recipient. We also note that, where a party offering remuneration
desires for the recipient to contract directly for items and services,
the recipient may do so as long as the offeror pays the vendor of the
items and services directly. Lastly, we note that individuals and
entities may look to other safe harbors, such as the safe harbor for
personal services and management contracts and outcomes-based payment
arrangements at paragraph 1001.952(d), for protection for certain
monetary remuneration.
Finally, in response to the comment requesting that CMS's and OIG's
final protections align to protect both in-kind and monetary
remuneration or only in-kind remuneration, we refer readers to section
III.A.1, where we discuss fundamental differences in statutory
structures and sanctions across the physician self-referral law and
Federal anti-kickback statute and elaborate on the reasoning behind
conditions that differ in any similar exception and safe harbor
finalized by CMS and OIG, respectively, in each agency's final rule in
connection with the Regulatory Sprint. With respect to OIG's specific
policy to limit the care coordination arrangements safe harbor to in-
kind remuneration, this policy addresses the heightened risk that
fungible monetary remuneration could be misused to make intentional
kickback payments and would be more difficult to track. OIG and CMS
permit monetary and non-monetary remuneration in the value-based safe
harbors and exceptions that require parties to assume risk.
ii. Remuneration Used To Engage in Value-Based Activities
Summary of OIG Proposed Rule: We proposed to require, at proposed
paragraph 1001.952(ee)(4)(ii), that the remuneration provided by, or
shared among, VBE participants be used primarily to engage in value-
based activities that are directly connected to the coordination and
management of care of the target patient population. We recognized that
in-kind remuneration exchanged for value-based activities may
indirectly benefit patients outside of the scope of the value-based
arrangement and that parties may find it difficult to anticipate or
project the scope or extent of these ``spillover'' benefits.
Summary of Final Rule: We are finalizing, with modifications, the
proposed requirement at paragraph 1001.952(ee)(1)(ii). The two
modifications are explained in greater detail in the responses to
comments. First, the remuneration exchanged must be used predominantly
to engage in value-based activities that are directly connected to the
coordination and management of care for the target patient population.
We replaced the word ``primarily'' with the word ``predominantly.''
Second, we added a condition that the remuneration exchanged result in
no more than incidental benefits to persons outside of the target
patient population. Further, for the reasons previously explained in
the value-based terminology section discussing the definition of the
``coordination and management of care'' at section III.B.2.g, we added
a condition to this final safe harbor clarifying that remuneration
exchanged pursuant to a value-based arrangement may not be exchanged or
used more than incidentally by the recipient for the recipient's
billing or financial management services.
Comment: Commenters generally supported our proposal to require
that protected remuneration be primarily used to engage in value-based
activities that are directly connected to the coordination and
management of care for the target patient population and expressed
concerns about our alternative proposal to require that the
remuneration exchanged be limited to value-based activities that only
benefit the target patient population. Commenters asserted a variety of
reasons why prohibiting spillover benefits outside the target patient
population would be unworkable or undesirable in practice. For example,
some commenters asserted that prohibiting spillover benefits would
create a disincentive for innovation, and others emphasized the
complexities in trying to manage benefits to prevent spillover. Some
commenters requested that we expressly state that the benefits of the
value-based arrangement do not need to be limited to the members of a
target patient population. Another commenter stated that the term
``primarily'' is vague, which could make this requirement difficult to
implement and monitor.
Response: We agree with the commenters' concerns that prohibiting
spillover benefits outside of the target patient population would be
unworkable. In the OIG Proposed Rule, and for purposes of this final
rule, we recognize that in-kind remuneration exchanged for value-based
activities may indirectly benefit patients out of the scope of the
associated value-based arrangement and that parties may find it
difficult to anticipate or project the extent of such ``spillover''
benefits. We likewise acknowledge the need to provide parties with
sufficient flexibility while also minimizing the risk of disguised,
improper remuneration unrelated to the coordination and management of
care for the target patient population. To address the commenters'
concerns about spillover effects, in the final rule we have clarified
that the value-based activities for which the remuneration is used can
result in no more than incidental benefits to persons outside of the
target patient population. This language acknowledges the difficulty
VBE participants could face in preventing ``spillover'' benefits and
reflects our intent to permit safe harbor protection for care
coordination arrangements that predominantly benefit the target patient
population.
We are replacing the proposed term ``primarily'' with
``predominantly'' in the final rule. These words are analogous (e.g.,
meaning chiefly, mainly, principally). We make the change for
consistency with comparable language in other safe harbors. The term
``predominantly'' appears for a similar purpose in the EHR and
cybersecurity safe harbors, at paragraphs 1001.952(y) and (jj),
respectively, and our parallel use of the same term in paragraph
1001.952(ee) enhances consistency for stakeholders across safe harbors.
To the commenter's concern about vagueness,
[[Page 77737]]
we are not quantifying with specificity the degree to which
remuneration is used to engage in value-based activities to offer
flexibility for the range of value-based arrangements for which safe
harbor protection may be sought.
Comment: Several commenters requested that we clarify that a device
with multiple functions does not violate the Federal anti-kickback
statute or the Beneficiary Inducements CMP when it is primarily used
for managing a patient's health care. Commenters noted that
increasingly medical devices are being produced with multiple
functions, or they rely on non-medical platforms such as consumer
electronic products (e.g., smartphones, tablets).
Response: It appears that the commenters are asking whether the
furnishing of a multi-function device, or a device that relies on a
multi-use technology platform, can meet the safe harbor requirement
that the remuneration is predominantly used to engage in value-based
activities that are directly connected to the coordination and
management of care for the target patient population. We also presume
for purposes of this response that the device would be furnished to the
recipient for less than fair market value.
As a threshold matter, compliance with the care coordination
arrangements safe harbor depends on whether the device is furnished
from one VBE participant to another VBE participant or if the device is
furnished directly from a VBE participant to a patient. If the device
is furnished by a VBE participant to another VBE participant, then the
care coordination arrangements safe harbor may protect the remuneration
if the device will be used predominantly to engage in value-based
activities that are directly connected to the coordination and
management of care for the target patient population, and all other
safe harbor requirements are met.
For example, a health information technology tool that enables both
remote patient monitoring and two-way telehealth capabilities may
satisfy the predominant use requirement if the remote patient
monitoring and two-way telehealth technologies will be used by the
recipient to coordinate and manage care for the target patient
population. However, a health information technology tool that includes
some functionalities that the recipient may use to coordinate and
manage care for the target patient population and other functionalities
that the recipient may use for purposes other than to coordinate and
manage care for the target patient population may not meet this
standard. For example, a health information technology tool that the
recipient VBE participant uses to collect, track, and analyze data
relevant to the outcome measures established by the VBE participants
and is also used to collect, track, and analyze the VBE participant's
internal financial metrics for purpose of operating its own business
would likely not meet the predominant use standard, unless the use for
financial metrics is minimal.
In the above example, if the VBE participants wish to protect the
health information technology tool under this safe harbor, the
financial monitoring functionalities could be disabled to ensure that
the predominant use test is met. Alternatively, if the recipient VBE
participant pays fair market value for the financial monitoring
functionalities, then the parties might conclude that they do not need
to protect that aspect of the arrangement under this safe harbor, or
they may look to another safe harbor, such as the personal services and
management contracts safe harbor at paragraph 1001.952(d), to protect
that aspect of the arrangement. To be protected under paragraph
1001.952(ee), the remaining remuneration for which fair market value
has not been paid would need to meet the predominant use condition and
all other safe harbor conditions.
We note that if the collecting, tracking, and analyzing data for
the outcomes measures for the target patient population results in the
VBE participant observing something that prompts a change to how it
delivers care for all patients, not just the target patient population,
this additional use would constitute an incidental benefit to persons
outside the target patient population; such incidental benefit would
not be a disqualifying feature of the remuneration under this provision
in paragraph 1001.952(ee).
If a multi-function device is being furnished by a VBE participant
directly to a patient, then the VBE participant would look to the
patient engagement and support safe harbor, at paragraph 1001.952(hh),
for protection, not the care coordination arrangements safe harbor. As
explained above, the care coordination arrangements safe harbor does
not protect remuneration--including a free or discounted device--
flowing from VBE participants to patients. Note that, among other
requirements, the patient engagement and support safe harbor requires
that the remuneration has a direct connection to the coordination and
management of care of the target patient population.
With respect to the Beneficiary Inducements CMP, we note that
remuneration that is protected under a safe harbor to the Federal anti-
kickback statute is not considered remuneration for purposes of the
Beneficiary Inducements CMP.
Comment: Some commenters argued that this proposed limitation on
the exchange of remuneration--in particular, the requirement that the
remuneration be used to engage in value-based activities directly
connected to the coordination and management of care of the target
patient population--is unduly restrictive. Commenters stated that this
condition should not be limited to the first of the four value-based
purposes (the coordination and management of care for the target
patient population) and should be expanded to permit a direct
connection to any of the value-based purposes. Commenters further
asserted that expanding this condition to require a direct connection
to any value-based purpose would reduce regulatory burden, foster
innovation, and facilitate alignment with CMS's value-based exceptions
to the physician self-referral law.
Response: The care coordination arrangements safe harbor does not
preclude a value-based arrangement from furthering other value-based
purposes; however, the safe harbor does require that the remuneration
exchanged be used predominantly to engage in value-based activities
that are directly connected to the coordination and management of care
for the target patient population. By requiring that each party to a
value-based arrangement under the care coordination arrangements safe
harbor include the coordination and management of care for the target
patient population as at least one of the value-based purposes, we seek
to distinguish between referral arrangements, which would not be
protected, and legitimate care coordination arrangements, which
naturally involve referrals across provider settings but include
beneficial activities beyond the mere referral of a patient or ordering
of an item or service.
Comment: Some commenters supported using alternative language to
the direct connection standard, such as ``reasonably related and
directly tied'' or ``directly connected or reasonably related.'' Many
of these commenters asserted that alternative language would better
convey the close nexus between this safe harbor and the coordination
and management of care of a target patient population. Other commenters
advocated for other changes to the standard, e.g., replacing ``directly
connected'' with only ``connected.''
Response: We are finalizing the standard, proposed at paragraph
[[Page 77738]]
1001.952(ee)(1), now codified at paragraph 1001.952(ee)(1)(ii)
requiring that remuneration be used predominately to engage in value-
based activities that are directly connected to the coordination and
management of care for the target patient population. We are not
finalizing the similar standard proposed at paragraph 1001.952(ee)(7)
requiring that the value-based arrangement is directly connected to the
coordination and management care of the target patient population,
because doing so would introduce unnecessary duplication to the safe
harbor. We believe the direct connection standard we are finalizing
appropriately captures the relationship we are requiring (i.e., a close
nexus) between the value-based activities (for which protected
remuneration must be used predominantly to engage in) and the
coordination and management of care for the target patient population.
Comment: A commenter sought clarification as to whether
remuneration tied to either receiving referrals or being included in a
preferred provider network would be a value-based activity directly
connected to the coordination and management of care.
Response: As stated elsewhere in this final rule, the making of a
referral, standing alone, is not a value-based activity. Accordingly,
neither the exchange nor use of remuneration tied solely to receiving
patient referrals or being included in a preferred provider network
would be a value-based activity, let alone one that is directly
connected to the coordination and management of care. Were such conduct
combined with other value-based activities, the ``direct connection''
standard could be met, depending on the facts and circumstances.
iii. No Furnishing of Medically Unnecessary Items or Services or
Reduction in Medically Necessary Items or Services
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ee)(4)(iii) to require that the remuneration exchanged not
induce VBE participants to furnish medically unnecessary items or
services or reduce or limit medically necessary items or services
furnished to any patient.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(ee)(7)(iii). The modification provides
that the value-based arrangement (rather than merely the remuneration)
cannot induce the parties to furnish medically unnecessary items or
services or reduce or limit medically necessary items or services.
Comment: Commenters universally supported this safeguard. A
commenter separately encouraged OIG to develop clear guidelines to
enforce this provision that do not unduly hinder the provision of
health care or second-guess physicians' medical decision-making.
Response: We are finalizing this proposed protection for patient
care and Federal program expenditures, with additional modifications to
fully effectuate our intent. As stated in the OIG Proposed Rule,
remuneration that induces a provider to order or furnish medically
unnecessary care is inherently suspect. We likewise stated that a
reduction in medically necessary services would be contrary to the
goals of this rulemaking and could, in certain instances, be a
violation of the CMP law provision relating to gainsharing
arrangements.\38\ We do not intend to protect arrangements that do
either. Upon further consideration, we have determined that our choice
of language for the regulatory text too narrowly focused on the
remuneration in the care coordination arrangement and did not capture
the full range of ways through which ill-intentioned parties might seek
to use a value-based arrangement to induce medically unnecessary care
or limit medically necessary care. Accordingly, to better reflect our
intent, the final regulation text prohibits the value-based arrangement
from inducing parties to order or furnish medically unnecessary items
or services or reduce or limit medically necessary items or services
furnished to any patient.
---------------------------------------------------------------------------
\38\ Section 1128A(b) of the Act.
---------------------------------------------------------------------------
In response to the commenter's concern that this safeguard not
unduly hinder physicians' medical judgment, this condition is not
intended to interfere with medical decision-making; rather, it is
intended to support decision-making in the best interests of patients
without inappropriate financial influence. This requirement is a
hallmark safeguard against fraudulent and abusive practices that could
lead to inappropriate utilization, inappropriate steering of patients,
or stinting on care. We note that a separate condition of the safe
harbor prohibits potential limitations on VBE participant's ability to
make decisions in the best interests of the target patient population.
iv. Remuneration From Individuals or Entities Outside the Applicable
VBE
Summary of OIG Proposed Rule: We proposed at 1001.952(ee)(4)(iv)
that the remuneration exchanged could not be funded by, or otherwise
result from the contributions of, any individual or entity outside of
the applicable VBE. We stated that we were considering a requirement
that remuneration be provided directly from the offeror to the
recipient.
Summary of Final Rule: We are not finalizing the proposed funding
limitation or a requirement that remuneration be provided directly from
the offeror to the recipient.
Comment: A few commenters supported the requirement prohibiting
remuneration from individuals or entities outside the applicable VBE.
Other commenters asked for exceptions to the requirement, such as
exceptions for remuneration that would benefit the VBE's patients and
where the donating third-party would have no direction or control over
how the remuneration could be used. Other commenters opposed the
requirement, stating that it would prevent VBE participants from
deriving remuneration from a wide variety of appropriate outside
funding sources, such as payors. Another commenter raised concerns that
a VBE participant could lose safe harbor protection unfairly if it
receives remuneration from another VBE participant that was funded by
another party without recipient of the renumeration knowing that source
of funding. We also received comments on OIG's consideration of whether
to require that remuneration be provided directly from the offeror to
the recipient, with such commenters stating that such a requirement
would create unnecessary practical impediments.
Response: We are not finalizing the proposed requirement
prohibiting parties to a value-based arrangement from exchanging any
remuneration funded by, or otherwise resulting from the contributions
of, an individual or entity outside of the applicable VBE. The purpose
of these proposals was to ensure that protected arrangements would be
closely related to the VBE, that VBE participants would be committed to
the VBE and striving to achieve the coordination and management of care
for the target patient population, and that non-VBE participants could
not indirectly use the safe harbor to protect arrangements that are
designed to influence the referrals or decision-making of VBE
participants. On balance, we do not believe the proposed conditions
would add appreciably to the program integrity protection offered by
the combination of safeguards we are including in the final safe
harbor, which address these same concerns. We seek to minimize
practical impediments to use of the safe harbor by avoiding conditions
we do not believe are needed. However, we emphasize that remuneration
exchanged outside of
[[Page 77739]]
a value-based arrangement would not be protected by any of the value-
based safe harbors.
We also are not finalizing the requirement considered in preamble
to the OIG Proposed Rule that remuneration be provided directly from
the offeror to the recipient. As explained in the OIG Proposed Rule,
this requirement would have prohibited the involvement of individuals
and entities other than the VBE or a VBE participant in the exchange of
remuneration under a value-based arrangement, including, potentially
third-party vendors and contractors. We agree with commenters asserting
that this requirement could create unnecessary practical impediments
that would be outweighed by any potential benefit of such a condition.
f. Taking Into Account the Volume or Value of, or Conditioning
Remuneration on, Business or Patients Not Covered Under the Value-Based
Arrangement
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee)(5) to prohibit the offeror of the remuneration from taking
into account the volume or value of, or conditioning an offer of
remuneration on: (i) Referrals of patients that are not part of the
value-based arrangement's target patient population; or (ii) business
not covered under the value-based arrangement.
Summary of Final Rule: We are finalizing, without modification, the
requirement in paragraph 1001.952(ee)(5).
Comment: While some commenters supported our proposal, asserting
that the requirement appropriately differentiates between actual care
coordination arrangements and improper pay-for-referral schemes, a few
commenters did not support the requirement for various reasons. A
commenter expressed concern that this requirement will be difficult to
administer if recipients of remuneration have any business arrangements
outside the VBE and posited that adequate remedies exist under current
law to address the type of sham or abusive arrangements this provision
intends to preclude from safe harbor protection, although the commenter
did not identify any specific remedies. Another commenter asserted that
this requirement should be removed to align physician incentives with
the delivery of value-based care.
Conversely, a commenter opposed the proposed standard on the basis
that it is too narrow and encouraged us to prohibit parties from taking
into account the volume or value of referrals within the target patient
population and to also prohibit exclusivity or minimum-purchase
requirements in value-based arrangements. The commenter advocated for a
modified condition that would restrict any remuneration that depends on
or is calculated based on the volume or value of any Federal health
care referrals, whether inside or outside the target patient
population.
Response: We are finalizing this condition, as proposed. For
purposes of the safe harbor, value-based care, including coordinated
care, may take into account the volume of patients in the target
patient population or value of referrals or other business generated
between the parties resulting from referrals of the target patient
population (e.g., an offeror may base the number of hours it provides
care coordination services to the recipient on the volume of patients
in the target patient population). A complete prohibition on
remuneration that takes into account the volume or value of referrals
could operate as an actual or perceived barrier to safe harbor
protection for the kinds of innovative care coordination arrangements
that are the goal of this rulemaking. We are finalizing the limitation
with respect to referrals of patients and business generated outside
the target patient population under the value-based arrangement as an
important safeguard to protect against remuneration offered under the
guise of a value-based arrangement that is intended to induce the
recipient's referrals of patients or business not covered under the
value-based arrangement.
g. Contribution Requirement
Summary of OIG Proposed Rule: We proposed in paragraph
1001.952(ee)(6) to condition safe harbor protection on the recipient's
payment of at least 15 percent of the offeror's cost for the in-kind
remuneration (i.e., a 15 percent contribution requirement). We also
proposed at paragraph 1001.952(ee)(6) that the recipient make such a
contribution in advance of receiving the in-kind remuneration, if a
one-time cost, or at reasonable, regular intervals if an ongoing cost.
Summary of Final Rule: We are finalizing, with modification, the
contribution requirement in paragraph 1001.952(ee)(6). Based on
comments, we are revising the contribution requirement methodology to
require recipients to pay at least 15 percent of either the offeror's
cost of the remuneration, as determined using any reasonable accounting
methodology, or the fair market value of the remuneration. We are
finalizing, with only a minor technical modification to address syntax,
our proposal that, if the remuneration is a one-time cost, the
recipient must make the contribution in advance of receiving the in-
kind remuneration; if the remuneration is an ongoing cost, the
recipient must make any contributions at reasonable, regular intervals.
Comment: Many commenters expressed support for the proposed 15
percent contribution requirement or otherwise acknowledged that some
level of contribution likely would be an appropriate safeguard to hold
VBE participants accountable, promote engagement, and lower the risk
that unnecessary or improper remuneration would be furnished pursuant
to a value-based arrangement. The majority of commenters opposed any
contribution requirement, with several asserting that such a
requirement would be administratively burdensome; would necessitate
onerous documentation and analysis, e.g., documenting and tracking the
exchange of remuneration, in addition to undertaking an analysis as to
whether the items or services exchanged constitute remuneration in the
first place; and would discourage parties from entering into beneficial
value-based arrangements.
Response: We are retaining a 15 percent contribution requirement
for purposes of the care coordination arrangements safe harbor. We
proposed the contribution requirement to: (i) Increase the likelihood
that the recipient would use the care coordination item(s) and
service(s); (ii) ensure that the remuneration would be well-tailored to
the recipient; and (iii) promote the recipient's vested interest in
achieving the intended purpose of the value-based arrangement, namely,
furthering the coordination and management of care of the target
patient population.
We are not persuaded that the contribution requirement would be
overly burdensome or chill participation in value-based arrangements.
While there may be some administrative burden associated with a
contribution requirement, on balance we believe this requirement is
important to mitigate what OIG identified in the OIG Proposed Rule as
traditional fraud and abuse risks, e.g., inappropriately increased
costs to the Federal health care programs or patients, corruption of
practitioners' medical judgment, overutilization, and inappropriate
patient steering.
Comment: Many commenters supported a lower contribution amount (or
no contribution amount) for arrangements involving certain providers
with financial constraints.
[[Page 77740]]
These commenters generally asserted that, absent an exemption from, or
significant reduction in the amount of, the contribution requirement,
many providers would not be able to afford to participate in value-
based arrangements. Commenters had varying suggestions for who should
qualify as a provider with financial constraints, including, for
example, essential hospitals, critical access hospitals, Indian health
care providers, not-for-profit social services organizations, free and
charitable clinics, small and rural practices, and practices serving
medically underserved areas. Some commenters offered potential
definitions while others favored existing definitions, such as those
promulgated by the U.S. Small Business Administration, CMS, and the
Health Resources and Services Administration.
Response: Having considered the comments and the goals of this
rulemaking, we are not reducing or eliminating the contribution amount
for arrangements involving certain providers with financial
constraints. While we remain sensitive to the limited resources of many
types of potential VBE participants, including those cited by
commenters, we believe that the contribution requirement serves as an
important guardrail to prevent fraud and abuse under the guise of a
value-based arrangement and an incentive for parties to develop
arrangements that are both effective in coordinating and managing care
and economically prudent. We believe the contribution requirement will
help ensure that parties are serious about collaborating to achieve the
purpose of coordinating and managing patient care and will deliberately
design care coordination arrangements most likely to be effective at
achieving quality and efficiency aims in an economically prudent
manner. In addition, we decline to make exceptions to the 15 percent
contribution requirement for categories of VBE participants (e.g.,
small and rural practices) for several reasons. First, some
designations can change over time (for example, a physician practice
may qualify as a small practice at some points in time but not at
others, depending on staffing changes), which could create confusion
about the implementation of the contribution requirement when such a
change occurs. Second, the same types of fraud and abuse risks
associated with potentially valuable in-kind remuneration from a
referral source apply equally to both larger or urban recipients, for
example, and the types of recipients that requested an exemption from
the 15 percent contribution requirement or a lower contribution
percentage, such as small or rural providers. OIG's enforcement
experience demonstrates that fraud is perpetrated by both small and
large entities and happens across all geographic areas. Third, the 15
percent contribution requirement is based on the electronic health
records items and services safe harbor at paragraph 1001.952(y)(11),
which does not differentiate among recipients. Finally, in the context
of the flexibilities of the overall safe harbor, the advantages from a
compliance perspective of a single bright line standard outweigh the
potential benefits of variable standards based on geographic location
or other characteristics. Moreover, we have no basis for determining
different amounts for different parties. Should the 15 percent
contribution requirement pose a barrier to use of the safe harbor,
parties are reminded that failure to fit in a safe harbor does not mean
that an arrangement is necessarily unlawful and that OIG's advisory
opinion process is also available.
Comment: At least one commenter suggested that the safe harbor
except certain forms of in-kind remuneration (e.g., remuneration that
consists of cybersecurity technology and related services and IT-
related updates, upgrades, and patches) from the contribution
requirement.
Response: We decline to include any exceptions to the contribution
requirement under the care coordination arrangements safe harbor
because we believe that, in the context of this safe harbor, this
requirement is important to mitigate traditional fraud and abuse risks
and ensure that parties enter into arrangements that serve value-based
purposes. However, we remind parties seeking safe harbor protection for
the exchange of cybersecurity technology and related services that the
cybersecurity technology and related services safe harbor, paragraph
1001.952(jj), is available to protect the exchange of cybersecurity
items and services, provided all safe harbor requirements are met, and
note that such safe harbor does not include a contribution requirement.
Comment: Commenters generally opposed the proposal that the
contribution requirement be calculated based upon the offeror's cost.
For example, a commenter asserted that an offeror's cost may be
difficult to determine where the offeror has substantial development
costs but small marginal costs for each individual recipient or user.
Another commenter posited that this standard would provide insufficient
flexibility because the benefit of the remuneration exchanged may be
realized by one party more than the other, for example, where the
remuneration exchanged between two or more parties primarily benefits
the offeror versus the recipient. Commenters suggested various
methodologies to calculate the contribution requirement, including: (i)
The offeror's cost or fair market value; (ii) the offeror's cost or a
price charged by the offeror to purchasers outside of the VBE; (iii)
any reasonable accounting methodology; and (iv) an amount based on the
price for that product or service (or a reasonably comparable product
or service if it is new to the market) typically charged by the offeror
to reasonably comparable customers outside VBEs. Another commenter
recommended we define ``offeror's cost,'' whereas another commenter
expressed concern that the standard would be difficult to implement
because items or services that benefit patients could have little or no
quantifiable independent value to the VBE recipient.
A commenter asserted that calculating cost may be difficult when
tools and software are developed internally by the developer or
manufacturer and made available by a VBE participant or acquired as
part of a bundled sale under the discount safe harbor. A commenter also
stated that there may be substantial development costs but only
marginal costs for each individual recipient and that costs could be
subject to proprietary and confidentiality obligations.
Response: In the OIG Proposed Rule, in addition to our proposal
that the contribution requirement be calculated based upon the
offeror's cost, we stated we were considering two other methodologies
for determining the 15 percent requirement: Fair market value of the
remuneration to the recipient or the reasonable value of the
remuneration to the recipient. To afford parties additional
flexibility, we are revising the contribution requirement methodology
in this final rule to require recipients to pay at least 15 percent of
either: (i) The offeror's cost of the remuneration, as determined using
any reasonable accounting methodology; or (ii) the fair market value of
the remuneration. As indicated in the OIG Proposed Rule, we are not
requiring that parties obtain an independent fair market valuation. We
selected fair market value rather than reasonable value because fair
market value is a more specific standard, a widely used term in
valuation, and common to many existing safe harbors such that many
stakeholders and the government have experience with it. We are
finalizing the
[[Page 77741]]
requirement as ``fair market value'' instead of ``fair market value of
the remuneration to the recipient'' because we believe the inclusion of
``to the recipient'' could confuse generally accepted valuation
methodologies due to its focus on only one party. We expect that
parties to a value-based arrangement seeking protection under this safe
harbor would use generally accepted valuation methodologies and
principles in any determination of ``fair market value'' in relation to
the contribution requirement, which could incorporate factors related
to the recipient.
To provide parties flexibility we are not specifically defining
``offeror's cost'' or requiring a specific methodology for determining
fair market value. To the extent costs are proprietary or confidential,
depending on the circumstances, parties could meet this condition
through the use of contractual provisions in their value-based
arrangements to protect information from further disclosure or rely on
the fair market value option to determine the 15 percent contribution
requirement.
We are finalizing our proposal that, if the remuneration is deemed
by the parties to be a one-time cost, e.g., a one-time purchase of
telehealth-related technology, the recipient must make the contribution
in advance of receiving the in-kind remuneration; to the extent the
remuneration is deemed by the parties to be an ongoing cost, e.g., a
subscription service to a data analytics tool, the recipient must make
any contributions at reasonable, regular intervals, with the frequency
of such payments documented in writing. We note that parties have the
flexibility to structure the recipient's contribution payment as either
a one-time or ongoing payment, depending upon the facts and
circumstances of the arrangement and the parties' preference.
Comment: We received several comments advocating for or against the
adoption of alternative proposals noted in the OIG Proposed Rule. For
example, many commenters favored an across-the-board reduction in the
contribution requirement from 15 percent to 5 percent. Other commenters
backed an exemption to, or a significant reduction in, the contribution
requirement for certain categories of remuneration, such as technology
and technology-related items, although at least one commenter opposed
this approach due to administrative burden concerns. Another commenter
urged OIG to calibrate the contribution based on the financial need of
the target patient population.
Response: We are retaining the 15 percent contribution requirement,
as proposed, with the aforementioned methodology modifications. We
believe that a contribution requirement lower than 15 percent would not
achieve a sufficient level of accountability and engagement of the
recipient. Moreover, we decline to vary the contribution requirement
based upon the type of remuneration at issue or the arrangement's
target patient population; such variation would introduce unnecessary
operational complexity.
Comment: A commenter recommended that OIG take into account
nonmonetary contributions from the recipient to the offeror for
purposes of calculating the contribution requirement.
Response: To meet this safe harbor's contribution requirement, a
recipient must pay at least 15 percent of the offeror's cost of the
remuneration (as determined using any reasonable accounting
methodology) or at least 15 percent of the fair market value of the
remuneration. Parties to a care coordination arrangement where any
nonmonetary contributions flow in both directions--from the offeror to
the recipient and the recipient to the offeror--would need to assess
any potential Federal anti-kickback statute implications for both
streams of contributions. To the extent that both streams of
contributions constitute remuneration, implicate the Federal anti-
kickback statute, and the parties seek protection under the care
coordination arrangements safe harbor, the parties must satisfy the
contribution requirement for each stream of remuneration. There may be
circumstances under which the parties could appropriately offset
payments made to satisfy the contribution requirement for each stream,
but any such assessment would be fact specific. For example, it would
be appropriate for parties to offset payment amounts to satisfy the
contribution requirement for separate streams of remuneration to reduce
administrative burden, provided each stream of remuneration complied
with the Federal anti-kickback statute. In contrast, it would be
inappropriate for parties to offset payment amounts in an attempt to
reduce a party's contribution requirement below 15 percent and any
associated arrangement would not be protected by this safe harbor.
Comment: A commenter recommended that, for purposes of applying the
15 percent contribution requirement in the care coordination
arrangements safe harbor, OIG recognize a VBE's good faith allocation
of the in-kind remuneration across various arrangements. The commenter
identified a number of manners in which it believed a reasonable
allocation could be made (e.g., patient needs associated with a
particular arrangement, such as a chronic care program), and noted that
in some cases, a reasonable allocation might be a per capita allocation
of in-kind remuneration across all VBE participants.
Response: First, for the purposes of our response, we assume that
the commenter means that the in-kind remuneration provided by the VBE
or VBE participant to other VBE participants would be shared by various
VBE participants to a value-based arrangement, or various value-based
arrangements, under the same VBE (e.g., a shared care coordinator or
shared information technology system). To the extent that VBE
participants to a value-based arrangement or various value-based
arrangements are sharing in-kind remuneration provided by the VBE or
another VBE participant, it would be reasonable--under both
methodologies that parties can use to determine the contribution
requirement--to reasonably and in good faith allocate the ``offeror's
cost for the in-kind remuneration'' or the ``fair market value'' of the
shared resources between the various VBE participants sharing in the
resources.
As stated above, we would expect that parties to a value-based
arrangement seeking protection under this safe harbor would use
reasonable accounting methodologies and generally accepted valuation
methodologies and principles in determining any appropriate allocation
of the shared resources for the purposes of determining the ``offeror's
cost for the in-kind remuneration'' or the ``fair market value'' in
relation to the contribution requirement. We acknowledge that
reasonable accounting methodologies and commonly accepted valuation
principles would allow for consideration of the shared nature of the
in-kind remuneration. We further highlight that we would not expect
that any aggregate contribution amounts--from VBE participants sharing
in any in-kind remuneration--result in a windfall to the offeror.
Comment: Some commenters expressed concern that a contribution
requirement would upend the existing regulatory framework that parties
rely on to assess whether an item or service constitutes remuneration.
For example, a dialysis provider stated that a contribution requirement
may unintentionally create a presumption that many care coordination
activities
[[Page 77742]]
that do not constitute remuneration for purposes of the Federal anti-
kickback statute are, in fact, remuneration with a specific value. The
same commenter illustrated its concern by explaining that multiple
Medicare conditions for coverage require dialysis facilities to
coordinate dialysis patients' care with other providers, including
physicians and nursing homes. The dialysis provider requested that OIG
confirm that the following does not constitute remuneration: (i) The
provider performs care coordination services because they are required
to do so by Medicare or other payors' rules, other law, or to meet the
clinical standard of care, and (ii) the care coordination services
provided do not relieve another party of an obligation assigned to it
by Medicare or other payors' rules or other law.
Response: The contribution requirement does not change the current
regulatory framework for assessing whether an item or service exchanged
between two or more parties constitutes remuneration under either the
Federal anti-kickback statute or the Beneficiary Inducements CMP. As we
have stated in prior OIG guidance on this issue, we view
``remuneration'' under the Federal anti-kickback statute to consist of
anything of value in any form or manner whatsoever.\39\ With respect to
the request for guidance as to whether (i) care coordination services
performed by a provider because they are required to do so by Medicare
or other payors' rules, other law, or to meet the clinical standard of
care, and (ii) care coordination services that do not relieve another
party of an obligation assigned to it by Medicare or other payors'
rules or other law, such services could constitute remuneration under
the Federal anti-kickback statute. However, we remind readers that even
if care coordination services constitute remuneration, the Federal
anti-kickback statute is not necessarily implicated. For example, the
Federal anti-kickback statute generally is not implicated for financial
arrangements limited solely to patients who are not Federal health care
program beneficiaries. Further, depending on the facts and
circumstances (including the intent of the parties), the provision of
care coordination services may implicate the Federal anti-kickback
statute but not violate it.
---------------------------------------------------------------------------
\39\ See, e.g., OIG, Special Fraud Alert, 59 FR 65372, 65377
(Dec. 19, 1994), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/121994.html; OIG, Medicare and State Health Care
Programs: Fraud and Abuse; OIG Anti-Kickback Provisions, 56 FR
35952, 35978 (July 29, 1991), available at https://oig.hhs.gov/fraud/docs/safeharborregulations/freecomputers.htm. See also OIG
advisory opinions generally, e.g., OIG Adv. Op. No. 20-02, where OIG
states, ``For purposes of the anti-kickback statute, `remuneration'
includes the transfer of anything of value, directly or indirectly,
overtly or covertly, in cash or in kind.''
---------------------------------------------------------------------------
Comment: Some commenters asserted that the proposed 15 percent
contribution requirement is arbitrary or that there is no evidence a
contribution requirement would mitigate fraud and abuse concerns. Other
commenters suggested that the contribution requirement is duplicative
of existing safeguards included in the care coordination arrangements
safe harbor, e.g., the requirement that remuneration must be used
primarily to engage in value-based activities that are directly
connected to the coordination and management of care of the target
patient population.
Response: We disagree with the commenters. We believe the
contribution requirement will promote accountability, fiscal
responsibility, and greater engagement by the recipient. We note that
contribution requirements have been implemented in other contexts, such
as those included in the electronic health records items and services
(EHR) safe harbor at paragraph 1001.952(y) and the Federal
Communications Commission's Rural Health Care Pilot Program.\40\
Moreover, we do not believe the contribution requirement is duplicative
of other safeguards. While several conditions in the safe harbor
promote accountability, the contribution requirement provides an
objective, bright-line standard for parties that requires recipients in
value-based arrangements to have a financial stake in the arrangement
and encourages a tangible commitment to achieving the value-based
arrangement's goals.
---------------------------------------------------------------------------
\40\ See, e.g., Federal Communication Commission, Rural Health
Care Pilot Program FAQs, available at https://www.fcc.gov/general/rural-health-care-pilot-program#faqs (requiring eligible recipients
to fund 15 percent of the cost of infrastructure design and
construction of broadband networks for health care purposes, in
recognition that a contribution requirement will ``incentiviz[e]
participants to choose the most cost-effective services and
equipment and refrain from purchasing a higher level of service or
equipment than needed'') (as cited to by the Federal Communication
Commission, Promoting Telehealth for Low-Income Consumers, 84 FR
36865, 36869 (July 30, 2019)).
---------------------------------------------------------------------------
Comment: At least two commenters drew attention to the parallel
contribution requirements in the care coordination arrangements and EHR
safe harbors. For example, a commenter highlighted the perceived
inconsistency of relying on the EHR safe harbor to justify our
contribution requirement on the one hand and indicating that we were
considering revisiting or eliminating the contribution requirement in
the EHR safe harbor on the other. Another commenter sought to
distinguish the care coordination arrangements safe harbor from the EHR
safe harbor by stating that a contribution requirement may be
appropriate in the EHR safe harbor because the EHR safe harbor has less
stringent standards, but a contribution requirement is not warranted in
the care coordination arrangements safe harbor. The commenter further
asserted that the EHR safe harbor protects items and services that have
clear independent value to the recipient, while items and services
exchanged pursuant to value-based arrangements may not always have such
independent value.
Response: In the OIG Proposed Rule, we considered removing the
contribution requirement in the EHR safe harbor, but as discussed
subsequently in this final rule, we are retaining the EHR safe harbor's
contribution requirement. Accordingly, both the care coordination
arrangements safe harbor and the EHR safe harbor, as finalized, include
a 15 percent contribution requirement. We disagree that the EHR safe
harbor has less stringent standards. The care coordination arrangements
and EHR safe harbors have distinct requirements tailored to the type of
remuneration that may be protected by the respective safe harbor. With
respect to the commenter's suggestion that items and services exchanged
pursuant to the care coordination arrangements safe harbor may not
always have independent value to the recipient (in contrast to the EHR
safe harbor), we note that any such determination would be fact
specific. Moreover, the contribution requirement does not change any
assessment of whether an item or service exchanged between two or more
parties constitutes remuneration under the Federal anti-kickback
statute. We remind stakeholders that to implicate the Federal anti-
kickback statute, there must be ``remuneration'' offered, paid,
solicited, or received in the transaction or arrangement at issue. If
the Federal anti-kickback statute is not implicated by a transaction or
arrangement, then safe harbor protection is not necessary.
Consequently, we would expect arrangements that qualify under the care
coordination arrangements safe harbor to involve remuneration exchanged
between the parties.
h. Direct Connection to the Coordination and Management of Care
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ee)(7)(i) that a value-based arrangement must have a direct
connection to the
[[Page 77743]]
coordination and management of care for the target patient population.
Summary of Final Rule: We are not finalizing the condition at
proposed paragraph 1001.952(ee)(7)(i) because it would substantially
duplicate the condition at paragraph 1001.952(ee)(1)(ii), which
requires the remuneration to be used predominantly to engage in value-
based activities that are directly connected to the coordination and
management of care.
Comment: Commenters generally did not support the condition
proposed at paragraph 1001.952(ee)(7)(i), albeit for varying reasons.
Some took issue with the fact that the condition did not afford parties
the flexibility to select any one of the value-based purposes available
to VBEs, and rather tied parties to the value-based purpose relating to
the coordination and management of care. Some commenters argued that
this condition was not necessary in light of other safeguards included
in the care coordination arrangements safe harbor.
Response: We are not finalizing the condition proposed at paragraph
1001.952(ee)(7)(i) because it would substantially duplicate the
condition we are finalizing at paragraph 1001.952(ee)(1)(ii). With
respect to the commenters that argued that the proposed condition did
not afford parties the flexibility to select any one of the value-based
purposes available to VBEs, and rather tied parties to the value-based
purpose relating to the coordination and management of care, we refer
commenters to the discussion of the condition we finalize at paragraph
1001.952(ee)(1)(ii), in section III.B.3.e.ii. of the preamble. There we
explain, in part, that the care coordination arrangements safe harbor's
conditions do not preclude a value-based arrangement from furthering
other value-based purposes; however, the safe harbor does require that
the remuneration exchanged be used predominantly to engage in value-
based activities that are directly connected to the coordination and
management of care for the target patient population.
i. Preserving Clinical Decision-Making
Summary of OIG Proposed Rule: In proposed paragraph
1001.952(ee)(7)(ii), we proposed that the value-based arrangement must
not limit parties' ability to make decisions in the best interests of
their patients.
We also proposed in proposed paragraph 1001.952(ee)(7)(iii) that
value-based arrangements cannot direct or restrict referrals if: (i) A
patient expresses a preference for a different practitioner, provider,
or supplier; (ii) the patient's payor determines the provider,
practitioner, or supplier; or (iii) such direction or restriction is
contrary to applicable law or regulations under titles XVIII and XIX of
the Act.
Summary of Final Rule: We are finalizing, with modification, the
proposed condition that the value-based arrangement must not limit the
VBE participant's ability to make decisions in the best interests of
its patients and relocating it to paragraph 1001.952(ee)(7)(i). We are
making a technical correction to change ``their patients'' to ``its
patients.'' In paragraph 1001.952(ee)(7)(ii), we are finalizing the
condition related to directing or restricting referrals with one
clarification. We are deleting ``or regulations'' because
``regulations'' is already captured by the term ``applicable law'' in
the final regulation. Thus, a value-based arrangement cannot direct or
restrict referrals if such direction or restriction is contrary to
applicable law under titles XVIII and XIX of the Act.
Comment: Commenters were very supportive of prohibiting any
limitation on VBE participants' ability to make decisions in the best
interests of their patients and limiting how the value-based
arrangement can direct or restrict referrals to a particular provider,
practitioner, or supplier. Many commenters asserted that these
standards will protect patient choice and ensure the independence of
medical or professional judgment.
Response: We agree with the commenters, and we are finalizing these
two requirements--a prohibition on any limitation of VBE participants'
ability to make decisions in the best interests of their patients, and
limiting the circumstances in which parties to a value-based
arrangement may direct or restrict referrals--to support patient choice
and independent medical and professional judgment. Based on these
conditions, remuneration exchanged as part of arrangements that unduly
restrict patient choice or the independence of medical or professional
judgment through inappropriate direction or restriction of referrals
will not be protected. This requirement aims to ensure that VBEs and
VBE participants that are parties to a value-based arrangement maintain
their independent, medical, or other professional judgment without
undue restriction. This condition is not intended to bar VBEs or VBE
participants from communicating the benefits of receiving care from
other VBE participants in the VBE.
Comment: Several commenters urged the OIG to adopt more robust
safeguards to protect patient choice and ensure the independence of
medical or professional judgment. A commenter recommended that health
care professionals be given the ability to override any (i) practice
guideline or standard; (ii) electronic health record technology; (iii)
clinical-decision support software; (iv) computerized order entry
program; or (v) policies that may be imposed or implemented by a VBE or
payor if such an override is, in the professional judgment of the
health care professional, consistent with their determination of
medical necessity and appropriateness or nursing assessment, in the
best interests of the individual patient, and consistent with the
patient's wishes.
Another commenter asserted that the OIG Proposed Rule appears to
give a provider the authority to direct a referral unless the patient
otherwise expresses an alternative choice. The commenter recommended
that we include a requirement that the VBE provide notice to patients
informing them that: (i) The entity is participating in a financial
risk-based program where the entity receives financial benefits under
applicable conditions; (ii) referrals for care may be made to a
restricted list of providers and practitioners; and (iii) the patient
has the freedom to choose any qualified provider or practitioner and
the right to reject any referral to a particular provider or
practitioner if they have an alternative preferred provider or
practitioner. Another commenter urged OIG to provide consumer-tested
templates for VBEs to communicate with patients that they retain their
rights to choose providers.
Response: With respect to the commenter's assertion that the OIG
Proposed Rule appears to give the provider the authority to direct a
referral unless the patient otherwise expresses an alternative choice,
we note that the provision we are finalizing also prohibits the value-
based arrangement from directing or restricting referrals where the
patient's payor determines the provider, practitioner, or supplier, or
where the direction or restriction is contrary to applicable law under
titles XVIII and XIX of the Act. Moreover, nothing in this safe harbor
gives providers authority to direct referrals. This provision describes
one among several conditions of safe harbor protection, in this case a
limitation on what a protected value-based arrangement can do.
With respect to the suggestion that providers be permitted to
override various care protocols, guidelines, policies, or technology-
driven systems, this safe harbor does not affect the authority of
providers to do so. A
[[Page 77744]]
provider's obligation to comply with care protocols, guidelines,
policies, or technology-driven systems is outside the scope of this
final rule. This safe harbor speaks only to the conditions under which
a value-based arrangement would receive prospective safe harbor
protection under the Federal anti-kickback statute. The value-based
arrangement may not limit the VBE participant's ability to make
decisions in the best interests of its patients. Facts and
circumstances demonstrating that the value-based arrangement has
limited a VBE participant's ability to make decisions in the best
interest of its patients would disqualify the remuneration exchanged
pursuant to the value-based arrangement from protection under this safe
harbor. In drafting the final rule on this point, we have been guided
in part by experience with long-established rules in the physician
self-referral law \41\ and the Medicare Shared Savings Program \42\
that address preservation of patient preferences and clinician judgment
choice in the context of directed referrals.
---------------------------------------------------------------------------
\41\ See, e.g., 42 CFR 411.354(d)(4)(iv).
\42\ See, e.g., 42 CFR 425.305(b).
---------------------------------------------------------------------------
While we appreciate the commenters' suggestions regarding patient
notice, we did not propose a patient notice requirement in the OIG
Proposed Rule for any of the three value-based safe harbors, and we are
not including a patient notice requirement in this final rule. Such a
requirement would add administrative burden without appreciably adding
benefits, including protections against fraud and abuse, given the
combination of conditions we are finalizing. Further, such notices, if
executed poorly, could confuse patients. Parties may wish to provide
notifications, and nothing in this rule prevents them from doing so. We
are not providing templates for communications with patient regarding
patient choice, and defer to providers, payors, and others to develop
best practices for notices and other relevant communications.
Comment: A commenter urged the OIG to preclude safe harbor
protection for any arrangement that involves paying for referrals and
to protect against any given market player requiring referrals only to
certain facilities. Another commenter recommended that VBEs be
prohibited from taking any adverse action against a patient that
chooses an alternative provider or practitioner.
Response: We share the commenter's concerns regarding abusive, pay-
for-referral arrangements. We also recognize that legitimate care
coordination arrangements may involve an exchange of remuneration
between parties that are in a position to give or receive referrals and
that referrals may be made between VBE participants coordinating and
managing a patient's care through a value-based arrangement. One of the
objectives of the care coordination arrangements safe harbor is to
identify and define attributes of legitimate care coordination
arrangements and afford protection only to remuneration exchanged under
such arrangements. The requirements of this safe harbor and the value-
based terminology (e.g., value-based purpose, value-based activity,
value-based arrangement) work together to achieve this objective.
Abusive, pay-for-referral arrangements, such as an arrangement where an
individual or entity is required to offer remuneration to a provider in
order to receive that provider's referrals or an arrangement that
encourages providers to steer patients in ways that are not in the
patients' best interests, will not be able to meet the requirements of
the safe harbor.
With respect to the commenter's concern regarding a particular
person or entity requiring referrals only to certain entities, we
believe these types of directed referral provisions may be problematic
in certain instances but also are common features of many legitimate
care coordination arrangements. As explained in the preceding response,
the limitations we are adopting in this final rule reflect important
safeguards to protect patient choice and independence of medical and
professional judgment and effectuate an appropriate balance between the
competing concerns of protecting legitimate care coordination
arrangements and preventing inappropriate pay-for-referral schemes.
With respect to the recommendation that, as a condition of safe
harbor protection, VBEs should be prohibited from taking any adverse
action against a patient that chooses an alternative provider or
practitioner, we note that nothing in the safe harbor limits or directs
a patient's choice of provider or services, including a patient's
choice to seek care outside the VBE. As indicated in the OIG Proposed
Rule and implemented in this final rule, it is our intent that a
patient can express a preference for a different practitioner,
provider, or supplier and the value-based arrangement cannot restrict
or limit that choice. Further, safe harbor protection does not extend
to any arrangement where the value-based arrangement directs or
restricts referrals to a particular provider, practitioner, or supplier
if the patient's payor determines the provider, practitioner, or
supplier or the direction or restriction is contrary to applicable law
under titles XVIII and XIX of the Act.
j. Marketing of Items or Services or Patient Recruitment Activities
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee)(7)(iv) that the value-based arrangement could not include
marketing to patients of items or services or engaging in patient
recruitment activities. We stated that we did not intend for this
limitation to prohibit a VBE participant that is a party to a value-
based arrangement from educating patients in the target patient
population regarding permissible value-based activities.
Summary of Final Rule: We are finalizing, with modifications, this
requirement at paragraph 1001.952(ee)(1)(iii). We have revised the
language of the text at paragraph 1001.952(ee)(1)(iii) to clarify that
the protected remuneration under the value-based arrangement may not be
exchanged or used for the purpose of marketing items or services
furnished by the VBE or a VBE participant to patients or for patient
recruitment activities.
Comment: Several commenters strongly supported our proposal, or,
alternatively, advocated for the imposition of additional conditions to
protect against abusive marketing practices. However, the majority of
commenters on this topic either sought clarification on the parameters
of the condition or opposed it altogether. A commenter asked OIG to
define allowable educational activities and prohibited marketing
activities, and another commenter questioned whether a distinction
between marketing and educational activities is possible when,
according to the commenter, the line between marketing and education is
subjective and requires an intent-based inquiry. Another commenter
suggested that OIG prohibit marketing and patient recruitment
activities but permit efforts to make patients aware of the
availability of items or services at times when the patient could
reasonably benefit from such information. Other commenters requested
that OIG provide guidance on, and specific examples of, the distinction
between marketing and patient recruitment activities on the one hand,
and patient education activities on the other. For example, a commenter
asked whether a program to screen patients for fall risk and educate
them on their risks and appropriate next steps would be considered
patient education or a marketing activity. Another
[[Page 77745]]
commenter asked whether a hospice's provision of free home-based
palliative care services or room and board to patients unable to pay
would constitute marketing or patient recruitment activities.
Numerous commenters opposed the prohibition on patient marketing
and patient recruitment activities altogether, asserting that the
condition is too broad. A commenter declared that marketing activities
are necessary in order to meaningfully educate patients on their health
care options, and another commenter claimed that a marketing and
patient recruitment prohibition would limit a value-based enterprise's
ability to leverage technology that might empower patients to make
informed decisions and gain timely access to appropriate care. This
commenter encouraged OIG to provide an exception for marketing-based
technology that is used to achieve a defined health outcome under a
value-based arrangement.
Response: We are finalizing a narrower condition than the condition
proposed in the OIG Proposed Rule because we agree with the commenters
that our proposed condition was broader than necessary to prevent the
fraud and abuse concerns addressed by the condition. Rather than
prohibiting all marketing and patient recruitment activities under a
value-based arrangement, as proposed, the requirement we are finalizing
prohibits the exchange of or use of remuneration for the purpose of
marketing items or services provided by the VBE or VBE participants or
for patient recruitment activities.
We use the terms ``marketing'' (e.g., promoting or selling
something), ``education'' (e.g., informing, instructing, or teaching),
and ``recruitment'' (e.g., enlisting someone to do something) in
accordance with their commonsense meanings. We are not defining in
regulatory text ``marketing,'' ``patient recruitment activities,'' or
``education,'' or a similar term (note that the regulatory text does
not use ``education'' or ``educational activities'' but we use such
terms in our preamble explanation). We decline to define these terms:
(i) In recognition that these terms are commonly understood; and (ii)
to avoid overly prescriptive definitions that may chill appropriate
educational activities. In lieu of regulatory definitions, we offer
illustrative examples below to aid stakeholders in applying the safe
harbor provision.
As noted in the OIG Proposed Rule, the proposed marketing and
recruitment restriction would prevent misuse of the safe harbor by
those seeking to use purported value-based arrangements to perpetuate
fraud schemes through the purchase of beneficiaries' medical identity
or other inducements to lure beneficiaries to obtain unnecessary care.
As stated in the OIG Proposed Rule, our enforcement experience
demonstrates that fraud schemes often involve a mixture of both
inducements to lure beneficiaries to obtain unnecessary care and the
use of marketing-like activities to steal patients' medical identities.
In particular, OIG has long-standing concerns about marketing
activities that involve personal contact with beneficiaries. For
example, OIG has previously explained that door-to-door marketing,
telephone solicitations, direct mailings, and in-person sales pitches
or ``informational'' sessions can be extremely coercive, particularly
when such activities target senior citizens, Medicaid beneficiaries,
and other particularly vulnerable patients.\43\
---------------------------------------------------------------------------
\43\ OIG, OIG Adv. Op. No. 08-20 (Nov. 19, 2008), available at
https://oig.hhs.gov/fraud/docs/advisoryopinions/2008/AdvOpn08-20.pdf.
---------------------------------------------------------------------------
Consequently, we believe that remuneration used for marketing and
patient recruitment activities, regardless of whether the activities
are driven by technology or tied to achieving a defined health outcome,
remains suspect and requires fact-specific scrutiny under the Federal
anti-kickback statute; therefore, we decline to provide safe harbor
protection for such remuneration in this safe harbor.
Nevertheless, we acknowledge the benefits of objective educational
materials to provide patients with general health care information and
information about their health care options. We do not consider
remuneration exchanged between parties to a value-based arrangement to
(i) provide objective patient educational materials or (ii) engage in
objective patient informational activities to constitute marketing or
patient recruitment activities for purposes of this safe harbor
condition. As we explained in the OIG Proposed Rule, this condition
would not prohibit a VBE participant that is a party to the value-based
arrangement from educating patients in the target patient population
about permissible value-based activities.
A determination regarding whether remuneration is being exchanged
or used for the purposes of marketing items or services or patient
recruitment activities or for an educational activity requires a fact-
specific analysis; however, the following examples illustrate how we
distinguish between marketing and patient recruitment, on the one hand,
and education on the other. Using examples from the OIG Proposed
Rule,\44\ if a SNF or home health agency placed a staff member at a
hospital to assist patients in the discharge planning process, and in
doing so, the staff member educated patients regarding care management
processes used by the SNF or home health agency, this would not
constitute marketing of items and services (provided the staff member
only worked with patients that had already selected the SNF or home
health agency and SNF or home-health agency care was medically
appropriate for such patient). However, if the SNF or home health
agency placed a staff member at a hospital to perform care coordination
services and to market the SNF's or home health agency's services to
hospital patients, the arrangement would not comply with this
requirement because the remuneration being exchanged pursuant to the
arrangement--the services offered by the staff member--would be
exchanged for the purpose of engaging in marketing.
---------------------------------------------------------------------------
\44\ 84 FR 55712 (Oct. 17, 2019).
---------------------------------------------------------------------------
As an additional example, we would not consider actions, such as
notifying a patient of the criteria used by a VBE participant to
determine patient eligibility for care coordination services or
informing the target patient population of potential health benefits
that may be derived from care coordination for a patient's chronic
condition, to be marketing or patient recruitment activities. This sort
of targeted education to the patient is distinguishable from broader
marketing and recruiting campaigns designed to sell products or
services or recruit patients.
Notably, in some circumstances, it may not be necessary to make a
distinction between marketing and education to determine whether an
arrangement fits in a value-based safe harbor. If remuneration is
exchanged pursuant to an arrangement that does not qualify as a
``value-based arrangement,'' as defined here, it is not eligible for
safe harbor protection. For example, an arrangement solely for a
direct-mail marketing campaign or other advertising would need to
qualify as a value-based arrangement under the definition at paragraph
1001.952(ee) to be eligible to use a value-based safe harbor. We cannot
envision a circumstance where such an arrangement would be a ``value-
based arrangement'' as defined in this final rule or be eligible under
this safe harbor. Should one VBE participant wish to
[[Page 77746]]
engage in a direct-mail campaign that markets, in part, another VBE
participant's services and the parties seek safe harbor protection for
such arrangement, they should look to the personal services and
management contracts safe harbor at paragraph 1001.952(d).
In response to the commenter's inquiry regarding a screening
program for fall risk, it is not clear from the commenter's description
whether the program would be part of a coordinated plan of care for a
target patient population to improve outcomes or a marketing or patient
recruitment activity to attract patients to the VBE or its
participants. If the former, the arrangement could qualify for safe
harbor protection, if all safe harbor conditions are met. If the
latter, it would not be protected. Based on our oversight experience,
we are concerned that a fall risk screening program could be misused as
a marketing or patient recruitment activity if the screening program
was not part of the coordination and management of care or an objective
educational program. There is a risk that such a program could be used
to lure beneficiaries to obtain unnecessary care. Whether a particular
fall risk screening program is a marketing program, an educational
program, or a value-based arrangement will depend on its specific facts
and circumstances.
Additionally, we note that remuneration exchanged between parties
to a value-based arrangement that is used to offer something of value
to patients to incentivize them to obtain a fall screening examination
from one of the parties would not be protected by this safe harbor. We
have modified the regulatory text to make clear that prohibited
marketing includes not only exchanging remuneration for the purpose of
engaging in patient recruitment activities or marketing but also using
remuneration for such purposes. This change effectuates our intent
articulated in the preamble to the OIG Proposed Rule to limit the risk
of the value-based arrangement being used as a marketing or recruiting
tool to generate federally payable business for the VBE
participant.\45\ To illustrate how this condition would operate, the
parties cannot exchange remuneration for the purpose of engaging in
patient recruitment activities or marketing (e.g., a SNF or home health
agency placed a care coordinator at a hospital to market the SNF's or
home health agency's services to hospital patients). In addition, the
parties cannot use the remuneration for marketing or engaging in
patient recruitment activities (e.g., the hospital asks the care
coordinator placed by the SNF or home health agency to send out
mailings to the local community regarding the hospital's services).
---------------------------------------------------------------------------
\45\ 84 FR 77712 (Oct. 17, 2019).
---------------------------------------------------------------------------
Regarding the question about a hospice's provision of free home-
based palliative care services or room and board to patients unable to
pay, such an arrangement would not be protected by the care
coordination arrangements safe harbor. This safe harbor is limited to
remuneration exchanged between parties to a value-based arrangement,
i.e., between a VBE and VBE participant or between VBE participants. It
does not encompass arrangements involving the exchange of remuneration
to patients. Other safe harbors or exceptions to the Beneficiary
Inducements CMP may be available to protect the provision of such items
and services to patients, depending upon the facts and circumstances.
We reiterate that nothing in this safe harbor prevents VBEs or VBE
participants from marketing their services. Indeed, arrangements need
not have safe harbor protection to be lawful, and we observe that many
legitimate health care entities lawfully market services without
benefit of a safe harbor. However, value-based arrangements that
include the exchange or use of remuneration for the purpose of
marketing or patient recruitment would not be eligible for protection
under the care coordination arrangements safe harbor.
Comment: A commenter requested that OIG address whether a VBE
participant that is a payor and owns a company that provides remote
monitoring devices or has a vendor relationship with a company that
provides such devices could suggest certain device utilization for
purposes of improved care.
Response: The commenter describes the recommendation or referral of
a device by a VBE participant that is a payor and is affiliated with a
company that provides remote monitoring devices but does not identify
remuneration provided under the value-based arrangement. Without
additional facts, we can only respond generally to the comment. First,
we would highlight that this safe harbor does not protect free or
reduced-priced items or services that sellers provide either as part of
a product sale arrangement or ancillary to a value-based arrangement.
Free or reduced-priced items and services provided either as part of a
product sale arrangement or ancillary to a value-based arrangement may
not need safe harbor protection or may be protected by other safe
harbors.
Second, nothing in the safe harbor would prohibit a VBE participant
from using remuneration it received pursuant to a value-based
arrangement to inform the target patient population of the availability
of care coordination activities it provides to patients (e.g., patient
monitoring) in a targeted, objective, and educational manner so long as
the remuneration is not exchanged or used for marketing or patient
recruitment activities. In this final rule, we have clarified that the
content of the marketing the safe harbor prohibits is the marketing of
items and services furnished by the VBE or a VBE participant to
patients.
To the extent that payors or other VBE participants provide
remuneration to patients in the form of a free device, such
remuneration would not be protected by this safe harbor. We note that
other safe harbors or exceptions to the Beneficiary Inducements CMP may
be available to protect the provision of such items and services,
depending upon the facts and circumstances.
Comment: A health system recommended that provider affiliation
announcements be carved out of the definition of marketing or
recruitment activities so that providers can inform patients that they
participate in value-based arrangements. Another commenter similarly
urged OIG to permit individuals or entities participating in a VBE to
market themselves as VBE participants to patients.
Response: Remuneration exchanged between parties to a value-based
arrangement may be used to inform patients in the target patient
population that the VBE participant participates in the value-based
arrangement without such information being considered a marketing or
recruitment activity. However, whether broader advertising (that
includes VBE participant-related information) would be considered a
prohibited marketing or recruitment activity for safe harbor purposes
would be a fact-specific determination. For example, as part of a
larger value-based arrangement between a physician group and a
hospital, a hospital provides tablets to the physician group, which the
physician group uses for in-office patient asthma management education.
If the education application used on the tablet identifies all VBE
participants capable of helping the patients manage their asthma and
provide other services, the tablet would not run afoul of the marketing
prohibition because it is not being used to market or recruit patients.
It informs patients of VBE participants
[[Page 77747]]
capable of providing disease management and other services. However, if
the hospital also used the tablets to send text messages,
notifications, and other pop-ups that solicit the patient to receive
services from VBE participants, the tablet would be marketing under
this safe harbor because it is being used for broader advertising or
patient recruitment activity. A tablet, as part of a care coordination
arrangement, could be protected remuneration; however, if it is part of
a larger marketing scheme, the tablet would not be protected because
that scheme would not be eligible for protection under this safe harbor
and would be subject to a separate analysis under the Federal anti-
kickback statute. Similarly, if the tablet was used as part of larger
data harvesting scheme for marketing purposes, that scheme would not be
eligible for protection under this safe harbor and be subject to a
separate analysis under the Federal anti-kickback statute.
Comment: A commenter sought clarification on how to interpret the
marketing and patient recruitment prohibition in the context of
Medicare Advantage beneficiaries, and, specifically, whether compliance
with existing CMS and OIG requirements associated with marketing to,
and recruitment of, Medicare Advantage patients would be sufficient to
maintain protection under the value-based safe harbors. In a similar
vein, a health insurer requested that OIG clarify its definition of
marketing and patient recruitment activities, as it relates to pre-
enrollment activities.
Response: While acknowledging that payors may be subject to a wide
range of other regulations, including CMS regulations and guidance
specific to Medicare Advantage plans, we do not believe that compliance
with CMS marketing requirements is sufficient for purposes of the safe
harbor. Medicare Advantage regulations relating to patient enrollment
and marketing are specific to payor-patient interactions in that
program. In contrast, the conditions of this safe harbor are focused on
facilitating beneficial care coordination and addressing potential
fraud and abuse risks related to the exchange of remuneration between
and among providers and suppliers. We remind the commenter that
compliance with the care coordination arrangements safe harbor, as with
all Federal anti-kickback statute safe harbors, is voluntary, and
Medicare Advantage plans, or their contractors, may continue to seek
protection under other existing safe harbors.
Comment: Several commenters expressed concern that the prohibition
on marketing and patient recruitment activities may conflict with
existing CMS rules regarding discharge planning, or, at the very least:
(i) Be inconsistent with the concept of a preferred provider network
operating within the context of a VBE; or (ii) potentially limit VBE
participants' ability to inform patients of the availability of items
and services during the discharge planning process.
Response: The prohibition on the marketing of items and services
and patient recruitment activities, as finalized, relates specifically
to the remuneration exchanged. Thus, for example, if a skilled nursing
facility provides remuneration to a hospital under a value-based
arrangement in the form of a discharge planner, the discharge planner
could not market or recruit patients to the skilled nursing facility;
doing so would prevent the value-based arrangement from qualifying for
safe harbor protection. Nothing in the safe harbor prevents the
hospital from informing patients about available skilled nursing
facilities during the discharge planning process.
This prohibition is not inconsistent with current CMS hospital
conditions of participation regarding discharge planning, which require
(among other conditions) that hospitals provide a comprehensive list of
certain post-acute care providers, as applicable, to patients prior to
discharge.\46\ Providing a comprehensive list of post-acute care
providers would not constitute exchanging or using remuneration for
marketing or patient recruitment for safe harbor purposes. This would
be true even if the discharge planner provided to the hospital in the
prior example were the person furnishing the list to patients, provided
the discharge planner did not market or recommend the skilled nursing
facility or another VBE participant on the list.
---------------------------------------------------------------------------
\46\ 42 CFR 483.42(c).
---------------------------------------------------------------------------
This prohibition is not inconsistent with the potential for a
preferred provider network to operate within the context of a VBE.
Using the above discharge planner example, the remuneration could
comply with the marketing and patient recruitment activity prohibition
if, for example, the discharge planner only provides written
educational materials regarding the preferred provider network to
target patient population members and does not actively recruit
patients to the skilled nursing facilities in the preferred provider
network and does not market or recommend any particular provider on the
list. It is incumbent on parties seeking to establish and operate
preferred provider networks to do so in a manner that complies with all
pertinent regulations, and our safe harbor requirements are not
intended to interfere with or supplant other compliance obligations.
Comment: A commenter expressed concern that the proposed
prohibition on marketing and patient recruitment would bar a VBE from
publishing quality improvement or cost reduction data. The commenter
declared that VBEs should be permitted to share performance data
regarding VBE participants to help inform patient choice.
Response: We would not consider the publication of quality and cost
data to constitute marketing or patient recruitment activity.
Therefore, parties to a value-based arrangement could exchange
remuneration for the purpose of publishing such data, and we believe
such data may be beneficial to inform patient choice.
Comment: To mitigate OIG's concerns regarding marketing, a
manufacturer suggested that OIG include as an additional safe harbor
requirement that VBE participants disclose their participation in the
VBE to patients, similar to the Medicare Shared Savings Program
beneficiary notice requirements.
Response: We thank the commenter for its suggestion. As noted
elsewhere in this rule, we did not propose a patient notice requirement
in the OIG Proposed Rule and are not including a patient notice
requirement for reasons explained elsewhere. However, VBE participants
are not prohibited, as noted above, from utilizing notices to
transparently disclose their participation in a VBE to patients.
k. Monitoring and Assessment
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ee)(8) that the VBE, a VBE participant in the value-based
arrangement acting on the VBE's behalf, or the VBE's accountable body
or responsible person monitor and assess, no less frequently than
annually, or once during the term of the value-based arrangement for
arrangements with terms of less than 1 year: (i) The coordination and
management of care for the target population in the value-based
arrangement; (ii) any deficiencies in the delivery of quality care
under the value-based arrangement; and (iii) progress toward achieving
the evidence-based, valid outcome measure(s) in the value-based
arrangement. We further proposed to require that the party conducting
such monitoring and
[[Page 77748]]
assessment report the results of the monitoring and assessment to the
VBE's accountable body or responsible person (if the VBE's accountable
body or responsible person is not itself conducting the monitoring and
assessment).
Summary of Final Rule: We are finalizing the monitoring and
assessment requirement, with modifications, at paragraph
1001.952(ee)(9). We are requiring that the VBE, a VBE participant in
the value-based arrangement acting on the VBE's behalf, or the VBE's
accountable body or responsible person reasonably monitor and assess
the following, no less frequently than annually, or once during the
term of the value-based arrangement for arrangements with terms less
than 1 year: (i) The coordination and management of care for the target
patient population in the value-based arrangement; (ii) any
deficiencies in the delivery of quality care under the value-based
arrangement; and (iii) progress toward achieving the legitimate outcome
or process measure(s) in the value-based arrangement. We are revising
the proposed language--from specific evidence-based, valid outcome
measure(s) to legitimate outcome or process measure(s)--to align with
the standard for outcomes measures finalized in paragraph
1001.952(ee)(4), discussed at section III.B.3.b.
We also require that the party conducting such monitoring and
assessment report their findings to the VBE's accountable body or
responsible person (if the VBE's accountable body or responsible person
is not itself conducting the monitoring and assessment). Finally, we
are making a technical correction by adding ``the following'' and ``of
the following'' to the introductory language of the paragraph for
greater clarity about what must be monitored and assessed.
Comment: Many commenters supported an annual monitoring and
assessment requirement, where monitoring is tailored to the complexity
and sophistication of the VBE and VBE participants. A physician trade
organization recommended that OIG require monitoring and assessment of
a value-based arrangement's value-based activities instead of the
coordination and management of care for the target patient population,
and another commenter asserted that OIG should require monitoring and
assessment of whether value-based activities meet any of the value-
based purposes. A commenter urged that the monitoring and assessment
provision require monitoring of utilization, referral patterns, and
expenditure data to ensure that abuse is curtailed, and gaming is
reduced. Another commenter supported heightened standards and
conditions for monitoring and assessment but did not specify any such
standards and conditions. Some commenters opposed a monitoring and
assessment requirement, with a commenter stating that writing-related
safeguards are sufficient to protect against fraud and abuse.
Response: We are finalizing a monitoring and assessment requirement
because we believe it is a critical safeguard to ensure oversight of
the value-based arrangement. We are not adopting the suggestion to
expand the condition to require monitoring of all value-based
activities instead of the coordination and management of the care for
the target patient population. Paragraph 1001.952(ee)(1)(ii) of this
safe harbor requires the remuneration exchanged to be used
predominantly to engage in value-based activities related to the
coordination and management of care for the target patient population;
consequently, we believe that it is appropriate to require the
monitoring and assessment to focus on this value-based purpose. Under
this requirement, the responsible party must monitor and assess whether
and how the coordination and management of care is being implemented.
``Coordination and management of care'' is defined at paragraph
1001.952(ee)(14) for purposes of this safe harbor as the deliberate
organization of patient care activities and sharing of information
between two or more VBE participants or VBE participants and patients,
tailored to improving the health outcomes of the target patient
population, in order to achieve safer and more effective care for the
target patient population. Thus, we expect any monitoring and
assessment to evaluate how the value-based arrangement is or is not
achieving this value-based purpose, as defined in this final rule. The
monitoring and assessment may identify opportunities to reevaluate the
value-based activities the parties are undertaking and the manner in
which they are undertaking them to improve their chances of achieving
this value-based purpose.
While we are not requiring monitoring and assessment of
utilization, referral patterns, and expenditure data, monitoring and
assessment of such data may be a best compliance practice for many
arrangements, depending on the complexity and sophistication of the VBE
participants, the VBE, and the value-based arrangement and available
resources. We have added ``reasonably,'' to the monitoring and
assessment provision to codify that, for all value-based arrangements,
monitoring and assessment should be reasonable in relation to the
complexity and sophistication of the VBE participants, the VBE, and the
value-based arrangement and available resources.\47\ We would expect
parties to do as much as is appropriate based on the complexity and
sophistication of the VBE participants, the VBE, and the value-based
arrangement and available resources, but nothing in this provision
should be construed to stop parties from having more robust monitoring
and assessment processes than those described herein. This requirement
both: (i) Provides flexibility for VBE participants associated with
smaller, less-sophisticated VBEs and value-based arrangements to
effectuate relatively more modest monitoring and assessment processes;
and (ii) requires VBE participants associated with more complex and
sophisticated VBEs and value-based arrangements to develop and operate
appropriately complex and robust monitoring and assessment processes.
---------------------------------------------------------------------------
\47\ 84 FR 55713 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: A commenter expressed concern that the annual monitoring
and assessment requirement may have limited impact unless: Patients
have a clearly articulated pathway for communicating and resolving
concerns; outcome measures are valid and reflect outcomes important to
patients; and results are reported to the Department or another
oversight entity. Another commenter asked OIG to provide more
information on the monitoring and assessment requirement and,
specifically, to outline the reporting, auditing, and general oversight
requirement of each VBE participant in the VBE.
Response: We appreciate the commenter's concern regarding the
potential limited impact of the monitoring and assessment requirement.
We are not requiring parties to value-based arrangements to establish
specific protocols for receiving and addressing patient concerns or to
report data to the Department, except as otherwise set forth in
paragraph 1001.952(ee)(12), which requires that the VBE or VBE
participant make available to the Secretary, upon request, all
materials and records sufficient to establish compliance with the
conditions of this safe harbor. However, we are finalizing the
requirement for parties to establish one or more legitimate outcome or
process measures, and to monitor and assess certain information.
[[Page 77749]]
Specifically, to comply with the monitoring and assessment
requirement, either the VBE, a VBE participant in the value-based
arrangement acting on the VBE's behalf, or the VBE's accountable body
or responsible person must reasonably monitor and assess: (i) The
coordination and management of care for the target patient population
in the value-based arrangement; (ii) any deficiencies in the delivery
of quality care under the value-based arrangement; and (iii) progress
toward achieving the legitimate outcome or process measure(s) in the
value-based arrangement. While, as stated above, the final safe harbor
does not require the establishment of specific monitoring and
assessment protocols or prescribe how VBEs must receive and address any
patient concerns, we note that, as part of any VBE's regular monitoring
activities, it would be a good compliance practice to establish a
mechanism through which patients and others could submit reports
related to, for example, deficiencies in the delivery of quality care
under the value-based arrangement. Further, it would be a good
compliance practice, as part of any VBE's regular monitoring and
assessment activities, to assess any credible reports of, for example,
deficiencies in the delivery of quality care under the value-based
arrangement to determine their validity and any potential triggering of
the termination and corrective action provision.
Again, the final rule does not prescribe a one-size-fits-all
approach for monitoring and assessment, nor does it specify the
reporting, auditing, and general oversight requirement of each VBE
participant in the VBE. This lack of specificity is designed to allow
VBEs (and their VBE participants) flexibility to establish a monitoring
and assessment program that is reasonable for that particular VBE and
value-based arrangement. As stated above, the monitoring and assessment
processes for each value-based arrangement should be reasonable in
relation to the complexity and sophistication of the VBE, VBE
participants, and value-based arrangement. Given the flexibility
parties have to form VBEs and value-based arrangements of varying
levels of complexity, we anticipate that the monitoring and assessment
processes for the diverse value-based arrangements that could be
protected by this safe harbor may vary.
Comment: A commenter expressed concern that, if the party
responsible for monitoring and assessment does not comply with the
requirements of the safe harbor, that party's noncompliance places
other parties at risk through no fault of their own.
Response: A safe harbor applies only where each condition of the
safe harbor is squarely met. Therefore, if the party responsible for
monitoring and assessment does not perform its responsibility in
accordance with the safe harbor requirements, the remuneration
exchanged pursuant to the value-based arrangement would not receive
protection. However, where another party has done everything that it
reasonably could to comply with the safe harbor requirements applicable
to that party but the remuneration exchanged loses safe harbor
protection as a result of another party's noncompliance, the party's
efforts to take all possible reasonable steps would be relevant in a
determination of whether such party had the requisite intent to violate
the Federal anti-kickback statute.
Comment: Commenters expressed concern regarding, and urged
flexibility for, the requirement for monitoring and assessment of
progress toward evidence-based outcome measures. For example, a
commenter asserted that participants to a new value-based arrangement
need time to achieve success, as evidenced by the performance results
of Medicare Shared Saving Program, and may not be able to progress
quickly towards the outcome measures. Commenters noted that factors
beyond a provider's control can impact outcomes and that interventions
such as primary care, preventive services, and chronic care management
may yield benefits that take numerous years to materialize.
Response: For a number of reasons, we believe the responsible party
or parties should monitor and assess progress toward the outcome or
process measure(s) the parties establish. Such monitoring and
assessment may reveal whether efforts to achieve the outcome measure(s)
have led to improvements or deficiencies in patient care; whether the
outcome measure(s) the parties initially established continue to be the
best goalposts for achieving one or more value-based purposes; and
whether the items or services the offeror provided under the value-
based arrangement, such as care coordination services, are effective
tools for driving beneficial changes in care delivery. We agree with
commenters that factors beyond a VBE participant's control could impact
outcomes and that benefits of outcome measures could manifest over a
longer timeframe; for this reason, the requirement for monitoring and
assessment does not mandate that the parties achieve the outcome or
process measure(s) on any particular timeframe.
l. Termination of the Arrangement
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(ee)(9) that the parties terminate the value-based arrangement
within 60 days if the VBE's accountable body or responsible person
determines that the value-based arrangement: (i) Is unlikely to further
the coordination and management of care for the target patient
population; (ii) has resulted in material deficiencies in quality of
care; or (iii) is unlikely to achieve the evidence-based, valid outcome
measure(s). We said we were considering for the final rule, and sought
comments on, an alternative to the proposed termination requirement
that would instead allow for remediation--within a reasonable
timeframe--before any required termination.
Summary of Final Rule: We are finalizing, with modifications, a
termination provision for this safe harbor at paragraph
1001.952(ee)(10). Under the final rule, if the VBE's accountable body
or responsible person determines, based on the monitoring and
assessment conducted pursuant to paragraph 1001.952(ee)(9), that the
value-based arrangement has resulted in material deficiencies in
quality of care or is unlikely to further the coordination and
management of care of the target patient population, the parties must,
within 60 days, either terminate the arrangement or develop and
implement a corrective action plan designed to remedy the deficiencies
within 120 days and, if the corrective action plan fails to remedy the
deficiencies within 120 days, terminate the value-based arrangement.
Comment: Some commenters expressed support for our proposed
termination requirement, but many expressed concerns about what it
would mean in practice. Many commenters supported the alternative we
described in the preamble to the proposed rule that would allow for
remediation, within a reasonable timeframe, before any required
termination. These commenters noted a variety of operational and policy
concerns with mandating termination within 60 days. For example, some
commenters noted that complex arrangements may require more than 60
days to unwind responsibly. Some commenters suggested that a cure
period be permitted where the VBE determines that a plan of correction
may be devised to cure the deficiencies, and others suggested that
remediation should be an option, but not a requirement. With respect to
the length of a remediation
[[Page 77750]]
period during which parties could develop and implement a corrective
action plan, commenters suggested a variety of time periods, ranging
from 90 days to 1 year. Multiple commenters suggested a 120-day period.
Another commenter suggested that any termination requirement should be
suspended indefinitely as long as the parties are working in good faith
to implement a corrective action plan. A commenter also noted that
there is a difference between arrangements that are not making progress
and those that are causing harm and suggested that the latter require
immediate termination. Finally, a commenter requested that OIG clarify
that parties do not have an obligation to assess for any events that
trigger the termination provision on an ongoing basis, but instead are
required to do so annually or prior to renewal of an agreement.
Response: We appreciate commenters' concerns regarding the
potential challenges associated with requiring termination within 60
days if the VBE's accountable body or responsible person determines one
or more of the triggering events has occurred. Several changes in the
final rule address many of the concerns expressed by the commenters.
The final rule provides more flexibility by requiring the parties,
within 60 days, either to terminate the arrangement or to develop and
implement a corrective action plan in the event the VBE's accountable
body or responsible person determines that the value-based arrangement
has resulted in material deficiencies in quality of care or is unlikely
to further the coordination and management of care for the target
patient population. The option for corrective action plans is
consistent with our statements in the OIG Proposed Rule that we were
considering allowing for remediation within a reasonable timeframe and
that our goal is a reasonable but also prompt termination of
arrangements that are no longer serving the goals for which safe harbor
protection is offered.
The final rule does not require the parties to terminate the
arrangement or implement a corrective action plan if the VBE's
accountable body or responsible person determines that the value-based
arrangement is unlikely to achieve its legitimate outcome or process
measures. This safe harbor does not require the recipient to achieve an
outcome or process measure. Also, the safe harbor permits the parties
to the value-based arrangement to modify outcome or process measures
prospectively, as long as other elements of the safe harbor continue to
be met (for example, a change to an outcome measure would be a material
change to the value-based arrangement that would need to be documented
in writing and signed by the parties, in accordance with paragraph
1001.952(ee)(3)).
With respect to the option to develop and implement a corrective
action plan, the final rule requires that such plan be designed to
remedy the identified deficiencies within 120 days. If the corrective
action plan fails to remedy the deficiencies within 120 days, the
parties are required to terminate the value-based arrangement, and safe
harbor protection for remuneration exchanged pursuant to the value-
based arrangement would no longer be available. We selected a 120-day
period based on recommendations from commenters and because we believe
this time period is both long enough to allow a meaningful opportunity
to remediate the deficiencies and short enough to necessitate diligent
attention by the parties.
With respect to the commenter who asserted that a determination
that the value-based arrangement has resulted in patient harm should
require immediate termination, we appreciate the commenter's concern,
and we agree that such a determination is a serious finding that should
prompt immediate attention by the parties. We did not include a
``patient harm'' provision in the OIG Proposed Rule because incidents
of patient harm will always be ``material deficiencies in quality of
care,'' that would trigger this condition. However, not all material
deficiencies in quality of care necessarily mean that there has been
patient harm.
Finally, with respect to the commenter that requested clarification
regarding the frequency with which parties must assess for any events
that would trigger the termination or corrective action provision, we
note that, consistent with the OIG Proposed Rule, this final rule ties
the termination of the value-based arrangement or implementation of a
corrective action to certain triggering events identified through
``monitoring and assessment.'' Monitoring and assessment must occur no
less frequently than annually or at least once during the term of the
value-based arrangement for arrangements with terms of less than 1
year. Thus, at a minimum, the party or parties responsible for
monitoring and assessment must monitor the matters listed in the
regulation at paragraph 1001.952(ee)(9) and report the results so that
the accountable body or person can make a determination as to whether
any of the events that trigger the termination or corrective action
provision have occurred. We note that it would be a best compliance
practice to ensure monitoring and assessment also involves receiving
and assessing reports and other information related to the
circumstances that must be monitored and assessed (e.g., deficiencies
in the delivery of quality care under the value-based arrangement).
These reports would inform the accountable body or responsible person's
determination regarding termination or corrective action under
paragraph 1001.952(ee)(10).
Comment: A commenter expressed concern that the safe harbor
contains too much deference to the subjective beliefs and
determinations of the VBE participants, who the commenter asserts are
self-interested. The commenter recommended that the termination
provision in the safe harbor be revised to require termination if the
information available to the VBE's accountable body or responsible
person indicates that a triggering event has occurred. The commenter
also recommended that the safe harbor specify that the VBE bears the
burden of proof with respect to the question of whether the information
available to the VBE's accountable body or responsible person required
termination of the value-based arrangement.
Response: We believe that the revisions we are adopting in this
final rule, which require termination or a corrective action plan if
the VBE's accountable body or responsible person reaches one of two
determinations help to mitigate the commenter's concerns regarding
excessive deference to the subjective beliefs of the VBE participants.
We do not believe it is necessary to specify that the VBE bears the
burden of proof with respect to whether termination was required
because any party seeking to avail themselves of the protection of a
safe harbor generally bears the burden of proof that they meet the
requirements of the safe harbor.
Comment: Several commenters raised concerns regarding our proposal
to require termination if the VBE's accountable body or responsible
person determines that the value-based arrangement is unlikely to
achieve the evidence-based, valid outcome measure(s). For example,
several commenters noted that it may take time to see results and that
results may plateau at certain times. Commenters suggested that this
provision may result in parties' prematurely judging an arrangement's
success or failure and that 60 days was an arbitrary timeframe. Another
commenter expressed concern that the termination provision implies that
an arrangement could move in and
[[Page 77751]]
out of compliance with the safe harbor as performance changes from
month to month. Another commenter requested that participants be
permitted to modify measures prospectively, rather than have to
terminate the value-based arrangement.
Response: We appreciate the concerns raised by commenters, and we
are not finalizing the proposed requirement that the parties terminate
the arrangement if the VBE's accountable body or responsible person
determines that the value-based arrangement is unlikely to achieve the
outcome measure(s). We believe that requiring termination, or a
corrective action plan, upon such a determination is at odds with other
elements of this safe harbor. As we have stated elsewhere, this safe
harbor does not require that the value-based arrangement result in a
particular level of performance on the outcome or process measure. It
requires that the parties identify an outcome or process measure and
that the outcome or process measure relates to the remuneration
exchanged under the arrangement. We also wish to clarify that the safe
harbor permits the parties to modify the outcome or process measure
prospectively during the term of the agreement, as long as the other
elements of the safe harbor continue to be met and the modification is
memorialized in a writing signed by the parties.
We caution, however, that this safe harbor separately requires the
VBE, a VBE participant in the value-based arrangement acting on the
VBE's behalf, or the VBE's accountable body or responsible person to
reasonably monitor, assess, and report progress toward achieving the
outcome or process measure. There may be circumstances where such
monitoring and assessment of outcome or process measure progress may
generate a finding that indicates that the value-based arrangement no
longer meets all of the requirements of the safe harbor. For example,
the finding may indicate that the remuneration exchanged is not being
used predominantly to engage in value-based activities that are
directly connected to the coordination and management of care for the
target patient population. Thus, while we are not creating an
affirmative obligation to terminate or enter into a corrective action
plan based on a determination that the value-based arrangement is
unlikely to achieve the selected outcome or process measure, we caution
that parties to a value-based arrangement who wish to be protected
under the safe harbor should periodically evaluate compliance with safe
harbor standards.
m. Diversion, Resell, or Use for Unlawful Purposes
Summary of OIG Proposed Rule: In proposed paragraph
1001.952(ee)(10), we proposed that an exchange of remuneration would
not be protected under the care coordination arrangements safe harbor
if the offeror knows or should know that the remuneration is likely to
be diverted, resold, or used by the recipient for an unlawful purpose.
Summary of Final Rule: We are finalizing, without modification,
this requirement at paragraph 1001.952(ee)(11).
Comment: We received very few comments on this proposal. Some
commenters expressed support for the provision, while another commenter
raised concerns that this standard would be difficult for individual
providers and small group practices to understand and comply with
because the standard is not specifically defined.
Response: We believe that the standard is straightforward. Where an
offeror knows, or should know, that the recipient is likely to divert
or resell the remuneration, or otherwise use it for an unlawful
purpose, the remuneration is not protected by the safe harbor. This
could arise in cases where the recipient's intended diversion is overt.
For example, where a recipient expressly states its intent to sell the
items received from the offeror to third parties, it would make clear
its intended diversion. It can also arise, for example, where the
nature or scope of the remuneration offered to the recipient is such
that the offeror should know that diversion or resale is likely, such
as where a VBE participant provides remuneration far in excess of what
could reasonably be needed for the recipient to undertake the value-
based activity for which the remuneration is intended and the
remuneration is transferable in nature. For example, if a VBE
participant provides handheld tablets to another VBE participant to
facilitate coordination and management of care, but the offeror
provides substantially more tablets than could reasonably be used by
the recipient for the intended purpose (e.g., 100 tablets when ten are
objectively sufficient for the intended use), then the offeror might
reasonably know that the recipient is likely to divert or resell the
excess tablets. In sum, this standard is an explicit statement of what
is otherwise implicit in the conditions of the care coordination
arrangements safe harbor: The exchange of remuneration that the offeror
knows or should know is likely to be diverted, resold, or used by the
recipient for purposes other than the coordination and management of
care of a target patient population would not be protected under this
safe harbor.
n. Materials and Records
Summary of OIG Proposed Rule: To enhance transparency, we proposed
a requirement at proposed paragraph 1001.952(ee)(11) that VBE
participants or the VBE make available to the Secretary, upon request,
all materials and records sufficient to establish compliance with the
conditions of this safe harbor. We solicited comments regarding whether
we should require parties to maintain materials and records for a set
period of time (e.g., at least 6 years or 10 years).
Summary of Final Rule: We are finalizing, with modifications, the
materials and records requirement at paragraph 1001.952(ee)(12). The
final rule specifies that, for a period of at least 6 years, the VBE or
its VBE participants must maintain records and materials sufficient to
establish compliance with the conditions of the safe harbor.
Comment: While we received relatively few comments on this
condition, commenters were generally supportive of our proposal. In
response to our solicitation regarding whether we should require
parties to maintain materials and records for a set period of time,
e.g., 6 years or 10 years, multiple commenters were in favor of a 6-
year retention period, with one stating that this approach would
facilitate alignment with CMS's proposed rule and existing HIPAA
requirements.
Response: We are persuaded that a 6-year retention period will
promote transparency while aligning with the corresponding requirement
in CMS's final rule. We have modified the relevant provisions in the
care coordination arrangements, substantial downside financial risk,
and full financial safe harbors.
Comment: A commenter questioned the need for a materials and
records requirement because maintenance of these materials is already
part of any compliance program. The same commenter further questioned
whether OIG would bring an investigation or pursue a Federal anti-
kickback statute case based solely on the failure to satisfy a
documentation requirement rather than the underlying substantive
safeguards.
Response: We continue to believe this requirement promotes
transparency and gives parties notice that the Secretary may request
materials and records
[[Page 77752]]
sufficient to demonstrate compliance with the care coordination
arrangements safe harbor. We further note that not all parties seeking
protection under this safe harbor may have a compliance program or may
have developed one that requires maintenance of materials and records
for less than 6 years.
Safe harbors offer voluntary protection from liability under the
Federal anti-kickback statute for specified arrangements, and no entity
or individual is required to fit within a safe harbor. Failure to fit
within a safe harbor does not mean a party has violated--or even
implicated--the Federal anti-kickback statute, it simply means the
party may not look to the safe harbor for protection for that
arrangement. For a party to assert safe harbor protection, all of the
safe harbor's conditions must be satisfied, including any condition
related to materials and records. Further, it would be prudent for any
party relying on a safe harbor to protect certain remuneration to
document in some form compliance with that safe harbor. Decisions
regarding enforcement actions are made based on application of the
Federal anti-kickback statute to the specific facts and circumstances
presented by an arrangement.
Comment: A commenter stated that OIG should adopt additional
requirements related to materials and records, including
contemporaneous documentation of, among other things, the VBE's belief
that the value-based arrangement is reasonably designed to achieve a
value-based purpose, the specific basis for such belief, and the VBE's
reasonable anticipation that particular evidence-based, valid outcome
measures will advance the coordination and management of care of the
target patient population.
Response: We decline to require the specific requested
certifications. We intentionally drafted the materials and record
requirement broadly to avoid creating a list of all documentation that
parties must develop and maintain to comply with this condition of the
safe harbor. Moreover, we do not seek to increase administrative burden
by prescribing the manner in which parties must document their
compliance.
Comment: A health system stated that the proposed care coordination
arrangements safe harbor included burdensome reporting requirements and
expressed concern about the large volume of paperwork that would go
back and forth between ACOs and HHS or CMS.
Response: We disagree with the commenters' assertion that the
materials and records requirement is burdensome. To the extent parties
wish to avail themselves of the protection of this safe harbor, we
believe it is reasonable to require them to maintain documentation that
demonstrates their compliance with its terms. With respect to the
commenter's concern about the exchange of large volumes of paperwork,
we note that parties must only furnish such documentation to the
Secretary upon request. We do not anticipate this requirement will
necessitate frequent exchange of paperwork between, for example, an ACO
and OIG.
Comment: A medical device manufacturer expressed concern that
materials and records submitted to the Secretary pursuant to this
condition would be subject to the Freedom of Information Act or other
disclosure requirements. The manufacturer stated such materials could
include proprietary and confidential trade secret information.
Response: OIG is subject to the Freedom of Information Act (FOIA)
and the Department's FOIA regulations set forth at 45 CFR part 5. These
regulations provide that submitters of records may designate in writing
that all or part of the information contained in such records is exempt
from disclosure under FOIA exemption 4--covering trade secrets and
confidential commercial or financial information--at the time they
submit such records or within a reasonable time thereafter. The
Department, including OIG, will make reasonable efforts to notify
submitters of records if the Department determines that material that
submitters have designated as exempt from disclosure under FOIA
exemption 4 may have to be disclosed in response to a FOIA request.
Under the Department's FOIA regulations, submitters have an opportunity
to respond and, if desired, file a court action to prevent disclosure
of exempt records.
o. Additional Proposed Safeguards
i. Bona Fide Determination
Summary of OIG Proposed Rule: We considered a condition that would
require that, in advance of, or contemporaneous with, the commencement
of the applicable value-based arrangement, the VBE's accountable body
or responsible person make two bona fide determinations with respect to
the value-based arrangement: (i) The value-based arrangement is
directly connected to the coordination and management of care for the
target patient population; and (ii) the value-based arrangement is
commercially reasonable, considering both the arrangement and all
value-based arrangements within the VBE.\48\
---------------------------------------------------------------------------
\48\ 84 FR 55714 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are not finalizing the proposed
condition.
Comment: We received relatively few comments on this proposal.
Commenters either expressed general statements of support or
opposition, with a commenter who opposed the condition asserting that
such bona fide determinations would add unnecessary complexity to
demonstrating compliance with the safe harbor.
Response: We are not finalizing this requirement. We believe the
goal of this proposed safeguard--ensuring appropriate oversight by the
VBE's accountable body or responsible person--is achieved through the
combination of other conditions included in this safe harbor. We do not
believe this condition is needed to prevent fraud or abuse in light of
the totality of other conditions we are finalizing in this rule.
ii. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We considered, and sought comment on,
a condition prohibiting VBEs or VBE participants from billing Federal
health care programs, other payors, or individuals for the remuneration
exchanged under the value-based arrangement; claiming the value of the
remuneration exchanged under the value-based arrangement as a bad debt
for payment purposes under a Federal health care program; or otherwise
shifting costs to a Federal health care program, other payors, or
individuals.
Summary of Final Rule: We are not finalizing the proposed
condition.
Comment: We received comments expressing either general support for
or opposition to this proposed safeguard. For example, in support of
finalizing a cost-shifting prohibition, a commenter stated that a
value-based enterprise's decision to offer remuneration in the context
of a value-based arrangement should not make other parties financially
responsible for such payments. A commenter argued that this proposed
safeguard, among others, would be duplicative of other requirements in
the safe harbor or be incompatible with or irrelevant in a value-based
system. The commenter asserted that the additional safeguards proposed
by OIG, including a prohibition on cost-sharing, would create an
additional barrier to value-based arrangements rather than breaking
down barriers that already exist. Other commenters, including Tribal
organizations, advocated against the
[[Page 77753]]
inclusion of a cost-shifting prohibition, stating such a safeguard is
unnecessary because improvements in care coordination result in overall
savings to the Federal Government even if they result in additional
referrals or payments by Medicare and Medicaid.
Response: Having considered the comments, we are not finalizing a
cost-shifting prohibition. On balance, we conclude that the combination
of conditions in the final safe harbor will adequately protect against
fraud and abuse risks, and an additional safeguard related to cost-
shifting is not necessary in the context of the value-based safe
harbors. We did not intend to limit appropriate billing of Federal
health care programs or other payors for medically necessary items and
services furnished in connection with value-based care. As we explained
in the OIG Proposed Rule, we do not want to exclude arrangements from
safe harbor protection that involve legitimate shifting of costs that
result from achieving care coordination goals or other value-based
purposes. As we explained, depending on the arrangement, one might
expect to see increases in primary care costs or costs for care
furnished in home and community settings paired with reductions in
unnecessary hospitalizations, duplicative testing, and emergency room
visits; one also might see increases in remote monitoring or care
management services. Parties remain responsible for billing Federal
health care programs and other payors in accordance with their program
rules.
iii. Fair Market Value Requirement and Restriction on Remuneration Tied
to the Volume or Value of Referrals
Summary of OIG Proposed Rule: We stated that we were considering
including one or both of the following conditions in the care
coordination arrangements safe harbor: (i) A fair market value
requirement on any remuneration exchanged pursuant to a value-based
arrangement; and (ii) a prohibition on VBE participants determining the
amount or nature of the remuneration they offer, or the VBE
participants to whom they offer such remuneration, in a manner that
takes into account the volume or value of referrals or other business
generated, including both business or patients that are part of the
value-based arrangement and those that are not.
Summary of Final Rule: We are not finalizing either proposed
condition in the care coordination arrangements safe harbor.
Comment: While we received some comments expressing support for
these conditions, the overwhelming majority of commenters opposed the
inclusion of a fair market value requirement or of a prohibition on
determining the amount or nature of the remuneration in a manner that
takes into account the volume or value of referrals or other business
generated. While varying in their rationales, commenters generally
asserted that including either safeguard would constrain care
coordination efforts. Several commenters supported the condition that
would prohibit taking into account the volume or value of referrals but
recommended limiting this condition to patients who are not part of the
value-based arrangement.
Response: In this final rule, we are not adopting a blanket
prohibition on determining the amount or nature of remuneration in a
manner that takes into account the volume or value of referrals or
other business generated; rather, we are finalizing a narrower
prohibition that the offeror of the remuneration cannot take into
account the volume or value of, or condition an offer of remuneration
on: (i) Referrals of patients that are not part of the value-based
arrangement's target patient population; or (ii) business not covered
under the value-based arrangement. We stated in the OIG Proposed Rule,
and we continue to believe, that fair market value requirements and
restrictions that prohibit paying remuneration based on the volume or
value of referrals help ensure that protected payments are for
legitimate purposes and are not kickbacks. For this reason, we included
a safeguard in paragraph 1001.952(ee)(5) that requires, as a condition
of safe harbor protection, that the offeror not take into account the
volume or value of, or condition remuneration on, business or patients
not covered under the value-based arrangement. This approach is
consistent with our proposal in paragraph 1001.952(ee)(5), as well as
the comments summarized above recommending that we limit any volume or
value condition to patients who are not part of the value-based
arrangement.
However, we also acknowledge commenters' concerns that legitimate
care coordination arrangements may naturally involve referrals across
provider settings. In this final rule, therefore, we have not finalized
a fair market value requirement or a prohibition on determining the
amount or nature of remuneration in a manner that takes into account
the volume or value of referrals or other business generated. Instead,
we have relied on other program integrity safeguards so that the safe
harbor will protect beneficial care coordination arrangements while
precluding protection for pay-for-referral schemes that do not serve,
and may be contrary to, the goals of coordinated care and the shift to
value. These safeguards operate to preclude safe harbor protection for
abusive arrangements such as a provider churning patients through care
settings to capitalize on a reimbursement scheme or otherwise generate
revenue and arrangements where VBE participants offer, or are required
to provide, remuneration to receive referrals or to be included in a
``preferred provider network'' (i.e., ``pay-to-play'' arrangements).
In response to commenters' concerns that a fair market value
requirement would constrain the kinds of care coordination arrangements
that we intend to protect, we also are not finalizing a fair market
value requirement. However, we have included a commercial
reasonableness standard in this safe harbor, which requires that the
value-based arrangement be commercially reasonable, considering both
the arrangement itself and all value-based arrangements within the VBE.
We believe this commercial reasonableness standard, in combination with
the other safe harbor conditions, appropriately balances program
integrity concerns and the need to facilitate innovative value-based
arrangements.
iv. Additional Requirements for Dialysis Providers
Summary of OIG Proposed Rule: In recognition of the unique
attributes of the dialysis industry (e.g., market dominance by a
limited number of dialysis providers), we expressed concern in the OIG
Proposed Rule that participation by dialysis providers in value-based
arrangements could present increased fraud and abuse risks.
Accordingly, we solicited comments on potential additional safe harbor
conditions specific to dialysis providers to ensure that their care
coordination arrangements operate to improve the management and care of
patients and are not pay-for-referral schemes. We stated that we were
considering including conditions such as enhanced monitoring,
reporting, or data submission.
Summary of Final Rule: We are not finalizing additional conditions
on dialysis providers in the care coordination arrangements safe
harbor.
Comment: Commenters generally opposed additional conditions on
dialysis providers on the basis of one or both of the following
arguments: (i)
[[Page 77754]]
ESRD patients would stand to benefit the most from the care
coordination arrangements safe harbor (highlighting, for example, the
fact that such patients require care across multiple providers); and
(ii) OIG's concerns regarding market consolidation were misplaced.
Other commenters stated additional safeguards were not necessary for
dialysis providers based on data indicating improved quality of care
for ESRD patients and reduction of costs. In contrast, an association
representing dialysis providers shared OIG's concerns that the unique
characteristics of the highly concentrated dialysis market posed unique
and significant fraud and abuse risks and encouraged OIG to develop
detailed methodologies and metrics to facilitate OIG's monitoring and
assessment of market consolidation and possible pay-for-referral
schemes, before permitting dialysis providers to use the value-based
safe harbors.
Response: While we are mindful of concerns created by a potential
decrease in competition among dialysis providers, we are persuaded that
the potential benefits of care coordination within the dialysis
community outweigh the concerns for a potential decrease in
competition. Accordingly, we are not imposing additional requirements
specific to dialysis providers in the care coordination arrangements
safe harbor.
v. Submission of Information to Department
Summary of OIG Proposed Rule: To promote transparency, we solicited
comments in the OIG Proposed Rule on a requirement, specific to the
care coordination arrangements safe harbor, for VBEs to submit certain
data to the Department that would identify the VBE, VBE participants,
and value-based arrangements.
Summary of Final Rule: We are not finalizing this proposed
requirement in the care coordination safe harbor.
Comment: Some commenters strongly supported a requirement for VBEs
to submit data to the Department or to a publicly available database
that would identify the VBE, VBE participants, and value-based
arrangements. A commenter supported an optional reporting requirement
and appeared to believe that any such data submission would result in
the applicable parties' automatically satisfying the safe harbor's
writing requirement.
Other commenters urged OIG not to adopt such a requirement and
provided various reasons for their position. For example, some
commenters stated that the requirement would be unduly burdensome or
that the administrative burden would outweigh any program integrity
benefit to the Department, while at least one commenter believed the
requirement could discourage implementation of value-based arrangements
or full compliance with the safe harbor. Another commenter asserted
that a requirement for VBEs to submit certain data to the Department
would be unnecessary in light of the proposed requirement for parties
to make available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of the
care coordination arrangements safe harbor. A commenter also expressed
concern that the materials and records submitted to the Department
could be subject to the Freedom of Information Act and misused by some
to gain access to potentially competitive, proprietary information
regarding trade secrets, commercial relationships, or value-based
arrangement business model information.
Response: To minimize burden, the final care coordination
arrangements safe harbor does not require VBEs to submit data to the
Department (e.g., data or information relating to the identity the VBE,
VBE participants, and value-based arrangements), unless records are
requested by the Secretary under the materials and records requirement.
OIG will continue to evaluate whether to modify this safe harbor in the
future. A better understanding of the structure of VBEs, likely VBE
participants, and the form of value-based arrangements could allow for
more effective oversight and identification of potential problems. OIG
maintains its oversight authorities to conduct audits and evaluations,
as well as criminal, civil, and administrative investigations of fraud
and misconduct related to Federal health care programs, operations, and
beneficiaries. Finally, we remind parties that they must make available
to the Secretary, upon request, all materials and records sufficient to
establish compliance with the conditions of a safe harbor, a required
at paragraph 1001.952(ee)(12).
p. Alternative Regulatory Structure
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we stated
that we were considering an alternative regulatory structure and
approach to protect care coordination and other value-based
arrangements that are not at full financial risk and are not part of a
CMS-sponsored model.\49\ Under the alternative approach, we stated that
we would rely on the personal services and management contracts safe
harbor at paragraph 1001.952(d) to allow greater flexibility for
innovation as arrangements become more closely aligned with value-based
purposes and the parties take on more downside financial risk.
---------------------------------------------------------------------------
\49\ 84 FR 55715-16 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are not finalizing the alternative
regulatory structure.
Comment: Several commenters opposed this alternative regulatory
approach. Some argued that it would not provide as clear a mechanism
for obtaining safe harbor protection for value-based arrangements as
the proposed value-based safe harbors and that a fair market value
requirement would create operational challenges. Another commenter
asserted that the alternative approach would not provide sufficient
protection against fraud and abuse and encouraged OIG to proceed with
the proposed value-based safe harbors. Another commenter expressed
support for the alternative regulatory structure to the extent OIG did
not adopt the value-based exceptions proposed by CMS.
Response: We thank commenters for their insights. While we believe
that the alternative approach of creating tiered protection using the
personal services and management contracts safe harbor at paragraph
1001.952(d) also would accomplish the objective of allowing greater
flexibility for innovation as the arrangements become more closely
aligned with value-based purposes and the parties take on more downside
financial risk, we concluded that the value-based framework described
in section III.B.1 of this preamble is better calibrated to achieve the
objectives of the Regulatory Sprint to Coordinated Care. We elected to
finalize the value-based framework because we agree with those
commenters who stated that the value-based framework would better
protect against fraud and abuse, and we were mindful of those
commenters who stated that the alternative approach would create
operational challenges.
Comment: A commenter suggested that OIG adopt a safe harbor
specific to value-based activities undertaken by an integrated delivery
system that includes a non-profit payor and a dedicated physician group
that includes physician owners and employees. According to the
commenter, the remuneration paid among the system's components presents
a low risk of fraud and abuse. Another commenter recommended that OIG
adopt a safe harbor for a limited set of arrangements that are pre-
approved by OIG to promote care coordination and management, reduce
costs, or
[[Page 77755]]
facilitate a transition to value-based care. According to the
commenter, the safe harbor should be limited to specific value-based
purposes delineated by OIG, with certification required for any
arrangements that have value-based purposes outside those identified by
OIG.
Response: We did not propose these suggested safe harbors, and
thus, we are not adopting them in this final rule. Depending on the
facts and circumstances, remuneration exchanged pursuant to an
arrangement between or among parties in an integrated delivery system
could be protected under one of the value-based safe harbors we are
finalizing in this final rule. With respect to the comment requesting a
safe harbor for arrangements that would be pre-approved by OIG and, in
certain instances, subject to certification requirements, we believe
that such an approach would be administratively unworkable and overly
burdensome. Parties who would like to recommend new safe harbors not
finalized in this rulemaking may do so by responding to OIG's annual
solicitation regarding the development of new or modified safe harbor
regulations.\50\
---------------------------------------------------------------------------
\50\ Section 1128D(a) of the Act (42 U.S.C. 1320a-7d(a)).
---------------------------------------------------------------------------
4. Value-Based Arrangements With Substantial Downside Financial Risk
(42 CFR 1001.952(ff))
Summary of OIG Proposed Rule: We proposed at paragraph 1001.952(ff)
a safe harbor for certain value-based arrangements involving the
exchange of remuneration between a VBE that assumes substantial
downside financial risk from a payor and a VBE participant that
meaningfully shares in the VBE's downside financial risk. We proposed
methodologies for determining substantial downside financial risk and
what it means to meaningfully share in risk (discussed further at
III.B.4.b). We proposed that the safe harbor would protect both
monetary and in-kind remuneration and explained that the safe harbor
would offer greater flexibility, compared to the care coordination
arrangements safe harbor at paragraph 1001.952(ee), in recognition of
the VBE's assumption of substantial downside financial risk. We
explained in the OIG Proposed Rule that the safe harbor could apply,
for example, to a value-based arrangement between an accountable care
organization that is a VBE and a network provider to share savings and
losses earned or owed by the accountable care organization, or between
a VBE that has contracted with a payor for an episodic payment and a
hospital and post-acute care provider that would be coordinating care
for the patients under the episodic payment. We proposed additional
conditions that would apply under the safe harbor, detailed in sections
III.B.4.c-q.
Summary of Final Rule: We are finalizing, with modifications, the
requirements of this safe harbor at paragraph 1001.952(ff). For a
value-based arrangement to be protected under this safe harbor, a VBE
must assume substantial downside financial risk from a payor under one
of three methodologies, and a VBE participant must assume a meaningful
share of the VBE's total risk, which share has been reduced, under the
first methodology, from 8 percent in the proposed rule to at least 5
percent in the final rule. The final provisions governing these levels
of risk are discussed at section III.B.4.b of this preamble. The safe
harbor, as finalized, protects both monetary and in-kind remuneration
exchanged pursuant to value-based arrangements between VBEs and VBE
participants. Other conditions finalized in the rule are explained in
detail at sections III.B.4.c-q. These conditions include: Ineligible
entities; inclusion of a 6-month ``phase-in'' period; requirements that
certain remuneration be used to engage in value-based activities and
directly connect to certain value-based purposes; writing and record
retention requirements; protections for patient choice and clinical
decision-making; protections against medically unnecessary services;
limits on marketing or patient recruitment; and limits on remuneration
that takes into account business or patients outside the value-based
arrangement. We are not finalizing the proposed limit on outside
funding of protected remuneration. The final safe harbor does not offer
protection for arrangements downstream of a VBE participant, such as
arrangements between two VBE participants. The final safe harbor
permits protection for payments made under the upstream risk-assumption
contracts between the VBE and the payor from whom the VBE assumes risk.
The final safe harbor at paragraph 1001.952(ff) may be used by
participants in CMS-sponsored models, if safe harbor conditions are
met, but it is primarily for other kinds of value-based arrangements,
including arrangements in the commercial market. We are separately
finalizing a safe harbor at paragraph 1001.952(ii) for CMS-sponsored
models (as defined) (see discussion at section III.B.7).
a. General Comments
Comment: While some commenters supported the substantial downside
financial risk safe harbor, others expressed concern that the safe
harbor is too complicated to be useful.
Response: We appreciate commenters highlighting their concerns. We
have revised the substantial downside financial risk safe harbor by
streamlining and clarifying its defined terms and conditions, which we
believe addresses these concerns. For example, in paragraph
1001.952(ff)(9), we provided additional clarity about the manner in
which parties must calculate savings and losses pursuant to
methodologies in the definition of ``substantial downside financial
risk.''
Comment: Multiple commenters urged OIG to align this safe harbor
with CMS's exception to the physician self-referral law for value-based
arrangements with meaningful downside financial risk in order to
facilitate their compliance efforts. Commenters generally favored the
risk thresholds proposed in the meaningful downside financial risk
exception to the physician self-referral law over the substantial
downside financial risk thresholds proposed in OIG's safe harbor.
Response: As with the OIG Proposed Rule, we coordinated with CMS in
the development of this final rule and aimed to promote alignment
between the two rules where possible. For a general discussion of the
rationale for our decision to finalize safe harbors that diverge in
certain aspects from the parallel exceptions to the physician self-
referral law, we refer readers to section III.A.1 of the preamble to
this final rule. With respect to the risk thresholds in CMS's rule, and
as discussed further below, we have determined that CMS's methodology
is not appropriate for this safe harbor because it focuses on physician
risk arrangements and remuneration rather than risk assumed at the VBE
level.
b. Definitions
i. Substantial Downside Financial Risk
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(8)(i) that a VBE would be at substantial downside
financial risk if it were subject to risk pursuant to one of four
methodologies: (i) Shared savings with a repayment obligation to the
payor of at least 40 percent of any shared losses, where loss is
determined based upon a comparison of costs to historical expenditures,
or to the extent such data is unavailable, evidence-based, comparable
expenditures; (ii) a
[[Page 77756]]
repayment obligation to the payor under an episodic or bundled payment
arrangement of at least 20 percent of any total loss, where loss is
determined based upon a comparison of costs to historical expenditures,
or to the extent such data is unavailable, evidence-based, comparable
expenditures; (iii) a prospectively paid population-based payment for a
defined subset of the total cost of care of a target patient
population, where such payment is determined based upon a review of
historical expenditures, or to the extent such data is unavailable,
evidence-based, comparable expenditures; or (iv) a partial capitated
payment from the payor for a set of items and services for the target
patient population where such capitated payment reflects a discount
equal to at least 60 percent of the total expected fee-for-service
payments based on historical expenditures or, to the extent such data
is unavailable, evidence-based, comparable expenditures of the VBE
participants to the value-based arrangements.
Summary of Final Rule: We are finalizing, with modifications, the
definition of ``substantial downside financial risk'' at paragraph
1001.952(ff)(9)(i). Based on comments, we are reducing the risk
threshold that parties must assume in order to meet the definition of
``substantial downside financial risk'' for the first payment
methodology (the ``Shared Savings and Losses Methodology'') to 30
percent, and we are clarifying that, under this methodology, savings
and losses must be calculated by comparing current expenditures for all
items and services that are covered by the applicable payor and
furnished to the target patient population to a bona fide benchmark
designed to approximate the expected total cost of such care. We are
clarifying that, for the second methodology, savings and losses must be
calculated by comparing current expenditures for all items and services
furnished to the target patient population pursuant to a defined
clinical episode of care that is covered by the applicable payor to a
bona fide benchmark designed to approximate the expected total cost of
care for the defined clinical episode of care (the ``Episodic Payment
Methodology''). We also clarify that, for the Episodic Payment
Methodology, the parties must design the clinical episode of care to
cover items and services furnished collectively in more than one care
setting. We are finalizing a revised partial capitation methodology
(the ``VBE Partial Capitation Methodology'') pursuant to which the VBE
is at substantial downside financial risk if the VBE receives from the
payor a prospective, per-patient payment that is: (i) Designed to
produce material savings; and (ii) paid on a monthly, quarterly, or
annual basis, for a predefined set of items and services furnished to
the target patient population designed to approximate the expected
total cost of expenditures for the predefined set of items and
services. Finally, we are not finalizing the proposed population-based
payment methodology because population-based payments may not, in all
circumstances, involve downside financial risk. For example, we
understand that at least some population-based payments do not put
providers at risk of receiving a lower reimbursement amount and instead
are used as a cash-flow mechanism to support provider investments in
care management tools.
Comment: Although we received some statements of support, the
overwhelming majority of commenters on this topic opposed our proposed
definition of ``substantial downside financial risk.'' These commenters
generally asserted that our proposed risk thresholds were too high,
particularly for the Shared Savings and Losses Methodology and
suggested other thresholds, such as 10 percent for the Shared Savings
and Losses Methodology. For example, a commenter asserted that our
proposed definition of ``substantial downside financial risk'' was not
aligned with the levels of risk assumed under other public and private
sector value-based payment initiatives and would serve as a barrier to
providers entering into risk-based arrangements. The same commenter
suggested that, in setting qualifying risk levels too high, OIG would
promulgate safe harbors that would be available only to sophisticated
entities that are able to take on high levels of financial risk (e.g.,
ACOs associated with large health systems). Another commenter stated
that our identified risk thresholds were arbitrary and biased against
smaller and rural health care providers because such providers likely
lack the capital reserves necessary to assume substantial downside
financial risk. Other commenters asserted that our view of risk was too
narrow by failing to consider the importance of upside financial risk,
contractual risk, clinical risk related to treating complex patients,
operational risk, and investment risk. At least one commenter urged OIG
to include financial risk that is assumed only in the event certain
quality benchmarks are not met.
Response: We solicited comments on whether the proposed risk
thresholds should be higher or lower, or whether some or all of the
methodologies should be modified to better capture the assumption of
substantial downside financial risk for items and services furnished to
patients or omitted from the final rule entirely. In response to
comments and based on further consideration of risk assumption
requirements used by Innovation Center models, we are reducing the risk
threshold required for the Shared Savings and Losses Methodology from
40 to 30 percent, and we are not including a risk threshold in the VBE
Partial Capitation Methodology. We are retaining the 20 percent risk
threshold for the Episodic Payment Methodology because we believe the
risk threshold proposed and finalized is consistent with the design of
episodic payment models in which health care stakeholders currently
participate, including Innovation Center models that adopt a similar
payment methodology. The risk thresholds in the final rule reasonably
reflect substantial downside financial risk under the three
methodologies for purposes of this safe harbor. Moreover, we believe
risk thresholds are necessary to mitigate traditional fraud and abuse
risks associated with payment systems that incorporate, in whole or in
part, fee-for-service reimbursement methodologies. Arrangements with
lower risk levels would be analyzed for compliance with the anti-
kickback statute on a fact-specific basis.
The requirement for the VBE to assume substantial downside
financial risk, as opposed to upside financial risk, contractual risk,
clinical risk related to treating complex patients, operational risk,
or investment risk, or financial risk that is assumed only in the event
certain quality benchmarks are not met, is appropriate because we are
not persuaded that other types of risk would provide as strong an
incentive to change ordering or referring behaviors of providers and
suppliers that might still be paid on a fee-for-service basis or
otherwise help ensure that safe-harbored arrangements would serve
appropriate value-based purposes. We believe the risk levels set in the
final rule will be substantial enough to reduce any traditional volume-
driven incentives to overutilize or increase program costs by ordering
and referring providers and to increase incentives to promote efficient
delivery of health care.
This safe harbor does not prevent the VBE from assuming other types
of risk from the payor suggested by commenters, e.g., investment risk,
contractual risk, and clinical risk related
[[Page 77757]]
to treating complex patients, as long as the VBE also assumes
substantial downside risk from a payor. However, we note that these
other types of risk may result in an exchange of remuneration that
implicates the Federal anti-kickback statute and must be separately
considered for compliance with the statute.
As discussed in section III.B.4.d below, a VBE and a payor that is
a VBE participant can enter into value-based arrangements to protect
remuneration under this safe harbor. The types of risk suggested by
commenters may be protected by this safe harbor if remuneration
exchanged and the associated value-based arrangements meet all
applicable conditions.
We appreciate the challenges associated with assuming risk that
certain smaller and rural providers may face. The definition of ``VBE''
affords parties significant flexibility and places no limit on the
number of providers that can participate in the VBE and work together
to assume substantial downside financial risk. We also highlight that
other safe harbors, including the care coordination arrangements safe
harbor, at paragraph 1001.952(ee), and the outcomes-based payments safe
harbor at paragraph 1001.952(d)(2), may be available for parties that
are not ready to assume the level of risk required by this safe harbor.
Comment: Commenters requested clarification on the practical
application of the methodology OIG proposed in the ``substantial
downside financial risk'' definition--shared savings with a repayment
obligation to the payor of at least 40 percent of any shared losses.
For example, a commenter asked whether the shared savings and losses
repayment calculation must be applicable to the entire value-based
enterprise or if it could be limited to a particular shared savings and
losses arrangement between specified VBE participants. Other commenters
asked whether the shared savings and losses repayment obligation could
be in the form of a forfeited withhold or risk-pool payment, as opposed
to an actual repayment of cash. Similarly, another commenter asserted
that this methodology should permit the assumption of risk through
front-end withholds or dues assessments. Another commenter asked how
the shared savings and losses percentage threshold should be calculated
if the sharing rate varies based on quality performance and other
adjustments.
Response: In response to commenters' request for additional detail,
we are clarifying that the Shared Savings and Losses Methodology
expressly requires that any losses and savings calculations take into
account all items and services that are covered by the applicable payor
and furnished to the target patient population, not simply those items
and services furnished by specified VBE participants. In other words,
the Shared Savings and Losses Methodology is dependent on the items and
services covered by the payor and provided to the target patient
population, not the specific composition of the VBE and its VBE
participants. For example, a VBE could not limit its risk for shared
savings and losses under this methodology for certain outpatient items
and services by only entering into value-based arrangements with a
narrow set of providers that only furnish care in outpatient settings.
In response to comments, we also are clarifying that this
methodology permits the assumption of risk prospectively or
retrospectively. As long as the VBE meets the requirements of the
Shared Savings and Shared Losses Methodology, as finalized, including
the requirement that losses and savings be calculated by comparing
certain expenditures to a bona fide benchmark designed to approximate
the expected total cost of the applicable care, this safe harbor does
not prescribe how the payor and VBE structure payments to effectuate
the VBE's risk.
Finally, under the Shared Savings and Losses Methodology, financial
risk must equal at least 30 percent of loss, where loss is determined
by comparing current expenditures for all items and services that are
covered by the applicable payor and furnished to the target patient
population to a bona fide benchmark designed to approximate the
expected total cost of such care. To satisfy the Shared Savings and
Losses Methodology, any adjustments based on quality performance or
other factors may not bring the financial risk below 30 percent of such
loss.
Comment: With respect to the second proposed methodology (the
Episodic Payment Methodology), some commenters asked whether such
arrangements could be prospective or retrospective. A commenter
asserted that we should add another episodic or bundled payment
arrangement methodology, similar to this methodology, but that requires
any repayment obligation for losses to equal, at a minimum, 20 percent
of historical expenditures. The commenter also requested that we
clarify that this methodology applies only to an ``episode of care''
that involves multiple care settings. Finally, a commenter, asserting
that it was unaware of any value-based arrangement that can provide
quality care at 80 percent of episode costs, recommended we reframe
this substantial downside financial risk methodology as ``discount-
based.''
Response: As an initial matter, we clarify that the Episodic
Payment Methodology is with respect to a set of defined items and
services related to a clinical condition and, as a result, have
replaced the OIG Proposed Rule term ``episodic or bundled payment
methodology'' with ``clinical episode of care'' in order to better
convey this requirement. We also confirm that financial risk assumed
pursuant to the Episodic Payment Methodology may be prospective or
retrospective.
In response to the commenter that requested we clarify that this
methodology applies only to an ``episode of care'' that involves
multiple care settings, we are requiring in paragraph
1001.952(ff)(9)(i)(B)(2) that the parties design the clinical episode
of care to cover items and services collectively furnished in more than
one care setting. The VBE and the payor can meet this requirement as
long as they design the clinical episode of care to cover a collection
of items and services that they anticipate will be provided in more
than one care setting even if a particular patient in the target
patient population undergoing a clinical episode of care ultimately
does not receive items and services in more than one care setting. We
believe this requirement is consistent with episodic or bundled payment
methodologies that involve services delivered by more than one provider
and promotes collaboration across providers and suppliers that may
otherwise operate independently and deliver care in silos.
To illustrate these clarifications, the Episodic Payment
Methodology could include a clinical episode of care for an inpatient
procedure for which the payor and the VBE design the clinical episode
of care to cover items and services furnished across care settings in a
hospital and post-acute care setting, such as a physician clinic or a
skilled nursing facility. In contrast, we do not consider a bundled
payment to a provider for an episode of care that occurs in a single
setting, such as a DRG payment to a hospital for inpatient services, to
be an episodic payment for purposes of this rule.
Lastly, we are not finalizing an episodic payment methodology that
requires a repayment obligation for losses equal to, at a minimum, 20
percent of historical expenditures or reframing the Episodic Payment
Methodology as ``discount based,'' as suggested by a commenter. We
clarify that the Episodic Payment Methodology,
[[Page 77758]]
as finalized, does not require the payor to discount the cost of items
and services included in the defined clinical episode of care by 20
percent. Rather, the VBE must assume risk for at least 20 percent of
any loss realized pursuant to a defined clinical episode of care, with
losses (and savings) calculated by comparing current expenditures for
all items and services included in the defined clinical episode of care
and furnished to the target patient population to a bona fide benchmark
designed to approximate the expected total cost of such care.
Comment: Commenters generally expressed confusion regarding the
application of the fourth prong included in the proposed ``substantial
downside financial risk'' definition--a partial capitation payment that
reflects a discount equal to at least 60 percent of the total expected
fee-for-service payments. For example, a commenter asked why this
methodology includes a discount because capitation itself places a
physician at risk through a per-member, per-month payment. Another
commenter suggested that we revise this prong to encompass capitated
payments for a limited set of services, e.g., primary care. Some
commenters asserted that the 60 percent discount level was not
economically feasible and suggested that OIG lower the discount level.
Response: In response to comments, we are finalizing the VBE
Partial Capitation Methodology, with modifications. We are removing the
discount percentage requirement in recognition that the partial
capitation payment, as set forth in paragraph 1001.952(ff)(9)(i)(C),
itself, constitutes the assumption of substantial downside financial
risk. In keeping with the intent of the prior discount percentage
requirement, we also are requiring that this methodology be designed to
result in material savings. In other words, the VBE Partial Capitation
Methodology is designed to achieve cost efficiencies by incentivizing
better care coordination that benefits patients and the health care
delivery system by placing the VBE at substantial downside financial
risk.
We are not defining material savings in regulatory text to provide
parties flexibilities in designing partial capitation payments. There
are a number of ways that parties might design a partial capitation
payment consistent with this methodology to generate material savings.
For example, the parties may design a capitation payment with
utilization targets that are intended to lower costs versus historical
utilization, or the parties may use other methodologies that
incentivize the VBE to operate more efficiently and lower costs. We
recognize that, as the VBE and its VBE participants become more
efficient, the opportunity to achieve materials savings, as that term
is commonly understood, may become more difficult. As a VBE
successfully reduces costs in one year, it becomes harder to further
reduce costs in subsequent years. Under this methodology, and because
we are not defining ``material savings,'' parties have flexibility to
design partial capitation payment rates to account for such issues. For
example, the parties could use national or regional utilization data in
designing the partial capitation payment to appropriately adjust the
payment rates to account for the efficiency of the VBE.
Additionally, given the complexity of establishing a partial
capitation payment, payors, from whom the VBE assumes risk under this
methodology, will have a significant role in their design. Payors have
experience and expertise in designing actuarial models to assess and
project costs for their plans and establish rates. Capitation payments
designed consistent with generally accepted actuarial principles can,
for example, ensure that a partial capitation payment: (i) Captures all
reasonable, appropriate, and attainable costs; (ii) is sufficient,
based on past and anticipated service utilization by the target patient
population; (iii) reflects cost trends; (iv) is risk adjusted as
appropriate; and (iv) provides documentation and transparency on how
the rate was developed. While not an exhaustive list, these factors
would be relevant in assessing whether a capitation payment is designed
to generate material savings.
We also are clarifying the form in which the VBE must receive a
partial capitation payment. Specifically, we are requiring that the VBE
receive from a payor a prospective, per-patient payment, paid on a
monthly, quarterly, or annual basis. This methodology would not include
fee-for-service payments under the Medicare inpatient prospective
payment system or other fee-for-service payments under Medicare Parts A
or B. The per-patient payment must be for a predefined set of items and
services furnished to the target patient population, designed to
approximate the expected total cost of expenditures for the predefined
set of items and services. As noted above, this payment must be
intended to result in material savings.
We emphasize that, under the VBE Partial Capitation Payment
Methodology, the VBE is assuming risk for a predefined set of items or
services that are less than all of the items and services covered by
the payor, in contrast to the full financial risk safe harbor, which
requires the VBE to assume full financial risk for all items and
services from a payor. For example, a partial capitation payment under
this methodology may cover primary care services only for a target
patient population but not inpatient services, prescription drugs, or
other items and services covered by the payor.
While we are not specifying a percentage or scope of items and
services that must be reimbursed on a capitated basis, the requirement
that partial capitation payments be intended to result in material
savings achieves a similar purpose. A VBE assuming substantial downside
risk is afforded flexibility under this safe harbor because, as
explained previously, this level of risk mitigates the traditional
risks of fraud and abuse associated with fee-for-service payments. The
effectiveness of that mitigation is directly connected to the incentive
associated with substantial downside risk methodologies; increased risk
means the VBE has a greater incentive to reduce costs and improve
outcomes for patients. In the context of the VBE Partial Capitation
Methodology, the substantial downside risk is partly dependent on the
scope of items and services covered by the partial capitation payment.
For example, a VBE that receives a partial capitation payment for
inpatient services associated with one DRG has less incentive than a
VBE that receives a partial capitation payment for all inpatient
services.
We recognize that payors are unlikely to contract with a VBE under
a partial capitation payment for a narrow set of items or services.
However, ensuring that VBEs have the appropriate level of incentives by
assuming risk is a key safeguard in this safe harbor and is the reason
why we are finalizing the requirement that partial capitation payments
be designed to generate material savings. We note that the scope of
services is just one factor for determining whether the capitation
payment was designed to generate material savings. For example, a VBE
and a payor could design a partial capitation payment that meets this
methodology if the VBE receives capitation payments for a narrow set of
services that are typically high cost as long as the capitation
payments for that limited set of high-cost items or services were
designed to generate material savings.
We also note that this safe harbor conditions protection on the VBE
assuming substantial downside
[[Page 77759]]
financial risk from the payor for the predefined items and services. It
does not require the VBE to assume other functions from the payor, such
as enrollment, grievance and appeals, solvency standards, and other
administrative functions performed by payors.
Comment: In response to our solicitation of comments regarding
alternative means to calculate savings and losses (and in particular,
how best to establish a baseline that appropriately assesses the VBE's
financial performance), we received a number of comments recommending
modifications to the proposed requirement that, for each methodology
under the ``substantial downside financial risk'' definition, parties
would need to determine any savings or losses realized based upon a
review of historical expenditures, or to the extent such data was
unavailable, evidence-based, comparable expenditures. For example,
several commenters questioned our reliance on historical expenditures
as a reliable datapoint, with several expressing concern that such a
standard may not be adequately risk-adjusted or an accurate benchmark
to the extent parties are providing new treatments, items, and services
(representing the latest advances in technology, for example) that
exceed the cost of treatment in benchmark years. At least two
commenters recommended that we add ``projected spending'' as a method
to compare costs, with one asserting that historical expenditures may
not be appropriately risk adjusted. A commenter also suggested that we
allow parties to adjust payments as needed to cover the costs of new
treatment options.
Response: We are no longer requiring that parties rely on
historical expenditures or evidence-based, comparable expenditures to
determine a benchmark used in calculating any losses or savings
realized. We recognize, as highlighted by commenters, that historical
expenditures could be volatile or otherwise result in an inaccurate
benchmark, particularly for smaller entities, and that other data, such
as national or regional data, may be appropriate factors that can be
used for setting an accurate benchmark. Consequently, we are revising
this requirement to provide that, for two of the methodologies
finalized in the ``substantial downside financial risk'' definition--
the Shared Savings and Losses Methodology and the Episodic Payment
Methodology--parties must calculate any losses or savings based upon a
bona fide benchmark, i.e., a legitimate benchmark, designed to
approximate the cost of care.\51\ Specifically, for the Shared Savings
and Shared Losses Methodology, we require that the parties calculate
losses by comparing current expenditures for all items and services
that are covered by the applicable payor and furnished to the target
patient population to a bona fide benchmark designed to approximate the
expected total cost of such care. Similarly, for the Episodic Payment
Methodology, we require that parties calculate losses by comparing
current expenditures for all items and services that are covered by the
applicable payor, furnished to the target patient population, and
relate to a defined clinical episode of care to a bona fide benchmark
designed to approximate the expected total cost of care for the defined
clinical episode of care.
---------------------------------------------------------------------------
\51\ We are not requiring that parties compare current
expenditures to a bona fide benchmark designed to approximate the
expected total cost of care for the VBE Capitation Payment
Methodology because of its prospective nature and per-patient, per-
month, per-quarter, or per-year payment structure. Instead, for this
methodology, parties must establish a capitated payment for a
predefined set of items and services furnished to the target patient
population, designed to approximate the expected total cost of
expenditures for the predefined set of items and services. The
capitated payment must also (among other criteria) be intended to
result in material savings.
---------------------------------------------------------------------------
This revision has two aims. First, we seek to protect against the
selection of benchmarks that artificially create savings or
inappropriately insulate any VBE participant from losses. This is based
on our intent to ensure that parties are truly assuming downside
financial risk. Second, we seek to provide parties with the flexibility
necessary to establish a baseline tailored to the contract or value-
based arrangement between the VBE and the payor. Thus, under these
revised methodologies, a bona fide benchmark does not need to be based
on historical expenditures or, to the extent such data is unavailable,
evidence-based, comparable expenditures, as proposed in the OIG
Proposed Rule. With this revised standard, a bona fide benchmark may be
appropriately adjusted, e.g., through a prospective or retrospective
risk-adjustment to account for outlier health care expenditures,
provided the methodology for such adjustment is established in advance.
We emphasize that any such adjustment must be consistent with the
requirement that the bona fide benchmark be designed to approximate the
expected total cost of care.
We note that there are several ways that parties may demonstrate
that a benchmark is bona fide. Parties seeking examples of bona fide
benchmarks may look to Innovation Center models, the Medicare Shared
Savings Program, Medicaid programs, or private payors that have adopted
and validated benchmarks for their participants in similar risk-based
models. Bona fide benchmarks may incorporate concepts such as risk
adjustments, cost projections (including those related to new
treatments), and peer comparisons, as applicable. Given the complexity
of establishing a benchmark, we anticipate that payors from whom the
VBE assumes risk will be involved in their design. Similar to the
design of a partial capitation payment, payors have relevant experience
and expertise in designing actuarial models to assess and project costs
for their plans that will support the development of bona fide
benchmarks. Benchmarks that are validated or designed consistent with
generally accepted actuarial principles will likely be bona fide.
Parties will need to assess and ensure the validity and appropriateness
of the benchmark based on the specific facts and circumstances of their
VBE, the value-based arrangement, the scope of the items and services
covered, and the target patient population.
Comment: Several commenters requested that OIG include a cap or
stop-loss threshold in the substantial downside financial risk safe
harbor that would limit the amount of loss incurred by the VBE. For
example, specific to the clinical episode of care methodology, a
commenter recommended that we limit potential losses to 20 percent of
historical expenditures; specific to the shared savings methodology, a
commenter encouraged protection for arrangements that include stop-loss
thresholds for shared losses set at a certain percentage of historical
benchmark costs, akin to the Medicare Shared Savings Program.
Alternatively, other commenters urged OIG to simply clarify that
reinsurance arrangements, or other like arrangements to protect against
catastrophic losses, would not fall outside of our proposed definition
of ``substantial downside financial risk.'' According to these
commenters, reinsurance arrangements are critical to encouraging the
assumption of downside financial risk.
Response: Given the inherent differences in target patient
populations, the sophistication of parties participating in value-based
arrangements, and varying risk methodologies that parties may adopt, we
decline to include a specific cap, stop-loss threshold, or reinsurance
threshold. This provides parties
[[Page 77760]]
flexibility to adopt various risk methodologies that still satisfy the
safe harbor's definition of ``substantial downside financial risk.''
Parties entering into a contract or a value-based arrangement to assume
substantial downside financial risk should have the flexibility to
determine the appropriate cap, stop-loss, or reinsurance threshold, if
any, and we clarify that neither the safe harbor's conditions nor the
definition of ``substantial downside financial risk'' precludes parties
from entering into reinsurance arrangements or other like arrangements
to protect against catastrophic losses. Nevertheless, we caution that
such arrangements should not be used as a vehicle to materially shift
the substantial downside financial risk a VBE is otherwise required to
assume pursuant to this safe harbor.
Comment: Several commenters supported OIG's alternate proposal to
adopt risk levels more closely aligned with advanced APMs and other
payor advanced APMs, as both terms are defined at 42 CFR 414.1305, or
requested that the definition of ``substantial downside financial
risk'' include advanced APMs. In addition, a commenter noted that the
risk levels proposed by OIG exceeded those required in advanced APMs.
Response: We are not revising the risk levels set forth in the
``substantial downside financial risk'' definition to align with those
of advanced APMs and other payor advanced APMs, as both terms are
defined at 42 CFR 414.1305. Different risk thresholds between this safe
harbor and advanced APMs and other payor advanced APMs are appropriate
in light of the differing objectives between this rulemaking and the
Quality Payment Program, the Medicare payment program that relies on
the defined terms advanced APMs and other payor advanced APMs. For
example, the advanced APM track of the Quality Payment Program is
specific to eligible clinicians and offers a potential five percent
Medicare bonus payment, among other benefits. By contrast, this safe
harbor protects arrangements of a wide variety of industry stakeholders
beyond eligible clinicians from liability under a criminal statute and
sets out the conditions under which that protection is available.
It is possible that participants in an advanced APM might assume
risk at levels that meet the requirements of this safe harbor. Further,
some advanced APM participants may be eligible for safe harbor
protection under the new CMS-sponsored model arrangements safe harbor
found at paragraph 1001.952(ii).
Comment: Multiple commenters requested that we opine on whether
certain arrangements would meet our proposed definition of
``substantial downside financial risk.'' For example, at least two
commenters requested that we address whether a bonus pool or
gainsharing arrangement, tied to the achievement of certain outcome
measures, could potentially meet our definition of ``substantial
downside financial risk.'' The commenters argued in favor of such an
interpretation, asserting that the potential to earn a bonus payment
constitutes downside risk to the extent the bonus is (i) otherwise
considered part of the recipient's aggregate compensation, and (ii)
withheld if outcome measures are not met.
Response: The definition of ``substantial downside financial risk''
requires, among other criteria, that the VBE assume the potential for
realizing losses. This definition would permit parties to design a two-
sided risk methodology that would place the VBE at downside financial
risk and upside financial risk. In other words, the definition
requires, at a minimum, the VBE to assume substantial downside
financial risk, but does not preclude the parties from including other
risk methodologies, so long as all other conditions of the safe harbor
are met. For example, arrangements that include a bonus pool or
gainsharing, along with the VBE assuming the required substantial
downside financial risk, may be protected by this safe harbor. However,
a risk methodology that only includes upside risk would not meet this
requirement.
ii. Meaningful Share
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(2) that this safe harbor would protect remuneration
exchanged between a VBE and a VBE participant if the VBE participant
meaningfully shares in the VBE's substantial downside financial risk
for providing or arranging for items and services for the target
patient population. We proposed that a VBE participant would
meaningfully share in the VBE's risk if the VBE participant met one of
the following three methodologies: (i) A risk-sharing payment pursuant
to which the VBE participant is at risk for 8 percent of the amount for
which the VBE is at risk under its agreement with the applicable payor
(e.g., an 8-percent withhold, recoupment payment, or shared losses
payment); (ii) a partial or full capitated payment or similar payment
methodology (excluding certain enumerated reimbursement methodologies);
or (iii) in the case of a VBE participant that is a physician, a
payment that meets the requirements of the physician self-referral
law's regulatory exception for value-based arrangements with meaningful
downside financial risk at 42 CFR 411.357(aa)(2).
Summary of Final Rule: We are finalizing, with modifications, at
paragraph 1001.952(ff)(3) a requirement for the VBE participant to be
at risk for a meaningful share of the VBE's substantial downside
financial risk for providing or arranging for the provision of items
and services for the target patient population. We are finalizing, with
modifications, the proposed definition of ``meaningful share'' at
paragraph 1001.952(ff)(9)(ii). Specifically, based on comments we are:
(i) Revising the first methodology of the ``meaningful share''
definition (the ``Risk-Sharing Payment Methodology'') to clarify that
any risk assumed by a VBE participant pursuant to this methodology must
be two-sided risk; (ii) lowering the risk threshold for the Risk-
Sharing Payment Methodology from 8 percent to at least 5 percent of the
losses and savings, as applicable, realized by the VBE pursuant to its
assumption of substantial downside financial risk; (iii) revising the
second methodology of the ``meaningful share'' definition to apply to
prospective, per-patient payments for a predefined set of items and
services furnished to the target patient population (the ``Meaningful
Share Partial Capitation Methodology''); and (iv) not finalizing the
proposed methodology applicable to physician payments that meet the
requirements of the physician self-referral law's regulatory exception
for value-based arrangements with meaningful downside financial risk at
42 CFR 411.357(aa)(2) (the ``CMS Exception Methodology'').
Comment: While we received comments in favor of our proposed
requirement for the VBE participant to assume a meaningful share of the
VBE's substantial downside financial risk, many advocated against it,
suggesting no or optional risk requirements for VBE participants
downstream from the VBE assuming substantial downside financial risk.
These commenters highlighted varying Innovation Center models that do
not require the downstream assumption of risk.
Response: We are finalizing a requirement for VBE participants,
other than the payor from which the VBE is assuming risk, to be at risk
for a meaningful share of the VBE's substantial downside financial risk
pursuant to a value-based arrangement
[[Page 77761]]
with the VBE. This safe harbor is not chiefly designed for Innovation
Center models, which may not have downside financial risk, and which
may fit more readily in the new safe harbor at paragraph 1001.952(ii)
for CMS-sponsored models. The requirement to assume a meaningful share
of the VBE's risk is foundational to the structure of the safe harbor,
which does not include certain established safeguards, such as a fair
market value requirement, designed to mitigate risks inherent to a
traditional fee-for-service payment methodology, nor additional
safeguards present in the care coordination arrangements safe harbor,
such as a bar on monetary compensation or a contribution requirement,
that protect against payment for referral schemes. The requirement to
assume a meaningful share of the VBE's risk helps ensure that VBE
participants ordering or arranging for items and services for the
target patient population share in the VBE's value-based purposes and
cost-reduction goals.
The payor from which the VBE is assuming substantial downside
financial risk is exempt from the requirement to meaningfully share in
the VBE's substantial downside financial risk in paragraph
1001.952(ff)(3). As discussed in greater detail in section III.B.4.d,
this carve-out applies to those payors from which VBEs are assuming
risk that elect to also be a VBE participant and enter into a value-
based arrangement with a VBE. In such circumstances, the payor, as a
VBE participant, need not share again in the risk that the VBE assumed
from it in the value-based arrangement.
Comment: While at least one commenter supported the risk threshold
in the first proposed methodology for meaningfully sharing in the VBE's
risk (a risk-sharing payment pursuant to which the VBE participant is
at risk for 8 percent of the amount for which the VBE is at risk under
its agreement with the applicable payor), the majority of commenters
advocated that we lower the risk threshold, such as to 5 percent.
Commenters highlighted varying Innovation Center models that impose
lower risk requirements or rely on a broader risk framework. Other
commenters suggested that this methodology should be expanded to
encompass other types of risk, for example, operational or contractual
risk. Commenters suggested that a more expansive methodology would
encourage a greater number of providers to take on downside risk
arrangements while still effectively deterring potential fraudulent
behavior. A commenter recommended that OIG revise the first proposed
methodology for meaningfully sharing in the VBE's risk to state that
the VBE participant is at risk for ``at least 8 percent'' of the VBE's
risk to allow for other arrangements that involve greater downside
risk.
Response: We are revising the Risk-Sharing Payment Methodology to
reduce the required minimum risk threshold from 8 percent to at least 5
percent and requiring two-sided risk (e.g., savings and losses). We
believe this level of risk is appropriate to ensure VBE participants
share the VBE's goal of cost reduction and to reduce fraud and abuse
risks while making this safe harbor more accessible to individuals and
entities that want to exchange remuneration with the VBE pursuant to
this safe harbor. As finalized, this methodology aligns with the Shared
Savings and Losses Methodology in the definition of ``substantial
downside financial risk.'' This modification will provide VBE and VBE
participants additional flexibilities to align risk-sharing
methodologies and protect similar exchanges of remuneration (e.g.,
savings and losses) in value-based arrangements.
We are not permitting VBE participants to meet the Risk-Sharing
Payment Methodology by assuming other types of risk, such as
operational or contractual risk. We are concerned these types of risk
would not adequately align a VBE participant's financial incentives
with that of the VBE's cost-reduction goals resulting from the VBE's
assumption of substantial downside financial risk.
Comment: Some commenters opposed pegging the first risk-sharing
payment methodology of the ``meaningful share'' definition to the total
risk assumed by the VBE. For example, a commenter noted that VBE
participants, and in particular smaller providers, are unlikely to
accept risk for 8 percent of the total amount for which the VBE is at
risk from the payor. The commenter urged OIG to revise its meaningfully
share standard to require that the VBE participant assume risk only for
its own costs and suggested 20 percent as a potential risk assumption
threshold.
Response: As finalized, the Risk-Sharing Payment Methodology
continues to require that the VBE participant share in a certain
percentage of the VBE's total risk. However, in response to comments,
we are finalizing a lower risk threshold of 5 percent for this
methodology and clarifying that this methodology requires two-sided
risk.
We also clarify that, to the extent a VBE realizes catastrophic
losses, triggering any reinsurance or other like arrangement into which
the VBE has entered, the VBE participant would calculate any amount
owed to the VBE pursuant to this methodology based on the VBE's losses,
as adjusted by the reinsurance or other like arrangement.
Comment: A commenter requested that OIG define ``partial capitation
arrangements'' in the context of the second proposed methodology for
meaningfully sharing in the VBE's risk--a partial or full capitation
payment or similar payment methodology, excluding the Medicare
inpatient prospective payment system or other like payment methodology.
The commenter also asked whether there is a minimum amount that would
qualify as partial capitation.
Response: In response to comments, we are finalizing the Meaningful
Share Partial Capitation Methodology with revisions that, for clarity,
more fully describe the permissible capitation methodology. Pursuant to
this revised methodology, a VBE participant must: (i) Receive from the
VBE a prospective, per-patient payment on a monthly, quarterly, or
annual basis for a predefined set of items and services furnished to
the target patient population by the VBE participant designed to
approximate the expected total cost of those expenditures for the
predefined items or services; and (ii) not separately claim payment
from the payor for the predefined set of items and services covered by
the partial capitated payment. Consistent with our stated goal in the
OIG Proposed Rule, we believe this methodology ensures that those VBE
participants assuming a meaningful share of the VBE's risk pursuant to
the Meaningful Share Partial Capitation Methodology do so in a manner
that is aligned with the payor's cost-reduction goals.
For the same reasons we are not specifying the percentage or scope
of items and services that must be included in the VBE Partial
Capitation Methodology, we are not specifying a minimum amount of items
and services that must be covered to meet the Meaningful Share Partial
Capitation Methodology. Likewise, we note that this methodology would
not include fee-for-service payments under the Medicare inpatient
prospective payment system or other fee-for-service payments under
Medicare Parts A or B. Payments must be made on a monthly, quarterly,
or annual basis to satisfy this methodology.
A VBE participant may be at risk through this methodology not only
where the VBE is at substantial downside financial risk through the VBE
Partial Capitation Methodology but
[[Page 77762]]
also any other substantial downside financial risk methodology. For
example, VBE participants could be at risk through the Meaningful Share
Partial Capitation Methodology, and the VBE could assume substantial
downside financial risk from a payor through the Episodic Payment
Methodology.
Comment: We received varying comments on the third proposed
methodology for meaningfully sharing in the VBE's risk: Physician VBE
participants would be deemed to meaningfully share in the VBE's risk if
they meet the definition of ``meaningful downside financial risk''
under the physician self-referral law at 42 CFR 411.357(aa)(2). Some
commenters either opposed this provision altogether or advocated for a
lower threshold than the 25 percent threshold for sharing in the costs
of the remuneration exchanged under a value-based arrangement, with a
few commenters suggesting between 5 and 15 percent. On the other hand,
some commenters supported this provision stating, for example, that it
facilitated alignment across OIG's and CMS's rules. Another commenter
requested that OIG amend this provision to apply more broadly to other
VBE participants and not just physicians.
Response: We are not finalizing the third proposed methodology (the
CMS Exception Methodology). Pursuant to the final meaningful downside
financial risk exception at 42 CFR 411.357(aa)(2), a physician must be
at ``meaningful downside financial risk'' for failure to achieve the
value-based purpose(s) of the value-based enterprise during the entire
duration of the value-based arrangement. A physician assumes
``meaningful downside financial risk'' if the physician is responsible
to repay or forgo no less than 10 percent of the total value of the
remuneration the physician receives (or is entitled to receive) under
the value-based arrangement in the event of the failure to achieve the
value-based purpose(s) of the value-based enterprise.
Upon further consideration of the varied comments we received
regarding the CMS Exception Methodology, we believe the CMS Exception
Methodology does not fit within the framework of the substantial
downside financial risk safe harbor, which is different from the
meaningful downside financial risk exception CMS is finalizing. Unlike
CMS's meaningful downside financial risk exception, OIG's safe harbor
requires the VBE participant to assume risk for a meaningful share of
the VBE's substantial downside financial risk. Risk under the CMS
Exception Methodology is tied to a percentage of the total value of the
remuneration the physician receives under the value-based arrangement
rather than a percentage of the risk the VBE assumes from the payor.
The CMS Exception Methodology does not require the physician to
meaningfully share in financial risk assumed by the VBE, a requirement
of the safe harbor.
Comment: A commenter expressed concern that the differing standards
for the assumption of downside risk in the safe harbor (i.e.,
``substantial downside financial risk'' and ``meaningfully sharing in
the VBE's substantial downside financial risk'') would confuse parties
to value-based arrangements and discourage participation. The commenter
appeared to suggest that OIG adopt a single, low risk threshold in the
substantial downside financial risk safe harbor.
Response: While we appreciate the commenter's input, we
respectfully disagree. It is appropriate to have differing risk
assumption requirements for the VBE and the VBE participant. The VBE is
contracting or entering into a value-based arrangement with a payor to
assume substantial downside financial risk, most likely for items and
services provided across care settings and by multiple VBE
participants. Conversely, the VBE participant contracting with the VBE
is not only one step removed from the payor contract, but its
performance of value-based activities is likely to have a narrower
focus, specific to the items and services it furnishes to the target
patient population. As such, we believe a lower risk assumption
threshold is appropriate for the VBE participant.
Comment: A commenter recommended that ``advanced APMs'' and ``other
payer APMs,'' as both terms are defined at 42 CFR 414.1305, should be
expressly included in the safe harbor and automatically qualify as
assuming a meaningful share of the VBE's substantial downside financial
risk. Another commenter suggested that we adopt the ``more than nominal
risk'' standard for advanced APMs instead of the proposed
``meaningfully share'' standard.
Response: Because this safe harbor has broader applicability to the
health care industry than the regulations in which the defined terms
referenced by the commenter are used (which apply to a Medicare payment
program for physicians), we decline to revise the definition of
``meaningful share'' to encompass the potentially lower risk thresholds
set forth in the ``advanced APM'' and ``other payer APM'' definitions
as set forth in 42 CFR 414.1305 or adopt, in lieu of ``meaningful
share,'' the ``more than nominal risk'' standard. Thus, participants in
advanced APMs and other payer APMs will not automatically qualify as
having a ``meaningful share'' of the VBE's substantial downside
financial risk and must meet the risk thresholds we are finalizing.
Comment: A commenter asked whether a VBE participant could join an
existing value-based arrangement between a VBE and one or more VBE
participants and satisfy the safe harbor requirement to assume a
meaningful share of the VBE's risk by sharing in such risk only for the
duration of its participation in the value-based arrangement, as
opposed to the duration of the value-based arrangement.
Response: If the VBE has already entered into a value-based
arrangement with one or more VBE participants for purposes of this safe
harbor, a party may join the existing value-based arrangement as a VBE
participant provided all safe harbor requirements are met, including
amending the signed writing to include a description of the manner in
which the new VBE participant will have a meaningful share of the VBE's
substantial downside financial risk.
We note that, other than during the 6-month phase-in period that is
available under this safe harbor, the VBE participant must be at risk
for a meaningful share of the VBE's risk throughout its participation
in the value-based arrangement. This requirement does not apply if the
VBE participant is the payor from which the VBE is assuming risk.
Comment: A commenter asserted that OIG should add language to the
safe harbor stating that VBE participants' meaningful share of risk can
be through front-end withholds or dues assessments and need not be
through back-end repayment.
Response: For the risk methodologies under the definition of
``meaningful share,'' we did not propose, and the final rule does not
prescribe, how the parties to a value-based arrangement may effectuate
the VBE participant's risk, and as such, the parties could effectuate
risk prospectively or retrospectively.
iii. Other Defined Terms
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(8)(ii) that the terms ``coordination and management of
care,'' ``target patient population,'' ``value-based activity,''
``value-based arrangement,'' ``value-based enterprise,'' ``value-based
purpose,'' and ``VBE participant'' would
[[Page 77763]]
have the meaning set forth in proposed paragraph 1001.952(ee).
Summary of Final Rule: We are finalizing, with modifications, our
proposed use of the value-based terminology at paragraph
1001.952(ff)(9)(iii). We no longer use the term ``coordination and
management of care'' in this safe harbor. Additionally, because we are
finalizing at paragraph 1001.952(ff)(1) a requirement making certain
entities ineligible to use the safe harbor, we adopt for this safe
harbor the definition of ``manufacturer of a device or medical supply''
at paragraph 1001.952(ee)(12).
Comment: A few commenters requested that OIG define the term
``payor,'' with a commenter specifically suggesting that we define such
term to include a managed care organization that has a contract with
Medicare, Medicaid, or another Federal health care program that is
subject to 1128B of the Act. A commenter also asked OIG to define the
term ``used'' in relation to the requirement that remuneration be used
primarily to engage in value-based activities that are directly
connected to the items and services for which the VBE is at substantial
downside financial risk and that are set forth in writing. The
commenter also asked OIG to define the term ``offeror's cost'' in
relation to the requirement that the writing state all material terms
of the value-based arrangement, including the offeror's cost of the
remuneration.
Response: We are not defining the term ``payor.'' The term has its
commonsense meaning of a payor of health care items and services on
behalf of patients. We confirm that, for purposes of this safe harbor,
such term would include managed care organizations that have contracted
with Medicare, Medicaid, and other Federal health care programs. We
also are not defining the term ``used'' in regulatory text but use the
term consistent with its commonsense, well-understood meaning (e.g., to
put into action or service, utilize). Further, we decline to define the
term ``offeror's costs'' because, as explained at section III.B.4.k, we
are not finalizing the requirement that the writing include the
offeror's costs.
c. Entities Ineligible for Safe Harbor Protection
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee) to limit the entities that could qualify as VBE
participants, which would have the effect of limiting availability of
the value-based safe harbors, including the substantial downside
financial risk safe harbor at proposed paragraph 1001.952(ff), for
those ineligible entities. The proposed definition of ``VBE
participant'' is summarized more fully in section III.B.2.e of this
preamble.
Summary of OIG Final Rule: As explained at section III.B.2.e, we
are not finalizing our proposal in proposed paragraph 1001.952(ee) to
limit the entities that could qualify as VBE participants. Rather, in
the final rule we are identifying parties ineligible to rely on safe
harbors in the safe harbors themselves. For the substantial downside
financial risk safe harbor, we are finalizing a requirement that
remuneration is not exchanged by any of the following entities: (i)
Pharmaceutical manufacturers, wholesalers, and distributors; (ii) PBMs;
(iii) laboratory companies; (iv) pharmacies that primarily compound
drugs or primarily dispense compounded drugs; (v) manufacturers of
devices or medical supplies; (vi) entities or individuals that
manufacture, sell, or rent DMEPOS (other than a pharmacy or a
physician, provider, or other entity that primarily furnishes services,
all of whom remain eligible); and (vii) medical device distributors or
wholesalers that are not otherwise manufacturers of devices or medical
supplies.
Summaries of comments, our responses, and policy decisions
regarding this issue can be found in the discussion of VBE participants
in section III.B.2.e of this preamble.
d. VBE's Assumption of Risk From a Payor
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(1) that the VBE must assume substantial downside financial
risk from a payor and that the VBE could assume such risk directly from
a payor or through a VBE participant acting on behalf of the VBE (i.e.,
as an agent of, and accountable to, the VBE).
Summary of Final Rule: We are finalizing, with modifications, this
requirement at paragraph 1001.952(ff)(2). First, we are modifying the
safe harbor to provide two options to VBEs assuming substantial
downside financial risk from a payor. A VBE can assume risk from the
payor through an arrangement that meets the definition of ``value-based
arrangement,'' or a VBE can assume risk from a payor through a contract
that places the VBE at substantial downside financial risk. The first
option provides protection for the remuneration exchanged between the
payor and the VBE, if all safe harbor requirements are met. To
effectuate this, the payor must be a VBE participant and the VBE must
assume risk from the payor through a value-based arrangement. Under the
second option, if a payor does not wish to be part of the VBE, the VBE
can assume substantial downside financial risk from the payor through a
written contract. Under this option, the contract that places the VBE
at risk is not a value-based arrangement and the safe harbor would not
protect remuneration exchanged pursuant to it.
Second, we are modifying the risk assumption requirement to clarify
that the payor cannot act on behalf of the VBE; the VBE must be a
distinct legal entity or represented by a VBE participant, other than a
payor, that acts on the VBE's behalf.
Comment: Some commenters opposed the proposed requirement that a
VBE assume risk from a payor, asserting payor involvement should not be
a prerequisite to safe harbor protection. For example, a post-acute-
care provider asserted that, where the financial risk shared between
providers is significant, the safe harbor should be available
regardless of whether a payor is directly involved.
Response: We are finalizing the requirement that the VBE assume
substantial downside financial risk from a payor because we view it as
a critical safeguard against the potential for fraud and abuse. Payors
are ultimately responsible for the cost of the items and services
furnished to a target patient population, which informs our decision to
require that they be party to the risk arrangement that serves as the
foundation for this safe harbor. Moreover, the payor serves as an
entity with both a holistic view of, and a financial interest in
reducing, total expenditures for the target patient population, which
we believe mitigates the risks traditionally associated with fee-for-
service systems, such as overutilization or inappropriate utilization.
Consistent with our emphasis in the OIG Proposed Rule that parties
assuming substantial downside financial risk have more flexibility, we
have modified the safe harbor so that payors and VBEs have two options
for entering into the risk arrangement--entering into either a value-
based arrangement or a written contract for the VBE to assume risk from
the payor.
Under the first option for risk arrangements, payors must be a VBE
participant, which is permitted under our final definition of ``VBE
participant.'' The payor (as a VBE participant) and the VBE can enter
into a value-based arrangement for the VBE to assume substantial
downside
[[Page 77764]]
financial risk. As we proposed and are finalizing in this rule, the
introductory paragraph to 1001.952(ff) protects remuneration exchanged
between a VBE and a VBE participant pursuant to a value-based
arrangement. Therefore, remuneration exchanged pursuant to a payor's
and a VBE's value-based arrangement could be protected by this safe
harbor, including remuneration exchanged to implement a substantial
downside financial risk methodology (e.g., shared savings and losses),
if the value-based arrangement meets all applicable conditions of the
safe harbor. We do not believe this option would pose an unreasonable
burden on the payor because a value-based arrangement requires only the
provision of at least one value-based activity for a target patient
population, and the payor and VBE already must enter into an agreement
to effectuate the VBE's assumption of risk for the target patient
population. We believe any burden would be outweighed by the benefits
of safe harbor protection.
Under the second option, payors that do not wish to be part of the
VBE may choose to enter into a written contract for purposes of the VBE
assuming substantial downside financial risk. Under this option, payors
would not be VBE participants, the written contract between the payor
and the VBE would not be a value-based arrangement, and the payor would
not be subject to the other conditions of the safe harbor. In such
circumstances, these contracts must only meet the condition at
paragraph 1001.952(ff)(2), i.e., they must evidence the VBE's
assumption of substantial downside financial risk from the payor.
Remuneration exchanged pursuant to a risk assumption contract that is
not a value-based arrangement is not protected by this safe harbor. The
VBE and the payor would need to assess any potential remuneration
exchanged pursuant to the risk arrangement contract and its compliance
with the Federal anti-kickback statute.
In response to the commenter suggesting that providers should be
permitted to assume risk without a payor, we recognize that there may
be risk-based arrangements between and among providers that facilitate
the goals set forth in the definition of ``value-based purpose'' and
that seek to reduce overall costs. However, this safe harbor does not
protect such arrangements. Other safe harbors may be available to
protect such arrangements, such as the care coordination arrangements
safe harbor or the personal services and management contracts and
outcomes-based payment arrangements safe harbor.
Comment: Commenters requested that we clarify how the safe harbor
would apply to arrangements involving certain categories of Federal
health care program beneficiaries, such as Medicare fee-for-service
patients or Indian Health Service (IHS) beneficiaries. In particular,
multiple commenters expressed concern that, because Indian health care
is compensated through IHS appropriations and the Medicare, Medicaid,
and CHIP programs, Indian health care providers could not be risk-
bearing entities, as required in the proposed substantial downside
financial risk safe harbor.
Response: Given the requirement that the VBE assume substantial
downside financial risk from a payor, this safe harbor will be
available only for contracts or value-based arrangements where the
target patient population is comprised of patients insured by a payor
with which a VBE can enter into a risk arrangement. For example,
whereas the safe harbor may be available for certain Medicaid direct
contracting or managed care models,\52\ it likely would not currently
be available for an arrangement with a target patient population
comprised of patients enrolled only in Medicare Parts A and B (i.e.,
Medicare fee-for-service) because, outside of Innovation Center models
and the Medicare Shared Savings Program, we are not aware of a
mechanism that would allow a VBE to contract with the Medicare program
to assume substantial downside financial risk for items and services
for those patients.
---------------------------------------------------------------------------
\52\ See Center for Health Care Strategies, Inc., Value-Based
Payments in Medicaid Managed Care: An Overview of State Approaches
(Feb. 2016), available at https://www.chcs.org/media/VBP-Brief_022216_FINAL.pdf.
---------------------------------------------------------------------------
It is also possible that Indian health care providers might not be
risk-bearing entities for purposes of this safe harbor. This would not
foreclose Indian health care providers from engaging in care
coordination arrangements and seeking safe harbor protection under the
care coordination arrangements safe harbor, which does not require the
assumption of any risk (but is available for non-monetary remuneration
in risk-bearing arrangements), or other available safe harbors, such as
the personal services and management contracts and outcomes-based
payments safe harbor that protects monetary payments for achieving
quality outcomes. Moreover, the fact that an arrangement does not fit
in a safe harbor does not make the arrangement unlawful, and the OIG
advisory opinion process is also available for parties seeking a
determination about a specific existing or proposed arrangement.
Comment: At least two commenters expressed support for the ability
of a VBE participant to contract and assume risk on behalf of the VBE.
Response: We confirm that, for purposes of this final rule, parties
have this flexibility. A VBE may assume risk from the payor directly or
through a single VBE participant acting on its behalf because we
recognize that not all VBEs may be a separate legal entity.
Comment: While acknowledging patients' right to choose a provider,
a commenter requested that OIG not require parties to assume downside
financial risk for those patients who choose to receive health care
items or services from parties outside of the VBE. According to the
commenter, physicians participating in VBEs that are clinically
integrated need to refer patients within high-functioning networks that
follow care management programs, and providers should not be required
to assume downside financial risk for those patients who seek care
outside the network.
Response: We are not adopting the commenter's suggestion to exclude
those patients who choose to receive care outside a VBE from the
calculation of downside financial risk. While we recognize that
patients in the target patient population ultimately could select
providers and suppliers both inside and outside the VBE, we believe the
VBE and its VBE participants can still coordinate and manage the care
of these patients and should be required to assume risk for these
patients in order to benefit from the increased flexibility afforded by
this safe harbor. In addition, allowing providers to remove patients
from the calculation of downside risk if they choose any provider
outside the VBE could lead to manipulation of the target patient
population in ways that could compromise the quality of patient care,
e.g., providers might encourage more costly patients to obtain care
elsewhere. This approach is consistent with the Medicare Shared Savings
Program.
Comment: A medical device manufacturer asserted that this safe
harbor should be expanded to recognize that, in many cases, the items
or services for which the VBE is at risk will not necessarily be
provided directly to patients in the target patient population but
instead may be an ancillary part of their care under the value-based
arrangement, such as products and services deployed by medical device
manufacturers.
Response: We require that the VBE be at substantial downside
financial risk
[[Page 77765]]
for providing or arranging for the provision of items and services for
a target patient population and that the VBE participant assume a
meaningful share of that risk. There is no requirement that such items
and services be provided directly to the target patient population, and
there is nothing in the safe harbor that prevents the VBE's risk from
encompassing items and services for, but not provided directly to, the
target patient population, such as ancillary products and services.
However, pursuant to paragraph 1001.952(ff)(1)(v), manufacturers of
devices or medical supplies are not eligible to use this safe harbor to
exchange remuneration.
e. Phase-In Period
Summary of OIG Proposed Rule: To address start-up arrangements for
parties preparing to take on risk, we proposed at paragraph
1001.952(ff)(1) that this safe harbor would protect remuneration
exchanged between the VBE and a VBE participant during the 6 months
prior to the date by which the VBE must assume substantial downside
financial risk. We proposed that, during this phase-in period, the VBE
must be contractually obligated to assume such risk from a payor.
Summary of Final Rule: We are finalizing the 6-month phase-in
period, with modification, and relocating it to paragraph
1001.952(ff)(2).
Comment: Commenters overwhelmingly supported a phase-in period,
noting that many providers and organizations will need time to assume
downside financial risk. However, many commenters asserted that the
proposed 6-month time period was insufficient and recommended a longer
phase-in period, such as 1 or 2 years. These commenters expressed
concern that, absent a longer phase-in period, the safe harbor would be
available to only highly sophisticated and large organizations that
already have the capacity to take on high levels of financial risk.
Another commenter argued that a longer phase-in period is essential in
order to allow newly formed or small VBEs the flexibility to establish
baselines against which to measure losses or savings. Some commenters
highlighted other justifications for a longer phase-in period,
including the significant training and integration needed for the
adoption of new software systems and the need for providers with less
experience with value-based arrangements, including small or rural
providers, to have more time to assume financial risk. Other commenters
requested that OIG extend the phase-in period only in defined
circumstances, e.g., for VBEs created by independent medical practices
or in circumstances where the 6-month phase-in period would place an
undue burden on the parties to the arrangement. Finally, another
commenter suggested a capacity-building period of 2 years where an
entity would take on lower levels of downside financial risk and
gradually build up to the thresholds set forth in the definition of
``substantial downside financial risk.''
Response: We solicited comments on whether 6 months was a
sufficient timeframe for a phase-in period or whether a longer or
shorter timeframe would be appropriate. Having reviewed the comments
and considered the issue, we have determined that, while some parties
interested in assuming substantial downside financial risk might
benefit from a phase-in period of more than 6 months, a 6-month phase-
in period, paired with the availability of the care coordination
arrangements safe harbor, should provide a sufficient on-ramp for
parties seeking safe harbor protection for start-up or capacity-
building arrangements to prepare to assume substantial downside
financial risk.
In addition, the changes we have made to the definition of
``substantial downside financial risk'' to replace the previous
requirements for comparisons to historical benchmarks should allay
concerns raised by newly formed or small entities about the time needed
to establish baselines against which to measure losses or savings. In
particular, the new standard for setting a benchmark provides
flexibility to individuals and entities that may not have historical
benchmarks to establish benchmarks using other appropriate data, such
as regional or national data.
Comment: A commenter requested that OIG confirm that all
remuneration exchanged during the phase-in period related to VBE
participants' good faith efforts to set up the VBE or value-based
arrangement would be protected, even if the value-based arrangement
ultimately did not move forward.
Response: To qualify for protection during the phase-in period, the
VBE must have a contract or a value-based arrangement with the payor to
assume risk within the next 6 months. To illustrate, if a VBE enters
into a contract with a payor on January 1, the VBE must assume
substantial downside financial risk no later than July 1st. The phase-
in period runs from January 1 to July 1 (or an earlier date if the VBE
assumes risk sooner). We recognize that a VBE might discover during the
phase-in period that it is unable to assume the planned risk because,
for example, of a failure to achieve an adequate network or necessary
infrastructure. Remuneration exchanged between a VBE and a VBE
participant during the phase-in period would be protected even if the
VBE ultimately does not assume substantial downside financial risk at
the conclusion of the phase-in period, provided the VBE had entered
into a contract or a value-based arrangement with the payor to assume
substantial downside financial risk and all other safe harbor
requirements were met.
With respect to the question about setting up a VBE, under the
final rule, parties may not use the 6-month phase-in period to protect
remuneration exchanged in order to set up a VBE because, as a condition
of meeting the safe harbor, the VBE must already be in existence. In
addition, there must be a value-based arrangement between the VBE and
VBE participant that includes the exchange of payments or something of
value for which safe harbor protection is sought. The remuneration
under this value-based arrangement could relate to efforts to set up
necessary infrastructure to assume risk for the target patient
population.
Comment: A commenter asked OIG to protect all legitimate pre-
arrangement activities associated with assuming risk, even where the
VBE is not under a contractual obligation to assume risk. Another
commenter asked whether payments by an academic medical center to
physicians to maintain income levels during the phase-in period are
protected.
Response: We decline to protect pre-arrangement activities when the
VBE has not entered into a contract or a value-based arrangement to
assume risk from a payor, although the actual assumption of risk need
not occur for 6 months. The requirement that the VBE enter into a
contract or value-based arrangement to assume risk is a critical
safeguard to protect against parties' attempts to exploit the phase-in
period of this safe harbor to protect problematic payments when they
have no intention of entering into the risk arrangements required by
the safe harbor.
Income guarantee payments would not satisfy any of the risk-based
methodologies set forth in the definitions of ``substantial downside
financial risk'' or ``meaningful share.'' Whether income guarantee
payments to physicians could otherwise be protected by this safe harbor
would depend on whether such remuneration satisfies all requirements of
the safe harbor. For example, such payments likely would not satisfy
the requirement that remuneration be directly connected to at least one
of the three value-based
[[Page 77766]]
purposes defined in paragraph 1001.952(ee)(14)(x)(A)-(C). It seems
unlikely that income guarantee payments would be directly connected to
the deliberate organization of patient care activities and sharing of
information to improve care for the target patient population, as the
definition of coordination and management of care requires.
Additionally, while we acknowledge that income guarantees could result
in ancillary benefits to patients or could contribute to appropriate
cost reductions, we consider it unlikely that income guarantee payments
could be directly connected to improvements in the quality of care or
appropriate reductions in costs.
f. Remuneration Used To Engage in Value-Based Activities
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(3)(i) that the remuneration exchanged pursuant to this
safe harbor must be used primarily to engage in value-based activities
that are directly connected to the items and services for which the VBE
is at substantial downside financial risk.
Summary of Final Rule: We are finalizing, with modifications, this
requirement at paragraph 1001.952(ff)(4)(ii). First, for the reasons
set forth in section III.B.3.e.ii of this preamble, we are replacing
the word ``primarily'' with ``predominantly'' so that the safe harbor
now requires the remuneration exchanged to be used predominantly to
engage in value-based activities that are directly connected to the
items and services for which the VBE has assumed (or has entered into a
written contract or value-based arrangement to assume within the next 6
months) substantial downside financial risk. Second, we are modifying
this requirement to provide that the remuneration exchanged pursuant to
a methodology for the assumption of risk does not need to meet this
condition if the remuneration is part of a value-based arrangement that
meets all other safe harbor conditions. That is, remuneration exchanged
between either a VBE and a payor (as a VBE participant) pursuant to a
methodology that meets the definition of ``substantial downside
financial risk,'' or between a VBE and a VBE participant (other than a
payor) pursuant to a methodology that meets the definition of
``meaningful share,'' need not be used predominantly to engage in
value-based activities that are directly connected to the items and
services for which the VBE is at substantial downside financial risk.
Lastly, we are clarifying that the items and services to which the
value-based activities must be directly connected are those for which
the VBE has assumed (or has entered into a written contract or value-
based arrangement to assume within the next 6 months) substantial
downside financial risk. This clarification is in recognition that
parties to a value-based arrangement may exchange remuneration during
the phase-in period when the VBE has not yet assumed substantial
downside financial risk but has entered into a written contract or
value-based arrangement to assume such risk within the next 6 months.
Comment: Some commenters expressed general concern that this
proposed requirement would be administratively burdensome, and at least
one commenter more specifically stated that it would be burdensome to
track how monetary remuneration is spent in order to ensure compliance
with this requirement. Another commenter suggested that this
requirement would preclude protection of remuneration in the form of
shared savings. These commenters appeared to request that OIG remove
this condition either in its entirety (thereby permitting parties to
use any remuneration protected under this safe harbor for any purpose
permissible under applicable law) or only with respect to monetary
remuneration or a subset of monetary remuneration, such as shared
savings and other performance-based payments. Alternatively, a
commenter asserted that OIG should treat certain payments, such as
bonus distributions and performance-based payments, as payments for the
past performance of activities directly connected to the items and
services for which the VBE is at risk.
Response: The commenters' concerns and recommendations appear to
stem from a perceived difficulty with tracking and monitoring the VBE
participant's use of the remuneration. In response to the commenter's
concerns, we are revising this requirement to include the following
modifier at the start of paragraph 1001.952(ff)(4)(i): Unless exchanged
pursuant to risk methodologies defined in paragraph (9)(i) or (ii).
With this modifier, monetary remuneration exchanged pursuant to a risk
methodology that meets the definition of ``substantial downside
financial risk'' or ``meaningful share,'' i.e., the risk methodologies
defined in paragraph 1001.952(ff)(9)(i) and (ii), does not need to be
used predominantly to engage in value-based activities. Because such
remuneration effectuates the assumption of risk required by the safe
harbor, it is appropriate to exempt this remuneration from the
requirement for remuneration to be used predominantly to engage in
value-based activities.
All other remuneration exchanged must be used predominantly to
engage in value-based activities that are directly connected to the
items and services for which the VBE has assumed substantial downside
financial risk. With respect to the commenters' concerns regarding
tracking another party's use of such remuneration, we emphasize that
the safe harbor does not require the offeror of remuneration to track
the recipient's use to determine whether such use is consistent with
the safe harbor requirement to predominantly use remuneration to engage
in value-based activities for the target patient population. We
recognize that all parties to the value-based arrangement would lose
safe harbor protection if the recipient fails to satisfy the
predominant use requirement, but we believe there are ways for an
offeror to protect itself against this risk, such as by including terms
in the signed writing requiring the recipient to use funds in a
particular manner. With respect to a commenter's concern that this
condition would preclude the protection of shared savings, this
condition, as finalized, would not preclude the protection of shared
savings, as long as the shared savings arrangement satisfies all of the
safe harbor's conditions.
We are not persuaded by the suggestion that we allow remuneration
to be used for any purpose permissible under applicable law. In order
to use this safe harbor, the parties must have formed a value-based
enterprise that has one or more value-based purposes. We believe that
requiring remuneration to be used predominately for value-based
activities associated with the target patient population is an
important mechanism to help ensure that the parties are working toward
these purposes.
Comment: Commenters stated that the requirement for parties to
exchange remuneration that is used to engage in value-based activities
that are ``directly connected'' to the items and services for which the
VBE has assumed (or has entered into a contract to assume within the
next 6 months) substantial downside financial risk could subject
parties seeking protection under this safe harbor to undue scrutiny
regarding what constitutes a direct connection.
Response: We believe parties are well-positioned to demonstrate
that the value-based activities they undertake have a direct connection
to the items and services provided to patients in the target patient
population. Pursuant to paragraph 1001.952(ff)(5) of the safe
[[Page 77767]]
harbor, the value-based activities must be set forth in writing, which
provides an opportunity for parties to document how such activities are
directly connected to the items and services for which the VBE is at
substantial downside financial risk.
By way of example, in a value-based arrangement where a VBE is at
risk for an episode of care involving hospital and post-acute care, if
the VBE furnishes or finances the provision of additional clinical
staff or social workers for use by both a VBE participant hospital and
a VBE participant skilled nursing facility, the clinical staff or
social workers must predominantly engage in value-based activities that
are directly connected to the items and services furnished during the
episode of care for which the VBE is at substantial downside financial
risk. In the OIG Proposed Rule, we provided an example involving a
target patient population undergoing hip replacement surgery to show
what it means to have a direct connection between the value-based
activities and items and services for the target patient population.
Using this same example under the final rule, if a VBE is at
substantial downside financial risk for the items and services provided
to patients in a target patient population undergoing hip replacement
surgery, the VBE could give a VBE participant money to hire a staff
member who predominately coordinates patients' transitions between care
settings after hip replacement surgery. The VBE could not give the VBE
participant money to hire a staff member who coordinates transitions
between care settings for patients undergoing an array of surgical
procedures other than hip replacement surgery.\53\
---------------------------------------------------------------------------
\53\ 84 FR 55694, 55718 (Oct. 17, 2019).
---------------------------------------------------------------------------
g. Direct Connection to Value-Based Purposes
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(3)(ii) that the protected remuneration must be directly
connected to one or more of the VBE's value-based purposes, at least
one of which must be the coordination and management of care for the
target patient population.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(ff)(4)(i). The final rule provides that
protected remuneration must be directly connected to at least one of
the three value-based purposes defined in paragraph
1001.952(ee)(13)(x)(A)-(C). Remuneration may advance more than one
value-based purpose.
We summarize and respond to comments specific to the substantial
downside financial risk safe harbor regarding this condition below. For
a more detailed discussion and a summary of the general comments
received regarding the requirement for a direct connection to the
coordination and management of care, as proposed in both the care
coordination arrangements safe harbor and this safe harbor, and our
responses, we refer readers to the care coordination arrangements safe
harbor section discussion at section III.B.3.h.
Comment: A commenter asserted that all payment arrangements
protected by this safe harbor should have as a value-based purpose a
focus on cost reduction and quality improvement.
Response: In the context of remuneration exchanged pursuant to
value-based arrangements where parties have met the requirements of the
definitions of ``substantial downside financial risk'' and ``meaningful
share,'' we recognize that it may be appropriate for parties to have
value-based purposes related to achieving appropriate cost reductions
or quality improvements. Accordingly, we are revising this condition to
provide parties additional options for remuneration to be directly
connected to at least one of three value-based purposes defined in
paragraph 1001.952(ee)(13)(x)(A)-(C). Remuneration must be directly
connected to one or more of the following value-based purposes: The
coordination and management of care for the target patient population;
improving the quality of care for the target patient population; and
appropriately reducing the costs to, or growth in expenditures of,
payors without reducing the quality of care for the target patient
population. Parties may choose to meet one or more of these three
value-based purposes to satisfy this condition. For a more detailed
discussion regarding these value-based purposes see section III.B.2.f.
h. Reductions in Medically Necessary Items or Services
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(3)(iii), we proposed to require that the remuneration
exchanged not induce the VBE participants to reduce or limit medically
necessary items or services furnished to any patient.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(ff)(7)(iii). We are modifying the
condition to clarify that the value-based arrangement (not merely the
remuneration exchanged) may not induce the VBE or VBE participants to
reduce or limit medically necessary items or services furnished to any
patient. We summarize and respond to comments specific to the
substantial downside financial risk safe harbor regarding this
provision below. For a more detailed discussion and a summary of
additional comments received regarding this requirement, as proposed in
both the care coordination arrangements and substantial downside
financial risk safe harbors, and our responses, we refer readers to the
care coordination arrangements safe harbor discussion at section
III.B.3.e.iii.
Comment: Multiple commenters supported additional conditions to
safeguard against the risks of cherry-picking, lemon-dropping, and
stinting on care. For example, a commenter stated that the assumption
of downside financial risk presented a heightened risk for cherry-
picking patients, discharging highly complex, rare, or costly patients,
and stinting on care for patients with high medical needs. The
commenter appeared to recommend Federal Government oversight of value-
based arrangements to address these risks. Another commenter
recommended OIG formally monitor for cherry-picking or lemon-dropping
activities and eliminate eligibility for safe harbor protection for
parties inappropriately engaged in these activities.
Response: We acknowledge that assuming downside financial risk may
heighten the risks identified by the commenter. We believe that the
parameters created by the value-based definitions as well as the
safeguards in this safe harbor protect against such conduct. For
example, the definition of ``target patient population'' requires that
the VBE or its VBE participants identify the target patient population
using legitimate criteria, and criteria that seek to exclude costly or
noncompliant patients would not be legitimate. However, in response to
the comment that the nature of value-based arrangements, themselves,
can create incentives for stinting or cherry-picking, we are expanding
this prohibition to apply to not only the remuneration exchanged
between the parties but also all terms and conditions of a value-based
arrangement.
With respect to OIG's oversight, we anticipate that individuals and
entities that are part of a value-based enterprise will be subject to
OIG's program integrity and oversight activities to the same extent as
other individuals and entities that engage in Federal health care
program business.
[[Page 77768]]
i. Ownership or Investment Interests
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(3)(iv), we proposed that this safe harbor would not
protect an ownership or investment interest in the VBE or any
distributions related to an ownership or investment interest.
Summary of Final Rule: We are finalizing, without modification,
this condition and relocating it to paragraph 1001.952(ff)(4)(iii).
Comment: A few commenters opposed this condition. For example, a
commenter asserted that some potential participants may not be
comfortable investing in a VBE where such investment is unprotected by
safe harbors and therefore may avoid involvement in otherwise
beneficial substantial downside financial risk arrangements. Another
commenter urged OIG to clarify that it was not our intent to prohibit
VBE participants from establishing a corporate structure for a VBE in
which the participants may receive an equity interest, stating that,
without such a clarification, the safe harbor would unnecessarily
restrict the ability of individuals and entities to dictate the
corporate structure of VBEs they create.
Response: We do not view protection for ownership or investment
interests as fundamental to removing barriers to parties entering into
value-based arrangements and are not protecting them under this safe
harbor. Parties seeking to protect a particular ownership or investment
interest may look to other safe harbors (e.g., the safe harbor for
investment interests, paragraph 1001.952(a), which protects certain
investment interests if all requirements of the safe harbor are met),
and the advisory opinion process remains available.
j. Remuneration From Individuals or Entities Outside the Applicable VBE
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(3)(v), we proposed that the safe harbor would not protect
remuneration funded, or otherwise resulting from contributions, by an
individual or entity outside of the applicable VBE.
Summary of Final Rule: We are not finalizing this condition.
Comment: A commenter asserted that imposing this requirement would
inhibit contributions or funding by an affiliate of a VBE or a VBE
participant (e.g., a parent organization). Another commenter suggested
OIG permit ``outside'' donations under the substantial downside
financial risk safe harbor when the donation would benefit a VBE's
patients and the third-party donor would have no direction or control
over how the funds would be spent.
Response: We are not finalizing this condition because of concerns
that it may be unduly prescriptive and for the reasons described at
section III.3.e.iv related to the similar proposal for the care
coordination arrangements safe harbor. However, the exchange of
remuneration between parties other than the VBE and a VBE participant
(e.g., remuneration exchanged between a third-party donor and a VBE
participant or a VBE) would not be protected by this or any value-based
safe harbor. Similarly, in the circumstances presented by the
commenter, we would not view contributions or funding from an affiliate
of a VBE (that is not a VBE participant) to that VBE as qualifying for
protection under this or any value-based safe harbor. However, under
this final rule, the mere fact that an affiliate of a VBE exchanges
remuneration with that VBE would not preclude safe harbor protection
for value-based arrangements between that VBE and its VBE participants.
Comment: A commenter requested that we address how the exclusion of
safe harbor protection for remuneration funded, or otherwise resulting
from contributions, by an individual or entity outside of the
applicable VBE would operate where a VBE sought to enter into a value-
based arrangement with a payor that was not, itself, a VBE participant.
Response: As noted above, we are not finalizing the proposed
condition. For purposes of the value-based safe harbors, we are
finalizing a definition of ``value-based arrangement'' in paragraph
1001.952(ee)(14)(vii) that requires the arrangement to be only between
or among the VBE and one or more of its VBE participants or between or
among VBE participants in the same VBE.
However, the modification explained in section III.B.4.d above,
addresses the commenter's concern regarding assuming risk from a payor
that is not a VBE participant. In that section, we explained that,
while a payor could opt to be a VBE participant, it need not do so in
order for a VBE to contract to assume substantial downside financial
risk from a payor. However, unless the payor is a VBE participant, this
safe harbor would not protect the remuneration exchanged between the
payor and the VBE.
k. Writing
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(4), we proposed that the terms of the value-based
arrangement must be set forth in a signed writing that contains, among
other information, a description of the nature and extent of the VBE's
substantial downside financial risk for the target patient population
and a description of the manner in which the recipient meaningfully
shares in the VBE's substantial downside financial risk.
Summary of Final Rule: We are finalizing, with modifications, this
condition at paragraph 1001.952(ff)(5). The modifications are based on
public comments. First, parties must document the manner in which the
VBE assumes risk from a payor and the VBE participant assumes a
meaningful share of such risk. Second, the writing requirement can be
satisfied by a collection of documents. Third, we are not requiring
documentation of the offeror's costs. Fourth, the writing must be
established in advance of, or contemporaneous with, the commencement of
the value-based arrangement ``and any material change,'' instead of
``or any material change.'' Thus, the initial terms of the value-based
arrangement must be set forth in the signed writing, in advance of, or
contemporaneous with the commencement of the arrangement, and any
material change to the value-based arrangement also must be set forth
in the signed writing in advance of, or contemporaneous with the
commencement of the material change. As with the similar modification
we are making to the writing requirement in the care coordination
arrangements safe harbor, these are the logical junctures where the
writing requirement particularly serves its transparency purposes. Our
proposed regulatory text did not make clear that the writing was needed
at both junctures; our modifications more clearly express that policy.
This writing requirement does not apply to the contracts between a
payor and a VBE in circumstances where the payor is not a VBE
participant. Such contracts would not constitute value-based
arrangements, subject to this condition. However, as set forth in
paragraph 1001.952(ff)(2), such contracts must be in writing.
For further discussion of the general comments we received
regarding a writing requirement in the value-based safe harbors, we
refer readers to section III.B.3.d discussing the writing requirement
for purposes of the care coordination arrangements safe harbor; in this
section, we respond only to the comments specific to the proposed
substantial downside financial risk safe harbor's writing requirement.
[[Page 77769]]
Comment: A commenter recommended that OIG revise this condition of
the substantial downside financial risk safe harbor to remove the
requirement that parties specify the type and the offeror's cost of the
remuneration. The commenter stated that the offeror's cost is not
material to the arrangement because the safe harbor does not include a
contribution requirement and, furthermore, may be difficult to
determine.
Response: We agree and are removing the requirement that the
parties include the offeror's costs in the writing.
l. Does Not Take Into Account the Volume or Value of, or Condition
Remuneration on, Business or Patients Not Covered Under the Value-Based
Arrangement
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(5), we proposed that the VBE or VBE participant offering
the remuneration could not take into account the volume or value of, or
condition the remuneration on, referrals of patients outside of the
target patient population or business not covered under the value-based
arrangement. This safeguard is identical to that proposed for the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing this condition, without
modification and relocating it to paragraph 1001.952(ff)(6). For a more
detailed discussion and a summary of our responses to the comments
received on this condition and our rationale for finalizing it, we
refer readers to the care coordination arrangements safe harbor
discussion at III.B.3.f. Comments received on this topic addressed the
condition as it applied to the value-based safe harbors generally; we
did not receive separate comments on this condition specific to this
safe harbor.
m. Preserving Clinical Decision-Making
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(6)(i), we proposed that value-based arrangements must not
limit VBE participants' ability to make decisions in the best interests
of their patients. In addition, at proposed paragraph
1001.952(ff)(6)(ii) we proposed that value-based arrangements cannot
direct or restrict referrals to a particular provider, practitioner, or
supplier if: (i) A patient expresses a preference for a different
practitioner, provider, or supplier; (ii) the patient's payor
determines the provider, practitioner, or supplier; or (iii) such
direction or restriction is contrary to applicable law or regulations
under titles XVIII and XIX of the Act. We proposed to interpret this
condition consistent with the parallel condition proposed for the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing, with modification, the
proposed condition that the value-based arrangement must not limit the
VBE participant's ability to make decisions in the best interests of
its patients at paragraph 1001.952(ff)(7)(i). We are making a technical
correction to change ``their patients'' to ``its patients.'' We also
are finalizing, with modification, the condition related to directing
or restricting referrals, at paragraph 1001.952(ff)(7)(ii). We are
deleting ``or regulations'' from the proposed provision because
regulations are captured by the term ``applicable law.''
For a more detailed discussion, summaries of comments we received
regarding this requirement, as proposed in each of the value-based safe
harbors, and our responses, we refer readers to the discussion of this
condition in the care coordination arrangements safe harbor at section
III.B.3. Below we discuss the comments we received on this condition
specific to the proposed substantial downside financial risk safe
harbor.
Comment: A commenter requested that OIG clarify how this
requirement would apply to an arrangement involving patients who are
covered by managed care payors, where patient preferences are likely to
be limited.
Response: If a managed care payor determines the providers,
practitioners, or suppliers from whom patients may seek health care
items and services under a managed care plan, then the value-based
arrangement could not direct or restrict referrals to a particular
provider, practitioner, or supplier in a contrary manner.
n. Materials and Records
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(7), we proposed to require that the VBE or its VBE
participants make available to the Secretary, upon request, all
materials and records sufficient to establish compliance with the
conditions of the safe harbor. We solicited comments regarding whether
we should require parties to maintain materials and records for a set
period of time (e.g., at least 6 years or 10 years).
Summary of Final Rule: We are finalizing, with modification, the
materials and records requirement. We are specifying that, for a period
of at least 6 years, the VBE or its VBE participants must maintain
records and materials sufficient to establish compliance with the
conditions of the safe harbor.
This requirement will promote transparency and facilitate alignment
with CMS's parallel value-based exception. For a more detailed
discussion and a summary of and responses to the comments received
about the records requirement, as proposed in each of the value-based
safe harbors, we refer readers to the discussion of this condition in
the care coordination arrangements safe harbor at section III.B.3.n.
Comments received on this topic addressed the requirement as it applied
to the value-based safe harbors generally; we did not receive separate
comments on this requirement specific to this safe harbor.
o. Marketing of Items or Services or Patient Recruitment Activities
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(6)(iii) a condition to bar protection for remuneration
exchanged pursuant to value-based arrangements that include marketing
to patients of items or services or engaging in patient recruitment
activities. We proposed to interpret this condition consistent with our
interpretation of the same proposed requirement in the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing this requirement, with
modifications and relocating it to paragraph 1001.952(ff)(4)(v). As
with the care coordination arrangements safe harbor, rather than
prohibiting all marketing and patient recruitment activities, we are
modifying this provision to prohibit the exchange of remuneration for
the purpose of marketing items or services furnished by the VBE or VBE
participants to patients or for the purpose of patient recruitment
activities. Comments received on this topic addressed the requirement
as it applied to the value-based safe harbors generally; we did not
receive separate comments on this requirement specific to this safe
harbor. Consequently, we refer readers to the discussion in section
III.B.3.j of this condition in the care coordination arrangements safe
harbor for a summary of applicable comments, our responses, and a more
detailed discussion of this standard, including our rationale for the
modification being made.
p. Downstream Arrangements
Summary of OIG Proposed Rule: We proposed to protect only
remuneration exchanged between a VBE and a VBE participant at paragraph
1001.952(ff).
Summary of Final Rule: We are finalizing, without modification, the
requirement that the exchange of remuneration be between the VBE and
[[Page 77770]]
a VBE participant in the introductory paragraph of 1001.952(ff).
Comment: A commenter agreed with our proposal to limit this safe
harbor to remuneration exchanged solely between the VBE and a VBE
participant and acknowledged the potential fraud and abuse risks
inherent in downstream arrangements where a contracting party has
assumed little or no financial risk. However, the majority of
commenters advocated for extending safe harbor protection to
remuneration that passes between and among VBE participants, or between
VBE participants and downstream contractors. A commenter stated that
downstream arrangements are essential to facilitating care coordination
efforts, while another commenter asserted that requiring a VBE
participant to meaningfully share in the VBE's substantial downside
financial risk appropriately curtails any fee-for-service incentives. A
commenter posited that this requirement would result in value-based
activities being inefficiently routed through the VBE, and another
commenter questioned why this safe harbor only protects remuneration
between a VBE and VBE participant when the care coordination
arrangements safe harbor more broadly protects remuneration between a
VBE and a VBE participant or between VBE participants.
Response: We did not propose to protect arrangements where
remuneration is passed from one VBE participant to another VBE
participant or from a VBE participant to a downstream contractor. In
this final rule, we are limiting safe harbor protection to the exchange
of remuneration between the VBE and a VBE participant for which the
combination of safe harbor conditions was designed. This safe harbor
provides greater regulatory flexibility than the care coordination
arrangements safe harbor, and as a result, we decline to extend safe
harbor protection to downstream financial arrangements to which the VBE
is not a party and that may not include all of the safeguards required
by this safe harbor, including requirements related to the assumption
of downside financial risk. A VBE participant seeking to exchange
remuneration with another VBE participant may look to the care
coordination arrangements safe harbor or other safe harbors, such as
the personal services and management contracts and outcomes-based
payments safe harbor.
Comment: A commenter expressed concern that limiting safe harbor
protection to remuneration exchanged between the VBE and a VBE
participant would be unworkable if the applicable VBE were comprised of
an informal network of individuals and entities (versus a separate
legal entity). In particular, the commenter seemed to believe that, in
such circumstances, the VBE participants would not be able to protect
any remuneration using this safe harbor.
Response: This safe harbor requires that a VBE assume substantial
downside financial risk for certain items and services provided to the
target patient population. In circumstances where the VBE is not a
formal legal entity, but rather is comprised of a network of VBE
participants, a single VBE participant may act on behalf of the VBE to
contract or enter into a value-based arrangement with a payor to assume
substantial downside financial risk. In such circumstances, this safe
harbor could protect the exchange of remuneration between the VBE
participant acting on behalf of the VBE and other VBE participants. We
note that, while different VBE participants may act on behalf of the
VBE at different times during the term of the value-based arrangement,
only remuneration between a VBE participant acting on behalf of the VBE
and another VBE participant may be protected. The safe harbor would not
protect remuneration exchanged between two VBE participants, neither of
whom are currently acting on behalf of the VBE.
q. Possible Additional Safeguards
Summary of OIG Proposed Rule: We stated in the preamble to the OIG
Proposed Rule that we were considering adopting specified additional
safeguards in the final rule, including a commercial reasonableness
requirement, a monitoring standard, a cost-shifting prohibition, and a
requirement to submit information to the Department regarding the VBE,
the VBE participants, and the value-based arrangement.
Summary of Final Rule: We are not finalizing these proposed
conditions. Upon further consideration, we do not consider them
necessary to mitigate fraud and abuse risk given the overall structure
and totality of conditions in the final safe harbor.
Comment: We received a variety of comments regarding potential
additional safeguards in the substantial downside financial risk safe
harbor. A commenter opposed the addition of a commercial reasonableness
requirement, asserting that it would be inconsistent with CMS's similar
exception and potentially would chill innovation where parties have
assumed downside risk. Several commenters suggested including
additional transparency requirements for patients. A commenter
recommended that we include a prohibition on inappropriate cost
shifting to Federal health care programs. A few commenters suggested
that OIG require objective and quantifiable outcome measures to show
the remuneration exchanged enhances patient outcomes. Another commenter
urged us to include a termination provision similar to that in the care
coordination arrangements safe harbor.
Response: We are not imposing a commercial reasonableness
requirement in this safe harbor in recognition of the VBE and its VBE
participants assuming substantial downside financial risk. We believe
the assumption of downside financial risk helps to ensure that the
remuneration is exchanged in order to achieve value-based purposes
rather than to pay for referrals, which is at the core of the
commercial reasonableness standard in other safe harbors. We did not
propose patient transparency or notice requirements and are not
including such conditions in this final rule. While parties may choose
to provide patient notifications, such a condition in the safe harbor
would not add appreciable additional protection against payments for
referrals. We also are not including a cost-shifting prohibition, in
recognition that the assumption of substantial downside financial risk
is intended to drive a reduction in costs, which may include Federal
health care program costs.
While parties may include termination provisions or outcome measure
requirements as part of their value-based arrangements, we are not
requiring these terms as a condition of the safe harbor.
5. Value-Based Arrangements With Full Financial Risk (42 CFR
1001.952(gg))
Summary of OIG Proposed Rule: We proposed at paragraph 1001.952(gg)
a full financial risk safe harbor that would protect remuneration
exchanged between a VBE and a VBE participant pursuant to a value-based
arrangement where the VBE has assumed, or is contractually obligated to
assume within the next 6 months, full financial risk, as set out at
proposed paragraph 1001.952(gg)(1). We proposed to define ``full
financial risk'' at proposed paragraph 1001.952(9)(i) to mean that
``the VBE is financially responsible for the cost of all items and
services covered by the applicable payor for each patient in the target
patient population and is prospectively paid by the applicable payor.''
We proposed that the full financial risk safe harbor would include
certain safeguards, such as requirements that:
[[Page 77771]]
(i) The VBE have a signed writing with the payor that specifies the
target patient population and terms evidencing full financial risk
(proposed paragraph 1001.952(gg)(1)); (ii) the parties have a signed
writing that specifies the material terms of the value-based
arrangement (proposed paragraph 1001.952(gg)(2)); and (iii) the VBE
participant not claim payment from a payor (proposed paragraph
1001.952(gg)(3)). Further, we proposed at paragraph 1001.952(gg)(4)
that the remuneration exchanged be used primarily to engage in value-
based activities; be directly connected to one or more of the VBE's
value-based purposes, at least one of which must be the coordination
and management of care for the target patient population; not induce
reductions or limitations of medically necessary care; and not be
funded by outside contributions. At proposed paragraph 1001.952(gg)(5),
we proposed a restriction on taking into account the volume or value of
business outside the value-based arrangement, and at proposed paragraph
1001.952(gg)(6), we proposed that the VBE provide or arrange for an
operational utilization review program and quality assurance program.
At proposed paragraph 1001.952(gg)(7), we proposed a restriction on
marketing and patient recruitment, and at proposed paragraph
1001.952(gg)(8), we proposed a requirement to make available materials
and records to the Secretary.
Summary of Final Rule: We are finalizing, with modifications, the
safe harbor at paragraph 1001.952(gg). We are modifying the definition
of ``full financial risk'' at paragraph 1001.952(gg)(10)(ii) to require
the VBE to be at risk on a prospective basis for the cost of all items
and services covered by the applicable payor for each patient in the
target patient population for a term of at least 1 year. We are
defining ``prospective basis'' at paragraph 1001.952(gg)(10)(ii) to
mean the VBE has assumed financial responsibility for the cost of all
items and services covered by the applicable payor prior to the
provision of items and services to patients in the target patient
population.
We are finalizing the proposed safeguards, with some modifications
at paragraphs 1001.952(gg)(2)-(8), as explained in more detail in the
topical discussions below. In addition, we have added a list of
entities ineligible to use the safe harbor at paragraph 1001.952(gg)(1)
for the reasons set forth in the discussion of the definition of ``VBE
participant'' at section III.B.2.e.
a. General Comments
Comment: While some commenters expressed support for this proposed
safe harbor, multiple commenters conveyed their concerns that this safe
harbor may have limited application. For example, some commenters noted
that the proposed safe harbor requirements, including the definition of
``full financial risk,'' would limit the safe harbor to only large
integrated delivery systems capable of providing nearly all Medicare
and Medicaid covered services to a target patient population and would
disadvantage small and rural practices and practices serving
underserved areas. Other commenters highlighted a potential
intersection between certain state insurance and licensure laws and the
proposed safe harbor requirements that could, according to the
commenters, limit the availability of safe harbor protection only to
those entities that could comply with such state laws, some of which
may require a VBE to be licensed as a health care services plan. To
address this issue, a commenter requested revisions to the proposed
safe harbor to make safe harbor protection available to advanced, risk-
bearing provider networks in states with such licensure requirements.
Response: We designed this safe harbor to provide significant
flexibility under the Federal anti-kickback statute in light of the
level of financial risk assumed by the parties. We crafted the ``full
financial risk'' definition, as well as the conditions of this safe
harbor, to balance the additional flexibilities under the anti-kickback
statute with appropriate safeguards against both risks associated with
fee-for-service payment systems, such as overutilization and skewed
decision-making, and risks present in risk-based arrangements,
including stinting on care (underutilization), cherry-picking lucrative
or adherent patients, and lemon-dropping costly or noncompliant
patients. We believe that the definition of ``full financial risk,''
combined with the conditions of this safe harbor, appropriately balance
the flexibilities afforded by this safe harbor with any identified
program integrity risks.
We understand that there currently are a limited number of
providers assuming the level of risk required by this safe harbor. The
purpose of implementing a full financial risk safe harbor is to remove
one potential barrier to providers taking on more risk and having
additional financial incentives to coordinate care. Providers assessing
whether they can move to full financial risk in the future can consider
this safe harbor and the flexibilities it offers under the Federal
anti-kickback statute as one factor in that determination. There are
other factors that parties would consider in the decision to assume a
higher level of risk, including some considerations raised by the
commenters. While safe harbors cannot address all factors that may
prohibit a provider from taking on full financial risk, this safe
harbor is designed to encourage more providers to do so. We also note
that this safe harbor conditions protection on the VBE assuming full
financial risk from the payor for the items and services. It does not
require the VBE to assume other functions from the payor, such as
enrollment, grievance and appeals, solvency standards, and other
administrative functions performed by payors.
We recognize that some states may have laws that limit providers
and other health care entities from taking on full financial risk
unless they form licensed health care plans or meet other licensure
requirements. We have attempted to create significant flexibility under
the Federal anti-kickback statute while recognizing that parties still
must comply with applicable state laws. For example, this safe harbor
provides flexibility around how the VBE assumes full financial risk
from a payor. Such flexibilities provide payors, VBEs, and VBE
participants with options to structure arrangements that are consistent
with the safe harbor and state laws. Nothing in these safe harbors
preempts any applicable state law (unless such state law incorporates
the Federal law by reference). Other safe harbors may be available to
parties unable--by virtue of any state law requirements--to structure
an arrangement that satisfies the conditions of this safe harbor.
Comment: A commenter suggested that we consider a new safe harbor
or a fraud and abuse waiver for Medicare Advantage plans testing value-
based arrangements. The commenter asserted that such a safe harbor or
waiver would allow entities not otherwise eligible for protection under
the value-based safe harbors to participate in value-based
arrangements.
Response: We did not propose a safe harbor or a fraud and abuse
waiver specific to Medicare Advantage plans, and thus we are not
finalizing such safe harbor or waiver in this final rule. This safe
harbor may be available to protect remuneration exchanged under certain
Medicare Advantage plan arrangements, provided the plan enters into a
contract or a value-based arrangement with a VBE pursuant to which the
VBE assumes full financial risk from the
[[Page 77772]]
plan. We also note that there may be other existing safe harbors not
modified by this final rule that are available to protect financial
arrangements involving a Medicare Advantage plan, such as paragraphs
1001.952(t) and (u), and the advisory opinion process remains
available.
Comment: While a commenter expressed support for OIG's and CMS's
consistent definitions of full financial risk, others requested that
OIG finalize a full financial risk safe harbor that further aligns with
CMS's parallel full risk exception. These commenters generally urged
OIG and CMS to impose the same risk thresholds and requirements for
purposes of the full financial risk safe harbor and the CMS full risk
exception.
Response: As with the OIG Proposed Rule, in this final rule, we
have endeavored to align our full financial risk safe harbor to the
greatest extent possible with CMS's full risk exception. The definition
of ``full financial risk'' we are finalizing is more closely aligned
with the definition of ``full financial risk'' that CMS is finalizing
in its full risk exception. However, reflecting statutory differences
that exist between the Federal anti-kickback statute and the physician
self-referral law, explained further in section III.A.1, the full
financial risk safe harbor differs from CMS's full risk exception. For
example, in recognition of the statutory differences between the two
laws, the safe harbor includes conditions that differ from those in
CMS's parallel exception, such as the requirement that the value-based
arrangement be set forth in writing and that the VBE provide or arrange
for a quality assurance program for services furnished to the target
patient population.
b. Definitions
i. Full Financial Risk
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(9)(i) that a VBE would be at ``full financial risk'' for
the cost of care of a target patient population if the VBE is
financially responsible for the cost of all items and services covered
by the applicable payor for each patient in the target patient
population and is prospectively paid by the applicable payor.
Summary of Final Rule: We are finalizing, with modifications, a
definition of ``full financial risk'' at paragraph 1001.952(gg)(9)(i).
The modifications, based on public comments, provide parties with
additional flexibility in the manner in which the VBE assumes risk from
the applicable payor. The definition of ``full financial risk'' now
requires the VBE to be at risk on a prospective basis for the cost of
all items and services covered by the applicable payor for each patient
in the target patient population for a term of at least 1 year.
``Prospective basis,'' as defined at paragraph 1001.952(gg)(9)(ii),
means the VBE has assumed financial responsibility for the cost of all
items and services covered by the applicable payor prior to the
provision of items and services to patients in the target patient
population.
Comment: While at least one commenter supported the definition of
``full financial risk,'' as proposed, the vast majority of commenters
recommended that we revise the definition to encompass arrangements
where the VBE assumes risk for less than all of the items and services
covered by the applicable payor. For example, many commenters
recommended that the VBE be required to have risk only for
``substantially all'' items and services furnished to the target
patient population, which commenters suggested could be defined as 75
percent of such items and services. Other commenters requested that
full financial risk include assuming risk for a much more specifically
defined set of services (e.g., hospital inpatient and outpatient care
or ongoing services related to breast care). Other commenters asked OIG
to carve out certain high-cost or specialty items and services (e.g.,
organ transplants or pharmacy benefits) or new technologies that were
not incorporated into rate calculations from the scope of items and
services for which a VBE must be at risk.
Some commenters requested that the definition of ``full financial
risk'' include risk only for all of the items and services required to
treat a particular disease or condition or an episode of care (e.g.,
risk for all of the items and services required to treat diabetes for
patients with diabetes in the target patient population or an episode
of care for a knee replacement). Another commenter asked OIG to permit
partial capitation arrangements and, lastly some commenters contended
that full financial risk should include risk for only the items and
services to which the remuneration relates. Many of these commenters
asserted that VBE participants would still be incentivized to maximize
quality and efficiency of care even where the VBE assumes risk for less
than all items and services provided to the target patient population
by the applicable payor.
Response: We are finalizing a definition of ``full financial risk''
that requires the VBE to be at risk on a prospective basis for the cost
of all items and services covered by the applicable payor for each
patient in the target patient population for a term of at least 1 year.
We decline to extend safe harbor protection under this safe harbor
where a VBE has assumed risk for only a subset of items and services,
such as for 75 percent of items and services, for all items and
services except certain high-cost or specialty items and services, or
for only the items and services to which the remuneration relates,
although we note that the substantial downside financial risk safe
harbor may be available for such arrangements. Additionally, a VBE
could assume full financial risk for patients with a particular disease
condition (e.g., patients with diabetes) by selecting a target patient
population comprised only of patients with diabetes, but the VBE must
cover all items and services for those patients. Therefore, while a VBE
must be at risk for all items and services furnished to the target
patient population, the VBE can limit the number of patients for whom
it assumes full financial risk through its selection of the target
patient population, as long as the VBE selects the target patient
population using legitimate and verifiable criteria, among other
requirements.
In light of the significant flexibility we are offering under this
safe harbor, we believe the risk level we are requiring for VBEs is
necessary to reduce traditional fraud and abuse concerns associated
with payment systems that incorporate, in whole or in part, fee-for-
service reimbursement methodologies. While we appreciate the challenges
associated with assuming risk for certain high-cost or specialty items
and services or new technologies, VBEs may address such challenges
through arrangements to protect against catastrophic losses, such as
risk-adjustment or reinsurance agreements, without losing safe harbor
protection.
Comment: Some commenters asked OIG to clarify whether the VBE and
its VBE participants can collectively be at risk for items and services
to the target patient population, such as by each VBE participant being
at risk only for the services it provides.
Response: A value-based enterprise is a collection of two or more
VBE participants. As such, some or all of the VBE participants that
comprise the VBE can combine their respective risk to satisfy the
definition of ``full financial risk'' as long as the VBE participants'
collective risk amounts to risk for all items and services covered by
the
[[Page 77773]]
applicable payor for the target patient population.
Comment: A physicians' trade organization expressed concern that
smaller practices that attempt to assume too much risk could result in
the closures of community practices and consolidation. Another
commenter highlighted that there may be substantial up-front
investments that can strain any physician practice's limited resources
but can be particularly challenging for small, rural, or underserved
practices with smaller patient pools to spread risk.
Response: We recognize that the full financial risk safe harbor
requires a level of risk that many in the health care industry may not
currently be able to assume. For parties seeking protection for
remuneration exchanged pursuant to risk arrangements requiring a lower
level of risk, the substantial downside financial risk safe harbor or
the care coordination arrangements safe harbor may be available. This
safe harbor does not require small, rural, or community practices or
practices serving underserved populations to assume full financial risk
or make substantial up-front investments on their own. Parties have
flexibility in establishing a VBE, which must have at least two VBE
participants but can have any number of additional VBE participants. We
believe the ``VBE participant'' definition and the safe harbors in this
final rule provide small, rural, and community practices and practices
serving underserved populations options to enter into arrangements to
assume higher levels of risk without having to integrate practices or
become part of a larger health care system.
Further, we believe that establishing a VBE with other providers,
either similarly situated entities or larger entities, could help
practices (including small, rural, and community practices) take on
more risk and mitigate potential financial shocks. As value-based
arrangements continue to proliferate, we believe there may be
opportunities for these types of practices to form VBEs, take on risk,
and potentially have success in reducing costs and coordinating care.
Comment: Commenters requested that the definition of ``full
financial risk'' expressly include payments based on global budgets, as
well as capitation and other alternative payment methodologies.
Response: While the definition of ``full financial risk'' does not
expressly list global budget or capitation payment methodologies as
permissible payment methodologies, we confirm that such prospective
payment methodologies would satisfy the definition of ``full financial
risk'' as long as the global budget or capitation payments covered the
cost of all items and services covered by the applicable payor for the
target patient population for a term of at least 1 year. Without
additional detail related to the alternative payment methodologies
referenced by the commenter, we are unable to opine on whether such
payment methodologies would meet the definition of ``full financial
risk.'' Parties also may request an advisory opinion from OIG to
determine whether an arrangement meets the definition of ``full
financial risk'' and the conditions of the full financial risk safe
harbor or is otherwise sufficiently low risk under the Federal anti-
kickback statute to receive prospective immunity from administrative
sanctions by OIG.
Comment: A commenter requested that OIG explain why the proposed
definition of ``full financial risk'' required that the payor
prospectively pay the VBE.
Response: We proposed a definition of ``full financial risk'' that
required prospective payment, and we stated in the OIG Proposed Rule
that we interpreted ``prospective'' to mean the anticipated cost of all
items and services covered by the applicable payor for the target
patient population had been both determined and paid in advance (as
opposed to billing under the otherwise applicable payment systems and
undergoing a retrospective reconciliation after items and services have
been furnished). In this final rule, we are revising the definition of
full financial risk to require risk on a prospective basis and defining
``prospective basis'' to mean the VBE has assumed financial
responsibility for the cost of all items and services covered by the
applicable payor prior to the provision of items and services to
patients in the target patient population. As such, the VBE no longer
needs to be prospectively paid by the applicable payor prior to the
provision of items and services to each patient in the target patient
population. Instead, the VBE must simply assume financial
responsibility prior to the provision of items and services.
We are requiring the assumption of risk on a prospective basis not
only in recognition of the additional flexibilities under the Federal
anti-kickback statute that this safe harbor affords but also because
risk assumption can serve to limit the potential harms that may result
from financial incentives inherent to fee-for-service payments systems,
such as overutilization and skewed medical decision-making. For
example, if providers know the amount of reimbursement they will
receive for providing items and services to the target patient
population before providing such items and services, then the providers
may be less likely to order excessive tests or otherwise provide
unnecessary items and services to the patients.\54\
---------------------------------------------------------------------------
\54\ Mark W. Friedberg, Peggy C. Chen, Chapin White et al.,
Effects of Health Care Payment Models on Physician Practice in the
United States, RAND Corporation (2015); K. John McConnell, Stephanie
Renfro, Richard C. Lindrooth et al., Oregon's Medicaid Reform And
Transition To Global Budgets Were Associated With Reductions In
Expenditures, Health Affairs (Mar. 2017); James C. Robinson, Stephen
M. Shortnell et al., Quality-Based Payment for Medical Groups and
Individual Physicians, INQUIRY: The Journal of Health Care
Organization, Provision, and Financing (May 2009).
---------------------------------------------------------------------------
Comment: We received various comments regarding how a payor could
transfer risk to the VBE. For example, a commenter requested
confirmation that the payor and VBE could engage in retrospective
reconciliations. Another commenter asserted that OIG should add
language to the safe harbor stating that risk, both at the enterprise
level and at the VBE participant level, can be through front-end
withholds or dues assessments and need not be through a back-end
repayment. A commenter further asked whether, as long as the payment
covers a particular period, the payor could pay the VBE at the end or
in the middle of the coverage period.
Response: Under the revised definition of ``full financial risk,''
a payor could pay the VBE at any point in the coverage period and
engage in retrospective reconciliations, as long as the VBE has assumed
full financial risk for a term of at least 1 year prior to the
provision of items and services to patients in the target patient
population. We also are not dictating the manner in which the VBE
exchanges remuneration with VBE participants, so a VBE could impose
front-end withholds or dues assessments on VBE participants.
Comment: A commenter asserted that the OIG Proposed Rule's proposed
definition of ``full financial risk'' allowed a payor to make payments
to physician practices to offset losses that the practices incurred.
Response: This safe harbor would not protect payments from a payor
to a physician practice that is a VBE participant to offset losses the
practice incurred because the safe harbor prohibits a VBE participant
from claiming payment in any form from a payor for the items and
services covered under the value-based arrangement. In other words,
under the terms of this safe harbor, the VBE must assume full financial
risk for the cost of all items
[[Page 77774]]
and services covered by the applicable payor; this means that any
claims submitted to a payor by a VBE participant related to such items
and services--including a claim for payment to offset losses incurred--
would fail this requirement. The VBE, however, may enter into
reinsurance or other risk-adjustment arrangements and could address
losses incurred by VBE participants by using reinsurance payments, for
example, to reimburse VBE participants for such losses.
Comment: Many commenters appreciated OIG's position that the
definition of ``full financial risk'' would not prohibit a VBE from
entering into arrangements to protect against catastrophic losses.
Multiple commenters requested guidance on the risk mitigation terms
that full-risk arrangements can include while satisfying the
requirements of the safe harbor, including whether there is a
particular threshold on the amount of loss coverage. A commenter
specifically asked whether incentive arrangements requiring stop-loss
protection to meet existing physician incentive regulations in Federal
health care programs would qualify as protecting against catastrophic
losses under the full financial risk safe harbor.
Response: We are not imposing a specific limit on the amount of
loss coverage a VBE may have, but as we stated in the OIG Proposed
Rule, we would expect any stop-loss or other risk adjustment
arrangements to act as protection for the VBE against catastrophic
losses and not as a means to shift material financial risk back to the
payor. Whether stop-loss protection required by the existing physician
incentive regulations would be appropriate stop-loss protection for a
VBE assuming risk pursuant to this safe harbor may depend on a number
of factors, including the structure of the VBE, scope of the target
patient population, and items and services covered by the applicable
payor.
Comment: A commenter expressed concern that, because the proposed
definition of ``full financial risk'' requires the assumption of risk
for the cost of all items and services covered by the applicable payor,
it would by default necessitate the involvement of hospitals as VBE
participants. The commenter appeared to believe that this would lead to
further consolidation of the health care industry.
Response: It is not the intent of this rule to foster industry
consolidation. Rather, this rule aims to increase options for parties
to create a range of innovative arrangements eligible for safe harbor
protection. The safe harbor does not require all parties providing
items and services to the target patient population to be VBE
participants and thus does not require the VBE to enter into value-
based arrangements with all such parties. For example, a VBE may enter
into a services contract with a hospital that is not a VBE participant
for the provision of items and services to the target patient
population, although we note that the VBE must be at risk from the
payor for the items and services provided by such hospital to the
target patient population.
Accordingly, we do not view a hospital's participation in a value-
based arrangement as a driver of industry consolidation; rather, we
view the voluntary nature of a hospital's participation, as well as the
voluntary participation of all other individuals or entities in a
value-based arrangement, as facilitating collaboration and the
transition to value-based care. Individuals and entities are not
required to integrate their practices or corporations to meet the
definition of ``VBE,'' to be a VBE participant, or to rely on this safe
harbor. These definitions provide individuals and entities flexibility
to determine how best to structure a VBE and the associated value-based
arrangements to meet value-based purposes. VBEs and VBE participants
that assume full financial risk from a payor and enter into value-based
arrangements that meet the conditions of this safe harbor likely
require different, more closely coordinated arrangements than VBEs and
VBE participants that rely on the care coordination arrangements safe
harbor. However, both sets of entities have flexibility to determine
with what types of VBE participants to work and what types of
arrangements work best.
ii. Items and Services
Summary of OIG Proposed Rule: We proposed to define ``items and
services'' at paragraph 1001.952(gg)(9)(ii) as having the same meaning
as that set forth in paragraph 1001.952(t)(2)(iv).
Summary of Final Rule: We are finalizing, with modification, the
proposed definition of ``items and services'' at paragraph
1001.952(gg)(9)(iii) to mean health care items, devices, supplies, and
services.
Comment: A commenter expressed concern that the proposed definition
of ``items and services'' would inadvertently exclude arrangements that
the health care industry views as full risk because ``items and
services'' was defined to include services reasonably related to the
provision of health care items, devices, supplies, or services,
including, but not limited to, non-emergency transportation, patient
education, attendant services, social services (e.g., case management),
utilization review and quality assurance. According to the commenter,
the scope of ``items and services'' could add significant potential
costs to parties seeking protection under the safe harbor. The
commenter recommended that OIG revise the definition of ``items and
services'' to include covered medical items and services but not items
and services more in the nature of optional supplemental benefits.
Response: In response to the commenter's concerns, we are modifying
the proposed definition of ``items and services'' to mean only health
care items, devices, supplies, and services. We are no longer cross-
referencing and incorporating the definition of ``items and services''
found in paragraph 1001.952(t)(2)(iv). Thus, a VBE may assume risk for
items and services reasonably related to the provision of health care
items, devices, supplies, or services such as non-emergency
transportation, patient education, and social services (as provided for
in the definition of ``items and services'' found in paragraph
1001.952(t)(2)(iv)), but doing so is no longer a safe harbor
requirement.
The scope of items and services for which a VBE must be at risk
depends on the items and services covered by the payor. We recognize
that, across the health industry, what constitutes full risk for health
care items, devices, supplies, and services varies greatly from program
to program and plan to plan, and we have tailored this safe harbor
requirement accordingly. For example, Medicare Advantage generally does
not cover items and services for long-term care at nursing facilities,
but Medicaid does. This safe harbor does not change the scope of items
and services a payor must cover in order for a VBE to meet the
definition of ``full financial risk.''
As we explained in the OIG Proposed Rule, a VBE would be at ``full
financial risk'' if it contracts or enters into a value-based
arrangement with a Medicaid managed care organization and receives a
fixed per-patient per-month amount to be at full financial risk if the
fixed amount covered the cost of all items and services covered by the
Medicaid managed care plan and furnished to the target patient
population. Similarly, we would consider a VBE to be at ``full
financial risk'' if it contracts or enters into a value-based
arrangement with a Medicare Advantage plan to receive a prospective,
capitated payment for all items and services covered by the
[[Page 77775]]
Medicare Advantage plan for a target patient population. Under this
safe harbor, we are not protecting partial capitated arrangements that
require the VBE to assume risk for only a limited set of items and
services.
Parties may utilize OIG's advisory opinion process to determine
whether an arrangement meets the conditions of this safe harbor or is
otherwise sufficiently low risk under the Federal anti-kickback statute
to receive prospective immunity from administrative sanctions by OIG.
Comment: While recognizing that the proposed definition of ``full
financial risk'' ties risk to payor coverage, a commenter requested
that OIG explicitly state the extent to which medication costs may be
included in the items and services for which a VBE must be at risk
under the safe harbor. Another commenter stated that, if prescription
drugs are included in the definition of all items and services for
purposes of the full financial risk safe harbor, it is important that
pharmaceutical manufacturers be eligible to participate in the VBE.
Response: To the extent the payor with which the VBE contracts to
assume full financial risk covers prescription drugs, the VBE's risk
must encompass prescription drugs. The definition of ``full financial
risk'' requires that the VBE assume financial responsibility on a
prospective basis for the cost of all items and services covered by the
applicable payor for each patient in the target patient population.
Conversely, if the contracting payor does not cover prescription drugs,
the VBE does not need to assume risk for such costs.
While we recognize that prescription drugs may be included in the
definition of ``full financial risk,'' manufacturers of a drug or
biological remain ineligible to give or receive protected remuneration
under this safe harbor as finalized here. Such parties may be VBE
participants, but they cannot exchange remuneration protected by this
safe harbor. We refer readers to the section of this final rule
addressing the definition of ``VBE participant'' for a discussion of
our rationale.
iii. Other Defined Terms
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(gg)(9) that the terms ``coordination and management of care,''
``target patient population,'' ``value-based activity,'' ``value-based
arrangement,'' ``value-based enterprise,'' ``value-based purpose,'' and
``VBE participant'' would have the meaning set forth in proposed
paragraph 1001.952(ee).
Summary of Final Rule: We are finalizing, with modifications, our
proposed use of the value-based terminology at paragraph
1001.952(gg)(9)(iv). We no longer use the term ``coordination and
management of care'' in this safe harbor. Additionally, because
paragraph 1001.952(gg)(1) makes certain entities ineligible to use the
value-based safe harbors, we are finalizing the term ``manufacturer of
a device or medical supply,'' with the same meaning set forth in
paragraph 1001.952(ee)(14).
c. Entities Ineligible for Safe Harbor Protection
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee) to limit the entities that could qualify as VBE
participants, which would have the effect of limiting availability of
the value-based safe harbors, including the full financial risk safe
harbor at proposed paragraph 1001.952(gg), for those ineligible
entities. The proposed definition of ``VBE participant'' is summarized
more fully in section III.B.2.e of this preamble.
Summary of Final Rule: We are not finalizing our proposal in
proposed paragraph 1001.952(ee) to limit the entities that could
qualify as VBE participants. As explained at section III.B.2.e, in the
final rule we are identifying parties ineligible to rely on safe
harbors in the safe harbors themselves. For the full financial risk
safe harbor, we are finalizing a requirement that remuneration is not
exchanged by any of the following entities: (i) Pharmaceutical
manufacturers, wholesalers, and distributors; (ii) PBMs; (iii)
laboratory companies; (iv) pharmacies that primarily compound drugs or
primarily dispense compounded drugs; (v) manufacturers of devices or
medical supplies; (vi) entities or individuals that manufacture, sell,
or rent DMEPOS (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services, all of whom remain
eligible); and (vii) medical device distributors or wholesalers that
are not otherwise manufacturers of devices or medical supplies. This
list, set forth at paragraph 1001.952(gg)(1), effectuates proposals in
the OIG Proposed Rule to make these entities ineligible to use this
safe harbor for the exchange of remuneration pursuant to a value-based
arrangement.
Comments, our responses, and policy decisions regarding this issue
can be found in the discussion of VBE participants in section III.B.2.e
of this preamble.
d. VBE's Assumption of Risk From a Payor
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(1)that the VBE must assume full financial risk from a
payor. We proposed that VBEs could assume full financial risk directly
from a payor or through a VBE participant acting on behalf of the VBE.
Summary of Final Rule: We are finalizing this requirement at
paragraph 1001.952(gg)(2), with the following modifications. First,
VBEs have two options to assume full financial risk from a payor. A VBE
can assume risk from the payor through an arrangement that meets the
definition of ``value-based arrangement,'' or a VBE can assume risk
from a payor through a contract that places the VBE at full financial
risk.
The first option for risk arrangements requires the payor to be a
VBE participant, which is permitted under our final definition of ``VBE
participant.'' The payor (as a VBE participant) and the VBE can enter
into a value-based arrangement for the VBE to assume full financial
risk. As we proposed and are finalizing in this rule, the introductory
paragraph to 1001.952(gg) protects remuneration exchanged pursuant to a
value-based arrangement. Therefore, remuneration exchanged pursuant to
a payor's and a VBE's value-based arrangement could be protected by
this safe harbor, including remuneration exchanged to implement the
full financial risk methodology, if the value-based arrangement meets
all applicable conditions of the safe harbor.
Under the second option, payors that do not wish to be part of the
VBE may choose to enter into a written contract with the VBE that is
not a value-based arrangement for the purposes of the VBE's assumption
of full financial risk. Under this option, payors would not be VBE
participants, the written contract between the payor and the VBE would
not be a value-based arrangement, and the payor would not be subject to
the other conditions of the safe harbor. In such circumstances, these
contracts must only meet the condition at paragraph 1001.952(gg)(2),
i.e., they must evidence the VBE's assumption of full financial risk
from the payor. Remuneration exchanged pursuant to a risk assumption
contract that is not a value-based arrangement is not protected by this
safe harbor. The VBE and the payor would need to assess any potential
remuneration exchanged pursuant to the risk arrangement contract and
its compliance with the Federal anti-kickback statute.
[[Page 77776]]
To enable the payor and VBE to use this safe harbor to protect
remuneration exchanged pursuant to their value-based arrangement, we
are providing at paragraph 1001.952(gg)(4) of the safe harbor that,
even though the payor is a VBE participant, the payor is exempt from
the prohibition against a VBE participant claiming payment in any form
from the payor for items or services covered under the value-based
arrangement.
We are also modifying this requirement to clarify that the payor
cannot act on behalf of the VBE; the VBE must be a distinct legal
entity or represented by a VBE participant, other than a payor, that
acts on the VBE's behalf.
We summarize and respond to comments regarding this proposed
condition as applied only to the full financial risk safe harbor below.
For a summary of the comments received regarding the requirement that a
VBE assume financial risk from a payor pursuant to a value-based
arrangement, in both the substantial downside financial risk and full
financial risk safe harbors and our responses, we refer readers to the
discussion of this condition in the substantial downside financial risk
safe harbor at section III.B.4.d.
Comment: Commenters requested that OIG clarify that payors can act
on behalf of the VBE to assume full financial risk.
Response: We are revising the regulatory text in response to these
comments to clarify that a single VBE participant may act on behalf of
the VBE to assume full financial risk from a payor, provided it is not
itself a payor. That is, the agent of the VBE and the payor from which
the VBE is assuming full financial risk from may not be the same
entity.
Comment: Multiple commenters expressed concern that, because Indian
health care is compensated through Indian Health Service appropriations
and the Medicare, Medicaid, and CHIP programs, Indian health care
providers could not be risk-bearing entities, as required in the
proposed full financial risk safe harbor.
Response: It is possible that Indian health care providers might
not be risk-bearing entities for purposes of this safe harbor; that
would be a programmatic matter outside the scope of this rulemaking.
There may be other providers of varying types that are not able to, or
choose not to, meet the requirements of this safe harbor. This would
not foreclose Indian health care providers or other providers from
engaging in care coordination arrangements and seeking safe harbor
protection under the care coordination arrangements safe harbor at
paragraph 1001.952(ee), which does not require the assumption of any
risk (but is available for risk-bearing arrangements), or other
available safe harbors, such as the safe harbor for personal services
and management contracts and outcomes-based payments at paragraph
1001.952(d). Moreover, the fact that an arrangement does not fit in a
safe harbor does not make the arrangement unlawful. The OIG advisory
opinion process is also available for providers seeking a legal opinion
regarding their arrangements.
Comment: A commenter requested that the safe harbor not be limited
to items and services covered by a particular payor, but rather
extended to all items and services provided to a VBE participant's
patients, regardless of payor. For example, the commenter requested
that the safe harbor protect risk-based arrangements between a health
system and providers where the VBE assumes risk for all of the
providers' patients, regardless of the patients' payors.
Response: A VBE could assume full financial risk for all of the
items and services provided to all of a VBE participant's patients,
provided the VBE and VBE participant have defined the target patient
population to include all of the VBE participant's patients, and if the
VBE participant's patients are insured by multiple payors, the VBE has
assumed full financial risk from each payor that insures a patient who
is part of the target patient population. The risk that a VBE assumes
is not limited to the items and services covered by the applicable
payor that a VBE participant provides (e.g., only the items and
services provided by the health system); rather, the VBE's risk
encompasses all items and services covered by the applicable payor,
regardless of whether a VBE participant or another provider provides
such items and services.
e. Phase-In Period
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(1) that the full financial risk safe harbor would protect
remuneration exchanged pursuant to value-based arrangements between a
VBE and a VBE participant where the VBE is contractually obligated to
assume full financial risk in the next 6 months. We solicited comments
on whether such lead time should be shorter or longer.
Summary of Final Rule: We are finalizing, with modification, a
protected ``phase-in'' period at paragraph 1001.952(gg)(2). In response
to comments requesting a longer phase-in period, we are extending the
protected phase-in period for parties that have entered into a contract
or a value-based arrangement to assume full financial risk from the
proposed 6 months to 1 year.
In contrast to the substantial downside financial risk safe harbor,
we believe an extended 1-year phase-in period is warranted where a VBE
is preparing to assume full financial risk for the total cost of items
and services covered by the applicable payor for the target patient
population.
We refer readers to the substantial downside financial risk safe
harbor section at III.B.4.e regarding the phase-in requirement for a
summary of comments we received on this phase-in period, and our
responses, as applicable to both the substantial downside financial
risk safe harbor and full financial risk safe harbor and for a more
detailed discussion of this standard. We did not receive comments
regarding the phase-in period specific to the full financial risk safe
harbor. Among other comments, commenters recommended a 1-year phase-in
period for both safe harbors.
f. Writing
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(2) that the parties to the value-based arrangement must
set forth the material terms of the value-based arrangement in a signed
writing that includes the value-based activities to be undertaken by
the parties. At proposed paragraph 1001.952(gg)(1), we proposed that
the VBE have a signed writing with the payor that specifies the target
patient population and contains terms evidencing the VBE's full
financial risk.
Summary of Final Rule: We are finalizing, with modification, a
writing requirement for value-based arrangements at paragraph
1001.952(gg)(3). The modification, based on public comments, clarifies
that the writing requirement can be satisfied by a collection of
documents. The writing requirement now states that the value-based
arrangement must be set forth in writing, signed by the parties, and
specify all material terms, including the value-based activities and
the term. This writing requirement does not apply to contracts between
a VBE and a payor that are not value-based arrangements.
For further discussion of and responses to the general comments we
received regarding a writing requirement, we refer readers to section
III.B.3.d that discusses the writing requirement for purposes of the
care coordination arrangements safe harbor. The general comments
addressed
[[Page 77777]]
aspects of the writing requirement that were common to all three value-
based safe harbors. In this section, we discuss only the comments
specific to the proposed full financial risk safe harbor's writing
requirement.
Comment: A commenter asked OIG to clarify whether, to the extent
parties have multiple value-based arrangements for which they are
seeking protection under this safe harbor, each value-based arrangement
must be set forth in separate writings or whether one agreement could
suffice.
Response: This safe harbor, like the substantial downside financial
risk safe harbor, does not dictate the manner in which parties document
their value-based arrangements. For example, a VBE could choose to
document the value-based arrangement it entered into with a payor and
the value-based arrangement it entered into with a downstream VBE
participant in a single writing; alternatively, it could maintain two
separate writings for the two distinct value-based arrangements.
g. 1-Year Minimum Term of Value-Based Arrangement
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we proposed
in paragraph 1001.952(gg)(2) to require that the term of the value-
based arrangement be for a period of at least 1 year.
Summary of Final Rule: We are not finalizing this proposed
requirement.
Comment: A few commenters opposed the proposed requirement that the
term of the value-based arrangement be for at least 1 year, with one
commenter asserting that a value-based arrangement term requirement
could impose unnecessary obstacles to beneficial innovation. Commenters
also asked whether an arrangement would meet this requirement of the
safe harbor if the parties terminate the arrangement during the first
year but do not enter into a substantially similar arrangement until
the expiration of the first year.
Response: We are not finalizing the proposed requirement that the
term of the value-based arrangement be for a period of at least 1 year.
We believe the requirement for a VBE to assume full financial risk from
the payor for a period of at least 1 year is a sufficient safeguard
against gaming without also requiring the value-based arrangement to
have a 1-year minimum term. Parties must still document the term of
their value-based arrangement as a condition of meeting this safe
harbor's writing requirement.
h. Remuneration Used To Engage in Value-Based Activities
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(i) to require that the remuneration exchanged be used
primarily to engage in the value-based activities set forth in the
parties' signed writing.
Summary of Final Rule: We are not finalizing this proposed
requirement.
Comment: A commenter asked whether, given the requirement that
remuneration must be used primarily to engage in value-based
activities, all activities of an integrated delivery system subject to
global budget arrangements, either upstream or downstream, will relate
to the value-based activities for the target patient population.
Another commenter requested that we interpret this requirement to mean
that, if substantially all of an integrated delivery system's
activities include the assumption of financial risk for all services,
the remaining incidental activities and associated remuneration among
VBE participants also would be protected.
Response: We are not finalizing the proposed requirement that all
remuneration exchanged pursuant to the full financial risk safe harbor
be used primarily to engage in value-based activities for the target
patient population. We intended this proposed condition to safeguard
against the exchange of remuneration to inappropriately induce
referrals. However, based on comments received to this safe harbor and
the substantial downside financial risk safe harbor (as detailed in
section III.B.4.f), we do not think this safeguard is necessary in the
full financial risk safe harbor, given this safe harbor's unique
combination of safeguards, and in particular, the requirement that the
VBE assume full financial risk from a payor for a target patient
population and the safe harbor's limitation on exchanges of
remuneration to those between the VBE and a VBE participant. For
purposes of the substantial downside financial risk safe harbor, we
addressed this issue more narrowly, excluding monetary remuneration
exchanged pursuant to a risk methodology that meets the definition of
``substantial downside financial risk'' or ``meaningful share'' from
the requirement that remuneration exchanged be used predominantly to
engage in value-based activities. However, for the reasons set forth
above, we believe a more flexible approach is warranted in this safe
harbor, and we are not finalizing the proposed condition.
With respect to the comment regarding safe harbor protection for
incidental activities and associated remuneration where substantially
all of an entity's activities include the assumption of financial risk
for all services, we note that the value-based safe harbors do not
protect business models or necessarily all activities and remuneration
flowing under, for example, an integrated delivery system. Rather, the
full financial risk safe harbor, like the other value-based safe
harbors, protects discrete streams of remuneration exchanged pursuant
to a value-based arrangement, and parties would need to evaluate each
stream separately to assess compliance with the Federal anti-kickback
statute, and as applicable, any available safe harbor.
i. Direct Connection to Value-Based Purposes
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(ii) to require that the remuneration be directly
connected to one or more of the VBE's value-based purpose(s), at least
one of which must be the coordination and management of care for the
target patient population. We proposed that this condition would be
interpreted consistent with the similar condition in the care
coordination arrangements safe harbor.
Summary of the Final Rule: We are finalizing, with modification,
the requirement that remuneration exchanged between the VBE and a VBE
participant under this safe harbor be connected to one or more value-
based purposes at paragraph 1001.952(gg)(5)(i). Based on public
comment, we are modifying the provision to remove the requirement that
all remuneration be connected to the purpose of coordinating and
managing care for the target patient population.
Comment: Commenters asked for examples of the types of arrangements
the safe harbor could protect, and a commenter specifically asked
whether the safe harbor would protect fee-for-service payments, bonus
payments based on quality outcomes, or both from a VBE to a VBE
participant. A commenter also asked whether a VBE could give
remuneration to an owner of the VBE, where the owner is a VBE
participant.
Response: This safe harbor could protect arrangements for bonus
payments based on quality outcomes or shared savings and losses
arrangements, among other types of payment arrangements, as long as all
requirements of the safe harbor are satisfied, including the
requirement that
[[Page 77778]]
the remuneration exchanged must be directly connected to one or more
value-based purposes. With respect to the commenter's question about
fee-for-service payment, this safe harbor does not dictate the manner
of payment between the VBE and the VBE participant for items and
services rendered to the target patient population. Provided the VBE
has assumed full financial risk from a payor and the VBE participant
does not claim payment from the payor for the items and services
furnished to the target patient population, the VBE could pay the VBE
participant on a fee-for-service basis.
Whether a VBE could give remuneration to an owner of the VBE, where
the owner is a VBE participant, is a fact-specific determination. While
the safe harbor, by its terms, does not preclude remuneration exchanged
between a VBE and an owner of the VBE where the owner is a VBE
participant, we highlight that this safe harbor does not protect an
ownership or investment interest in the VBE or any distributions
related to an ownership or investment interest.
Unlike the similar requirement in the other value-based safe
harbors, we are not requiring a direct connection to any specific
value-based purpose under this safe harbor. This safe harbor is
designed to protect the broadest scope of remuneration, and some
remuneration may be more closely connected to one of the other value-
based purposes. Therefore, we are providing more flexibility for a VBE
assuming full financial risk to determine the value-based purpose(s) to
which the exchange of remuneration is directly connected. This includes
remuneration exchanged pursuant to a value-based arrangement between
the VBE and the payor (as a VBE participant) that effectuates the VBE's
assumption of full financial risk from the payor. For a summary of
comments received regarding the requirement for a direct connection to
the coordination and management of care and further discussion of this
requirement as proposed in the care coordination arrangements safe
harbor, the substantial downside financial risk safe harbor, and the
full financial risk safe harbor, we refer readers to the applicable
section of this final rule for each safe harbor.
j. No Reduction in Medically Necessary Items or Services
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(iii) to require that remuneration must not induce the
VBE or VBE participants to reduce or limit medically necessary items or
services furnished to any patient. We proposed to interpret this
condition consistent with the similar condition proposed in the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(gg)(6). The modification provides that
the value-based arrangement (not merely the remuneration exchanged) may
not induce the VBE or VBE participants to reduce or limit medically
necessary items or services furnished to any patient.
For a summary of comments received and our responses regarding this
condition, as proposed in each of the value-based safe harbors, we
refer readers to the care coordination arrangements and substantial
downside financial risk safe harbor sections discussing this
requirement at III.B.3.e and III.B.4.h, respectively.
k. Taking Into Account the Volume or Value of, or Conditioning
Remuneration on, Business or Patients Not Covered Under the Value-Based
Arrangement
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(5) that the VBE or VBE participant offering the
remuneration could not take into account the volume or value of, or
condition the remuneration on, referrals of patients outside of the
target patient population or business not covered under the value-based
arrangement. This proposed safeguard is identical to that included in
the proposed care coordination arrangements and substantial downside
financial risk safe harbors.
Summary of Final Rule: We are finalizing, without modification,
this condition, and relocating it to paragraph 1001.952(gg)(7).
Comments received on this topic addressed the requirement as it applied
to the value-based safe harbors generally; we did not receive separate
comments on this requirement specific to this safe harbor.
Consequently, we refer readers to the care coordination arrangements
safe harbor section regarding this requirement at III.B.3.f for a
summary of applicable comments, our responses, and a more detailed
discussion of this standard.
l. Offer or Receipt of Ownership or Investment Interests
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(iv) that the full financial risk safe harbor would not
protect an ownership or investment interest in the VBE or any
distributions related to an ownership or investment interest, and we
solicited comments on this approach and, in particular, any operational
challenges this approach might present.
Summary of Final Rule: We are finalizing, without modification,
this condition and relocating it to paragraph 1001.952(gg)(5)(ii).
Comment: Similar to the substantial downside financial risk safe
harbor, several commenters opposed this condition or, alternatively,
requested that OIG clarify that it does not intend to prohibit VBE
participants from establishing a corporate structure for a VBE in which
participants may each receive some equity. A commenter asserted that,
without modifying or clarifying OIG's approach to protecting an
ownership or investment interest in the VBE or any distributions
related to an ownership or investment interest, the safe harbor would
unnecessarily restrict individuals and entities from dictating the
corporate structure of the VBEs they elect to create. Another commenter
stated that the safe harbor should protect ownership or investment
interests where payors require that only a single entity, as opposed to
a collection of entities, enter into the full financial risk
arrangement.
Response: We do not view protection for ownership or investment
interests in a VBE as fundamental to parties entering into value-based
arrangements under this safe harbor and decline to protect them under
this safe harbor. We are concerned that, were we to protect such
remuneration streams, such protection would serve only to align
financial interests of the parties without benefitting the payor or
target patient population. Remuneration in the form of ownership or
investment interests presents a higher risk that offers of investment
interests or returns on investment will be for the purpose of inducing
referrals, without attendant care coordination, quality, or cost-
reduction benefits related to the target patient population or the
payor. Parties seeking to protect a particular ownership or investment
interest may look to existing safe harbors (e.g., the safe harbor for
investment interests found at paragraph 1001.952(a)), and the advisory
opinion process remains available.
Regardless of whether a payor requires that a single entity, as
opposed to a collection of entities, enter into a contract or a value-
based arrangement to assume full financial risk, the safe harbor itself
requires a single individual or entity to contract or enter into a
value-based arrangement with the payor to assume full financial risk
(e.g., the VBE may directly contract with the
[[Page 77779]]
payor or a single VBE participant (other than a payor) may act on
behalf of the VBE to contract with the payor). If a VBE participant
that has assumed full financial risk as an agent of the VBE seeks to
share its risk with other parties to the VBE, the safe harbor is
available to protect such risk-sharing arrangements, provided they meet
all requirements of the safe harbor.
m. No Remuneration From Individuals or Entities Outside the Applicable
VBE
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(v) that the full financial risk safe harbor would not
protect any remuneration funded by, or otherwise resulting from
contributions by, any individual or entity outside of the applicable
VBE.
Summary of Final Rule: We are not finalizing this proposed
requirement, based on concerns--raised by commenters in the context of
the same provision in the care coordination arrangements safe harbor--
that this condition could inadvertently restrict the exchange of
beneficial remuneration that we intend to protect. While we are not
finalizing this condition, we emphasize that remuneration exchanged
outside of a value-based arrangement would not be protected by any of
the value-based safe harbors. We did not receive separate comments on
this requirement specific to this safe harbor. Consequently, we refer
readers to the care coordination arrangements safe harbor and
substantial downside financial risk safe harbor sections at III.B.3.e
and III.B.4.j discussing this requirement for a summary of applicable
comments, our responses, and a more detailed explanation of our
rationale for not finalizing this standard.
n. Utilization Review and Quality Assurance Programs
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(6) that the VBE must provide or arrange for an operational
utilization review program and a quality assurance program that
protects against underutilization and specifies patient goals,
including measurable outcomes, where appropriate. We noted that such
proposed conditions would mirror those found in the managed care safe
harbor at paragraph 1001.952(u) but explained that we were considering
other ways to frame these proposed conditions to reflect the
utilization review and quality assurance mechanisms in place today.
Summary of Final Rule: We are finalizing, with modifications, this
proposed condition at paragraph 1001.952(gg)(8). Based on public
comment, the modifications afford parties additional flexibility in
conducting quality and utilization reviews. Specifically, VBEs seeking
protection under this safe harbor must provide or arrange for a quality
assurance program for services furnished to the target patient
population that: (i) Protects against underutilization of items and
services furnished to the target patient population; and (ii) assesses
the quality of care furnished to the target patient population. We are
not finalizing the proposed requirement to have an operational
utilization review program.
Comment: Some commenters supported our proposal to require the VBE
to provide or arrange for an operational utilization review program and
a quality assurance program, while another commenter requested that OIG
reconsider this requirement, stating that VBEs are not the equivalent
of a managed care organization and that operational utilization review
programs and quality assurance programs are robust, expensive programs
that require significant lead time to implement. A couple of commenters
asked OIG to explain the term ``operational,'' and a commenter
specifically asked whether a utilization review program that is used
only on an annual basis would be considered ``operational.'' Another
commenter asked whether an existing utilization review program of a
contracting payor or provider would meet this requirement.
Response: We are revising the terminology used in order to afford
parties additional flexibility consistent with our intent that a VBE
provide or arrange for a program to protect against underutilization
and specify patient goals. Specifically, VBEs must provide or arrange
for a quality assurance program for services furnished to the target
patient population that: (i) Protects against underutilization of items
and services furnished to the target patient population; and (ii)
assesses the quality of care furnished to the target patient
population. Such a quality assurance program may include an operational
utilization review program and specify patient goals; however, an
operational utilization review program is no longer a requirement.
Pursuant to this revised standard, parties may determine what
activities and mechanisms are most suitable to assess the quality and
appropriateness of care furnished to the target patient population,
provided such mechanisms meaningfully protect against underutilization
and assess the quality of care furnished to the target patient
population.
The flexibility we are providing to parties is in recognition that
VBEs may be subject to varying requirements related to quality
assurance programs based on State law or the terms of its value-based
arrangement with the payor. Notwithstanding this additional
flexibility, as with the condition proposed in the OIG Proposed Rule,
this revised requirement effectuates our intent that a VBE provide or
arrange for a program to protect against underutilization and specify
patient goals.
In response to commenters' specific inquiries, we acknowledge that,
even with the additional flexibility afforded by our revisions to this
condition, quality assurance programs are robust and potentially
expensive undertakings. Thus, we are highlighting that this condition
does not mandate that VBEs establish such review programs themselves;
the VBE may also arrange for such programs. For example, VBEs may look
to payors with which they are contracting or entering into value-based
arrangements to assume full financial risk to share, or fully assume,
this responsibility. In such circumstances, the VBE may reasonably rely
on the payor's existing quality assurance program infrastructure
provided it meets all safe harbor requirements.
o. No Marketing of Items or Services or Patient Recruitment Activities
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(7) to exclude safe harbor protection for remuneration
exchanged pursuant to a value-based arrangement that included marketing
items or services to patients or engaging in patient recruitment
activities. We proposed to interpret this condition consistent with our
interpretation of this same proposed requirement in the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing, with modifications, the
limitation on marketing and patient recruitment at paragraph
1001.952(gg)(5)(iii). Rather than prohibiting all marketing and patient
recruitment activities, we modified the provision to prohibit the
exchange or use of remuneration for the purpose of marketing items or
services furnished by the VBE or VBE participants to patients or for
the purpose of patient recruitment activities. We received only one
comment on this requirement specific to this safe harbor, detailed
below. We refer readers to the care coordination arrangements safe
harbor's discussion regarding this requirement at section III.B.3.j for
a summary of applicable comments, our responses, additional
[[Page 77780]]
explanation regarding this standard, and a rationale for the
modification we are making.
Comment: Without further explaining its position, a commenter
stated that there is no need for any marketing or patient recruitment
limitations in the full financial risk safe harbor.
Response: Consistent with the other value-based safe harbors, we
have modified the marketing requirement to be more limited in scope but
to preclude protection for remuneration exchanged or used for the
purpose of marketing items or services furnished by the VBE or a VBE
participant to patients or patient recruitment activities. Although we
agree that the VBE's assumption of full financial risk generally
warrants greater flexibility in this safe harbor, we continue to
believe that a prohibition on certain marketing and patient recruitment
practices is an important fraud and abuse safeguard across all three
value-based safe harbors for the reasons set forth in the discussion of
the marketing condition in the care coordination arrangements safe
harbor. In particular, with respect to the full financial risk safe
harbor, we are concerned that remuneration under the value-based
arrangement may be exchanged or used to engage in inappropriate patient
recruitment activities to incentivize, for example, beneficiary
enrollment in, or alignment to, a particular health plan.
p. Materials and Records
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(8) that the VBE or its VBE participants maintain
documentation sufficient to demonstrate compliance with the safe
harbor's conditions and to make such records available to the Secretary
upon request. We solicited comments regarding whether we should require
parties to maintain materials and records for a set period of time
(e.g., at least 6 years or 10 years). We proposed to interpret this
requirement as described in the OIG Proposed Rule's preamble discussing
the proposed care coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing, with modification, the
materials and records requirement at paragraph 10001.952(gg)(9). The
final rule includes new language to specify that, for a period of at
least 6 years, the VBE or its VBE participants must maintain materials
and records sufficient to establish compliance with the conditions of
the safe harbor. We did not receive separate comments on this
requirement specific to this safe harbor; the comments received related
to the value-based safe harbors generally. Consequently, for a more
detailed discussion and a summary of and responses to the comments
received regarding this requirement, we refer readers to section
III.B.3.n discussing the materials and records condition in the care
coordination arrangements safe harbor.
q. Downstream Arrangements
Summary of OIG Proposed Rule: In the preamble, we noted that the
proposed full financial risk safe harbor would apply only to
remuneration exchanged between a VBE and a VBE participant pursuant to
a value-based arrangement. We stated that the proposed safe harbor
would not protect remuneration exchanged between or among VBE
participants that are part of the same VBE, between a VBE participant
and a downstream contractor, or between two downstream contractors. We
explained that we were concerned about extending safe harbor protection
to remuneration exchanged pursuant to these arrangements because the
downstream parties may have assumed little or no financial risk, which
could result in fee-for-service incentives, and therefore, a risk of
overutilization or other traditional harms associated with fee-for-
service payments. We solicited comments on a variety of alternate
approaches to protecting remuneration exchanged pursuant to certain
downstream arrangements (e.g., additional safeguards in either the full
financial risk safe harbor or another safe harbor).
Summary of Final Rule: We are finalizing, without modification, the
requirement that the exchange of remuneration must be between the VBE
and a VBE participant in the introductory paragraph to 1001.952(gg). We
are not extending safe harbor protection to remuneration that passes
from one VBE participant to another VBE participant or a downstream
contractor. As articulated in the substantial downside financial risk
safe harbor section discussing downstream arrangements, we are limiting
safe harbor protection to the exchange of remuneration between the VBE
and a VBE participant because we believe it is important to provide the
protection and regulatory flexibility the risk-based safe harbors
afford only where the VBE is a party to the value-based arrangement. We
are concerned that, without the VBE as a party, where neither party has
assumed full financial risk and may continue to bill the applicable
payor on a fee-for-service-basis, there is a heightened concern about
traditional FFS fraud and abuse risks. We note that a VBE participant
seeking to exchange remuneration with another VBE participant may look
to the care coordination arrangements safe harbor or other safe
harbors, such as the personal services and management contracts and
outcomes-based payments safe harbor.
For a summary of the comments received regarding this limitation,
our responses, and a detailed explanation regarding our decision not to
extend this safe harbor to downstream arrangements, we refer readers to
our discussion of the parallel provision in the substantial downside
financial risk safe harbor in section III.B.4.p. We did not receive
comments on this requirement specific to this safe harbor that diverged
from the comments summarized in the section describing the parallel
provision in the substantial downside financial risk safe harbor.
r. Potential Additional Safeguards
Summary of OIG Proposed Rule: We stated in the preamble that we
were considering adopting two additional safeguards for purposes of the
final rule: A cost-shifting prohibition and a requirement that parties
submit information to the Department regarding their value-based
arrangement.
Summary of Final Rule: We are not finalizing the two additional
proposed safeguards. Similar to the substantial downside financial risk
safe harbor, we are not including a cost-shifting prohibition, in
recognition that the assumption of full financial risk is intended to
drive a reduction in costs, which may include Federal health care
program costs. We did not receive comments on this alternative
condition specific to this safe harbor that diverged from the comments
summarized in section III.B.4.q of the substantial downside financial
risk safe harbor preamble, and we refer readers to that section for a
summary of comments received and our responses.
We are likewise not finalizing a requirement for parties to submit
information to the Department for the reasons previously articulated in
the care coordination arrangements safe harbor's discussion of this
alternative safeguard, including minimizing administrative burden. We
did not receive comments on this condition specific to this safe harbor
that diverged from the comments previously summarized in section
III.B.4.p of the care coordination arrangements safe harbor preamble,
and we refer readers to that section for a summary of comments and our
responses.
We received comments requesting additional safeguards to the full
financial risk safe harbor that we did not
[[Page 77781]]
propose, and we summarize such comments below.
Comment: Several commenters supported the addition of other
safeguards that we did not propose in the preamble to the full
financial risk safe harbor. For example, some commenters supported a
requirement for value-based arrangements to include objective and
quantifiable outcome measures, and a commenter asserted that the
outcome measures, the methodology for measuring them, and how the
measures affect cost should be transparent to the public. Other
commenters suggested that we include the requirement that neither the
value-based arrangement nor VBE participants limit parties' ability to
make decisions in the best interest of their patients.
Response: We are not requiring, in the context of the full
financial risk safe harbor, that value-based arrangements include
outcome measures (or any public transparency requirements related to
such outcome measures) because we did not propose this as a
requirement, and we do not believe that such a requirement would
appreciably mitigate risk, given other conditions of the safe harbor.
However, we note that we are separately requiring that the VBE provide
or arrange for a quality assurance program for services furnished to
the target patient population that: (i) Protects against
underutilization of items and services furnished to the target patient
population; and (ii) assesses the quality of care furnished to the
target patient population. While outcome measurement is not a
requirement of this safe harbor, as a practical matter, we anticipate
that an assessment of the quality of care furnished to the target
patient population pursuant to a quality assurance program may include
quantitative or qualitative measures assessing, for example,
performance on certain outcome measures. We did not propose and are not
finalizing a requirement that neither the value-based arrangement nor
VBE participants limit the parties' ability to make decisions in the
best interest of their patients, nor do we think it would be necessary
given other protections in the safe harbor.
6. Arrangements for Patient Engagement and Support To Improve Quality,
Health Outcomes, and Efficiency (42 CFR 1001.952(hh))
Summary of OIG Proposed Rule: We proposed to establish a new safe
harbor at paragraph 1001.952(hh) to protect remuneration in the form of
patient engagement tools and supports furnished directly by VBE
participants to patients in a target patient population. The tools and
supports could not be funded by anyone outside the VBE (proposed
paragraph 1001.952(hh)(2)). We proposed to protect only in-kind
preventive items, goods, or services, or in-kind items, goods, or
services, such as health-related technology, patient health-related
monitoring tools and services, or supports and services designed to
identify and address a patient's social determinants of health
(proposed paragraph 1001.952(hh)(3)(i)). We proposed that protected
remuneration would need to have a direct connection to the coordination
and management of care (proposed paragraph 1001.952(hh)(3)(ii)) and
advance one of six enumerated goals related to patient care (proposed
paragraph 1001.952(hh)(3)(vii)). The proposal included a $500 cap on
the amount of protected remuneration a VBE participant could furnish to
a patient on an annual basis, with an exception based on the good
faith, individualized determination of a patient's financial need
(proposed paragraph 1001.952(hh)(5)). The proposed safe harbor included
several additional conditions, such as a requirement that provision of
a tool or support would not result in medically unnecessary or
inappropriate items or services reimbursed in whole or in part by a
Federal health care program. Other proposed conditions are summarized
more fully below.
Summary of Final Rule: We are finalizing, with modifications, the
patient engagement and support safe harbor at paragraph 1001.952(hh).
The bases for the modifications are explained the preamble sections
that follow. In particular, we have revised the language at paragraph
1001.952(hh)(3)(i) to remove the specific illustrative categories of
health-related technologies, patient health-related monitoring tools
and services, and supports and services designed to identify and
address a patient's social determinants of health. With respect to
preventive items, goods, and services, we have moved the element of
prevention to the list of enumerated goals that can be advanced by
protected remuneration at paragraph 1001.952(hh)(3)(vi). The final
language at paragraph 1001.952(hh)(3)(i) articulates our policy to be
agnostic as to the types of in-kind tools and supports that can be
protected by the safe harbor if all safe harbor conditions are met.
Further, we are finalizing at paragraph 1001.952(hh)(1) a list of
entities that may not furnish or otherwise fund or contribute to
protected tools and supports under this safe harbor, which includes
manufacturers, distributors, and wholesalers of pharmaceuticals;
pharmacy benefit managers; laboratory companies; pharmacies that
primarily compound drugs or primarily dispense compounded drugs;
manufacturers of devices and medical supplies (unless the tool or
support is digital health technology); entities or individuals that
sell or rent DMEPOS (other than a pharmacy, a manufacturer of a device
or medical supply, or a physician, provider, or other entity that
primarily furnishes services); medical device distributors and
wholesalers; and physician-owned medical device companies. Similar to
our approach in the care coordination arrangements safe harbor at
paragraph 1001.952(ee), a tool or support furnished or funded by a
manufacturer of a device or medical supply (as defined in paragraph
1001.952(ee)(14)) is eligible for safe harbor protection only if the
tool or support is digital health technology (defined at paragraph
1001.952(ee)(14)). As explained at section III.B.2.e above, we are
listing ineligible entities in each safe harbor rather than excluding
them in the definition of VBE participant.
The final safe harbor protects only in-kind remuneration. The final
safe harbor includes at paragraph 1001.952(hh)(5) the proposed $500
annual, aggregate cap provision (without the proposed exception for
tools and supports above the cap furnished based on good faith,
individualized determinations of a patient's financial need). The final
safe harbor also includes at paragraph 1001.952(hh)(3)(iv) the proposed
requirement that the provision of a tool or support not result in
medically unnecessary or inappropriate items or services reimbursed in
whole or in part by a Federal health care program. Additional
conditions of the final safe harbor are summarized by topic in
discussions that follow.
a. General Comments
Comment: Among the commenters offering general feedback on the
proposed safe harbor, some commenters supported the proposed
safeguards, others supported adding some or all of the additional
considered safeguards on which we solicited comments, and others stated
that certain proposed or additional safeguards would impose a
significant administrative burden on stakeholders seeking protection
under the safe harbor. A number of comments noted that the safe harbor
would promote patient engagement, encourage adherence to treatment, and
improve outcomes. Other commenters requested
[[Page 77782]]
specific changes or clarifications to various proposals.
Response: We appreciate the commenters' suggestions regarding the
scope and impact of this safe harbor, including the conditions we
proposed and considered. As discussed below, we are finalizing a number
of the proposed conditions, in some cases with modifications suggested
by commenters. We also are removing or modifying some conditions in
response to comments and adding some of the proposed conditions for
which we solicited comments.
b. Entities Ineligible for Protection
Summary of OIG Proposed Rule: We proposed to protect only tools and
supports furnished by VBE participants, as defined in proposed
paragraph 1001.952(ee)(12). This proposed definition excluded
pharmaceutical manufacturers, laboratories, and manufacturers,
distributors, and suppliers of DMEPOS. As a result, these entities
would be ineligible to use this proposed safe harbor. The entities we
proposed to make ineligible to participate in a VBE are described in
more detail in section III.B.2.e of this preamble. We also indicated
that the final rule might exclude additional entities from furnishing
patient engagement tools and supports, including physician-owned device
companies, compounding pharmacies, and medical device and supply
manufacturers, wholesalers, and distributors.\55\ We solicited comments
on several alternative frameworks for protected offerors and conditions
related to protected offerors under this safe harbor, including whether
the offeror should assume at least some downside financial risk.
---------------------------------------------------------------------------
\55\ 84 FR 55703-06, 55722 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: As explained in section III.B.2.e of this
preamble, the final definition of VBE participant has been expanded to
make all entity types eligible as VBE participants. However, within
each value-based safe harbor, we identify entities that are ineligible
to rely on that particular safe harbor. For the patient engagement and
support safe harbor, and as set forth in paragraph 1001.952(hh)(1), we
are finalizing the following entities as ineligible to use the safe
harbor to furnish protected remuneration to patients: (i)
Pharmaceutical manufacturers, wholesalers, and distributors; (ii) PBMs;
(iii) laboratory companies; (iv) pharmacies that primarily compound
drugs or primarily dispense compounded drugs; (v) manufacturers of
devices or medical supplies (except with respect to digital health
technology, as described below); (vi) entities or individuals that sell
or rent DMEPOS (other than a pharmacy, a medical device or supply
manufacturer that also sells or rents DMEPOS, or a physician, provider,
or other entity that primarily furnishes services, all of whom remain
eligible); (vii) medical device distributors or wholesalers that are
not otherwise manufacturers of devices or medical supplies; and (viii)
medical device manufacturers, distributors, or wholesalers with
ownership or investment interests held by physicians. This expanded
list of excluded entities addresses our concerns, based on our
longstanding enforcement and oversight experience, that certain types
of entities present a higher risk of misusing this safe harbor
primarily or significantly to offer remuneration to beneficiaries as a
means to market their products and services rather than to improve the
coordination and management of patient care.
In this final rule, OIG recognizes the important role that digital
health technology plays in advancing the Department's goals in
connection with the Regulatory Sprint, including improving the
coordination and management of patient care. Accordingly, at paragraph
1001.952(hh)(1)(v), this final rule permits manufacturers of devices
and medical supplies to furnish patient engagement tools or supports
that constitute digital health technology, as defined at paragraph
1001.952(ee)(14). On balance and in consideration of the full set of
applicable safe harbor conditions, we have concluded that this policy
would advance the benefits of improved care coordination without undue
risk to patients or programs.
With respect to whether an entity falls into a category of
ineligible entities, we refer readers to the discussion of the various
types of ineligible entities and entities with multiple lines of
business at section III.B.2.e of this preamble. The same rationale set
forth there for excluding each type of entity from the value-based safe
harbors and the same analysis for categorizing entities with multiple
lines of business apply to the patient engagement and support safe
harbor.
Comment: A number of commenters supported OIG's proposal to limit
safe harbor protection to tools and supports furnished by VBE
participants, as defined in the OIG Proposed Rule, because it helps
ensure that the tools and supports are aligned with the goals of well-
coordinated care and improving value by incentivizing coordination and
collaboration among a patient's providers. Commenters also supported
making specific types of entities ineligible for protection under this
safe harbor, such as pharmaceutical manufacturers and manufacturers,
distributors, and suppliers of DMEPOS.
Response: We are finalizing our policy that safe harbor eligibility
is limited to VBE participants and, consequently, that tools and
supports furnished or funded by certain types of entities would not be
eligible for safe harbor protection. The final patient engagement and
support safe harbor protects only remuneration provided by a VBE
participant; this term, as defined in this final rule, does not limit
or restrict what type of entity may be a VBE participant. However, this
safe harbor does not protect tools and supports furnished or funded by
the entities listed in paragraph 1001.952(hh)(1), even if such entities
are VBE participants.
We continue to believe that offering and furnishing patient
engagement tools and supports by these ineligible entities elevates the
risk of fraud and abuse. For example, as we stated in the OIG Proposed
Rule, offers of tools or supports by pharmaceutical manufacturers to a
patient could improperly influence the patient, as well as a
clinician's decision to prescribe one drug over another. Such
remuneration could influence a patient to request a particular drug
that is more expensive or less clinically efficacious than other
clinically equivalent drugs. This could both improperly influence
patient choice and increase costs to Federal health care programs--two
factors cited by Congress to consider when developing safe harbors--
without necessarily increasing quality. Similarly, we remain concerned
that the entities identified as ineligible for this safe harbor may
inappropriately use patient engagement tools and supports to induce the
use of medically unnecessary items and services; market their products;
or divert patients from a more clinically appropriate item or service,
provider, or supplier without regard to the best interests of the
patient. Accordingly, we are finalizing paragraph 1001.952(hh)(1) to
specify that the entities listed above are ineligible to furnish, fund,
or contribute to remuneration protected by the patient engagement and
support safe harbor.
Comment: Several commenters urged OIG to broaden the safe harbor to
protect tools and supports offered by entities that are not VBE
participants. Another commenter noted that many payors and providers
have developed effective patient incentive programs that
[[Page 77783]]
have occurred outside the value-based care setting but nonetheless
advance OIG's goals of improving adherence to a followup care plan,
improving adherence to a treatment or drug regimen, enhancing the
management of a disease or condition, or ensuring patient safety.
Commenters also expressed concern that requiring VBE participation
imposes an increased administrative burden on providers, which could be
a barrier to offering patient engagement tools and supports. Another
commenter added that limiting the safe harbor to VBE participants would
effectively preclude single-provider entities from safe harbor
protection.
Response: As noted above, we are finalizing a condition that safe
harbor protection is only available for tools and supports furnished by
VBE participants, subject to additional conditions. In the preamble to
the OIG Proposed Rule, we explained that safe harbor protection would
only be available to VBE participants in order to align the proposed
patient engagement and support safe harbor with the value-based
framework proposed in that rule.\56\ Limiting safe harbor protection to
VBE participants is an important condition because it requires entities
to adhere to certain formalities that promote value-based objectives
including, for example, articulating a value-based purpose and
identifying a target patient population based on legitimate and
verifiable criteria that are set out in writing and further the VBE's
value-based purpose.
---------------------------------------------------------------------------
\56\ 84 FR 55722 (Oct. 17, 2019).
---------------------------------------------------------------------------
Moreover, we believe the modest administrative steps required to
establish a VBE--namely, establishing an accountable body and creating
a governing document--require that entities determine how to
effectively promote value-based care (e.g., how the VBE participant
intends to achieve its value-based purpose). In the context of patient
engagement tools and supports, the VBE must connect the provision of
tools and supports to the goal of furthering value-based care that
underlies this rulemaking. We emphasize that we perceive the
administrative steps required to establish a VBE as relatively minimal,
and they should not pose a significant burden on providers and others
that desire to furnish protected tools and supports. We also note that
solo practitioners are not foreclosed from protection under this safe
harbor. A solo practitioner could partner with another entity or
individual--without changing the membership of the practitioner's own
practice--to form a VBE. As a VBE participant, the solo practitioner
would then be eligible to offer protected tools and supports to
patients, provided the other conditions of the safe harbor are
satisfied.
Comment: Several commenters urged OIG to extend safe harbor
protection to providers in rural or underserved areas even if they are
not VBE participants. According to commenters, these practices may not
have sufficient patient populations or resources to create or
participate in a VBE.
Response: We do not believe the modest administrative steps
required to establish a VBE will be a barrier to most entities--
including providers serving rural or underserved patients--that are
seeking to offer tools and supports to beneficiaries. Moreover, we
believe that requiring entities to fulfill certain VBE-related
requirements will help ground any offer or provision of patient
engagement tools and supports in the value-based objectives central to
this rule, namely the coordination and management of patient care. A
VBE does not require a target patient population to be a particular
size, and in any event a small practice or a provider in a rural or
underserved community may partner with larger providers or other
entities with more resources to form VBEs. Accordingly, the final rule
does not offer providers in rural or underserved areas an exception to
the safe harbor's condition that requires that the individual or entity
offering or furnishing protected tools and supports be a VBE
participant.
Comment: Commenters recommended that tools and supports furnished
or funded by various specific types of entities should be eligible for
protection under this safe harbor. In particular, commenters
recommended that pharmaceutical manufacturers; manufacturers,
distributors, and suppliers of DMEPOS; and laboratories--all of which
were ineligible for VBE participation per the definition of ``VBE
participant'' in the OIG Proposed Rule--should be eligible to furnish
or fund protected tools and supports under this safe harbor. Commenters
also noted that pharmaceutical manufacturers; manufacturers,
distributors, and suppliers of DMEPOS; and laboratories increasingly
are diversified entities that include corporate affiliates and business
units that provide a wide range of items and services, including health
technologies, care coordination and clinical management, and other
offerings and services. Commenters also urged that pharmacists,
pharmacies, pharmacy benefit managers, dialysis facilities, and health
technology companies should be eligible for protection under the
patient engagement and support safe harbor.
Response: Under the final rule, tools and supports furnished or
funded by manufacturers, distributors, and wholesalers of
pharmaceuticals; individuals and entities that sell or rent DMEPOS;
pharmacy benefit managers; laboratory companies; pharmacies that
primarily compound drugs or primarily dispense compounded drugs;
medical device distributors and wholesalers; and physician-owned
medical device companies are not eligible for protection under the
patient engagement and support safe harbor. Based on our longstanding
enforcement and oversight experience, there is a risk that these
entities could misuse this safe harbor to offer remuneration to
beneficiaries as a means to market their products and services rather
than advancing the goal of improving the coordination and management of
patient care. For the same reasons, medical device manufacturers are
not eligible for protection under this safe harbor except to the extent
the tools or supports provided are digital health technology.
Similar to the care coordination arrangements safe harbor, we have
taken a tailored, risk-based approach to address protection for the
provision of digital health technology to patients. Among the entities
that are otherwise ineligible for this safe harbor, we have identified
manufacturers of devices or medical supplies as an entity type that
should, to advance the policy goals of this rulemaking, have a limited
pathway for protection when they provide digital health technologies as
defined in this rule. Under the final rule, manufacturers of devices or
medical supplies as defined in paragraph 1001.952(ee)(14) are eligible
for protection under the patient engagement and support safe harbor,
but only to the extent that the tools and supports they provide to
patients meet the definition of digital health technology, as also
defined in paragraph 1001.952(ee)(14). All VBE participants that are
eligible to use this safe harbor may provide patients with digital
health technology. Eligible VBE participants, other than a manufacturer
of a device or medical supply, are not limited to digital heath
technology as defined at paragraph 1001.952(ee)(14) as long as all safe
harbor conditions are met.
Under the final care coordination arrangements safe harbor, DMEPOS
companies (i.e., entities or individuals that sell or rent DMEPOS
(other than a pharmacy, a manufacturer of a device or medical supply,
or a physician,
[[Page 77784]]
provider, or other entity that primarily furnishes services)) are also
eligible for the limited technology participant pathway. However, for
the patient engagement and support safe harbor, we are finalizing our
proposal to make companies that sell or rent DMEPOS ineligible for the
safe harbor without exception. We make this distinction based on the
different roles and risks associated with entities and individuals that
sell or rent DMEPOS when they interact directly with patients. Our
enforcement experience reveals persistent and troubling fraud and abuse
in sectors of the DMEPOS industry, including inducements paid to
beneficiaries to order medically unnecessary products or to disclose
their Medicare beneficiary identifier or other personal information.
Entities and individuals that sell or rent DMEPOS have more pervasive
and personal relationships with individual patients and sell more
products directly to patients than manufacturers of medical devices and
supplies. This restriction does not mean that patients cannot receive
digital tools and supports related to DMEPOS under the safe harbor, but
they cannot be provided or funded by entities and individuals that sell
or rent DMEPOS. Arrangements between entities and individuals that sell
or rent DMEPOS and patients would be subject to a case-by-case analysis
for compliance with the Federal anti-kickback statute.
Consistent with the discussion in section III.B.2.e.ii, the final
rule lists ``an entity or individual that sells or rents'' DMEPOS as
ineligible for safe harbor protection unless the entity or individual
is a pharmacy, a manufacturer of a device or medical supply, or a
physician, provider, or other entity that primarily furnishes services.
This approach focuses on the nature of the entity's business rather
than relying on unrelated definitions of ``distributor'' or
``supplier.'' As explained in section III.B.2.e.ii, carving out
pharmacies, providers, and other entities that primarily furnish
services will ensure that these entities--which are likely to be at the
front lines of care coordination--remain eligible for safe harbor
protection.
For purposes of the patient engagement and support safe harbor, a
manufacturer of a device or medical supply is eligible for protection,
as provided in paragraph 1001.952(hh)(1)(vi), even if it rents or sells
DMEPOS. The multiple business lines analysis would not be needed. The
definition for DMEPOS companies at paragraph 1001.952(hh)(1)(vi) is
different from the definition of DMEPOS companies for the care
coordination arrangements safe harbor to effectuate and clarify the
policy goal that the patient engagement and support safe harbor protect
digital technology provided by medical device and supply manufacturers.
Regarding commenters' concern about the potential impact of the
safe harbor's entity carve-outs on diversified entities that include
corporate affiliates and business units that provide a wide range of
items and services, we reiterate the discussion in section III.B.2.e.v
above regarding entities with multiple lines of business.
Among other specific entity types addressed by commenters, we note
that the only entities not eligible to provide protected remuneration
under this safe harbor are those entities listed in paragraph
1001.952(hh)(1). Accordingly, many of the entities mentioned by
commenters including many pharmacists and pharmacies and dialysis
facilities could furnish protected tools and supports, provided all
conditions of the safe harbor are satisfied. Pharmacy benefit managers
are not eligible to furnish protected tools and supports under this
safe harbor for the reasons set forth at section III.B.2.e. Health
technology companies are eligible to be VBE Participants and furnish
protected tools and supports. If the health technology company is a
manufacturer of a device or medical supply, then it may only furnish
protected tools and supports in the form of digital health technology.
If the health technology company is an entity or individual that sells
or rents DMEPOS covered by a Federal health care program (other than a
pharmacy, a manufacturer of a device or medical supply, or a physician,
provider, or other entity that primarily furnishes services) or any
other type of ineligible entity, it may not use this safe harbor.
As explained in more detail in section III.B.2.e.ii.f, pharmacies
that primarily compound drugs or primarily dispense compounded drugs
are ineligible for protection under the patient engagement and support
safe harbor. We have significant concerns about fraud and abuse risks
based on enforcement and oversight experience involving compounding
pharmacies. Although pharmacies that primarily compound drugs or
primarily dispense compounded drugs are ineligible for safe harbor
protection, we believe most community pharmacies would remain eligible.
As explained in section III.B.2.e.iv, we believe that many community
and retail pharmacies have the potential to be VBE participants and
further the coordination and management of patient care, including
through the provision of patient engagement tools and supports.
Accordingly, pharmacies (other than compounding pharmacies) are fully
eligible for protection under this safe harbor.
Comment: Some commenters objected to categorically limiting
protection based on entity type altogether, urging OIG to focus on
program integrity safeguards that could prohibit inappropriate behavior
rather than carving out categories of entities from protection. A
commenter suggested that, to the extent OIG retains its categorical
approach in the final rule, it should clarify that parties will not be
ineligible for safe harbor protection on the basis of corporate
affiliates, shared ownership, or separate business units.
Response: As noted in our response to the prior comment, the
entities listed in paragraph 1001.952(hh)(1) may not furnish protected
tools and supports under this safe harbor because of the risk that
tools and supports from these entities could improperly influence
patients or physicians. The final rule does not explicitly prohibit an
entity that is a corporate affiliate or under shared ownership with an
ineligible entity from offering protected tools and supports. For
entities with multiple business lines, this preamble at section
III.B.2.e.v describes the analysis to determine whether such an entity
would be considered one of the ineligible entity types under this safe
harbor. Notably, corporate affiliation--whether by majority ownership,
common ownership, or another structure--has no bearing on eligibility
for safe harbor protection under the patient engagement and support
safe harbor.
Comment: Several commenters recommended that OIG structure the
patient engagement and support safe harbor to protect tools and
supports offered by Indian health programs.
Response: We are mindful of the important work done by Indian
health programs and the critical needs of their patient populations for
improved coordination and delivery of care. Indian health care
providers that become VBE participants are eligible to use this safe
harbor to provide tools and supports to beneficiaries. We did not
propose and have not structured a specific safe harbor for Indian
health programs. Providers interested in patient engagement programs
can also use the local transportation safe harbor. It is important to
note that arrangements that do not fit in a safe harbor are not
necessarily unlawful, and the OIG advisory opinion process remains
[[Page 77785]]
available for providers seeking a legal opinion regarding an existing
or proposed arrangement.
Comment: In response to our solicitation of comments in the OIG
Proposed Rule regarding a potential condition that safe harbor
protection is only available to entities that assume downside financial
risk, several commenters urged OIG not to adopt such a financial risk
assumption requirement. One commenter opined that there is no logical
connection between a provider's financial risk and the benefits of
patient engagement. Another commenter noted that adding a financial
risk requirement could limit application of this safe harbor to large
practices and health systems, positing that small, rural, and
underserved practices are unable to take on financial risk and
therefore would not be able to provide tools and supports protected by
the safe harbor should it include a requirement that protected offerors
assume downside financial risk. A commenter noted that for a VBE with
downside financial risk there is no incentive to provide an item, tool,
support, or service that is not related to treating or preventing a
disease or injury among a target patient population. As such,
inherently, the VBE participant must believe the tool or support will
provide a medical or health benefit to the patient to whom it is being
given. Another commenter with experience as a risk-bearing ACO entity
supported limiting this safe harbor to VBEs engaged in risk-bearing
arrangements, citing a learning curve in the appropriate use of tools
and supports, and highlighting that the assumption of downside
financial risk may offset some of the traditional fraud and abuse
concerns, such as overutilization.
Response: We agree with commenters and believe that various
providers and other entities--including those who have not assumed
downside financial risk--could engage in beneficial patient engagement
and support. Consequently, in an attempt to promote flexibility and
innovation related to patient engagement and support, the safe harbor
as finalized in this rule does not contain a financial risk
requirement.
c. Limitations on Recipients
Summary of OIG Proposed Rule: The proposed safe harbor protected
only tools and supports furnished by a VBE participant to a patient
within a defined ``target patient population,'' as that term is defined
at proposed paragraph 1001.952(ee)(12)(ii), and without regard to payor
type. We solicited comments on whether to broaden the category of
patients who can receive protected tools and supports under this safe
harbor to include, for example, any patient, so long as the tools and
supports predominantly address needs of the target patient population
and the tools and supports have a direct connection to the coordination
and management of care for the patient.\57\
---------------------------------------------------------------------------
\57\ 84 FR 55723 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We finalize, with modification, our proposal
to limit safe harbor protection to tools and supports provided to
patients in a target patient population. The final safe harbor
clarifies our intent that, to qualify for safe harbor protection, a
tool or support must be furnished by a VBE participant to a patient in
the target patient population of a value-based arrangement to which the
VBE participant is a party. This language ensures that the remuneration
is linked to the target patient population relevant to the VBE to which
the VBE participant is a party. It further ensures that the
remuneration has a direct connection to the coordination and management
of care of the relevant target patient population, as set forth in the
condition at paragraph 1001.952(hh)(3)(ii).
Comment: Several commenters appreciated that we proposed protection
for patient engagement tools and supports offered to a target patient
population, notwithstanding payor type, and agreed as a general matter
that the provision of protected tools and supports should be limited to
the target patient population.
Response: We have finalized the condition, as proposed. The safe
harbor only protects remuneration provided to a patient in a target
patient population.
Comment: Some commenters suggested that this safe harbor not
incorporate the definition of ``target patient population'' proposed at
paragraph 1001.952(ee)(12)(ii), or that this safe harbor protect tools
and supports given to certain patients outside the target patient
population. Other commenters proposed alternative ``target patient
population'' definitions or exceptions for rural and underserved
communities outside of the VBE construct, as well as exceptions
designed to address social determinants of health. Commenters also
asked us to finalize a broad category of protected recipients without
any defined parameters, such as limiting the scope of protected
recipients to patients with a specific disease state or certain chronic
conditions. Several commenters highlighted problems with and sought
clarity regarding a VBE participant's inability to retrospectively or
prospectively identify or assign patients to the target patient
population, and whether a precise population was required to satisfy
the definition of ``target patient population'' for purposes of this
safe harbor.
Response: The final safe harbor retains the conditions that a
protected tool or support must be provided to a patient in the target
patient population and must have a direct connection to the
coordination and management of care of the target patient population.
We believe that requiring a VBE participant to specify a target patient
population prior to offering patient engagement tools and supports will
help tie the tools and supports to the underlying value-based purposes
of the VBE and will necessitate careful consideration of the objective
characteristics of the patient population that likely will benefit from
any offered tools and supports. We also believe that a connection to an
objectively defined target patient population decreases the risk that
valuable remuneration will be offered to patients as an inducement to
seek care. We have incorporated the definition of ``target patient
population'' as finalized at paragraph 1001.952(ee)(14)(v) for the sake
of consistency and because VBE participants will have familiarity with
the defined term through the creation of a VBE.
As noted in the summary above, we also are finalizing the proposed
requirement that only tools and supports furnished by VBE participants
are eligible for protection under this safe harbor. This provision does
not impose additional burdens on VBE participants. Establishing a VBE
requires articulating a value-based purpose and defining a target
patient population, which significantly contributes to meeting this
condition. The requirement that a patient engagement tool or support be
furnished by a VBE participant to a patient in a target patient
population does not include any exceptions for patients in rural or
underserved areas, or for remuneration intended to address social
determinants of health. We emphasize, however, that VBE participants
have considerable flexibility in determining how to define a target
patient population, as long as the population is selected using
legitimate and verifiable criteria that are set out in writing and
further the VBE's value-based purpose. In addition, VBE participants
could establish multiple target patient populations for the purposes of
furnishing tools and supports to be protected by this safe harbor as
long as all safe harbor conditions are satisfied.
Comment: Many commenters supported the alternative language for
[[Page 77786]]
which we solicited comments, which would have protected tools and
supports furnished to any patient, as long as the tools and supports
predominantly address the needs of the target patient population, and
the tools and supports have a direct connection to the coordination and
management of care for the patient, noting, for example, that it can be
challenging to make accurate prospective predictions of which patients
are aligned with a target patient population at any given time.
Response: In this final rule, we decline to protect remuneration
furnished to patients outside a specified target patient population.
Limiting protected tools and supports only to patients within the
target patient population will help to ensure the tools and supports
have a nexus to the VBE's underlying value-based purpose in a way that
might be more attenuated under our alternative proposal.
Comment: Some commenters recommended that the safe harbor protect
the provision of tools or supports for patients whose conditions or
circumstances are similar to those of the target patient population,
highlighting the risk of penalties associated with providing tools and
supports to patients who could benefit from them despite falling
outside of the target patient population.
Response: The final safe harbor requires VBE participants seeking
protection under the patient engagement and support safe harbor to
define the scope of the applicable target patient population to include
patients likely to benefit from the relevant tools and supports. As
discussed above in more detail in section III.B.2.c, the selection
criteria--not the individual patients--must be identified in advance.
Parties may modify their target patient population selection criteria
prospectively by amending their existing value-based arrangement. VBE
participants can retroactively attribute patients to the target patient
population without amending the value-based arrangement if such
patients meet the selection criteria established prior to the
commencement of the value-based arrangement.
d. Furnished Directly to the Patient
Summary of OIG Proposed Rule: We proposed to include a condition at
proposed paragraph 1001.952(hh)(1) that the tool or support must be
furnished directly to the patient by a VBE participant. We solicited
comments on arrangements through which a VBE participant might order or
arrange for the delivery of a tool or support from an independent third
party. We also sought comment on whether to expressly permit a VBE
participant to furnish the tool or support through someone acting on
the VBE participant's behalf and under the VBE's direction, such as a
physician practice that is a VBE participant providing a tool or
support through an individual member of the practice or a nurse
employed by the practice. We also solicited comments regarding whether
to require patient notice if third parties are involved in the
furnishing of the tool or support.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(hh)(2). The final rule extends safe
harbor protection to a VBE participant that provides patient engagement
tools or supports through a third party that qualifies as an ``eligible
agent,'' as defined in paragraph 1001.952(hh)(9).
Comment: Most commenters did not support the condition requiring
that tools or supports be furnished directly to the patient by the VBE
participant, for several reasons. For example, commenters asserted
that, depending on the size or sophistication of the VBE participant's
practice, the VBE participant may outsource the furnishing of the tool
or support, or otherwise not be present at the time it is furnished.
Others suggested that a partner or an agent of a VBE participant, such
as a vendor, contractor, or employee of the participant, should also be
permitted to furnish the patient engagement tools or supports at the
direction of the VBE participant, noting that for entities and
individuals furnishing tools and supports, outsourcing the provision of
such tools and supports to independent third parties is a common
practice. Other commenters recommended protection of tools and supports
provided by nontraditional or nonclinical (but health-related) third
parties that address social determinants of health or transportation
needs. For example, a health system commenter indicated that it
contracts with vendors to provide digital devices and tools to
patients. Another commenter also provided an illustrative example,
explaining that to furnish a patient with a ``grab bar'' at home, it
would purchase a grab bar through an online retailer and then contract
with a local hardware vendor to install the grab bar. Another commenter
recommended safe harbor protection for the provision of tools and
supports through which the third party is under the control and
oversight of the VBE participant and is otherwise eligible to
participate in a VBE (as proposed in the OIG Proposed Rule).
Response: We agree that the safe harbor should protect the
provision of tools and supports through a person or entity acting on
behalf of the VBE participant and under the VBE participant's
direction, but only if certain conditions are met. Requiring that the
tool or support be furnished directly to the patient by the VBE
participant prevents entities that are ineligible to participate in a
VBE from directly or indirectly furnishing tools or supports to
patients. Also, as we explained in the OIG Proposed Rule, the
requirement would help patients understand who is furnishing the tool
or support and why. Notwithstanding, we have finalized a provision at
paragraph 1001.952(hh)(2) that extends protection to tools and supports
furnished through a VBE participant's ``eligible agent,'' assuming the
other conditions of the safe harbor are met. For purposes of this
paragraph, ``eligible agent'' means any person or entity that is not
identified in paragraph 1001.952(hh)(1)(i)-(viii) as ineligible to
furnish protected tools and supports. Thus, the eligible agent must be
an individual or entity that could furnish protected tools and supports
under paragraph 1001.952(hh)--even though the eligible agent does not
itself need to become a VBE participant. The VBE participant's eligible
agent could be, for example, employees and contractors of a practice
when the VBE participant is the practice itself, or other third parties
such as technology vendors or retailers. This condition also means that
an entity precluded from furnishing or funding protected tools and
supports under paragraph 1001.952(hh)(1) cannot be an eligible agent of
a VBE participant for purposes of furnishing a protected patient
engagement tool or support. Furthermore, this safe harbor does not
protect any remuneration that flows through or is furnished by a third
party that is not an eligible agent.
Comment: Some commenters recommended that a tool or support be
eligible for safe harbor protection if it is furnished to a caregiver
or family member of a patient in the target patient population.
Response: We agree that a tool or support should be eligible for
safe harbor protection if it is furnished to a caregiver or family
member of a patient in the target population, as long as the tool or
support satisfies all conditions of the safe harbor conditions. As we
stated in the OIG Proposed Rule, a tool or support would not be
considered ``diverted'' if furnished to the patient indirectly through
the patient's caregivers or family members, or through another
individual acting on behalf of the patient. We provided
[[Page 77787]]
examples of such scenarios, including one in which a patient is unable
to care for himself or herself and another person has legal authority
or the patient's consent to do so, such as when a parent caring for a
minor child with asthma accepts and installs an air purifier on behalf
of the child.\58\ Although we included this discussion in the context
of a proposed condition to mitigate potential diversion of patient
engagement tools and supports--which is not being finalized in this
rule--we nevertheless believe the discussion is applicable to the
``furnished directly'' condition at paragraph 1001.952(hh)(2).
Accordingly, intervening caregivers and family members or others acting
on behalf of the patient may facilitate the provision of the tool or
support without the remuneration running afoul of the ``furnished
directly'' requirement if all other conditions of the safe harbor are
satisfied.
---------------------------------------------------------------------------
\58\ 84 FR 55728 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: Some commenters suggested that when a third party is
providing the tool or support, the patient should be notified in
writing or otherwise about the sponsor and other details about the
vendor and the purpose of the tool or support. Other commenters
objected to any additional notification requirements as burdensome to
the provider and the patient.
Response: We appreciate the commenters' suggestion but decline to
impose such a notification requirement. The safe harbor only protects
the provision of tools and supports that are recommended by a patient's
health care professional, and many of the enumerated goals in the safe
harbor also require the involvement of the patient's licensed health
care professional. Based on these conditions, we believe beneficiaries
are unlikely to receive tools or supports that otherwise meet the
conditions of the safe harbor without an awareness of the source and
purpose of those items or services. Furthermore, lack of awareness of
the source and purpose also may diminish the likelihood for improved
patient engagement. To best promote patient engagement and ensure the
benefits of any tools and supports are realized, VBE participants have
an incentive to clearly communicate about the tools and supports they
provide without a formal patient notification requirement.
e. Funding Limitations
Summary of OIG Proposed Rule: In proposed paragraph
1001.952(hh)(2), we proposed to prohibit any third-party entity or
individual outside of the VBE from financing or otherwise contributing
to the provision of patient engagement tools or supports. In the OIG
Proposed Rule, this condition would have prevented entities not
eligible to become VBE participants from circumventing that limitation
and seeking protection for tools and supports they furnished to
patients under the patient engagement and support safe harbor.
Summary of Final Rule: We are finalizing, with modifications, this
condition at paragraph 1001.952(hh)(4). Specifically, the final
regulation text states that the patient engagement tool or support must
not be funded or contributed by a VBE participant that is not a party
to the applicable value-based arrangement or by an entity listed at
paragraph 1001.952(hh)(1)(i) through (viii). The modifications have
been made to ensure that the specified entities ineligible for
protection under this safe harbor at paragraph 1001.951(hh)(1) are not
able to circumvent that restriction by indirectly funding or
contributing to tools and support protected under this safe harbor.
This condition also clarifies our intent that the VBE participant must
be a party to the ``applicable value-based arrangement.'' In other
words, the patient receiving the tool or support must be a member of
the target patient population of a VBA to which the VBE participant is
a party. This also ensures that the remuneration has a direct
connection to the coordination and management of care of the target
patient population of the applicable VBA to which the VBE participant
is a party. The condition at paragraph 1001.952(hh)(4) effectuates our
proposed policy to bar safe harbor protection for tools and supports
funded by entities that, under the proposed rule, could not have been
in a VBE (see section III.B.2.e.ii for discussion of these entities).
The safe harbor does not protect any patient engagement tools and
supports funded by or involving contributions from entities identified
at paragraph 1001.952(hh)(1)(i) through (viii).
Comment: Several commenters found this condition unduly
restrictive, citing potential challenges with meeting this condition
when delegating the provision of tools and supports or sharing a care
coordinator with someone outside of the VBE. Another commenter stated
that entities explicitly ineligible for participation in a VBE under
the OIG Proposed Rule's definition of ``VBE participant'' play a vital
role in supporting the care of patients, and without funding from such
entities, hospitals and payors would be limited regarding what types of
patient engagement tools and supports they could provide.
Response: We are finalizing this condition with modifications. This
condition is an important safeguard that prevents entities ineligible
for safe harbor protection from circumventing the conditions of the
safe harbor by doing indirectly what they cannot do directly. Regarding
commenters' concerns about the impact of this condition on the ability
to delegate the provision of tools or supports, we emphasize that, as
discussed in the prior section of this preamble, VBE participants may
provide tools and supports via an eligible agent, which can be any
third party as long as the third party is not otherwise ineligible to
furnish protected tools and supports under this safe harbor.
Comment: A commenter supported this condition, noting that outside
funding or contributions pose a risk of inappropriate steering to
specific suppliers of products or services. Other commenters
appreciated the purpose of this limitation but asked OIG to allow for
certain donations from foundations or charities to a VBE, together with
a safeguard prohibiting the donating third party from having direction
or control over how the funds are spent. Another commenter stated that
other types of entities such as construction companies may offer to
modify homes with ramps and wider doors, among other things, without
charge, and that this condition could prevent protection for such
donations.
Response: We appreciate that many entities would like to fund or
otherwise contribute to protected patient engagement tools and supports
provided by a VBE participant, including through charitable or
otherwise arm's-length donations made to a VBE. Our goal in
implementing the funding and contribution limitations is to ensure that
entities that may not furnish protected tools and supports directly are
unable to indirectly provide or fund protected tools and supports. We
believe that limiting the types of entities that may fund protected
tools and supports is an important safeguard against circumvention
schemes, including potential arrangements involving foundations or
charities. Without the funding and contribution limitations, it is
possible that entities ineligible to provide tools and supports could
indirectly fund such items or services through a foundation, charity,
or other entity, which could make it difficult to determine the
ultimate source of funding. We believe the final funding and
contribution limitations described
[[Page 77788]]
here provide sufficient flexibility for VBE participants to provide
protected tools and supports while safeguarding against the heightened
risk of fraud and abuse related to tools and supports furnished to
patients by the types of entities that are ineligible for safe harbor
protection.
Nothing in this condition would prevent a charity or foundation
from providing tools and supports directly to patients, assuming such
an arrangement complies with the Federal anti-kickback statute or
Beneficiary Inducements CMP, if either statute is implicated. If the
charity or foundation is not funded by health care entities, the
arrangement might not implicate the statutes. Further, nothing in this
safe harbor would prevent construction companies from modifying homes
with ramps, widening doors, or providing other construction services
for free to patients, provided those arrangements comply with the
statute. Free services offered to a patient directly by a construction
company that does not provide Federally reimbursable items or services
or make referrals for them would not implicate the statutes, and
therefore, safe harbor protection would not be needed. However, such
free services offered through an intermediary that provides federally
reimbursable items and services, such as a hospital, would need to be
evaluated on a case-by-case basis under the statute; the arrangement
between the construction company and hospital would not implicate the
statute, but the arrangement between the hospital and patient might.
f. Nature of the Remuneration
Commenters provided numerous suggestions regarding specific types
of remuneration potentially protected under this safe harbor. In the
sections below, we respond to such comments and provide examples of
potentially protected types of remuneration, but we note that the
examples or categories of items, goods, and services included here are
neither exhaustive nor presumptively protected under this safe harbor.
Specifically, we remind stakeholders that all conditions of the safe
harbor must be squarely satisfied for the tools and supports to be
protected by the safe harbor.
i. In-Kind Remuneration
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(hh)(3)(i), we proposed to protect any in-kind preventive item,
good, or service, or an in-kind item, good, or service such as health-
related technology, patient health-related monitoring tools and
services, or supports and services designed to identify and address a
patient's social determinants of health.
Summary of Final Rule: We are finalizing, with modifications, the
provision at paragraph 1001.952(hh)(3)(i). The final rule protects
patient engagement tools and supports that are in-kind items, goods,
and services provided they meet all applicable safe harbor conditions.
We are not finalizing the regulatory text at proposed paragraph
1001.952(hh)(3)(i) that provided specific examples of protected in-kind
items, goods, or services (i.e., health-related technology, patient
health-related monitoring tools and services, supports and services
designed to identify and address social determinants of health). As
finalized by this rule, paragraph 1001.952(hh)(3)(i) specifies that
protection is offered only for in-kind items, goods, or services,
without specifying categories of items, goods, or services. We believe
including nonexhaustive categories in regulatory text was not necessary
or helpful to explain the meaning of an ``in-kind item, good, or
service.'' These changes are intended to ensure the final rule does not
inadvertently preclude types or categories of tools or supports that
could receive protection under the safe harbor. Provided that all safe
harbor requirements are satisfied, the final rule protects a broad
range of tools and supports that may include, among others, health-
related technology, patient health-related monitoring tools and
services, and supports and services designed to identify and address a
patient's social determinants of health. We have modified and
reorganized the regulatory text to better effectuate this policy.
Based on public comments, we confirm that preventive items, goods,
or services can be protected under this safe harbor. However, we are
not finalizing the proposed regulatory text at paragraph
1001.952(hh)(3)(i) regarding preventive care. To make clear that
preventive items, goods, or services can fit in the safe harbor, we
have amended the goal of ``management of a disease or condition'' to
read ``prevention or management of a disease or condition'' at
paragraph 1001.952(hh)(3)(vi)(D).
Comment: A number of commenters supported our overall approach to
identify categories of protected in-kind remuneration instead of
endeavoring to provide a comprehensive list of tools and supports
eligible for safe harbor protection and believed that the categories
proposed are--and should remain--sufficiently flexible to encompass a
range of tools and supports across various care settings. Commenters
stated that VBEs should have flexibility to determine the most
appropriate tools and supports to provide as a part of the arrangements
and recommended against OIG specifying a list of tools and supports
that could, ultimately, stifle innovation, particularly with respect to
tools and supports designed to address social determinants of health.
Alternatively, some commenters encouraged us to provide greater
specificity and more examples of protected patient engagement tools and
supports based on comments received in response to the OIG Proposed
Rule. For example, a commenter urged OIG to provide as many examples as
possible of the tools and supports that would and would not be
protected by this safe harbor in the preamble to the final rule. Others
requested some examples but urged us to clarify that any examples are
illustrative, not exhaustive.
A commenter supported protection for tools and supports that impact
positive behavioral change, such as receiving an annual wellness visit,
participating in a smoking cessation program, or seeking care from a
lower cost provider (e.g., receiving imaging services in a freestanding
setting as opposed to a hospital outpatient department). The commenter
also supported addressing a barrier to adhering to a care plan, such as
providing cooking classes to facilitate the preparation of healthy
meals, providing condition-specific groceries, or providing condition-
specific technology (e.g., electronic scales, internet service to
facilitate data collection, or both). Another commenter listed examples
of additional dialysis-related tools and supports that should be
covered.
Response: Rather than listing specific examples of tools and
supports potentially eligible for protection under this safe harbor,
the final safe harbor contains a list of goals at paragraph
1001.952(hh)(3)(vi), at least one of which a tool or support must
advance in order to qualify for safe harbor protection. We believe this
provides substantial flexibility for VBE participants to offer a wide
range of tools and supports.
As noted above, we have omitted the examples of remuneration listed
in proposed paragraph 1001.952.(hh)(3)(i). With respect to tools and
supports designed to address a patient's social determinants of health,
such remuneration is protected if it meets one of the final safe
harbor's enumerated goals listed at paragraph 1001.952(hh)(3)(vi). This
change is intended to ensure the final rule is agnostic about the
specific types or
[[Page 77789]]
categories of tools and supports protected by this safe harbor. As a
result, health-related technology and patient health-related monitoring
tools and services are eligible for safe harbor protection if they meet
the other conditions of the safe harbor, including at least one of the
goals at paragraph 1001.952(hh)(3)(vi).
We have provided some examples of categories and specific tools and
supports in the discussion below at section III.B.6.f.iv related to
social determinants of health, as well as general descriptions of
certain health technologies potentially protected by this safe harbor.
We also agree with commenters who suggested that any examples provided
in this final rule's preamble should be illustrative rather than
exhaustive, to provide for flexibility and innovation in the provision
of patient engagement tools and supports. We intend for the safe harbor
to protect a range of in-kind remuneration and agree that many of the
tools and supports described by the commenters may satisfy the safe
harbor if all other conditions of the safe harbor are met.
Comment: A commenter stated that the proposed safe harbor is too
narrow to truly drive patient engagement because, although it protects
the provision of tools and supports to patients, it does not protect
efforts to encourage the utilization of those tools or otherwise
protect efforts to incentivize care adherence.
Response: We disagree that the safe harbor lacks sufficient
regulatory flexibility for the provision of tools and supports that
promote patient engagement. In response to the suggestion that the safe
harbor should protect efforts to encourage the utilization of protected
tools and supports, we note that nothing in the safe harbor would limit
the ability of VBE participants to educate patients about available
tools and supports as long as the VBE participant does not use the
patient engagement tools or supports to market other reimbursable items
or services, or for patient recruitment purposes, as prohibited at
paragraph 1001.952(hh)(6).
In response to the suggestion that the safe harbor should protect
efforts to incentivize care adherence, we note that a VBE participant
must ensure that the tool or support advances an enumerated goal at
paragraph 1001.952(hh)(3)(vi), several of which involve patient
adherence. For example, the safe harbor protects tools and supports
that advance goals for adherence to a treatment regimen, adherence to a
drug regimen, and adherence to a followup care plan if all other
conditions are met. In addition, we think that the conditions requiring
a licensed health care professional to recommend the tool or support
and requiring that the tool or support be directly connected to the
coordination and management of care require the offeror to evaluate
whether the tool or support will advance the enumerated goals listed in
the safe harbor.
Comment: A commenter requested OIG clarify its interpretation of
the phrase ``preventive care item or service'' for the purposes of this
safe harbor to ensure that the definition remains flexible enough to
encompass rapidly advancing technology. Another commenter requested
that we add ``primary and secondary prevention'' to the regulatory text
of this safe harbor to clarify that various forms of preventive efforts
are protected by the safe harbor. Another commenter requested that we
add ``tertiary'' prevention. Commenters generally supported OIG's
proposal to defer to VBE participants or physicians in determining: (i)
What constitutes a preventive item or service for the purposes of this
safe harbor; and (ii) the appropriate tools and supports to address
such preventive care, asserting that physicians are in the best
position to assess whether a particular item or service is preventive.
Response: Tools and supports in furtherance of preventive care and
services can be protected under this safe harbor if the other
conditions are satisfied. The final safe harbor regulation does not
identify a specific category of remuneration for preventive care items,
goods, or services. Instead, preventive items, goods, and services
could be protected under the safe harbor's general protection of in-
kind items, goods, or services that satisfy the conditions of the safe
harbor, including advancing one of the safe harbor's enumerated goals.
For example, a preventive item, good, or service could advance the goal
of ``prevention or management of a disease or condition'' at paragraph
1001.952(hh)(3)(vi)(D).
ii. Cash, Cash Equivalents, and Gift Cards
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(hh)(3)(iii) to exclude protection for remuneration in the form
of cash, cash equivalents, and gift cards, and we sought additional
comments on whether the safe harbor should protect those forms of
remuneration.
Summary of Final Rule: We are finalizing, with modification, the
proposed condition at paragraph 1001.952(hh)(3)(iii). The final
regulatory text does not reference gift cards because some gift cards
would be considered in-kind remuneration eligible for safe harbor
protection. Cash, cash equivalents, and most gift cards are excluded in
the final rule because the safe harbor is limited to in-kind
remuneration.
Comment: Several commenters echoed the concerns we raised in the
OIG Proposed Rule regarding the risks of protecting cash, cash
equivalents, and gift cards under the safe harbor, urging us to limit
safe harbor protection to in-kind remuneration to reduce the risk of
inappropriate patient steering or coercion.
Response: We agree with these comments, and we believe restricting
protection to in-kind remuneration in the final rule reflects OIG's
longstanding concern about the fraud and abuse risks inherent to
providing cash, cash equivalents, or gift cards to beneficiaries.
Comment: A number of commenters urged OIG to protect gift cards
under this safe harbor. In particular, several commenters suggested
that we clarify that a voucher provided through a debit card-like
mechanism that could be used to acquire tools or supports, such as food
or transportation, would be considered ``in-kind'' under the safe
harbor. Another commenter urged OIG to protect the provision of gift
cards but suggested that prepaid debit cards should be excluded from
protection, similar to existing OIG guidance regarding cash and cash
equivalents.
A commenter recommended protecting gift cards that may be redeemed
only at certain stores for certain purposes consistent with OIG's
previous guidance on cash and cash equivalents, as long as they are not
advertised or otherwise included in prospective marketing or
promotional efforts, and earned via active, verifiable participation in
core elements of a beneficiary's treatment plan.
A commenter noted that gift cards provide sufficient flexibility
with less risk than cash, noting that a gift card may be exchanged for
cash, but typically at a reduced value.
Response: As we stated in the preamble to the OIG Proposed Rule, we
would consider a voucher for a particular tool or support (e.g., a meal
voucher or a voucher for a taxi) to satisfy the safe harbor's in-kind
requirement. However, consistent with our treatment of these issues in
prior regulations,\59\ we consider debit cards, rebate checks, and most
gift cards to be cash equivalents and not a protected
[[Page 77790]]
form of in-kind remuneration under this safe harbor.
---------------------------------------------------------------------------
\59\ 81 FR 88393 (Dec. 7, 2016).
---------------------------------------------------------------------------
We are not, however, departing from OIG's existing guidance
regarding limited-use gift cards.\60\ Gift cards that can be redeemed
only for certain categories of items (such as fuel-only gift cards
redeemable at gas stations) could meet the in-kind requirement under
this safe harbor. Gift cards meet the in-kind requirement only if their
potential use is limited to certain categories of items or services
that meet the conditions of the safe harbor. For instance, a gift card
for a service that delivers the ingredients necessary for a healthy
meal would meet the in-kind requirement and could be protected if the
other conditions of the safe harbor are satisfied. Gift cards offered
by large retailers or online vendors that sell a wide variety of items
(e.g., big-box stores) could easily be diverted from their intended
purpose or converted to cash; we would consider such gift cards to be
cash equivalents and therefore not eligible for protection under this
safe harbor.
---------------------------------------------------------------------------
\60\ 81 FR 88393 n. 19 (Dec. 7, 2016).
---------------------------------------------------------------------------
Comment: A commenter posited that when gift cards are furnished to
patients within the VBE context, the financial model of VBEs serves as
an inherent safeguard against unnecessary and excessive utilization.
The commenter asserted that when a VBE is financially at risk for
improving outcomes, the VBE likely would not furnish gift cards to
patients to drive unwarranted utilization and would be financially
incentivized to encourage only beneficial utilization that improves
health and helps manage the total cost of care.
Response: Although we recognize that VBEs assuming downside
financial risk may have incentives to avoid offering tools and supports
to beneficiaries that could drive medically unnecessary utilization, we
are not, as discussed above, requiring VBE participants under this safe
harbor to assume some degree of financial risk. We believe that some of
the risks associated with fee-for-service payment systems--such as
overutilization--may continue to exist in VBEs where VBE participants
continue to be paid on a fee-for-service basis. Therefore, there is a
risk that VBEs would furnish gift cards to patients to drive
inappropriate utilization, but such conduct would not be protected by
this safe harbor and may implicate the Federal anti-kickback statute.
Comment: Several commenters urged OIG to protect cash, cash
equivalents, and gift cards under this safe harbor but to attach
additional safe harbor conditions to such means of remuneration. For
example, a commenter suggested that cash, cash equivalents, and gift
cards should be protected as a reward for taking a particular action,
but that remuneration should be provided only after a patient has taken
the required action. Another commenter suggested that OIG protect cash,
cash equivalents, and gift cards but impose a separate monetary cap
that parallels OIG's nominal value guidance. The commenter also urged
OIG to consider requiring that any patient eligible to receive a cash
or cash-equivalent incentive would need to be an ``established
patient'' as defined in the local transportation safe harbor, paragraph
1001.952(bb).
Other safeguards recommended by commenters specific to cash, cash
equivalents, and gift cards include: Prohibiting the advertising of
rewards; tying incentives to outcomes associated with the prescribed
course of treatment; a requirement that incentives cannot be utilized
to generate business or otherwise promote the utilization of
unnecessary or inappropriate items and services; limiting the use of
such incentives to items that promote health and wellness, such as
nutritious food, exercise equipment, or health monitoring and tracking
devices; and requiring entities to have an evidence-based reason to
believe that cash, cash equivalents, or gift cards can increase patient
adherence to recommended medical guidance. A commenter suggested that
retrospective evaluation and auditing could be used to identify any
potentially fraudulent activity relating to cash, cash equivalents, and
gift cards.
Response: We appreciate the commenters' suggestions for additional
safe harbor conditions specific to the provision of cash, cash
equivalents, and gift cards. Based on longstanding program integrity
concerns, the final safe harbor only protects in-kind remuneration to
include limited types of gift cards as described further above. OIG
historically has had significant concerns about providing protection
for providers' and other health care stakeholders' offers of cash or
cash equivalents to patients, and our oversight experience suggests
that cash and cash-equivalent remuneration raises substantial fraud and
abuse risks, including the potential for inappropriate utilization of
medically unnecessary items and services and improper patient steering.
OIG tailored the final safe harbor's safeguards to in-kind tools and
supports; therefore, it is not necessary to adopt additional conditions
recommended by commenters specific to the provision of cash, cash
equivalents, and gift cards.
Comment: Commenters noted that cash and cash equivalents are a
useful way to address social determinants of health and noted that cash
and cash equivalents could facilitate patient access to transportation,
counseling and coaching, meal preparation, existing and emerging self-
monitoring health technologies, and other supports that promote
independence and positive health outcomes.
Response: We recognize that cash and cash equivalents may be a
useful way to address social determinants of health. We remain
concerned, however, for the reasons explained above, that cash or cash-
equivalent remuneration to Federal health care program beneficiaries
presents an elevated risk of fraud and abuse, and we are finalizing our
proposal to protect only in-kind remuneration. Parties can structure a
wide range of arrangements involving in-kind remuneration to address
social determinants of health under the final safe harbor. For example,
in lieu of cash, protected tools and supports could include vouchers or
limited-use gift cards (e.g., to address transportation access to
medical appointments to advance adherence to a followup care plan, a
ride share voucher or gas card could be protected, provided all other
safe harbor conditions are satisfied). Arrangements involving cash or
cash equivalents used to address social determinants of health are not
necessarily illegal; they would need to be evaluated under the anti-
kickback statute on a case-by-case basis, including the intent of the
parties.
Comment: A commenter asserted that expanding the safe harbor to
protect gift cards, discount cards, and coupons toward future services
would support the viability of smaller independent practices that
operate in consolidated markets and are competing against hospitals and
health systems.
Response: We appreciate the commenter's concern regarding
consolidation and the potential effects of our safe harbors on
competition. This final safe harbor protects certain, limited
categories of gift cards in accordance with OIG's previous guidance on
cash equivalents and limited-use gift cards. We note that discount
cards and coupons may qualify as protected in-kind remuneration as long
as the other conditions of this safe harbor are satisfied. We do not,
however, intend for this safe harbor to protect waivers or reductions
in patient cost-sharing obligations, as discussed below. For example, a
coupon designed
[[Page 77791]]
to cover only a patient's cost-sharing obligation would not be
protected by this safe harbor. We also note that to the extent parties
wish to have safe harbor protection for any discounts offered to
beneficiaries, they would need to comply with the terms of the discount
safe harbor at paragraph 1001.952(h) in order to receive safe harbor
protection. Finally, to the extent the commenter is referencing gift
cards, discount cards, and coupons that would reward patients for
seeking care, such arrangements may not satisfy the prohibition on
marketing and patient recruitment at paragraph 1001.952(hh)(6).
Comment: A number of commenters offered general support for
extending safe harbor protection to cash, cash equivalents, and gift
cards provided to patients as rewards or incentives to promote various
behaviors, including attending necessary appointments, adherence to a
treatment regimen, or participation in a substance abuse treatment or
behavioral modification program. Several commenters cited a body of
research suggesting that cash incentives can be effective at improving
patient engagement and adherence or behavioral modification. For
example, a commenter cited behavioral economics research findings that
even nominal amounts of cash or cash-equivalent remuneration can
produce substantial improvements in overall health outcomes when used
as an incentive to motivate patients to lead healthier lifestyles.
Commenters also noted that gift cards may be employed as rewards
for healthy patient behaviors and activities in a number of other
contexts, including pursuant to certain section 1115 waiver programs,
some Medicaid managed care organizations, and programs or initiatives
related to Medicaid Incentives for the Prevention of Chronic Diseases.
Response: In the OIG Proposed Rule, we solicited comments on
including gift cards when they are provided to patients with certain
conditions, such as substance abuse disorders and behavioral health
conditions, as part of an evidence-based treatment program for the
purpose of effecting behavioral change. We appreciate the responses
from commenters and understand that incentives can effectively drive
patient adherence to treatment programs, lead patients to follow
healthier lifestyles, or effect other behavioral changes.
For example, we recognize that research shows that contingency
management interventions are the most effective currently available
treatment for stimulant use disorders. Substance use disorder treatment
programs utilizing contingency management often involve payments to the
patient in the form of the opportunity to earn vouchers, gift cards, or
even, in some models, salaries in exchange for desired prosocial
behaviors or meeting specified goals. We also understand and
acknowledge that there is a growing problem with stimulant (e.g.,
cocaine and methamphetamine) co-use with opioids. Combatting the opioid
epidemic, including ensuring that patients have access to effective
treatment programs, has been a top priority for the Administration, the
Department, and OIG. In addition, many treatments involving contingency
management interventions have been developed over decades by scientists
supported by the Federal government through the National Institutes of
Health.
After weighing the potential benefits of contingency management and
other programs designed to motivate beneficial behavioral change with
the potential risks to program integrity--and understanding that many
of these programs involve cash and cash-equivalent payments to
patients--we are not expanding the patient engagement and support safe
harbor to include cash and cash-equivalent payments offered as part of
contingency management interventions or other programs to motivate
beneficial behavioral changes. This does not mean that all such cash or
cash-equivalent payments are unlawful, but they would be subject to
case-by-case analysis under the Federal anti-kickback statute and
Beneficiary Inducements CMP. In addition, we emphasize--as further
discussed below--that in-kind remuneration and certain limited-use gift
cards offered as part of contingency management interventions or other
programs to motivate beneficial behavioral changes could receive
protection under the patient engagement and support safe harbor if all
safe harbor conditions are satisfied. Indeed, OIG's final rule offers
many opportunities for those treating patients for substance use
disorders to improve the coordination and management of patient care
through value-based arrangements between providers that band together
to improve care, the provision of in-kind incentives to patients to
motivate them to meet treatment goals, and broader flexibilities for
transportation arrangements under the existing local transportation
safe harbor, which would meet an identified need for patients in rural
areas seeking treatment. While not all such arrangements implicate the
fraud and abuse statutes, arrangements involving community recovery
support systems such as clubhouses and peer-to-peer focused support
services would have broader access to safe harbor protection under the
final rule.
With respect to nominal amounts of cash or cash-equivalent
remuneration mentioned by the commenter, we understand that some
industry stakeholders believe OIG's guidance permits cash and cash-
equivalent incentive payments up to $75. This is a misunderstanding of
OIG's guidance. The Conference Committee report accompanying the
enactment of the Beneficiary Inducements CMP expressed Congress' intent
that inexpensive gifts of nominal value be permitted.\61\ OIG has
interpreted inexpensive gifts of nominal value to mean in-kind items
and services with a retail value of no more than $15 per item or $75 in
the aggregate per beneficiary on an annual basis.\62\ Gifts that
implicate the Beneficiary Inducements CMP that exceed these dollar
limits are not prohibited but are analyzed on a case-by-case basis for
compliance under the statute. We highlight, however, that this nominal
value guidance applies to the value of in-kind items and services, not
to the value of incentive payments in the form of cash or cash
equivalents. In other words, cash and cash-equivalent payments under
$75 would not be covered by this guidance. Moreover, this guidance
applies only with respect to the Beneficiary Inducements CMP and not to
the Federal anti-kickback statute. Furthermore, we are aware that some
industry stakeholders may be under a misimpression that OIG prohibits
contingency management program incentives above $75. There is no OIG-
imposed $75 limitation on contingency management program incentives.
Rather, the Federal anti-kickback statute may constrain the ability of
individuals or entities to offer contingency management program
incentives of any value to Federal health care program beneficiaries,
depending on the facts of the arrangement. Moreover, in-kind incentives
above the $75 annual, aggregate limit, and all cash or cash-equivalent
incentives regardless of the amount, must be analyzed on the basis
[[Page 77792]]
of their specific facts for compliance with the Beneficiary Inducements
CMP.
---------------------------------------------------------------------------
\61\ See Joint Explanatory Statement of the Committee of
Conference, section 231 of HIPAA, Public Law 104-191.
\62\ OIG, Office of Inspector General Policy Statement Regarding
Gifts of Nominal Value To Medicare and Medicaid Beneficiaries (Dec.
7, 2016), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.
---------------------------------------------------------------------------
With respect to contingency management program incentives and other
programs that offer incentives to motivate healthy behaviors--whether
above or below $75 in value--we offer the following observations. In-
kind remuneration in connection with such programs can fit in the
patient engagement and support safe harbor if all safe harbor
conditions are met (including the $500 annual cap). As further
explained in this section, the final safe harbor protects certain
limited-use gift cards that advance one or more of the enumerated goals
at paragraph 1001.952(hh)(3)(vi) and meet other safe harbor conditions,
including that the remuneration must have a direct connection to the
coordination and management of care of the target patient population.
To the extent that a program involves salary payments to a bona fide
employee for services furnished by the employee, the payments might
qualify under the existing safe harbor for employees at paragraph
1001.952(i).
If a contingency management incentive that implicates the Federal
anti-kickback statute, Beneficiary Inducements CMP, or both does not
satisfy an existing safe harbor or exception (as applicable), that does
not mean that such incentive automatically violates the statutes and is
illegal. Contingency management incentive arrangements that do not
comply with a safe harbor must be analyzed on a case-by-case basis for
compliance with the Federal anti-kickback statute and Beneficiary
Inducements CMP. In addition, incentives that are included in a service
covered by a Federal health care program (i.e., the coverage includes
the incentive itself) would not implicate the Federal anti-kickback
statute or the Beneficiary Inducements CMP, provided that the
applicable billing and coverage rules are followed including collection
of any applicable patient cost-sharing obligations. In addition,
incentives offered as part of a CMS-sponsored model may qualify for
protection under the new safe harbor at paragraph 1001.952(ii).
Further, we are aware that some incentives may be provided pursuant to
or in connection with other government-sponsored demonstrations or
other government-sponsored programs (including studies initiated,
organized, funded, and managed by the National Institutes of Health).
Participation in and adherence to the requirements of such
demonstrations or programs would be a relevant factor in assessing the
intent of the parties and the risk posed by the arrangement.\63\
Incentives offered to commercially insured patients or uninsured
patients would not implicate the statutes. Application of the statutes
is discussed in further detail in sections II.B and II.C of this
preamble.
---------------------------------------------------------------------------
\63\ See, e.g., OIG, OIG Adv. Op. No. 08-14 (Oct. 2, 2008),
available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2008/AdvOpn08-14.pdf (regarding a substance abuse treatment center's use
of motivational incentives to reward a patient's achievement of
certain treatment-related goals; in this advisory opinion,
Requestor's program was developed and refined in connection with
National Institute on Drug Abuse's government-sponsored research
into implementation of motivational incentives as a treatment
option, a fact that OIG viewed favorably).
---------------------------------------------------------------------------
With respect to incentives in the form of cash or cash equivalents,
we are concerned about heightened fraud and abuse risk. As noted in the
OIG Proposed Rule, OIG historically has had significant concerns with
allowing providers and others to offer cash or cash equivalents to
patients, and our oversight and enforcement experience suggests that
cash incentives can result in medical identity theft and misuse of
patients' Medicare numbers, lead to inappropriate utilization (in the
form of medically unnecessary items and services), and cause improper
patient steering (including patients selecting a provider because the
provider offers the most valuable incentives and not because of the
quality of care the provider furnishes).\64\
---------------------------------------------------------------------------
\64\ 84 FR 55275 (Oct. 17, 2019).
---------------------------------------------------------------------------
Moreover, in the area of substance use disorder treatment, OIG and
its law enforcement partners have substantial enforcement experience
that demonstrates the pervasiveness of fraud in treatment programs that
serve neither the best interests of patients nor taxpayers. For
example, OIG has participated in enforcement actions resulting from
allegations of significant fraud by substance use disorder treatment
facilities, or ``sober homes,'' that take advantage of individuals with
substance abuse disorders.\65\
---------------------------------------------------------------------------
\65\ See, e.g., Press Release, U.S. Department of Justice,
National Health Care Fraud and Opioid Takedown Results in Charges
Against 345 Defendants Responsible for More than $6 Billion in
Alleged Fraud Losses (Sept. 30, 2020), https://www.justice.gov/criminal-fraud/hcf-2020-takedown/press-release.
---------------------------------------------------------------------------
We preclude cash or cash equivalents from protection under this
safe harbor in recognition of the critical need to protect vulnerable
patients from fraud. That said, as stated above, arrangements involving
cash or cash equivalents used to promote adherence or healthy behavior
modification do not necessarily violate the Federal anti-kickback
statute; they would need to be evaluated under the anti-kickback
statute on a case-by-case basis, including the intent of the parties.
Parties may seek an OIG advisory opinion if they want assurance that
their arrangement(s) comply with the statutes or would not be subject
to OIG administrative enforcement sanctions, but having an advisory
opinion is not mandatory. Declining to seek an OIG advisory opinion is
not evidence that parties have improper intent under the Federal anti-
kickback statute.
As stated above, in-kind incentives in connection with contingency
management or other motivational programs can fit in the final safe
harbor if all conditions are met. We note that offering incentives to
patients as a reward for accessing care may not satisfy the prohibition
on marketing and patient recruitment at paragraph 1001.952(hh)(6),
depending on the facts and circumstances. We also emphasize that
remuneration offered as a reward or incentive is not protected if it
results in a beneficiary being furnished medically unnecessary care or
inappropriate items or services reimbursed by a Federal health program,
pursuant to the condition at paragraph 1001.952(hh)(3)(iv).
Finally, to the extent that existing safe harbors might not address
all facets of contingency management incentive programs, we are
considering addressing them in future rulemaking.
Comment: A commenter urged OIG to consider extending safe harbor
protection to benefits such as direct payments from a provider to
utility companies and the direct provision of technology (e.g.,
electronic scales and tablets to provide continuing condition-specific
education).
Response: Because the beneficiary does not directly receive cash or
cash-equivalent remuneration, we consider the specific examples
provided by the commenter to be in-kind remuneration, which may be
protected by this safe harbor if the other conditions of the safe
harbor are satisfied.
Comment: A commenter observed that Congress has recognized the
value of providing incentive payments to patients in allowing
Accountable Care Organizations (ACOs) participating in the Medicare
Shared Savings Program to make payments to patients who receive
qualifying primary care services from providers participating in those
ACOs.
Response: We recognize that the ACO Beneficiary Incentive Program,
which is administered by CMS as part of the Medicare Shared Savings
Program, allows an ACO to make incentive payments to beneficiaries of
up to $20 per qualifying service as an incentive to
[[Page 77793]]
encourage utilization of medically necessary primary care services if
certain eligibility, recordkeeping, and notification requirements are
met. Nothing in the new patient engagement and support safe harbor
would prevent ACOs from continuing to participate in that program or
from structuring ACO Beneficiary Incentive Payment programs to satisfy
the requirements of the new safe harbor set forth at paragraph
1001.952(kk), which protects payments under the ACO Beneficiary
Incentive Program. Although we are not protecting similar incentives in
this safe harbor, this decision does not reflect the programmatic value
of the ACO Beneficiary Incentives.
The patient engagement and support safe harbor will protect tools
and supports furnished outside of the context of a program administered
and monitored by CMS. Without that programmatic oversight, we believe
the safeguards in this final rule, including limiting safe harbor
protection to in-kind remuneration, are appropriate and necessary to
protect Federal health care programs and beneficiaries from harms
associated with fraud and abuse.
Comment: A commenter urged OIG to update its 2016 Policy Statement
Regarding Gifts of Nominal Value to Medicare and Medicaid Beneficiaries
to revise its interpretation of ``nominal value'' from $15 per instance
to $20 per instance, and from $75 in the aggregate per year to $100 in
the aggregate per year.
Response: We decline commenter's request to update our guidance on
``nominal value'' \66\ in this rulemaking. We note that our nominal
value guidance focuses only on OIG's Beneficiary Inducements CMP
authorities, and not the anti-kickback statute.
---------------------------------------------------------------------------
\66\ See OIG, Office of Inspector General Policy Statement
Regarding Gifts of Nominal Value to Medicare and Medicaid
Beneficiaries (Dec. 7, 2016), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.
---------------------------------------------------------------------------
iii. Waiver or Reduction of Cost-Sharing Obligations
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we sought
comments on a variety of issues relating to potential safe harbor
protection for waivers or reductions of patient cost-sharing
obligations in different circumstances, including waivers or reductions
of patient cost-sharing in the context of the proposed value-based
framework. We also noted that the requirements related to cost-sharing
in the Medicare and Medicaid programs are a programmatic matter; cost-
sharing is required pursuant to statute, regulations, and other rules
set forth by CMS and state Medicaid programs.
Summary of Final Rule: We are not finalizing a condition to protect
cost-sharing waivers or reductions under this safe harbor.
Comment: Many commenters expressed support for protecting waivers
of beneficiary cost-sharing obligations for remote patient monitoring,
chronic care management, digital technologies that include care
coordination functionality, and other care coordination services. A
commenter argued that both patients and Federal health care programs
benefit from waiving cost-sharing requirements for these items and
services because reducing barriers to accessing preventive care can
improve health outcomes for patients while also ensuring efficient use
of taxpayer resources. Commenters also asserted that cost-sharing
obligations can serve as a significant barrier to patient access for
these and other care coordination items and services, and that
providers' concerns regarding patients' fulfilling cost-sharing
obligations could discourage providers from even offering these
services. A commenter pointed out that protecting cost-sharing waivers
could give flexibility to certain manufacturers to structure rewards
programs that could incentivize patient behavior that may improve
health outcomes, such as treatment adherence. One commenter noted that
waivers of cost-sharing obligations are less prone to abuse than
providing cash to patients but posited that waivers can still lead to
undesirable effects such as cherry-picking and patient steering.
Commenters also noted that collecting cost-sharing amounts may be
administratively burdensome for providers, and for certain items and
services the cost of collection often exceeds the cost-sharing amount
to be collected. In order to address this issue, a commenter
recommended that OIG protect waivers of cost-sharing amounts when the
amount owed by the beneficiary is nominal, similar to OIG's Policy
Statement Regarding Gifts of Nominal Value to Medicare and Medicaid
Beneficiaries, or that OIG amend its interpretation of ``reasonable
collection efforts'' under section 1128A(i)(6)(A)(iii)(II) of the Act
so that these collection efforts do not include situations where the
cost of collection by the provider exceeds the cost-sharing amount that
the provider would potentially collect.
Commenters also urged OIG to implement safe harbor protection for
waivers or reductions of other types of cost-sharing obligations,
including cost-sharing for services furnished through patient-centered
medical homes and patient-centered specialty practices, such as visits
that promote medication adherence, preventive care, and kidney disease
education. A commenter suggested that OIG should protect full or
partial cost-sharing waivers where care coordination arrangements
result in cost savings to the health care system, which would allow
patients to share in savings resulting from compliance with disease
management or treatment programs.
A number of commenters urged OIG to protect waivers of IHS
beneficiaries' cost-sharing obligations for items and services
furnished by Indian health programs, noting that the imposition of
cost-sharing obligations can be a barrier to care coordination for
those patients.
Response: Cost-sharing waivers, or other tools and supports
designed to effectuate a waiver of beneficiary cost-sharing, are not
protected under the final patient engagement and support safe harbor.
We appreciate commenters' suggestions regarding potential safe harbor
protection for waivers or reductions of certain cost-sharing
obligations, particularly in the context of value-based care and
coordination of care. However, for a number of reasons we are not
convinced that a safe harbor promulgated by OIG through regulation
would be the appropriate mechanism to protect the waiver or reduction
of a programmatic requirement. As we stated in the OIG Proposed Rule,
beneficiary cost-sharing obligations are a programmatic requirement,
and we do not believe it would be appropriate to broadly protect cost-
sharing waivers that could obviate a programmatic requirement created
by statute to the extent requested by commenters. On several occasions,
Congress has enacted limited and individualized statutory protection
for cost-sharing waivers. For example, Congress enacted an exception to
the anti-kickback statute that allows pharmacies to waive Medicare Part
D cost-sharing under certain conditions, and we have promulgated
corresponding, implementing regulations.\67\
---------------------------------------------------------------------------
\67\ Section 1128B(b)(3)(G) of the Act; 42 CFR 1001.952(k)(3).
---------------------------------------------------------------------------
In addition, commenters requested OIG provide safe harbor
protection for the waiver of beneficiary cost-sharing for certain items
and services (e.g., remote patient monitoring, chronic care management,
digital technologies that include care coordination functionality, and
other care coordination services). We do not think it would be
appropriate or feasible for this rule to make
[[Page 77794]]
distinctions regarding cost-sharing waivers based on particular
categories of services. We do not discern a reasonable basis for making
such distinctions. We note that longstanding OIG guidance allows for
waivers of cost-sharing amounts based on individualized, good faith
determinations of financial need.
In the OIG Proposed Rule, we stated that we were considering
protecting cost-sharing waivers for certain specified services (e.g.,
care management services). We are not adopting the commenter's
recommendation to waive nominal cost sharing amounts. As discussed
above, we do not view a safe harbor to the Federal anti-kickback
statute as an appropriate vehicle to address programmatic rules related
to beneficiary cost sharing.
In addition, we did not propose to amend our interpretation of
``reasonable collection efforts'' under section 1128A(i)(6)(A)(iii)(II)
of the Act and decline to do so in this final rule.
iv. Social Determinants of Health
Summary of OIG Proposed Rule: For reasons described in the OIG
Proposed Rule, including the connection of social determinants to
health outcomes and costs,\68\ we proposed to protect at paragraph
1001.952(hh)(3)(i) an in-kind item, good, or service such as, among
others, supports or services designed to identify and address a
patient's social determinants of health. In the OIG Proposed Rule, we
cited the existence of substantial evidence that ``unmet social needs''
related to social determinants of health such as transportation,
nutrition, and safe housing play a critical role in health outcomes and
expenditures,\69\ two key policy goals of this rulemaking. We sought
comment on which social determinants are most crucial to improving care
coordination and transitioning to value-based care and payment.\70\ We
also sought comments on how or whether to protect tools and supports
designed to address social determinants of health, including whether to
make distinctions among various categories of social determinants or to
list specific permissible tools and supports.
---------------------------------------------------------------------------
\68\ 84 FR 55723 (Oct. 17, 2019).
\69\ 84 FR 55723 (Oct. 17, 2019).
\70\ 84 FR 55724 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications,
paragraph 1001.952(hh)(3)(i). The modifications remove the illustrative
example related to social determinants of health from paragraph
1001.952(hh)(3)(i). Notwithstanding, the final rule at paragraph
1001.952(hh) protects in-kind tools and supports that identify and
address a patient's social determinants of health, provided that the
tools and supports otherwise meet all applicable safe harbor
conditions, including, among others, the $500 annual cap, the
requirement for a direct connection to the coordination and management
of the care of the target patient population, the requirement that the
tool or support is recommended by the patient's licensed health care
professional, and the requirement that the tool or support advances at
least one of the enumerated goals set forth at paragraph (hh)(3)(vi) of
the final rule. The five enumerated goals ensure that protected tools
and supports have a close nexus to care coordination, quality of care,
and health outcomes for patients.
As with health-related technology and patient health-related
monitoring tools and services, we are no longer including the specific
example of tools and supports that identify and address social
determinants of health in the final paragraph 1001.952(hh)(3)(i).
Explicitly listing illustrative categories of protected remuneration is
not necessary to effectuate the policy set out in the proposed rule
that these categories and other types of tools and supports can be
protected if all safe harbor conditions are met. This change ensures
the final rule does not inappropriately limit the type or range of in-
kind tools and supports that could be protected by this safe harbor.
This will allow the licensed health care professional to determine the
specific type of tool or support that works best for the patient, as
long as all conditions of the safe harbor are met.
Comment: Numerous commenters urged us to extend explicit safe
harbor protection to address various social determinants of health,
focusing primarily on tools and supports to address food insecurity,
housing instability, and transportation needs. Commenters also noted
that identifying and addressing patients' social determinants of health
through patient engagement tools and preventive care items will allow
entities to improve patient outcomes while also reducing health care
costs.
Response: We agree that these types of tools and supports have the
potential to improve patient outcomes while producing savings to
Federal health care programs and patients. Tools and supports to
address the categories of social determinants cited by the commenters
may be eligible for safe harbor protection if they meet all safe harbor
conditions including, among others, one of the safe harbor's enumerated
goals at paragraph 1001.952(hh)(3)(vi). For examples of how the safe
harbor could protect tools and supports that identify and address
social determinants of health, we refer readers to the response
directly below. We are finalizing this safe harbor without including
tools and supports designed to identify and address social determinants
of health as an example of protected remuneration in the regulatory
text. This change will ensure the final rule avoids inadvertently
constraining the types or categories of in-kind tools and supports
protected by this safe harbor in order to foster beneficial innovation.
Comment: We received a number of comments addressing the question
of how to define social determinants of health and related tools and
supports for the purpose of this new safe harbor. Many commenters urged
us not to specify permissible tools and supports, but instead to adopt
a flexible approach. Other commenters requested OIG provide a
nonexclusive and nonexhaustive list illustrative of the types of
permissible tools and supports that could receive protection under the
safe harbor, indicating that such a list would provide clarity to the
industry regarding the scope of tools and supports this safe harbor
would protect without limiting flexibility and innovation. Another
commenter sought clarification regarding how to interpret our proposed
protection for tools and supports that address social determinants of
health and other items and services such as preventive care items and
services and health-related technology, including how to interpret the
list of illustrative examples we provided in the preamble.
Commenters provided examples of a wide range of categories of
social determinants of health and the tools and supports that
commenters argued should be protected under this safe harbor, which
they consider most crucial to improving coordination and management of
care and transitioning to value-based care and payment. The social
determinants of health--and tools and supports to address such social
determinants of health--cited by commenters include food insecurity,
housing instability, transportation, nutrition education, supervised
exercise, fitness training programs, household or vehicle modifications
to promote mobility and independence, addiction recovery programs,
mental health programs, payment of utility bills, and supports related
to interpersonal violence.
Some commenters offered extensive lists of social determinants of
health relevant to specific health issues, such
[[Page 77795]]
as determinants that impact musculoskeletal care or chronic diseases.
Another commenter urged OIG to use the framework developed by the
Kaiser Family Foundation to make distinctions among categories of
social determinants using the following categories: (i) Economic
stability; (ii) neighborhood and physical environment; (iii) food; (iv)
community and social context; and (v) health care system. Another
commenter suggested OIG reference services offered as supplemental
benefits within Medicare Advantage as well as the special supplemental
benefits for the chronically ill included in the Creating High-Quality
Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act.
Response: We appreciate commenters' suggestions regarding how best
to identify and protect categories of social determinants of health and
related tools and supports that should be protected under this safe
harbor. We agree with the concern that an exclusive list of protected
tools or supports in regulatory text could inappropriately constrain
entities from offering the most useful types of tools and supports, and
a rigid definition of social determinants of health could limit
innovation related to tools and supports that may be protected by this
final rule, if all conditions of the safe harbor are met. We are not
providing a specific definition of ``social determinants of health''
for the purpose of this final rule, as one is not needed, nor are we
providing an exclusive list of the types of tools and support that will
receive safe harbor protection. We agree with the commenters that
recommended flexibility.
We offer below illustrative, but not exhaustive, examples of tools
and supports related to identifying and addressing patients' needs
related to social determinants of health that may qualify under the
safe harbor if all safe harbor conditions are met. We provide this list
of representative tools and supports to readers to explain our
interpretation of the safe harbor; we emphasize that this list is
neither exhaustive nor does it point to the Government's view of the
effectiveness of the listed examples. Furthermore, we remind readers
that the safe harbor is specifically focused on the coordination and
management of patient care. There are other important aspects of
addressing social determinants of health that are not covered by this
rulemaking because they do not relate to the coordination and
management of patient care. In some cases, other safe harbors such as
the local transportation safe harbor, or other exceptions to the
Beneficiary Inducements CMP, such as the financial-need-based exception
and the promote access to care exception (both found at paragraph
1003.110), may be available for incentives that address patients' needs
related to social determinants of health.\71\ OIG's advisory opinion
process is also available, and OIG has issued several advisory opinions
addressing areas such as nutrition, lodging, and transportation.
---------------------------------------------------------------------------
\71\ We remind readers that exceptions to the definition of
``remuneration'' under the Beneficiary Inducements CMP apply only
for the purposes of the definition of ``remuneration'' applicable to
section 1128A of the Act (the Beneficiary Inducements CMP); they do
not apply for purposes of section 1128B(b) of the Act (the Federal
anti-kickback statute).
---------------------------------------------------------------------------
Illustrative examples of tools and supports related to social
determinants of care that could be structured to fit in the safe
harbor, depending on the facts and circumstances, include the
following: Provision of in-kind transportation, such as transit
vouchers or rideshares organized by the VBE participant; home
modifications such as grab bars, air filters or purifiers, and other
physical or structural modifications that allow patients to live safely
at home; temporary housing for an individual experiencing homelessness
or living far from a hospital following a surgical discharge; providing
broadband access to a patient to enable remote patient monitoring or
virtual care; grocery or meal delivery services, nutrition supplements,
and nutrition education; exercise or fitness programs or equipment;
vehicle modifications; incentives as part of addiction recovery
programs, including peer-to-peer programs and contingency management
programs; incentives as part of mental health programs; and supports
related to interpersonal violence. For each of the preceding examples,
all safe harbor conditions would need to be met, including that the
tool or support advances one of the goals enumerated in paragraph
1001.952(hh)(3)(vi).
In contrast, some tools and supports that could help address needs
related to social determinants of health would be very unlikely to fit
in the safe harbor. For example, tools and supports related to finding
employment or housing-related tools and supports of a routine nature,
such as routine or ongoing rent or utility payments, are unlikely to
meet the requirements that they be directly related to coordination and
management of patient care, be recommended by the patient's licensed
health care professional, and advance an enumerated goal at paragraph
1001.952(hh)(3)(vi).
We emphasize that the changes to the regulatory text ensure this
final rule is agnostic about the specific types of in-kind tools or
supports protected by this safe harbor. This will give licensed health
care professionals flexibility to determine and recommend the tool or
support that would best address a patient's social determinants of
health to foster coordination and management of patient care.
Comment: A commenter urged OIG to identify an additional goal under
paragraph 1001.952(hh)(3)(vi) for ``management of activities of daily
living,'' to clarify that tools and supports may be protected if used
to address social determinants of health.
Response: We are not adopting this suggestion. As explained above,
in-kind tools and supports used to address social determinants of
health may be protected by the safe harbor if they meet all safe harbor
conditions. Depending on the specific facts and circumstances, in-kind
tools and supports for the management of activities of daily living
could meet several of the enumerated goals in paragraph (hh)(3)(vi)
including, for example, goals related to adherence to a followup
treatment plan, prevention or management of a disease or condition, and
ensuring patient safety. Such tools and supports would need to meet all
other safe harbor conditions as well. The goals proposed in the OIG
Proposed Rule and finalized in paragraph 1001.952(hh)(3)(vi) are
intended to have a close nexus to the coordination and management of
patient care. Ensuring that beneficiaries have the support they need to
manage activities of daily living is critically important. However, for
purposes of this safe harbor, a separate goal related to ``management
of activities of daily living'' would not have the same close nexus.
We note that nothing in this rule alters any existing program rules
or benefits available to support activities of daily living.
In particular, some health care benefits, such as long-term care
services covered by Medicaid, utilize assessments of activities of
daily living to determine the appropriate level of care for a patient.
This safe harbor does not affect those rules. Additionally, some long-
term care benefits may also provide coverage for items or services to
help manage a patient's activities of daily living that are similar or
the same as the tools and supports protected by this safe harbor.
Consistent with the discussion in section III.B.6.l on cost-shifting,
if a provider furnishes covered
[[Page 77796]]
items or services that are covered by a Federal health care program and
billed following normal rules, the provision of those items or services
alone would not implicate the Federal anti-kickback statute.
v. Health-Related Technology and Patient Monitoring
Summary of OIG Proposed Rule: Proposed paragraph 1001.952(hh)(3)(i)
included health-related technology and patient health-related
monitoring tools and services as examples of permissible tools and
supports.
Summary of Final Rule: We are not finalizing our proposal to
include these examples in regulatory text. Paragraph 1001.952(hh)(3)(i)
simply requires an in-kind item, good, or service, without qualifiers
or examples. We confirm that health-related technology and patient
health-related monitoring tools and supports can be protected
remuneration if all safe harbor conditions are met.
Comment: Commenters were encouraged that the OIG Proposed Rule
recognized wearable monitoring devices as ``health-related technology
and patient health-related monitoring tools and services'' that were
potentially protected tools and supports, noting the power of such
technologies in managing chronic illness and promoting patient
adherence. A commenter asked OIG to consider how to ensure that the
safe harbor does not stifle innovative health care provider
arrangements for care coordination implemented via remote patient
monitoring. The same commenter urged OIG to reexamine what constitutes
an inducement and help health care stakeholders better understand these
regulations by offering FAQs, guidance, or web-based access to
additional information.
Response: As noted above in the discussion relating to preventive
care, we have simplified the safe harbor language to reflect the
breadth of protected categories of remuneration. Accordingly, the safe
harbor no longer specifically references health-related monitoring
tools and services but instead requires that tools or supports are in
the form of an in-kind item, good, or service that meets the other
requirements of the safe harbor. This revision is in no way intended to
limit the scope of remuneration protected by the safe harbor to exclude
or otherwise limit health-related technology; rather, we intend the new
text at paragraph 1001.952(hh)(3)(i) to reflect the breadth of tools
and supports eligible for protection under the safe harbor.
We believe the safe harbor, including this broadened language, will
expand opportunities for innovation in how industry stakeholders engage
and support patients, including arrangements involving remote patient
monitoring. For instance, tools such as connected scales or blood
pressure monitors that track and transmit data to a patient's licensed
health care professional, or applications that allow a patient's mobile
devices to monitor activity or other health data, could be protected,
if all other conditions of the safe harbor are satisfied.
Comment: Commenters sought clarification as to how telehealth tools
and supports fit within the category of health-related technology. In
particular, a commenter asked whether the new patient engagement and
support safe harbor may be used to protect the provision of non-device-
based telehealth platforms and aggregators. Another commenter urged OIG
to clarify that, as a general matter, multifunction equipment could
comply with the Federal anti-kickback statute through a safe harbor and
exception to the Beneficiary Inducements CMP.
Response: In-kind telehealth supports can be protected under this
safe harbor if the provision of such supports satisfies all of the safe
harbor's conditions.\72\ For instance, a smartphone that facilitates
telehealth services with a patient's licensed health care professional,
or a platform or software that facilitates telehealth services, may be
a protected form of remuneration under this safe harbor if all safe
harbor conditions are satisfied. The commenter's request for additional
OIG guidance on whether the provision of multifunctional equipment
would implicate the Federal anti-kickback statute and Beneficiary
Inducements CMP is a fact-specific inquiry. Tools and supports that may
be protected by this safe harbor could include multifunctional
equipment, as long as the tool or support advances one of the
enumerated goals at paragraph 1001.952(hh)(3)(vi).
---------------------------------------------------------------------------
\72\ We acknowledge that Federal health care program coverage of
telehealth services and other care provided remotely has expanded
and the regulatory framework applicable to telehealth services and
other virtual care has shifted, at least temporarily, since the
publication of the OIG Proposed Rule. In particular, in response to
the unique circumstances resulting from the outbreak of COVID-19,
the Secretary determined, pursuant to section 319 of the Public
Health Service Act, that a public health emergency (PHE) exists and
has existed since January 27, 2020 (COVID-19 Declaration). See
Department of Health and Human Services, Determination that a Public
Health Emergency Exists (Jan. 31, 2020), available at https://www.phe.gov/emergency/news/healthactions/phe/Pages/2019-nCoV.aspx.
As a result of the PHE, various agencies have adopted temporary
rules and guidance designed to ease access to telehealth services
and other virtual care during the PHE. See for example CMS, Interim
Final Rule with Comment Period, Medicare and Medicaid Programs;
Policy and Regulatory Revisions in Response to the COVID-19 Public
Health Emergency, 85 FR 19230 (Apr. 6, 2020).
---------------------------------------------------------------------------
Comment: A commenter urged that patient communication and
counseling services are aligned with the spirit of the proposed safe
harbor and requested confirmation that these services constitute
patient health-related monitoring tools and services.
Response: We agree that patient communication and counseling
services may qualify as protected in-kind remuneration if the
conditions of the safe harbor are satisfied.
vi. Not Duplicative
Summary of OIG Proposed Rule: We solicited comments on whether to
require the VBE participant to confirm that the tool or support is not
duplicative of, or substantially the same as, tools and services the
patient already has.
Summary of Final Rule: We are not finalizing this condition.
Comment: A commenter supported requiring the patient to confirm
that the tool or support is not duplicative of something already owned
by the patient. A commenter stated that restrictions related to
providing duplicative tools or services that the patient already has
are unnecessary in light of the proposed safe harbor requirement
prohibiting the sale or diversion of the item or service. Moreover,
some commenters stated that this type of requirement would prove
difficult to implement because even if a patient has a similar device
or service, it does not mean that it has enough or the correct
technology to accomplish the VBE's or VBE participant's care objectives
and goals. Some commenters stated that this condition would be
difficult to interpret and enforce, and some commenters asserted that
the provision of duplicative tools and supports would be unlikely to
result in patient inducement. Another commenter highlighted concern
related to any such condition's intersection with providing updated or
upgraded tools and supports that might technically duplicate tools and
supports to which a patient already has access. A commenter asked what
would be considered duplicative or substantially the same, asking
specifically whether an updated smartphone to support the use of a
monitoring application would be duplicative if a patient already owns a
cell phone. The same commenter also inquired whether providing other
updated technology--such as a newer version of a patient's glucose
monitor--would be considered duplicative.
[[Page 77797]]
A commenter stated that OIG should not require confirmation that
the tools and supports provided to a patient are not duplicative of, or
substantially the same as, tools and supports the patient already has,
which the commenter believed fails to recognize that VBE participants
may want to rely on the safe harbor to test the effectiveness of a
particular tool or support.
Response: In this final rule, we are not adopting a requirement
that a VBE participant confirm that a tool or support is not
duplicative of, or substantially the same as, tools or supports the
patient already has. We appreciate the concerns raised by commenters
regarding the practical challenges in implementing this requirement,
including that it is difficult to determine which tools or supports
would be considered duplicative.
However, tools or supports that are duplicative of items or
services that a patient already owns or has access to may not advance
one of the goals listed at paragraph 1001.952(hh)(3)(vi) and therefore
may not be eligible for safe harbor protection. For example, providing
a patient with a new smartphone would not necessarily advance any of
the enumerated goals if the patient already has a cell phone with
sufficient functionality. For instance, the licensed health care
professional's recommendation of a smartphone to transmit medication
adherence reminders may not advance the patient's adherence to a drug
regimen if the identified need for the smartphone--to transmit
medication adherence reminders--is already achievable with the
patient's existing cell phone. On the other hand, provision of a
smartphone could promote adherence to a treatment regimen determined by
the patient's licensed health care professional (pursuant to the goal
listed at paragraph 1001.952(hh)(3)(vi)(A)) if, for example, the new
smartphone adds functionality needed for remote monitoring that is not
available on the patient's existing cell phone.
In response to the comment regarding using the patient engagement
and support safe harbor to test the effectiveness of tools or supports,
the safe harbor protects remuneration that advances one or more of the
enumerated goals under paragraph 1001.952(hh)(3)(vi). While protection
under this safe harbor is not conditional on achieving one or more of
these enumerated goals, a tool or support would not be eligible for
safe harbor protection without a reasonable basis that it would advance
at least one of the enumerated goals. The requirement to advance one or
more of the listed goals means, at a minimum, that the VBE participant
reasonably expects the tool or support to be effective in advancing a
goal.
g. Marketing and Patient Recruitment
Summary of OIG Proposed Rule: We proposed a condition at proposed
paragraph 1001.952(hh)(3)(iv) that would exclude from safe harbor
protection tools or supports used for patient recruitment or marketing
of items or services to patients. Separately, we sought comment on
whether to include a condition that would prohibit advertising of the
patient engagement tools or supports offered by a VBE participant. We
solicited comments on how best to preclude using tools and supports as
a marketing or advertising strategy to recruit patients or otherwise
influence referral sources, patients or otherwise, while still
permitting beneficial educational efforts and activities that promote
patient awareness of care coordination activities and available tools
and supports.
Summary of Final Rule: We are finalizing, with modifications, the
proposed condition at paragraph 1001.952(hh)(6). Under the final rule,
neither the VBE participant, nor an eligible agent of the VBE
participant, may use the patient engagement tools or supports to market
other reimbursable items or services or for patient recruitment
purposes. The final safe harbor condition clarifies the limitation on
marketing and patient recruitment consistent with our intent in the OIG
Proposed Rule to preclude protection of tools and supports used solely
for patient recruitment purposes or used to market other reimbursable
items and services to patients. The final condition clarifies that the
marketing prohibition only applies with respect to the marketing of
items and services reimbursable by Federal health care programs.
Providing remuneration to patients in order to market items or services
not reimbursable by Federal health care programs is unlikely to
implicate the anti-kickback statute and therefore would not need safe
harbor protection. As discussed further below, this condition does not
preclude a VBE participant from educating patients, such as providing
objective patient educational materials to a patient or engaging in
objective patient informational activities with respect to patients in
the target population.
Comment: Commenters generally supported our proposed prohibitions
on marketing and patient recruitment but urged OIG to clarify that
certain activities would not be prohibited, such as providing education
and information to established patients or members of the target
patient population about available resources, tools, and supports. For
example, a commenter suggested that a health care facility operating an
onsite food pantry should be able to post basic information, such as
the food pantry's hours of operation, to ensure patient access. Another
indicated that providers should be able to educate beneficiaries about
how to access care and to increase awareness and utilization of
services by describing available tools and supports on a provider's
website or by offering free marketing items such as refrigerator
magnets, stickers, and notepads.
Other commenters opposed these conditions altogether or requested
that we clarify the delineations between prohibited marketing,
advertising, and patient recruitment as opposed to permissible patient
education and awareness activities. Commenters warned that
dissemination of information to patients and their providers is
necessary for patients to achieve the health benefits intended by a
particular patient engagement program. A commenter added that
restricting advertising requires providers to determine which patients
may benefit from available resources, rather than empowering patients
to self-identify whether they may benefit from a given tool or support.
Response: We agree with the commenters who supported conditions
relating to marketing and patient recruitment, and we are finalizing
these concepts in a revised safe harbor condition at paragraph
1001.952(hh)(6). The patient engagement and support safe harbor does
not protect the provision of tools or supports if the VBE participant
uses the tools or supports to market other reimbursable items or
services or for patient recruitment purposes. As noted in the proposed
rule, the proposed condition was designed to preclude a VBE using a
tool or support to market other reimbursable items and services, or
using a tool for patient recruitment while permitting beneficial
educational efforts and activities that promote patient awareness of
care coordination activities and available tools and supports. We do
not intend to protect tools or supports that serve solely as patient
recruitment incentives.\73\
---------------------------------------------------------------------------
\73\ 84 FR 55727 (Oct. 17, 2019).
---------------------------------------------------------------------------
This condition does not preclude providers from educating their
patients or otherwise providing information about available tools and
supports to established patients. In other words, this
[[Page 77798]]
condition does not limit providers from offering objective information,
education, and reminders to their patients, nor does it limit providers
from offering tools and supports designed to educate patients and
increase awareness and utilization of appropriate services.
As an example, the following activity would not violate this
condition: A physician VBE participant informs a patient with asthma
that clean air in the home is important for keeping asthma symptoms
under control. The physician explains that clean air conditioning
filters and other air purifying machines are important for keeping the
air in a home clean and healthy. The physician informs the patient that
the VBE has a program to provide air filters, and the patient may be
eligible to receive free air filters provided by the physician.
However, the safe harbor does not protect a tool or support if used
to recruit patients or used to market other reimbursable items or
services. This condition protects against abusive marketing schemes
where the patients are inappropriately induced to select providers or
use items or services because they are being provided with free or low-
cost tools and supports. Importantly, the patient engagement and
support safe harbor protects the provision of tools and supports to
patients; it does not protect any marketing, advertising, or patient
recruitment arrangements.
As with the care coordination arrangements safe harbor's marketing
and patient recruitment provision discussed in section III.B.3.j we use
the terms marketing (e.g., promoting or selling something), recruitment
(e.g., enlisting someone to do something), and education (e.g.,
informing, instructing, or teaching) in accordance with their common
sense meanings. Additionally, we consider ``advertising'' to be a
subset of ``marketing,'' so the prohibition of using tools or supports
to market other reimbursable items or services also prohibits
advertising. This approach best allows flexibility for VBE participants
to engage in appropriate educational efforts. We offer illustrative
examples in response to comments to aid stakeholders in applying the
safe harbor provision.
For example, a VBE participant could operate a non-billable
diabetes remote monitoring program to help patients manage their
diabetes and coordinate their care. As part of the program, the VBE
participant offers patients with diabetes a free tablet to facilitate
the remote monitoring program. Should the VBE participant seek to
protect the tablet under this safe harbor, it would need to satisfy the
marketing and patient recruitment condition at paragraph
1001.952(hh)(6). To illustrate the scope of this condition, we offer
the following examples of educational activities that would comply with
this condition. First, the VBE participant may counsel a patient with
diabetes about the benefits of the non-billable remote monitoring
program and explain that such program includes a free tablet to
facilitate the program. Second, the VBE may explain that the tablet is
used to convey information such as nutritional information, recipes,
wellness tips, and appointment reminders. In these illustrative
examples, the VBE participant is not using the tablet to market other
reimbursable items or services or for patient recruitment.
By contrast, if the VBE participant uses the tablet to send
patients text messages and notifications to induce them to obtain
tests, equipment, supplies, or other reimbursable items and services,
the condition at paragraph 1001.952(hh)(6) would not be satisfied; the
VBE participant is using the tool and support (the tablet) to market
other reimbursable items and services. Similarly, if the VBE
participant advertises that patients will receive a free tablet if they
register for the remote monitoring program and receive services, the
VBE participant is using the tool and support to recruit patients and
the provision of the tablet does not qualify for safe harbor
protection. It would be the same result if the VBE participant used the
provision of the tablet to market other reimbursable services or
recruit patients through door-to-door marketing, telephone
solicitations, direct mailings, or through sales pitches masquerading
as ``informational'' sessions.
In response to commenters, we clarify that notification to an
entire target patient population about the availability of tools and
supports does not necessarily raise concerns under this condition.
Whether a notification to an entire patient population satisfies this
condition would require a highly fact-specific assessment. For example,
if a physician used an announcement to an entire target patient
population about the availability of free air conditioning filters if
those patients come in for an office visit (e.g., as an inducement to
attract patients to schedule an appointment billable to a Federal
health care program), that would constitute prohibited marketing or
patient recruitment, even if the announcement also had an educational
purpose. In contrast, if the announcement provided information on the
need for asthma patients to ensure the air in the home is clean and to
contact the physician for further information, that type of
notification would not violate this condition. Again, we highlight that
whether any particular communication satisfies this marketing condition
would require a highly fact-specific assessment.
Among the examples described by the commenters, a hospital posting
general information such as the hours of operation of its food pantry
to make patients aware of when the food pantry is open and enhance
patient access would not run afoul of this condition. Providing free
marketing items as described by a commenter such as refrigerator
magnets, stickers, and notepads likely would not be protected by this
safe harbor for multiple reasons. If provided for the purpose of
marketing or patient recruitment, such items would not meet this
condition. Furthermore, these items are unlikely to advance one of the
enumerated goals at paragraph 1001.952(hh)(3)(vi) or have a direct
connection to the coordination and management of care of the target
patient population.\74\
---------------------------------------------------------------------------
\74\ We note, however, that such items may be excluded from the
definition of remuneration under the Beneficiary Inducements CMP if
they are of nominal value. See for example 65 FR 24411 (Apr. 26,
2000), available at https://oig.hhs.gov/authorities/docs/cmpfinal.pdf, and Special Advisory Bulletin: Offering Gifts and
Other Inducements to Beneficiaries, August 2002, available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/SABGiftsandInducements.pdf (Special Advisory Bulletin); Office of
Inspector General Policy Statement Regarding Gifts of Nominal Value
to Medicare and Medicaid Beneficiaries (Dec. 7, 2016), available at
https://oig.hhs.gov/fraud/docs/alertsandbulletins/OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.
---------------------------------------------------------------------------
In response to the commenter who asserted that restricting
advertising requires providers to determine which patients may benefit
from available resources, rather than empowering patients to self-
identify whether they may benefit from a given tool or support, we note
that this condition is intended to preserve patient choice and protect
vulnerable patients from the undue influence of coercive marketing. We
also remind readers that any protected tool or support must satisfy the
other conditions of the safe harbor as well, including that the patient
engagement tool or support is recommended by the patient's licensed
health care professional and advances one or more of the goals
enumerated in the safe harbor. The protections in the safe harbor are
designed to emphasize the patient's relationship with their provider in
developing plans for treatment and care and the appropriate provision
of tools and supports.
[[Page 77799]]
Consequently, the final safe harbor preserves patient choice and
empowerment by relying on close communication and collaboration between
patient and provider.
A prohibition on marketing and patient recruitment serves as an
important protection against inappropriate patient steering and
overutilization of federally reimbursable items and services. Our
enforcement experience demonstrates that using tools and supports to
recruit patients or to otherwise market reimbursable items and services
presents a risk of harms associated with fraud and abuse (e.g.,
overutilization, provision of unnecessary services to patients, and
theft of patient's medical identity information).
We highlight that this prohibition extends to eligible agents of
the VBE participant. More specifically, to qualify for safe harbor
protection, neither the VBE participant nor any eligible agent may
exchange or use the patient engagement tools or supports to market
other reimbursable items or services or for patient recruitment
purposes. Under paragraph 1001.952(hh)(2), the patient engagement tool
or support may be furnished directly to the patient (or the patient's
caregiver, family member, or other individual acting on the patient's
behalf) by a VBE participant that is a party to the value-based
arrangement or its eligible agent. The modification of the marketing
and patient recruitment prohibition in paragraph 1001.952(hh)(6)
reflects the changes to paragraph 1001.952(hh)(2) related to eligible
agents. The marketing and patient recruitment prohibition applies
equally to the VBE participant and to the eligible agent that may be
furnishing the tool or support as an agent of the VBE participant. For
example, this final rule precludes safe harbor protection for tools and
supports used by a patient recruiter to induce or recruit beneficiaries
to receive items or services reimbursed by a Federal health care
program.
Comment: A commenter warned that an overly broad limit on
advertising could be a barrier to providers giving basic information to
patients. The commenter noted that OIG recognized this risk by limiting
the scope of its advertising prohibition in the local transportation
safe harbor, which explicitly allows posting shuttle route and schedule
details.
Response: First, we remind readers that arrangements need not have
safe harbor protection to be lawful, and we observe that many health
care entities lawfully provide basic information to patients (which may
not even implicate the Federal anti-kickback statute) and even market
services without the benefit of a safe harbor. Second, we believe the
final prohibition on marketing and patient recruitment is not overly
broad. It prohibits using patient engagement tools and supports to
market other reimbursable items and services or for patient
recruitment. It does not limit providers giving basic information
directly to their patients; indeed, as explained above, many types of
basic information would not even implicate the Federal anti-kickback
statute (e.g., appointment reminders and mailings explaining the best
hygiene practices to prevent influenza).
As the commenter states, the local transportation safe harbor
provides protection for a shuttle service that is not marketed or
advertised (other than posting necessary route and schedule details).
We do not believe a specific exception, similar to the route and
schedule details exception included in the shuttle services provision
of the local transportation safe harbor, is needed in the patient
engagement and support safe harbor, nor would such an exception be
feasible to address the wide range of tools and supports potentially
protected by this safe harbor. The final safe harbor's condition
related to marketing and patient recruitment does not prohibit a VBE
participant from providing basic information relating to available
patient engagement tools and supports to patients.
For example, a hospital that also runs a food pantry could post the
hours of operation of a food pantry. In contrast, should the hospital
conduct a general advertisement to the public indicating, for example,
that it has a free food program available to patients with diabetes
(the target patient population) who come to the hospital to receive
services, providing the support in the form of the free food program
would fail to satisfy this condition and would not be protected by this
safe harbor.
We emphasize that the provision of tools and supports to Federal
health care program beneficiaries by certain entities (which could be
VBE participants consistent with revisions made by this final rule)--
such as a social services agency that does not bill Federal health care
programs--would not implicate the Federal anti-kickback statute and,
consequently, would not require safe harbor protection.\75\ Therefore,
such entities would not be subject to this marketing and patient
recruitment condition.
---------------------------------------------------------------------------
\75\ We recognize the possibility that a hospital or other
entity that bills Federal health care programs could provide funding
to an entity that does not bill Federal health care programs in
order to support the provision of tools and supports to Federal
health care program beneficiaries. Such funding could constitute an
indirect financial relationship between the funding source and the
beneficiary that could implicate the Federal anti-kickback statute
and, if so, that relationship would need to be assessed separately.
---------------------------------------------------------------------------
Comment: A commenter urged OIG to ensure that the safe harbor
allows sufficient flexibility to inform patients of the types of
interventions designed to address social determinants of health that
the VBE participant offers to support patients in achieving improved
health outcomes and to furnish the best possible patient care. The
commenter highlighted that in the context of tools and supports
designed to address unmet social needs, patients may be reticent to
self-identify absent appropriate outreach and advertising due to
potential social stigmas associated with such needs. A commenter stated
that a safe harbor condition prohibiting advertising could: (i) Reduce
the ability of patients and providers to make fully informed decisions;
(ii) lower the number of patients who have access to beneficial tools
and supports; and (iii) hinder the ability to achieve the entity's
value-based goals.
Response: The safe harbor condition prohibiting use of the patient
engagement tools and supports to market other reimbursable items and
services or for patient recruitment is not intended to constrain a
licensed health care professional from informing patients of the types
of available tools and supports. The safe harbor also would not
prohibit other types of VBE participants from providing educational
information about available tools and supports to patients in the
target population.
Comment: A commenter asserted that a facility should be able to
advertise the patient engagement tools and supports it offers, and if a
patient elects a certain facility on that basis, then the patient has
demonstrated active engagement in their care options.
Response: We recognize the importance of activated and engaged
patients and consumer choice. As previously stated, potential donors
may provide educational information and inform patients about the
availability of engagement tools and supports. This condition prohibits
only using tools and supports to market other reimbursable items and
services or for patient recruitment. This final condition is designed
to prevent VBE participants from influencing patients' decision-making
regarding billable health care items and services based on the offer of
free tools and supports. We are
[[Page 77800]]
concerned that patients might be coerced into selecting items and
services that are not in their medical best interests. We emphasize,
however, that nothing in this final rulemaking constrains patient
decision-making; notably, patients are free to select (or decline to
select) providers based on their participation in a VBE, on the care
coordination and management services they furnish, or on the tools and
supports they offer.
Comment: A commenter noted that a prohibition on advertising could
disproportionately impact skilled nursing facilities and assisted
living facilities whose patients are more likely to rely upon
traditional advertising methods to understand their treatment options
and alternatives.
Response: This condition restricts VBE participants who wish to use
the safe harbor from using the tools and supports to market other
reimbursable items or services (e.g., an advertisement that offers to
provide a free smartphone after a patient receives a service) or using
such tools for patient recruitment. It does not prohibit a VBE
participant, which could be a skilled nursing facility or assisted
living facility, from otherwise advertising or marketing the patient
care items and services they offer.
h. Direct Connection
Summary of OIG Proposed Rule: At proposed paragraph (hh)(3)(ii), we
proposed that the tool or support furnished to the patient must have a
``direct connection'' to the coordination and management of care of the
target patient population. We proposed to interpret ``direct
connection'' to mean that the VBE participant has a good faith
expectation that the tool or support will further the coordination and
management of care for the patient. We solicited comments on whether to
require a ``reasonable connection'' instead of a ``direct connection.''
We also solicited comments on an alternative proposal that would have
required the VBE participant to make a bona fide determination that an
arrangement to provide tools and supports is directly connected to the
coordination and management of care for the patient. We solicited
comments on whether the ``direct connection'' should be to any of the
four value-based purposes described at proposed paragraph
1001.952(ee)(12)(vii) instead of requiring a direct connection to the
coordination and management of care for the patient.
Summary of Final Rule: We are finalizing the condition, without
modification, at paragraph 1001.952(hh)(3)(ii). Specifically, any
protected tool or support must have a ``direct connection'' to the
coordination and management of care of the target patient population.
We are not finalizing any of the alternative proposals considered in
the OIG Proposed Rule.
Comment: A number of commenters supported our proposal to require
that any protected tool or support furnished to a patient have a direct
connection to the coordination and management of care.
Response: We are finalizing this condition as proposed. As we
explained in the OIG Proposed Rule, we do not believe it should be
difficult for a VBE participant providing the patient engagement tool
or support to clearly articulate the nexus between the tool or support
and the coordination and management of care.
Comment: We received several comments recommending that we require
only a ``reasonable connection'' to coordination and management of
care, rather than a ``direct connection.'' Many commenters expressed a
preference for the ``reasonable connection'' standard because it gives
entities greater flexibility in the provision of patient engagement
tools and supports and is better aligned with the standard that a VBE
participant must have a good faith expectation that the tool or support
will promote the VBE's objectives. A commenter opposed the ``reasonable
connection'' alternative because it would weaken the partnership
between providers that are collaborating to coordinate and manage a
patient's care.
Response: We decline to modify the condition to require only a
``reasonable connection.'' The safe harbor protects the provision of
potentially valuable in-kind remuneration furnished to patients. It is
appropriate for the offerors of potentially valuable remuneration to
carefully evaluate the nexus between the tool or support and the
coordination and management of patient care. In the final rule, we
opted for the ``direct connection'' standard, which will ensure that
the remuneration is closely linked to the goals of the Regulatory
Sprint, including promoting care coordination and value-based care. In
particular, the final safe harbor is designed to protect tools and
supports that are designed to result in higher value and better
coordinated care. The ``direct connection'' standard will help ensure
that protected remuneration specifically and intentionally advances the
goals of the Regulatory Sprint over other possible objectives.
Comment: One commenter supported a condition requiring the VBE to
make a bona fide determination that tools or supports have a direct
connection to the coordination and management of care for a patient.
However, numerous other commenters urged OIG not to adopt such a
requirement, warning that it would be unduly burdensome and create
administrative hurdles that would unnecessarily duplicate the
determination made by a VBE in establishing value-based activities of
the VBE and the role of the VBE participants in carrying out those
activities.
Response: To avoid introducing unnecessary administrative burdens,
and because we believe the other safeguards sufficiently mitigate the
risk of patient harm and program integrity concerns, we are not
finalizing a requirement--considered in the preamble to the OIG
Proposed Rule--that the VBE make a bona fide determination that the
tool or support has a direct connection to the coordination and
management of care. We note, however, that while safe harbors are
voluntary, parties that seek protection for tools and supports under
this safe harbor must strictly satisfy each of the safe harbor's
conditions, including the requirement that the tool or support has a
direct connection to the coordination and management of care. The VBE
and VBE participants may establish satisfaction of this condition in a
variety of ways without such a bona fide determination; of course,
making such a bona fide determination could support satisfaction of
this safe harbor condition.
Comment: Several commenters suggested that OIG broaden the safe
harbor to protect tools and supports that are directly connected to any
of the four value-based purposes articulated in proposed paragraph
1001.952(ee)(12)(vii), rather than requiring a direct connection to a
single value-based purpose, that is, coordination and management of
patient care. Commenters suggested that this would provide greater
flexibility for entities to offer tools and supports connected to the
other three value-based purposes.
Response: We appreciate the commenters' input. However, we
respectfully decline to adopt the commenters' suggestion. We believe
the safe harbor is appropriately limited to the protection of tools and
supports that are directly connected to the coordination and management
of care, which empowers patients to fully participate in the care
coordination activities that are the spirit of the
[[Page 77801]]
Regulatory Sprint. The other three value-based purposes described in
paragraph 1001.952(ee)--improving the quality of care; appropriately
reducing the costs to, or growth in expenditures of, payors without
reducing the quality of care; and transitioning the health care
delivery and payment systems to value-based care--are purposes that the
applicable VBE participants, not patients, are in the best position to
deliver.
In contrast, the coordination and management of care more directly
relates to the patient engagement goals of this safe harbor. At
paragraph 1001.952(ee)(14)(i)), this final rule defines ``coordination
and management of care'' to mean the deliberate organization of patient
care activities and sharing of information between two or more VBE
participants, one or more VBE participants and the VBE, or one or more
VBE participants and patients, that is designed to achieve safer, more
effective, or more efficient care to improve the health outcomes of the
target patient population. This definition provides sufficient
flexibility in designing arrangements for patient engagement that would
be protected by this safe harbor because a broad range of tools and
supports could be tailored to improving health outcomes and achieving
safer and more effective care, while advancing one of the five
enumerated goals at paragraph 1001.952(hh)(3)(vi). For instance, a
program to provide grab bars or handrails to patients recovering from
knee surgery to prevent falls at home could be properly tailored to
improving health outcomes for these patients and designed to achieve
safer, more effective care for this population.
Comment: A commenter sought clarification regarding when an item
has a direct connection to coordination and management of care,
specifically requesting a list of scenarios that would qualify. Another
commenter suggested that we not finalize a description of specific
tools or supports that would be considered to have a direct connection
to the coordination and management of care because doing so could
frustrate the goals of fostering flexibility, adaptability, and
innovation.
Response: We agree with the commenter who suggested that we not
finalize a description of specific tools or supports that would be
considered to have a direct connection to the coordination and
management of care. Consequently, we decline to provide a list of
scenarios linking which tools and supports would qualify as having a
direct connection to the coordination and management of a patient's
care. In taking this approach, we hope to foster innovation and allow
VBEs and VBE participants flexibility in appropriately identifying the
nexus between the tool or support and the coordination and management
of care. Revisiting our example of providing grab bars to patients
recovering from knee surgery, the tool or support in that example has a
direct connection to the coordination and management of care because it
is intended to prevent falls and therefore provides safer and more
effective care for the target patient population (knee surgery
patients).
i. Medical Necessity
Summary of OIG Proposed Rule: In the OIG Proposed Rule's paragraph
1001.952(hh)(3)(v), we proposed that the tool or support must not
result in medically unnecessary or inappropriate items or services
reimbursed in whole or in part by a Federal health care program.
Summary of Final Rule: We are finalizing, without modification,
this condition and relocating it to paragraph 1001.952(hh)(3)(iv).
Comment: A hospital association supported our proposal to protect
only tools and supports that do not result in medically unnecessary or
inappropriate items or services reimbursed by Federal health care
programs.
Response: We are finalizing this safeguard as proposed at paragraph
1001.952(hh)(3)(iv).
Comment: A commenter stated that any incentives protected by the
final safe harbor should not be limited to incentives furnished to
patients for attendance at medically necessary primary care or other
clinically appropriate medical appointments, but also expanded to
incentives for participating in community-based services that could
impact clinical outcomes through addressing patients' social
determinants of health.
Response: This safe harbor protects tools and supports that advance
one or more enumerated goals set out at paragraph 1001.952(hh)(3)(vi),
which include goals related to adherence to treatment regimens and
followup care plans, and prevention and management of diseases and
conditions. For a specific discussion of our treatment of tools and
supports that address social determinants of health, please see the
discussion at III.B.6.f.iv. of this preamble. To qualify for protection
under the safe harbor, any incentives for participation in community-
based services also would need to meet all other safe harbor
conditions, including the condition that the remuneration cannot result
in medically unnecessary or inappropriate items or services reimbursed
in whole or in part by a Federal health care program. We also note that
such community-based services would need to be recommended by the
patient's licensed health care professional (per the condition at
paragraph 1001.952(hh)(3)(v)) and have a direct connection to the
coordination and management of care of the target population (per the
condition at paragraph 1001.952(hh)(3)(ii)).
j. Licensed Health Care Professional Recommendation
Summary of OIG Proposed Rule: We proposed a safe harbor condition
at proposed paragraph 1001.952(hh)(3)(vi) that would provide safe
harbor protection only for tools or supports recommended by the
patient's licensed health care provider. Relatedly, we sought comments
on whether to require a written certification, under 18 U.S.C. 1001 and
1519, from a patient's licensed health care provider certifying that
the particular tool or support is recommended solely to treat a
documented chronic condition of a patient in a target patient
population.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(hh)(3)(v). Based on public comment, we
are revising the language to clarify that the tool or support must be
recommended by the patient's licensed health care ``professional''
rather than ``provider.'' The term ``provider'' is often used to mean a
hospital or other entity that furnishes institutional health care
services. We believe ``professional'' is a clearer description of our
intent in the OIG Proposed Rule that this requirement emphasizes the
importance of a health care professional's medical judgment, as well as
the patient's relationship with a health care professional. We have
made conforming changes in each enumerated goal in paragraph
1001.952(hh)(3)(vi) that referenced a licensed health care provider. We
are not finalizing the written certification requirement.
Comment: A trade association representing physicians supported the
proposal to require that a tool or support must be recommended by the
patient's licensed health care provider. Another commenter stated that
this requirement is a key fraud and abuse protection to ensure that the
safe harbor is not used for improper purposes such as marketing or
patient recruitment, or to steer patients to particular treatments. A
commenter also noted that this requirement helps ensure the centrality
of the patient-provider relationship.
[[Page 77802]]
Another commenter expressed concern that a safe harbor condition
requiring a licensed health care provider's recommendation would lead
to underutilization of valuable tools and supports to treat social
comorbidities. The commenter stated that many tools and supports that
address social comorbidities do not stem from a single condition in
isolation and, therefore, may not be evident to a treating clinician.
Another commenter warned that this requirement could deter use of the
new safe harbor because physicians do not typically recommend the types
of tools and supports that would be most beneficial to patients. More
often, according to the commenter, social workers, case workers, or
others who may not be licensed clinicians would be in a better position
to recommend such patient tools, including those that would address
social determinants of health.
A commenter also urged OIG to include a requirement that clinicians
offering any patient engagement tools and supports instruct patients on
how to use them appropriately.
Response: We agree with commenters who support the condition
because it protects against harms resulting from fraud and abuse and
supports the centrality of the patient-provider relationship. As we
explained in the preamble to the OIG Proposed Rule, this condition is
designed to ensure that the remuneration is specifically focused on
patient care and to underscore the importance of quality of care, the
health care provider's medical judgment, and the patient's relationship
with their provider in developing plans for treatment and care. The
condition also ensures that the professional recommending the tool or
support has undergone some degree of review and is subject to some
level of oversight by a licensing body.
In response to the assertion that this condition would lead to
underutilization of valuable services to treat social comorbidities, we
believe the patient's licensed health care professional is in the best
position to determine whether the tool or support is directly connected
to the coordination and management of the patient's care, advances an
enumerated goal at paragraph 1001.952(hh)(3)(vi), and will not result
in medically unnecessary or inappropriate reimbursable items and
services, as required by the safe harbor. The licensed health care
professional recommending the tool or support can be any type of
licensed health care professional, which should be sufficiently broad
to ensure this safe harbor protects beneficial patient engagement tools
and supports, including those cited by commenters in various
submissions. We recognize that social workers, case workers, and others
who may not be licensed clinicians play an important role in patient
care and are often well-positioned to recommend patient tools,
including those that would address social determinants of health.
However, for purposes of this safe harbor, we are requiring a
recommendation by a licensed health care professional for the reasons
noted above.
We did not propose a definition of ``licensed health care
provider'' or ``licensed health care professional.'' We intended to
require the recommendation of a licensed health care professional, who
would be a person chosen by the patient. The term ``licensed health
care professional'' could include, for example, the following health
care professionals, assuming they are appropriately licensed by an
appropriate State licensing body for each respective profession:
Physicians (including doctors of medicine, osteopathy, dental surgery,
dental medicine, podiatric medicine, and optometry); osteopathic
practitioners; chiropractors; physician assistants; nurse
practitioners; clinical nurse specialists; certified registered nurse
anesthetists; physical therapists; occupational therapists; clinical
psychologists; qualified speech-language pathologists; qualified
audiologists; and registered dietitians or nutrition professionals.\76\
---------------------------------------------------------------------------
\76\ This illustrative list of health care professionals
includes professionals eligible as of 2020 to participate in the
Merit-based Incentive Payment System (MIPS), available at https://qpp.cms.gov/mips/how-eligibility-is-determined.
---------------------------------------------------------------------------
Comment: A commenter warned that requiring a licensed provider's
recommendation could incentivize a provider to recommend a tool or
support for which the provider can subsequently receive remuneration.
Response: To the extent the tool or support is a billable item or
service, we would expect the provider to bill appropriately. The tool
or support would not require safe harbor protection because it would be
furnished by the provider as a covered service. If the provider were to
waive any beneficiary cost-sharing, such cost-sharing waiver would not
be protected by this safe harbor.
Comment: We solicited comments on whether to require a written
certification, under 18 U.S.C. 1001 and 1519, from a patient's licensed
health care provider certifying that the particular tool or support is
recommended solely to treat a documented chronic condition of a patient
in a target patient population. A commenter opined that requiring a
licensed health care provider to document in writing their
recommendation of the tool or support along with the justification, and
requiring the offeror to maintain this documentation, is a reasonable
safeguard. The commenter surmised that such documentation need not be
in the form of a prescription or physician referral but could take the
form of a recommendation that is documented in the care plan or
approved by the care team. A commenter supportive of the certification
requirement recommended that it be enforced through administrative or
civil penalties, rather than potential criminal liability under 18
U.S.C. 1001 and 1519. Other commenters warned that imposing a
certification requirement would be overly burdensome and could have a
chilling effect on provider recommendations, even where the benefits of
the tool or support are clear.
A commenter warned that requiring physicians to certify that a tool
or support is used to treat a documented chronic condition could lead
to a fragmented approach that looks at each condition in isolation,
rather than offering coordinated support for all of a patient's health
care needs.
Response: We are not finalizing a requirement that the patient's
licensed health care professional certify that the tool or support is
recommended solely to treat a documented chronic condition. The final
safe harbor includes a number of other conditions designed in
combination to safeguard against the risk of harms resulting from fraud
and abuse including, among other conditions in the safe harbor, that
the patient engagement tool or support must have a direct connection to
the coordination and management of care, be recommended by the
patient's licensed health care professional, and advance one or more
enumerated goals.
Comment: Commenters also noted that the proposed certification
requirement, especially with criminal penalties attached, would create
a significant barrier to providing patient engagement tools and
supports under this safe harbor. In addition, commenters cited concerns
that a focus on documented chronic conditions would inappropriately
narrow the protections afforded by this safe harbor.
Response: As stated above, we are not finalizing a requirement that
the patient's licensed health care professional certify that the tool
or support is recommended solely to treat a documented chronic
condition. We
[[Page 77803]]
believe the other safeguards are sufficient to allow innovative tools
and supports for a wide array of enumerated goals while safeguarding
against the harms resulting from fraud and abuse.
k. Advances Specified Goals
Summary of OIG Proposed Rule: Under the proposed condition at
paragraph 1001.952(hh)(3)(vii), the tools and supports must advance one
or more of the following enumerated goals: (i) Adherence to a treatment
regimen as determined by the patient's licensed health care provider;
(ii) adherence to a drug regimen determined by the patient's licensed
health care provider; (iii) adherence to a followup care plan
established by the patient's licensed health care provider; (iv)
management of a disease or condition as directed by the patient's
licensed health care provider; (v) improvement in measurable evidence-
based health outcomes for the patient or the target patient population;
or (vi) ensuring patient safety.
Summary of Final Rule: We are finalizing, with modifications, the
requirement at paragraph 1001.952(hh)(3)(vi). Specifically, we are not
finalizing the proposed goal relating to improvement in measurable
evidence-based health outcomes for the patient or for the target
patient population because it is largely captured by the other goals.
The final rule revises the goal of ``management of a disease or
condition'' to read ``prevention or management of a disease or
condition'' to incorporate the element of prevention that was included
at proposed paragraph 1001.952(hh)(3)(i). We are replacing references
in this section to ``licensed health care providers'' with ``licensed
health care professionals'' consistent with the preamble discussion in
the previous section regarding this terminology.
Comment: Several commenters supported protection for these
enumerated goals and appreciated that we did not specify which tools
and supports would advance the specific goals to allow flexibility for
VBE participants and promote innovation in patient engagement
mechanisms, tools, and supports, particularly with respect to rapidly
evolving technologies. A commenter requested that OIG add protection
for adherence to a ``prevention regimen'' and prevention of a disease
to the safe harbor's list of specified goals. Another commenter noted
that the enumerated goals proposed could limit the offering of
innovative tools and supports designed to address social determinants
of health because such tools and supports may not directly link to the
goals set forth in the OIG Proposed Rule.
Response: We are finalizing these goals as proposed, with the
omission of the proposed goal relating to evidence-based health
outcomes and modifications to include prevention of a disease or
condition and to use the term licensed health care professionals. To
avoid inadvertently limiting which tools and supports advance specified
goals and provide VBE participants flexibility and the opportunity to
innovate, we are not providing an exhaustive list of tools and
supports. Indeed, one particular patient engagement tool may satisfy a
number of these enumerated goals. For instance, a device or program
that reminds a patient to take a medication or attend a scheduled
office visit might advance the goals related to adherence to a
treatment regimen, drug regimen, or follow-up care plan, or advance
goals related to prevention or management of a disease or ensuring
patient safety depending, in part, on the functionality and purposes of
the device or program. In response to a commenter's suggestion, we
revised the goal at paragraph 1001.952(hh)(3)(vi)(D) to read ``the
prevention or management of a disease or condition'' so that this safe
harbor is available to protect preventive items, goods, or services
that meet the other safe harbor conditions. Adding a specific goal
relating to preventive items and services also effectuates a change
discussed above, in section III.B.6.e.i, in which we removed the
reference to preventive items, goods, or services that had appeared in
proposed paragraph 1001.952(hh)(3)(i). Furthermore, we note that this
change is consistent with section 1128A(i)(6)(D) of the Act, which
excepts certain remuneration given to individuals to promote the
delivery of preventive care from the definition of ``remuneration'' for
purposes of the Beneficiary Inducements CMP, as further interpreted in
the regulatory exception at paragraph 1003.101.
l. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We sought comments on whether the
final rule should include a safe harbor condition that would prohibit
VBE participants that furnish patient engagement tools and supports
from: (i) Billing Federal health care programs, other payors, or
individuals for those tools or supports; (ii) claiming the value of a
tool or support as a bad debt for payment purposes under a Federal
health care program; or (iii) otherwise shifting the burden of the
value of a tool or support on a Federal health care program, other
payors, or individuals.
Summary of Final Rule: We are not finalizing this proposed
condition.
Comment: Several commenters supported this proposed condition. A
commenter agreed that entities offering tools and supports should not
receive payment for the value of those items or services, but the
commenter asserted that an explicit safe harbor condition prohibiting
receiving payment for tools and supports is unnecessary.
Other commenters suggested different variations on this
prohibition, urging that any safe harbor condition related to billing
for tools and supports should permit entities to bill commercial payors
for tools and supports when, for example, a provider has negotiated
reimbursement terms that permit certain costs to be passed on to third-
party payors. Another commenter urged that OIG prohibit all direct
billing of any costs related to protected tools and supports to
patients but otherwise allow direct billing for tools and supports to
nonpatient third parties. One commenter opposed this cost-shifting
prohibition altogether, arguing that because tools and supports could
result in overall cost savings to payors, those items and services
should be reimbursable.
Response: We are not finalizing this condition. In light of the
combination of safeguards in the final rule, we do not believe the
addition of a cost-shifting prohibition would add appreciable
additional protection for programs or patients. We acknowledge that VBE
participants may have a variety of arrangements with payors, including
reimbursement terms that permit certain costs to be passed on to third-
party payors, and we do not want to foreclose safe harbor protection
for such VBE participants. With respect to direct billing of payors or
individuals for tools and supports, if the tool or support is a covered
item or service under a Federal health care program and a VBE
participant appropriately obtains full payment for such tools or
supports in accordance with applicable coverage and billing rules, then
the VBE participant has not transferred any remuneration to a
beneficiary, and the arrangement would not implicate the Federal anti-
kickback statute. In other words, if a provider or supplier furnishes
items or services that are covered items or services under a Federal
health care program, the provision of those items or services alone
would not implicate the Federal anti-kickback statute.
However, we would note there could be circumstances under which a
VBE participant, when furnishing a covered item or service, does give a
Federal
[[Page 77804]]
health care program beneficiary something of value, thereby implicating
the Federal anti-kickback statute. For example, the Federal anti-
kickback statute would be implicated by a provider waiving or reducing
any required cost-sharing obligations for the covered item or service
incurred by a Federal health care program beneficiary or providing
extra items and services--those that are not part of the covered item
or service--for free. Furthermore, nothing in this rule exempts parties
from responsibility for compliance with all applicable coverage and
billing rules. In addition, nothing in this safe harbor transforms an
item or service--which is not otherwise billable or allowable under the
relevant cost-reporting rules--into a billable or allowable item or
service.
Comment: Several commenters warned that the proposed prohibition on
billing Federal health care programs would render Indian health care
providers ineligible for protection under this new safe harbor because
they are federally funded.
Response: As noted, we are not finalizing this condition.
m. No Selection Based on Payor
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we stated
that we were considering and solicited comments on whether to include a
``consistent provision'' condition, which would require VBE
participants to provide the same patient engagement tools or supports
to an entire target patient population or otherwise consistently offer
tools or supports to all patients who satisfy specified, uniform
criteria.\77\ We noted that such condition would protect against a VBE
participant targeting certain patients to receive tools and supports
based on, for example, the patient's insurance or health status,
resulting in targeting of particularly lucrative patients to receive
tools and supports (cherry-picking) while avoiding high-cost patients
(lemon-dropping). We solicited comments regarding: (i) Whether such a
provision would limit certain VBE participants' ability to offer tools
and supports due to financial constraints; and (ii) why offering tools
and supports to a smaller subset of a target patient population would
be appropriate and not elevate fraud and abuse risks, including cherry-
picking and lemon-dropping.
---------------------------------------------------------------------------
\77\ 84 FR 55729 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing a condition at paragraph
1001.952(hh)(8) that the availability of patient engagement tools and
supports cannot be determined in a manner that takes into account the
type of insurance coverage of the patient.
Comment: A number of commenters expressed concern that a consistent
provision requirement could result in requiring VBE participants to
provide tools and supports to an overly broad population, including
patients for whom such tools or supports are not clinically appropriate
or who do not want the tools or supports. Some commenters posited that
VBE participants need flexibility to tailor the types of tools or
supports to the particular patient and recommended that we protect
remuneration directed at particular subsets or subpopulations of target
patient populations of a VBE, such as higher-risk or higher-cost
patients, or only those patients within the target patient population
who achieve a certain goal. Other commenters suggested that because not
all patients within the target patient population may benefit from any
tool or support, offerors should be permitted to establish in advance
specified criteria by which to evaluate patients for the
appropriateness of any tool or support. For instance, a commenter
suggested that it would be appropriate to limit the provision of
particular tools and supports to subpopulations (e.g., it would be
appropriate to exclude patients residing in an assisted living facility
who receive significant support with their activities of daily living
when furnishing a support such as installing grab bars in patients'
homes to prevent falls). A commenter also noted that some patients may
refuse tools and supports, which could undermine compliance with a
consistent provision requirement.
Response: We acknowledge commenters' concerns regarding the
practical challenges of including a consistent provision requirement
for safe harbor protection. We have instead adopted a condition that
the availability of patient engagement tools and supports cannot be
determined in a manner that takes into account the type of insurance
coverage of the patient, which largely addresses the concerns that
caused us to consider a consistent provision requirement, with fewer
practical challenges. Under this condition, VBE participants offering
protected tools or supports must do so without regard to the patient's
payor type, but nothing in this safe harbor would require a VBE
participant to offer tools or supports when they cannot be used or
accepted, nor would it require patients to accept unwanted tools or
supports in order for the safe harbor to apply. As a practical matter,
this condition also would prevent a VBE--assuming at least one VBE
participant intends to provide protected tools and supports to
patients--from defining its target patient population in a manner that
takes into account patients' payor type.
This requirement addresses the concern we expressed in the OIG
Proposed Rule related to the possibility of discriminatory provision of
tools and supports based on a patient's payor type, but without some of
the complications highlighted by commenters, including concerns
regarding cost. It is possible that a particular tool or support if
offered on a neutral basis unrelated to payor type could result in the
provision of tools and supports primarily to Federal health care
program beneficiaries. Such remuneration would still be protected under
the safe harbor as long as the decision to offer tools and supports was
based on a patient's individual need rather than the patient's payor
type, and assuming the remuneration otherwise meets the requirements of
the safe harbor. More specifically, offering or furnishing tools and
supports to patients based on clinical characteristics, such as
presence of a specified chronic condition, or geographical
considerations, such as a common ZIP Code, would not be precluded even
if the patient population receiving the tools and supports
disproportionally has the same insurance. By way of further
illustration, in the case of a geriatric practice providing tools and
supports to patients above a certain age or with a particular illness,
it is possible that all or virtually all patients would be Medicare
beneficiaries. However, so long as patients receiving the tools and
supports are not selected based on their Medicare insurance status, the
requirement would not be violated. Stated another way, for purposes of
this safe harbor, we would not view a VBE participant offering or
furnishing tools and supports to a population disproportionately
comprised of Medicare beneficiaries to run afoul of this condition
provided that the decision to offer tools or supports is not based upon
the patient's Medicare insurance status. As another further example, a
VBE could define its target patient population--and therefore limit the
scope of potential recipients of tools and supports--based on
individual or family income, which might overlap substantially with
Medicaid or dual-eligible populations but would not be strictly
determined based on an individual's enrollment in Medicaid or as dually
eligible for both Medicare and Medicaid.
[[Page 77805]]
This condition ensures that a potential donor uses actual needs or
related characteristics outside of payor status to determine the
appropriate target patient population rather than the potential value
of future Federally reimbursable items and services provided to such
population. In addition, nothing in this condition would prevent a VBE
participant from offering protected tools and supports only to a
population of uninsured individuals, which we would not consider to be
a determination based on the type of insurance coverage (indeed, as a
preliminary matter, such remuneration would be unlikely to implicate
the Federal anti-kickback statute or Beneficiary Inducements CMP).
Comment: A commenter posited that requiring consistent provision
across the entire target patient population undercuts the requirement
that the tool or support be recommended by the patient's licensed
health care practitioner, which includes clinical judgment of the
clinician and avoids unnecessary waste and other fraud and abuse
concerns. The commenter also noted that VBEs would be forced to create
many iterations of the target patient population with minute
differences to avoid these concerns, which it described as unfeasible.
Response: We believe the final safe harbor does not raise the risks
identified by the commenter because the condition in its final form
does not require consistent provision of tools or supports to every
patient in an entire target patient population specified by the VBE
participant. The final safe harbor also would not require VBE
participants to establish different target patient populations merely
to satisfy a consistent provision requirement. The commenter is correct
that the condition requiring a licensed health care professional's
recommendation is designed to preclude from safe harbor protection
tools and supports provided to patients who do not need them to advance
one of the enumerated goals of this safe harbor.
Comment: Several commenters suggested that providers should have
the ability to test the effectiveness of the tool or support before
committing to widespread provision, noting that VBE participants are in
the best position to make determinations regarding how to allocate
limited resources, including whether to offer tools and supports to
patients. Other commenters highlighted that small practices may be
unable to offer any tools or supports due to financial constraints if
they were required to provide them consistently across a population.
Response: We appreciate these comments regarding potential
challenges associated with requiring consistent provision of tools and
supports across a target patient population. The condition limiting
selection based on payor, as finalized, largely accomplishes the goals
of a consistent provision requirement without triggering the types of
limitations highlighted by these and other commenters. In addition, we
agree that VBE participants in collaboration with any applicable VBE
are in the best position to make a determination regarding whether to
offer and provide a tool or support to patients and emphasize that this
determination remains solely at the discretion of a VBE participant (in
collaboration with the VBE(s) in which the VBE participant
participates).
We are confident the final safe harbor affords VBE participants
sufficient flexibility to furnish protected tools and supports and
assess their effectiveness, as long as all conditions of the safe
harbor are met. For example, a VBE participant may wish to initially
establish a narrowly construed target patient population based on
specific criteria that limits the size and scope of the patients to
whom the VBE participant offers or provides certain tools and supports.
After engaging with that limited target patient population, the VBE
participant could then identify a new, broader target patient
population to whom it offers or provides the same tools and supports.
This type of assessment period--and subsequent expansion to a larger,
more broadly construed target patient population--could be protected if
all conditions of the safe harbor are met, including that the tool or
support advances one of the safe harbor's enumerated goals. The
requirement to advance one or more of the listed goals means, at a
minimum, that the VBE participant reasonably expects the tool or
support to be effective in advancing a goal.
We reiterate that safe harbors are voluntary and that this safe
harbor does not require any individual or entity to offer free or
reduced-cost tools or supports to patients; it sets forth conditions
and limitations to ensure safe harbor protection for the provision of
such tools or supports. VBE participants are free to evaluate the costs
and overall cost savings associated with the provision of patient
engagement tools and supports, and to structure such arrangements in
economically viable ways as long as such structure does not directly
take into account a patient's payor status.
Comment: A commenter supported a prohibition on discriminating
based on insurance or payor type to avoid lemon-dropping or cherry-
picking.
Response: We appreciate the comment and note that we have adopted a
condition designed to prevent lemon-dropping or cherry-picking as it
relates to payor type or lack of insurance. In addition, requirements
for selecting a target patient population and for involvement of the
patient's licensed health care professional provide additional
protections against selecting only lucrative patients (cherry-picking)
or selectively refusing tools and supports for expensive patients
(lemon-dropping).
n. Monitoring Effectiveness
Summary of OIG Proposed Rule: We solicited comments on whether to
add a condition requiring offerors to use reasonable efforts to monitor
the effectiveness of the tool or support in achieving the intended
coordination and management of care for the patient. We also solicited
comments on whether to add a safeguard that would require monitoring to
ensure that the tool or support does not result in diminished quality
of care or patient harm.
Summary of Final Rule: We are not finalizing these conditions
because they are not necessary in light of the totality of other
conditions we are finalizing in this rule.
Comment: Some commenters supported our proposal to require offerors
to use reasonable efforts to monitor: (i) The effectiveness of the tool
or support in achieving its intended purpose; and (ii) to ensure the
tool or support does not result in diminished care or patient harm.
Other commenters opposed this proposal, warning that it would impose an
administrative burden that could negatively impact the ability of
small, rural, and underserved practices to offer tools and supports.
Another commenter noted that it can take a substantial period of time
to realize the effects of any intervention and the measurement of these
effects often utilize outcome measures that may be unreliable. Some
commenters stated that it would be reasonable for the safe harbor to
require the offeror of a particular tool or support to document and
demonstrate outcomes associated with the tool or support, and monitor
use, impact, and quality of such tools and supports. A commenter
recommended that if OIG adopts a monitoring requirement, it should
allow flexibility to entities in designing a monitoring program in
acknowledgment
[[Page 77806]]
of the good faith monitoring efforts undertaken.
Response: We acknowledge the concerns raised by commenters, and we
are not finalizing a monitoring requirement in this final rule. We note
that the safe harbor separately requires that tools and supports must
advance one or more of the specific goals articulated at paragraph
1001.952(hh)(3)(vi). Although the final safe harbor does not contain a
prospective monitoring requirement, the requirement to advance one or
more of the listed goals means, at a minimum, that the VBE participant
reasonably expects the tool or support to be effective in advancing a
goal.
o. Retrieval of Items and Goods
Summary of OIG Proposed Rule: We solicited comments on whether to
include a condition requiring the offeror to make a reasonable effort
to retrieve the tool or support in certain circumstances, such as when
the patient is no longer in the target patient population or the
offeror is no longer a VBE participant. We also solicited comments on
whether a minimum value should trigger any retrieval requirement and
other issues related to the practicality of retrieval.
Summary of Final Rule: We are not finalizing a retrieval
requirement in the final safe harbor.
Comment: Some commenters supported the proposal to require a
reasonable effort to retrieve the tool or support if certain conditions
are met, such as when the patient is no longer within the target
patient population or when the tool or support is valued above a
certain threshold (applying appropriate depreciation). Others requested
that we clarify that any required retrieval efforts would only need to
be reasonable and not hold offerors to unrealistic requirements to
retrieve tools or disable software.
One commenter suggested that in order to ensure that an offeror's
decision to cease retrieval is not driven by an attempt to
inappropriately influence beneficiaries, we could require that
decisions regarding whether and how to retrieve items be reviewed and
approved by the VBE's accountable body or person responsible for the
financial and operational oversight of the VBE.
Other commenters stated that a retrieval requirement would be
administratively burdensome, impossible or wasteful for nontransferable
consumables, counter to clinical recommendations where a patient still
benefits from the tool or support and may prevent potential offerors
from providing tools and supports or discourage patients from accepting
them. Some commenters noted that the reduced value or obsolescence of
the tool or support could render recovery unnecessary, futile, or
disproportionate in cost to the value of the tool or support. Another
commenter noted that retrieval could be impractical or insensitive
following a patient's death and urged us not to finalize the
requirement for that reason. Other commenters recommended that if we do
finalize this requirement, we include exceptions for patient harm and
death and consider only two written attempts at retrieval to be
reasonable.
One commenter noted that offerors may have limited legal right to
tools and may be unable to retrieve them. Commenters asked us to
clarify that if retrieval is not required, offerors still retain the
right to recover tools and supports if they deem it reasonable and
necessary or otherwise make a business decision to retrieve the tool or
support.
Response: We agree with commenters who highlighted the
administrative burdens and other challenges associated with any
retrieval requirement, and we are not finalizing this requirement. We
note, however, that offerors are free to make retrieval efforts or
require the return of tools and supports where it would not harm the
patient, as long as the decision to retrieve or the extent to which
retrieval policies are applied is consistent and not undertaken in a
manner that takes into account the volume or value of referrals of
Federal health care program business. We further note that the safe
harbor separately requires that tools and supports must advance one or
more of the specific goals articulated at paragraph
1001.952(hh)(3)(vi). Although the final safe harbor does not contain a
retrieval requirement, the requirement to advance one or more of the
listed goals means that the VBE participants should cease providing
tools or supports they find to be ineffective. In addition, we note
that the structure of the safe harbor would necessitate termination of
ongoing services (e.g., recurring monthly fees associated with a
fitness center membership) if the individual is no longer part of the
target patient population or the entity is no longer a VBE participant.
p. Monetary Cap
Summary of OIG Proposed Rule: We proposed a monetary cap on the
tools and supports protected under this safe harbor. Specifically, at
proposed paragraph 1001.952(hh)(5), we proposed that the aggregate
retail value of protected tools or supports furnished to a patient by a
VBE participant may not exceed $500 per year unless the tools and
supports are furnished to a patient based on a good faith,
individualized determination of the patient's financial need. We
solicited comments on whether this figure strikes the right balance
between: (i) Flexibility for beneficial tools and supports; and (ii) a
limit on the amount of protected remuneration to shield patients from
being improperly influenced by valuable gifts and to protect Federal
health care programs from overutilization or inappropriate utilization.
We asked whether $500 was too high or too low, and whether a number of
other safeguards or alternatives would be more appropriate.
Summary of Final Rule: We are finalizing, with modifications, an
annual $500 monetary cap at paragraph 1001.952(hh)(5). The final rule
does not include an exception to the cap requirement that would permit
exceeding the monetary cap for patients with demonstrated financial
need. Based on public comments, we are including an inflation adjuster.
Comment: Several commenters supported a monetary cap for many
reasons, including that it provides a bright-line safeguard for program
integrity purposes. Other commenters disagreed with any monetary cap
for several reasons, such as finding it unnecessary due to the
combination of other proposed conditions or asserting that any monetary
cap would be unreasonable because the delivery of care--and tools and
supports related to such care--depends on each patient's particular
needs. Many commenters supported an exception to the proposed cap based
on financial need, while some were concerned with the administrative
burden associated with administering a financial need policy, which
would require individualized determinations of financial need rather
than bright-line limits. A commenter suggested that OIG define
financial need using a validated social need screening tool, such as
the Hunger Vital Sign, a validated, two-question tool used by health
care providers and community-based organizations to identify risk for
food insecurity among youth, adolescents, and adults.
Response: We agree with commenters who stated that a monetary cap
provides bright-line guidance to VBE participants on the value of
acceptable tools and supports. To this end, we are finalizing a
straightforward annual, aggregate $500 cap, subject to an inflation
adjuster. The final rule does not include the proposed condition that
would have allowed the cap to be exceeded, without limitation
[[Page 77807]]
on amount, in instances of good faith, individualized determination of
a patient's financial need. Because we are not finalizing this
condition, we do not need to define financial need.
OIG is mindful that different patients may have different needs and
for some patients tools and supports exceeding a retail value of $500
in the aggregate per year could help improve coordination of their
care, improve health outcomes, and have other beneficial impacts,
particularly for patients with financial need. Nothing in this final
rule makes it necessarily unlawful, in individual cases, for a provider
or other party to furnish for free or below fair market value tools and
supports that exceed $500 per year (nor does this rule make
remuneration under $500 automatically immune from sanctions under the
Federal anti-kickback statute and Beneficiary Inducements CMP unless it
meets all safe harbor conditions). Such arrangements would be evaluated
on a case-by-case basis under the statutes, including with respect to
the intent of the parties. We note that there may be lawful avenues for
providers to offer tools and supports to patients who need tools and
supports that exceed an aggregate of $500 annually, particularly those
experiencing financial need. For example, the local transportation safe
harbor, found at paragraph 1001.952(bb), remains available to protect
certain local transportation furnished to patients, provided that the
local transportation satisfies the requirements of the safe harbor.
With respect specifically to the Beneficiary Inducements CMP,
exceptions exist for remuneration that promotes access to care and
poses a low risk of harm and for renumeration offered to patients
experiencing financial need; the requirements for these exceptions are
found at paragraph 1003.110.\78\
---------------------------------------------------------------------------
\78\ We remind readers that exceptions to the definition of
``remuneration'' under the Beneficiary Inducements CMP apply only
for the purposes of the definition of ``remuneration'' applicable to
section 1128A of the Act (the Beneficiary Inducements CMP); they do
not apply for purposes of section 1128B(b) of the Act (the Federal
anti-kickback statute).
---------------------------------------------------------------------------
In addition, for arrangements involving tools and supports that may
exceed the monetary cap, that implicate the Federal anti-kickback
statute, Beneficiary Inducements CMP or both, and do not meet any other
safe harbor to the Federal anti-kickback statute or exception to the
Beneficiary Inducements CMP, the advisory opinion process remains
available. OIG has previously issued favorable advisory opinions to
health care industry stakeholders seeking to furnish free or below fair
market value tools and supports to patients when such tools and
supports do not squarely satisfy a safe harbor to the Federal anti-
kickback statute, an exception to the Beneficiary Inducements CMP, or
both.\79\
---------------------------------------------------------------------------
\79\ See, e.g., OIG, OIG Adv. Op. No. 17-01, available at
https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-01.pdf
(Mar. 10, 2017) (regarding a hospital system's proposal to provide
free or reduced-cost lodging and meals to certain financially needy
patients); OIG, OIG Adv. Op. No. 19-03 (Mar. 6, 2019), available at
https://oig.hhs.gov/fraud/docs/advisoryopinions/2019/AdvOpn19-03.pdf
(regarding a program offered by a medical center that provides free,
in-home followup care to eligible individuals with congestive heart
failure and the proposed expansion of this program to include
certain individuals with chronic obstructive pulmonary disease).
---------------------------------------------------------------------------
Comment: Several commenters asked for clarity regarding how to
calculate the ``retail value'' of the tools or supports. A commenter
asked OIG to define retail value as the commercial value of the tool or
support to the recipient instead of its fair market value. Several
commenters agreed that if OIG finalized any cap to the annual aggregate
value of protected tools and supports, the cap should apply separately
to each VBE participant, rather than at the VBE level or the value-
based arrangement level, citing the administrative burden associated
with tracking caps for patients receiving tools and supports from
different VBE participants. Others suggested that the cap should adjust
for inflation over time automatically or through other mechanisms.
Response: The aggregate retail value of patient engagement tools
and supports furnished by a VBE participant to a patient may not exceed
$500 on an annual basis. The retail value of the tools and supports
should be measured at the time they are provided to the patient.
Specifically, for purposes of this safe harbor, the retail value is the
commercial cost the patient would have incurred at the time the VBE
participant provides the tool or support if the patient had procured
the tool or support on the open market on their own. We note that, as
proposed, this cap applies per VBE participant and per patient, not at
the VBE level or the value-based arrangement level. A patient may
receive a number of tools and supports from a number of VBE
participants (in one or more VBE) through the course of a year, as long
as no single VBE participant individually provides more than $500 in
aggregate value to the patient per year. The VBE participant providing
the tool or support is responsible for tracking the aggregate retail
value of the tools or supports that it--and only it--provides to the
patient through the course of a year.
VBE participants are not required to monitor the value of tools and
supports provided by other parties--even within the same VBE--to a
particular patient. This should ease any burden of tracking the value
of tools in connection with the aggregate, annual cap. Finally, in
response to commenters' suggestions, we are finalizing an annual
adjustment to the monetary cap to account for inflation. Under this
provision, the monetary cap will be adjusted for inflation to the
nearest whole dollar effective January 1 of each calendar year using
the Consumer Price Index-Urban All Items (CPI-U) for the 12-month
period ending the preceding September 30. OIG will publish an
announcement on its website after September 30 of each year reflecting
the increase in the CPI-U for the 12-month period ending September 30,
and the new monetary cap applicable for the following calendar year.
Comment: A number of commenters suggested increasing the dollar
limit of the cap for all tools and supports. Some commenters suggested
alternatives, such as per-occurrence limitations on value, coupled with
a higher cap. Others proposed increasing the cap or adding additional
exceptions to the cap for categories of tools and supports or specific
tools and supports such as disposable and nondurable items and
supplies; recurring services; ongoing costs for the tool or support
(e.g., batteries and software upgrades); transportation; housing and
home safety items and services; certain digital or other health-related
technologies; home monitoring devices; tools and supports that address
chronic or complex disease management; tools and supports for the
seriously injured; harm-reduction items (e.g., helmets and medication
lockboxes); and other tools and supports that address a patient's
social determinants of health. Several commenters asked OIG to consider
increasing the cap to account for changes in technology or care
innovation over time. Some commenters recommended permitting a higher
cap when the VBE's accountable body or responsible person determines
the circumstances support it. Others recommended a tiered cap system
based on outcomes or on the amount of risk a VBE participant bears.
Response: The generally applicable $500 cap establishes a bright-
line limitation for VBE participants seeking protection under this safe
harbor. We believe the safe harbor conditions, including the monetary
cap, strike an appropriate balance between giving flexibility to VBE
participants to provide beneficial tools and supports to
[[Page 77808]]
patients and protecting programs and patients from the improper
influence of valuable remuneration. We are not finalizing exceptions to
the $500 cap because we believe exceptions would add complexity to this
safe harbor and would raise compliance challenges. Further, tools and
supports of higher value could improperly influence patients to select
treatments or providers not in their best interests, potentially
leading to the harms against which the Federal anti-kickback statute is
designed to protect.
q. Diversion or Resale
Summary of Proposed Rule: We proposed, at proposed paragraph
1001.952(hh)(4), a condition that would have excluded from safe harbor
protection tools or supports if the offeror knew, or should have known,
that the tool or support was likely to be diverted, sold, or utilized
by the patient other than for the express purpose for which the tool or
support was provided.
Summary of Final Rule: We are not finalizing this proposed
condition.
Comment: Several commenters supported this condition, while another
urged us to consider how such limitation may inadvertently restrict
access to these tools. A commenter posited that it is not feasible for
a VBE participant to determine the likelihood of diversion and proposed
instead limitations on categories of tools and supports that are likely
to be abused, such as cell phones. The commenter suggested protection
only for tools and supports that are not likely to be abused or those
likely to improve health, such as helmets, car seats, and medication
lockboxes.
Response: We agree with the commenter who questioned the
feasibility of a VBE participant determining the likelihood of
diversion. We are not finalizing this provision. Other safeguards we
are finalizing in this safe harbor adequately address the concern that
a recipient of a tool or support is receiving it for appropriate
purposes. For instance, the requirement that a licensed health care
professional recommend the tool or support and that it be directly
connected to the coordination and management of care should mitigate
the risk that a tool or support is likely to be diverted or resold.
Similarly, the monetary cap, the requirement that a tool or support
advance an enumerated goal, and the restriction on marketing and
patient recruitment further limit the risk of diversion or resale.
r. Materials and Records
Summary of Final Rule: We proposed at proposed paragraph
1001.952(hh)(6) that VBE participants providing tools and supports
under this safe harbor make available to the Secretary, upon request,
all materials and records sufficient to establish that the tool or
support was distributed in compliance with the conditions of the safe
harbor. We noted that we were considering a requirement that VBE
participants retain materials and records sufficient to establish
compliance with the safe harbor for a set period of time, such as 6 or
10 years. We did not propose specific parameters regarding the creation
or maintenance of documentation in order to allow for flexibility. We
solicited comments on several alternative safeguards.
Summary of Final Rule: We are finalizing, with modification, a
requirement at paragraph 1001.952(hh)(7) that materials and records
sufficient to establish compliance with the safe harbor be made
available to the Secretary, including that those records be kept for a
period of at least 6 years.
Comment: One commenter stated that a rigid documentation
requirement would make clinicians hesitant to use the safe harbor.
Another commenter questioned the need for the proposed condition,
noting that such documentation is already part of the existing
compliance programs. The same commenter further questioned whether OIG
would bring an investigation or pursue a Federal anti-kickback case
based solely on the failure to satisfy a documentation requirement
rather than underlying substantive safeguards. A commenter found
documentation--particularly regarding the goals proposed at paragraph
1001.952(hh)(3)(vii)--to be excessive or impractical. Another commenter
suggested that it would be appropriate for offerors to retain
documentation under this condition for a period of 6 years.
Response: We disagree with the characterization of this
documentation requirement as rigid. The condition does not require a
signed writing in advance of the provision of tools and supports to a
patient, nor does it propose any specific parameters on the type or
form of documentation. It simply requires that parties make available,
on request, documentation sufficient to show that tools or supports
were provided in accordance with the safe harbor's conditions. Safe
harbors offer voluntary protection from liability under the Federal
anti-kickback statute for specified arrangements, and no entity or
individual is required to fit within a safe harbor. Failure to fit
within a safe harbor does not mean a party has violated--or even
implicated--the Federal anti-kickback statute; it simply means the
party may not look to the safe harbor for protection for that
arrangement. It would be prudent for any party relying on a safe harbor
to protect certain arrangements to document compliance with that safe
harbor in some form. For purposes of this safe harbor, we are requiring
VBE participants to retain relevant documentation for a minimum of 6
years. This retention period was recommended by a number of commenters
and it is consistent with the retention period required by the value-
based safe harbors finalized in this rule. In addition, because a 6-
year retention requirement is already present in several existing CMS
regulations, we expect that many parties are familiar with this
retention period and that the maintenance of records is part of their
routine business practices.
s. Notice to Patients
Summary of OIG Proposed Rule: We solicited comments on whether to
require the VBE to provide a patient receiving a tool or support with
written notice identifying the VBE participant and describing the
nature and purpose of the tool or support.
Summary of Final Rule: We are not finalizing this requirement.
Comment: A commenter suggested that verbal, not written, notice
should suffice. Another commenter stated that if such notice is
required, OIG should develop consumer-tested templates to convey the
information in an objective, easily understood way that will not
mislead beneficiaries or create false expectations or reliance on
protected tools and supports. Another commenter objected to any notice
requirement as burdensome and questioned whether OIG would use
investigative resources based on a claim of deficient notice.
Response: We are not finalizing this requirement. We believe that
the appropriate time for the patient to understand the purpose of the
tool or support is at the time a licensed health care professional is
recommending it for the individual patient. While we are not requiring
any formal notice to a patient in this final rule, we expect providers
will naturally communicate the purpose of the tool or support to the
patient at the time it is recommended in furtherance of the
coordination and management of care.
[[Page 77809]]
t. Other Comments
Comment: A commenter asked OIG to clarify that its proposed rule
does not mean that certain existing or hypothetical practices involving
tools and supports to beneficiaries implicate, or constitute violations
of, the Federal anti-kickback statute, such as certain group education
or certain types of gift cards. Other commenters requested that OIG
clarify, in the context of value-based arrangements or otherwise, that
the safe harbor protects remote physiologic monitoring tools and
services at no or low cost, and furthermore that providing access to
software-based platforms for patient-generated health data analytics or
telemedicine at no or low cost does not violate the Federal anti-
kickback statute.
Response: We decline to provide further guidance related to the
various comments summarized above because any analysis of whether any
of the various practices and conduct implicate the Federal anti-
kickback statute or would be protected by this safe harbor would depend
on the facts and circumstances specific to the practice or conduct. We
note, however, that the provision of at least some of the tools and
supports described above (e.g., tools that facilitate remote
monitoring) could be protected by this safe harbor. Parties may seek an
OIG advisory opinion for a determination regarding a proposed or
existing arrangement.
Comment: A commenter requested clarification regarding the
intersection of the proposed safe harbor and the existing safe harbors
or exceptions to the definition of ``remuneration'' under the
Beneficiary Inducement CMP. Another commenter asked whether an entity
is precluded from using the so-called ``promotes access to care
exception'' \80\ if it becomes a VBE. Furthermore, the commenters asked
whether an entity that is a VBE can use both the new safe harbor and
the existing exception with the same patients. A commenter asked that
we adopt a CMP exception corresponding to the patient engagement and
support safe harbor.
---------------------------------------------------------------------------
\80\ Section 1128A(i)(6)(F) of the Act; 42 CFR 1003.110.
---------------------------------------------------------------------------
Response: The Federal anti-kickback statute and Beneficiary
Inducements CMP are separate statutes with separate safe harbors and
exceptions, respectively. Any remuneration implicating the Federal
anti-kickback statute need only satisfy one safe harbor to be protected
under the statute. Similarly, any remuneration implicating the
Beneficiary Inducements CMP need only satisfy one exception under that
statute to be protected. As a matter of law, arrangements that fit in
an anti-kickback safe harbor are also protected under the Beneficiary
Inducements CMP.\81\ This means that the final safe harbor for patient
engagement and support offers protection under the Beneficiary
Inducements CMP as well as the Federal anti-kickback statute. The
converse is not true, however. Arrangements that fit in an exception to
the Beneficiary Inducements CMP are not automatically protected under
the anti-kickback safe harbor. A party that is a VBE participant can
use any exception under the Beneficiary Inducements CMP for which its
arrangement qualifies. In some cases, an arrangement that does not fit
in the new safe harbor for patient engagement and support might qualify
for protection under the ``promotes access to care exception'' or
another CMP exception; this protection would not apply to the anti-
kickback statute.
---------------------------------------------------------------------------
\81\ A practice permissible under the Federal anti-kickback
statute, whether through statutory exception or regulations issued
by the Secretary, is also excepted from the Beneficiary Inducements
CMP. Section 1128A(i)(6)(B) of the Act.
---------------------------------------------------------------------------
Comment: A commenter noted that this safe harbor does not have a
corresponding exception under the physician self-referral law.
Response: The commenter is correct. The physician self-referral
law, section 1877 of the Act, does not prohibit remuneration exchanged
between physicians or entities and patients, so a corresponding
exception would not be necessary.
7. CMS-Sponsored Model Arrangements and CMS-Sponsored Model Patient
Incentives (42 CFR 1001.952(ii))
Summary of OIG Proposed Rule: We proposed to create a new safe
harbor at paragraph 1001.952(ii) to: (i) Permit remuneration between
and among parties to arrangements (e.g., distribution of capitated
payments, shared savings or losses distributions) under a model or
other initiative being tested or expanded by the Innovation Center
under section 1115A of the Act or under the Medicare Shared Savings
Program under section 1899 of the Act (collectively ``CMS-sponsored
models''); and (ii) permit remuneration in the form of incentives
provided by CMS-sponsored model participants and their agents under a
CMS-sponsored model to patients covered by the CMS-sponsored model. We
proposed certain additional conditions, including a requirement that
patient incentives have a direct connection to the patient's health
care.
Summary of Final Rule: We are finalizing, with modifications, the
safe harbor as proposed at paragraph 1001.952(ii). We are revising the
introductory text of paragraphs 1001.952(ii)(1) and (2) to clarify that
CMS determines the specific types of financial arrangements and
incentives to which safe harbor protection will apply; safe harbor
protection will not necessarily apply to every possible financial
arrangement or incentive that CMS-sponsored model parties may wish to
implement as they participate in the Medicare Shared Savings Program or
an Innovation Center model. We are finalizing without substantive
change the remainder of proposed paragraph 1001.952(ii)(1) regarding
the conditions for safe harbor protection of financial arrangements
under a CMS-sponsored model.
We are finalizing with some modification the conditions for safe
harbor protection of CMS-sponsored model patient incentives at
paragraph 1001.952(ii)(2). First, this final rule specifies at
paragraph 1001.952(ii)(2)(ii) that the patient incentive must have a
direct connection to the patient's health care unless the participation
documentation expressly specifies a different standard, in which case
that standard must be met. Second, as explained more fully below, we
are moving certain language from the proposed definition of ``CMS-
sponsored model patient incentive'' in paragraph 1001.952(ii)(3) to the
conditions of safe harbor protection in paragraph 1001.952(ii)(2).
Third, we are modifying the safe harbor to provide at paragraph
1001.952(ii)(2)(iii) that an individual other than the CMS-sponsored
model participant or its agent may furnish an incentive to a patient
under a CMS-sponsored model if that is specified by the participation
documentation.
Finally, we are relocating the general substance of the provision
that permits patients to retain incentives they received under the CMS-
sponsored model from paragraph 1001.952(ii)(2)(v) to new paragraph
1001.952(ii)(4)(iii). We are finalizing the safe harbor definitions at
paragraph 1001.952(ii)(3) largely as proposed. As noted above, we are
relocating a portion of the definition of ``CMS-sponsored model patient
incentive'' to the conditions of safe harbor protection in paragraph
1001.952(ii)(2). In addition, we are clarifying the definition of
``CMS-sponsored model arrangement'' to refer to ``a financial
arrangement,'' which is consistent with our discussion of the
definition in the OIG Proposed Rule.\82\ Last, we made two minor
technical
[[Page 77810]]
revisions to the definition of ``CMS-sponsored model party.''
---------------------------------------------------------------------------
\82\ 84 FR 55731 (Oct. 17, 2019).
---------------------------------------------------------------------------
We are addressing the duration of safe harbor protection at new
paragraph 1001.952(ii)(4). We are making a technical edit to the
introductory language in proposed paragraph 1001.952(ii)(2) to replace
the phrase ``if all of the conditions of paragraph (ii)(2)(i) through
(v) are met of this section'' with ``if all of the following conditions
are met.''
Modifications to the scope of the safe harbor, conditions of
protection, and its duration are summarized and explained in the
preamble sections that follow.
a. General Comments
Comment: We received several comments that generally supported
finalizing a safe harbor for CMS-sponsored models and agreed with the
goals set forth in the OIG Proposed Rule. For example, a commenter
posited that the safe harbor could encourage greater voluntary
participation in new CMS-sponsored models. Commenters also expressed
support for a simplified and standardized approach rather than
disparate OIG waivers, with tailored conditions, for CMS-sponsored
models.
Some commenters expressed concern about the impact of any safe
harbor on existing waivers of the fraud and abuse laws issued by OIG
that currently apply to CMS-sponsored models, and about our ability or
willingness to issue future waivers. For example, a commenter noted
that there are benefits to model-specific waivers that may not be
realized in a safe harbor.
Response: A goal of this safe harbor is to provide uniformity and
predictability for those participating in CMS-sponsored models, which
are testing innovations to improve quality and lower cost. As we stated
in the OIG Proposed Rule, this safe harbor does not supersede OIG's
existing fraud and abuse waivers for CMS-sponsored models. Existing
model waivers will continue in effect in accordance with the waiver
terms. A CMS-sponsored model party may structure arrangements that
might otherwise implicate the Federal anti-kickback statute,
Beneficiary Inducements CMP, or both to meet the terms of an applicable
fraud and abuse waiver or any applicable safe harbor. In addition, the
promulgation of this safe harbor does not preclude OIG from issuing
model-specific waivers in the future. We note, however, that we would
expect OIG's issuance of model-specific waivers in the future to be
infrequent. We expect that model participants in new CMS-sponsored
models will be able to use this new safe harbor.
b. Scope of the Safe Harbor and Definitions
Summary of OIG Proposed Rule: We proposed to create a new safe
harbor at paragraph 1001.952(ii) to protect certain financial
arrangements and patient incentives related to the Medicare Shared
Savings Program under section 1899 of the Act and models established
and tested by CMS under section 1115A of the Act. At proposed paragraph
1001.952(ii)(3), we proposed to define the following terms that shape
the scope of the safe harbor: ``CMS-sponsored model, ``CMS-sponsored
model arrangement,'' ``CMS-sponsored model participant,'' ``CMS-
sponsored model party,'' ``CMS-sponsored model patient incentive,'' and
``participation documentation.''
Summary of Final Rule: We are finalizing, with modifications, the
defined terms. We have modified the definition of ``participation
documentation'' by removing the phrase ``is currently in effect.'' This
phrase is unnecessary in the context of a definition. Temporal language
is more appropriate in the new paragraph 1001.952(ii)(4) that specifies
the duration of safe harbor protection. In addition, we have modified
the definition of ``participation documentation'' by replacing the
reference to ``cooperative agreement'' with the phrase ``legal
instrument setting forth the terms and conditions of a grant or
cooperative agreement.'' The purpose of this change is to accommodate
future CMS-sponsored models that may be implemented by a type of grant
that is not a cooperative agreement and to accurately characterize the
relevant documentation for such forms of Federal funding.
Comment: We received several comments recommending that we expand
the safe harbor beyond ``CMS-sponsored models,'' as we proposed to
define that term. For example, some commenters requested protection for
arrangements and patient incentives related to other waivers,
demonstrations, value-based arrangements, and commercial payors such
as: (i) Arrangements under State Innovation Waivers granted pursuant to
section 1332 of the Affordable Care Act; (ii) arrangements involving
commercially insured patients that operate ``alongside'' an arrangement
related to the CMS-sponsored model if the commercial arrangement is
identical in all respects to the CMS-sponsored model arrangement; (iii)
arrangements needed to support CMS-approved Medicaid Alternative
Payment Models and delivery system initiatives; (iv) arrangements
established in the Medicare Physician Fee Schedule and Merit-based
Incentive Payment System (MIPS); and (v) arrangements between
organizations participating in any CMS-led or CMS-supported
demonstration authorized by statute.
Some commenters also sought to have the safe harbor protect tools
and supports furnished to patients who are: (i) Approved by CMS through
a Medicaid section 1115 waiver; (ii) approved by CMS as a State Plan
Amendment; or (iii) allowed through Supplemental Benefit for
Chronically Ill Enrollees in the Medicare Advantage program. Another
commenter recommended that the safe harbor protect arrangements under
any model where the Secretary has sufficient authority to waive the
Federal fraud and abuse laws.
In contrast, we received support for limiting the scope of
protection to what we set forth in the OIG Proposed Rule, with some
commenters opposing broadening the safe harbor to protect remuneration
for models or demonstrations under other sections of the Act. For
example, a commenter opposed broadening the scope of the safe harbor,
suggesting that it is appropriate for the Federal anti-kickback statute
to serve as ``backstop.''
Response: We have carefully considered the comments requesting
expansion of this safe harbor beyond CMS-sponsored models, as that term
is as defined in the OIG Proposed Rule. We are finalizing the scope of
the safe harbor as proposed. This safe harbor is designed to work in
tandem with the Innovation Center's models under section 1115A of the
Act and the Medicare Shared Savings Program under section 1899 of the
Act. It permits a certain amount of flexibility, which is sufficiently
low risk because CMS includes program integrity safeguards in the
Medicare Shared Savings Program and the Innovation Center models. There
may be variation in program integrity safeguards and oversight in other
initiatives, even if the authorizing statute permits the waiver of
fraud and abuse laws.
We are tailoring the scope of the safe harbor to include the
Medicare Shared Savings Program under section 1899 of the Act and
models established and tested by CMS under sections 1115A and of the
Act. Both the Medicare Shared Savings Program and Innovation Center
models are: (i) Designed to coordinate and redesign care; and (ii)
contain program integrity oversight and safeguards. In addition, the
Innovation Center oversees the development, testing, and monitoring of
models.
[[Page 77811]]
Furthermore, CMS-sponsored model participants may undergo certain
screening to participate in a model or the Medicare Shared Savings
Program and may be subject to documentation and reporting requirements
to promote transparency in the model or program. This level of CMS
involvement and oversight may not be present in many of the programs,
waivers, and demonstrations cited by the commenters. To the extent that
the Department has the authority to issue fraud and abuse waivers for
the Medicare Shared Savings Program or Innovation Center models, the
issuance of any such waivers remains an option to protect certain
arrangements in those programs. In addition, other safe harbors may
protect many arrangements that may otherwise implicate the Federal
anti-kickback statute and Beneficiary Inducements CMP, and that
participants in the types of programs described above may desire to
implement.
Comment: A commenter asked that this safe harbor protect a broad
range of incentives given to patients such as transportation, nutrition
support, home monitoring technology, and gift cards.
Response: This safe harbor protects patient incentives for which
CMS has determined that this safe harbor is available. Thus, CMS
defines in the participation documentation the scope of the model or
program and the arrangements or incentives permitted under the model or
program. Depending on the particular CMS-sponsored model's parameters,
the safe harbor could protect a broad range of incentives, including
those cited by the commenter. If the CMS-sponsored model prohibits a
particular type of incentive, then it would not be protected by this
safe harbor. Similarly, we note that CMS defines which entities may
provide an incentive. For example, if the CMS-sponsored model is a
State-based model where the State or State Medicaid agency implements
the model through care-delivery partners in a State, the Innovation
Center may expressly specify that such State partners may provide CMS-
sponsored model patient incentives under the model on behalf of the
State.
We are modifying the proposed definition of ``CMS-sponsored model
patient incentive'' at paragraph 1001.952(ii)(3)(v) for simplicity and
to consolidate at paragraph 1001.952(ii)(2) language regarding the
conditions of safe harbor protection.
We proposed to define ``CMS-sponsored model patient incentive'' to
mean remuneration not of a type prohibited by the participation
documentation and is furnished consistent with the CMS-sponsored model
by a CMS-sponsored model participant (or by an agent of the CMS-
sponsored model participant under the CMS-sponsored model participant's
direction and control) directly to a patient under the CMS-sponsored
model. We are moving the phrase ``furnished consistent with the CMS-
sponsored model'' to paragraph 1001.952(2)(v), and we are moving the
requirement regarding who may furnish the patient incentive to
paragraph 1001.952(2)(iii). We are relocating the language so it will
appear where the other conditions for patient incentives are enumerated
under paragraph 1001.952(ii)(2), rather than including these
requirements within the definition of ``CMS-sponsored model patient
incentive.'' We do not intend for this to be a substantive change.
Comment: A commenter recommended expanding the safe harbor to
include incentives given to patients who the CMS-sponsored model
participant believes in good faith are covered, or within a reasonable
period will be covered, by a CMS-sponsored model. The commenter noted
as an example that the Comprehensive ESRD Care Model has shown that 120
or more days may elapse between the time when a Medicare beneficiary
commences dialysis treatment and the time by which the ESRD Seamless
Care Organization receives confirmation of beneficiary alignment.
Response: As with the scope of permissible types of incentives, the
Innovation Center defines the scope of patients who may be eligible to
receive such incentives. We recognize that, depending on how the
Innovation Center has designed the model, a CMS-sponsored model
participant may not know exactly which beneficiaries are in the model
or aligned to the model participant at the time the beneficiary could
benefit from a patient incentive. By definition, a ``CMS-sponsored
model patient incentive'' is remuneration that is not of a type that is
prohibited by the participation documentation. Also, as a condition of
safe harbor protection, the incentive must be furnished consistent with
the CMS-sponsored model. To the extent that the Innovation Center
intends for incentives to be furnished before any beneficiary alignment
is finalized, and the participation documentation or programmatic
requirements do not prohibit such incentives, an incentive given before
final alignment could still meet the condition set forth in paragraph
1001.952(ii)(2)(v) and qualify for safe harbor protection if all other
terms of the safe harbor are met.
Comment: A commenter noted that we proposed to define ``CMS-
sponsored model'' to include a model expanded under section 1115A(c) of
the Act and requested further clarity on how this safe harbor would
apply to ``Phase II'' testing of an Innovation Center model. The
commenter noted that risks and benefits of financial arrangements and
patient incentives under a model may change within a given model's
design due to a change in scope.
Response: The safe harbor would protect arrangements and incentives
consistent with the CMS-sponsored model regardless of the model's phase
of testing. We agree with the commenter that risks and benefits of
financial arrangements and patient incentives under such models may
change, but the Innovation Center would continue to set the parameters
of what is being tested. If a CMS-sponsored model participant's
arrangements or incentives meet the terms of the safe harbor, which
incorporates elements of the model design, then the arrangements or
incentives would be protected.
c. Conditions for Safe Harbor Protection
Summary of OIG Proposed Rule: We proposed safeguards to ensure that
arrangements protected by this safe harbor operate as intended by CMS,
including requirements that: The remuneration not induce the furnishing
of medically unnecessary services or reduce or limit medically
necessary care (proposed at paragraph 1001.952(ii)(1)(ii)); the
remuneration not induce referrals of patients outside the CMS-sponsored
model (proposed at paragraph 1001.952(ii)(1)(iii)); the parties make
materials and records available to the Secretary upon request (proposed
at paragraphs 1001.952(ii)(1)(v) and 1001.952(ii)(2)(iii)); the parties
satisfy programmatic requirements imposed by CMS (proposed at
paragraphs 1001.952(ii)(1)(vi) and 1001.952(ii)(2)(iv)); and a patient
incentive offered under the safe harbor have a direct connection to
patient care (proposed at paragraph 1001.952(ii)(2)(ii)).
Summary of Final Rule: We are finalizing, with modifications, the
conditions of this safe harbor. Specifically, paragraph
1001.952(ii)(2)(ii) is finalized with a modification to provide that
the CMS-sponsored model patient incentive must have a direct connection
to the patient's health care, unless the participation documentation
specifies a different standard. We are liberalizing and relocating to
paragraph 1001.952(ii)(2)(iii) language regarding
[[Page 77812]]
who may furnish a CMS-sponsored model patient incentive. Specifically,
a CMS-sponsored model patient incentive must be furnished by a CMS-
sponsored model participant (or by an agent of the CMS-sponsored model
participant under the CMS-sponsored model participant's direction and
control), unless otherwise specified by the participation
documentation. We also are moving to paragraph 1001.952(ii)(2)(v) the
proposed language specifying that a CMS-sponsored model patient
incentive must be ``furnished consistent with the CMS-sponsored
model.'' As proposed, the relocated provisions were essentially
conditions of safe harbor protection. To improve the clarity of the
final rule, we are moving the provisions to appear with the other
conditions for protecting CMS-sponsored model patient incentives.
Comment: A commenter suggested that safe harbor protection should
apply as long as the remuneration at issue meets all programmatic
requirements and the terms of the model participation agreements or
other participation documentation. The commenter expressed concern that
incorporating additional substantive requirements in the safe harbor
beyond the model's contractual and programmatic requirements could: (i)
Limit the ability to tailor program integrity requirements for specific
models; and (ii) potentially lead to inconsistent or conflicting
formulations of similar concepts such as between the safe harbor and
the model's contractual and programmatic requirements. The commenter
illustrated this concern by explaining that the Innovation Center may
test a model that allows for the provision of patient incentives that
have no direct connection to the patient's health care and instead
includes a different safeguard. Another commenter, while supporting the
all-encompassing approach to the safe harbor, stated that the specific
requirements regarding protected parties are redundant because they are
already currently embedded within most of the Innovation Center model
participation requirements. Another commenter urged OIG to look
carefully at the safe harbor conditions and modify any conditions that
impose an undue burden or that are unclear.
Response: We appreciate the desire to streamline the safe harbor's
conditions as much as possible. However, if we were to add a condition
requiring satisfaction of all programmatic requirements and all terms
of the model participation agreements and other participation
documentation to ensure safe harbor protection, then some arrangements
or incentives might not be protected due to potentially inadvertent
failures to satisfy model requirements that may not bear on the
particular financial arrangement or patient incentive. We recognize
that implementing a safe harbor rather than continuing with model-by-
model fraud and abuse waivers may result in an approach less tailored
to the specific model. Similarly, in an effort to encompass an array of
possible models, we may have introduced some redundancy through defined
terms or safe harbor conditions that also could appear in programmatic
requirements for a particular CMS-sponsored model. However, we believe
the benefits of having a safe harbor available that provides
consistency and certainty to parties considering participation in a
CMS-sponsored model outweigh the concerns related to any possible
redundancy.
The conditions we are finalizing generally either rely on
parameters CMS will specify as part of the CMS-sponsored model or
address important program integrity concerns and resemble conditions
previously included in model-specific waivers (e.g., the condition
prohibiting parties from offering, paying, soliciting, or receiving
remuneration in return for, or to induce or reward, any Federal health
care program referrals or other Federal health care program business
generated outside of the CMS-sponsored model). CMS defines the
parameters of the model, which includes the types of financial
arrangements and incentives that could receive safe harbor protection.
Finally, as we noted in the OIG Proposed Rule, the condition requiring
that the patient incentive have a direct connection to the patient's
health care is consistent with the design of all CMS-sponsored models
contemplated as part of this safe harbor.
However, to provide additional flexibility for the Innovation
Center to design future models and in response to commenters, we are
modifying the condition such that CMS may specify in the participation
documentation a standard other than ``direct connection to the
patient's health care.'' If CMS does not specify a particular standard
that would contrast with a ``direct connection to the patient's health
care,'' then this standard remains. In other words, if CMS does not
specify any particular standard to which the incentive must relate,
then the standard is that it must directly relate to the patient's
health care. If, for example, a CMS-sponsored model permitted
incentives related to social determinants that might not ``directly''
relate to a patient's health, and the participation documentation
specified that the incentive must bear a ``reasonable'' connection to
the patient's health, then compliance with the ``reasonable
connection'' standard would satisfy the safe harbor condition.
As we stated in the OIG Proposed Rule, to reduce administrative
burden, parties under a CMS-sponsored model would have flexibility to
determine which type of documentation would best memorialize the
arrangement such that they could demonstrate safe harbor compliance,
including through a collection of documents as opposed to one
agreement.\83\
---------------------------------------------------------------------------
\83\ 84 FR 55732 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: A commenter expressed concern that the safe harbor
condition requiring an arrangement to satisfy ``other programmatic
requirements'' would leave the protection for these arrangements
significantly uncertain.
Response: The regulatory text that we proposed and are finalizing
requires that the CMS-sponsored model participant satisfies (or CMS-
sponsored model parties satisfy) such programmatic requirements as may
be imposed by CMS in connection with the use of this safe harbor. The
phrase ``other programmatic requirements'' appeared in the preamble of
the OIG Proposed Rule \84\ and needed to be considered in the context
of the totality of the condition. The programmatic requirements that
parties would have to satisfy to qualify for safe harbor protection
would be set out in the CMS-sponsored model's participation
documentation or would be otherwise publicly available. Therefore, we
disagree with the commenter that the protection would be uncertain,
since any programmatic requirements specified by the Innovation Center
and incorporated into the safe harbor by reference in this condition
would be in participation documentation or otherwise would be publicly
available.
---------------------------------------------------------------------------
\84\ Id.
---------------------------------------------------------------------------
Comment: A commenter recommended that OIG specify that the safe
harbor is automatically applicable to CMS-sponsored models absent any
affirmative exclusion of a CMS-sponsored model from protection by the
safe harbor by OIG, rather than requiring the Innovation Center to
specify that the safe harbor applies to a particular model.
Response: We did not propose and are not adopting this
recommendation because safe harbor protection may not be necessary to
test all models or for every arrangement within a model that the
Innovation Center may test under section 1115A of the Act. This
approach
[[Page 77813]]
allows the Innovation Center to evaluate each model and determine
whether waivers are necessary for parties to enter into certain
arrangements to effectuate the purposes of the particular model. CMS
has broad authority to develop and define the Innovation Center models,
what the models are testing, and the scope of participation in the
models. It is important, therefore, that CMS affirmatively state that
the safe harbor would be available for specific CMS-sponsored model
arrangements and CMS-sponsored model patient incentives within a
particular model or initiative. As we stated in the OIG Proposed Rule,
CMS would determine whether the safe harbor protection would be
available for arrangements or patient incentives under the particular
CMS-sponsored model.\85\ We also explained that we would expect CMS to
notify CMS-sponsored model participants, through participation
documentation, or other public means as determined by CMS, when CMS-
sponsored model participants may use this safe harbor under a CMS-
sponsored model.\86\ To ensure that it is clear that CMS determines the
arrangements or incentives (and not just the models, in general) for
which safe harbor protection is available, this final rule makes a
technical correction to the proposed regulatory text to remove ``in a
model'' in paragraph 1001.952(ii)(1) and ``under a model'' in paragraph
1001.952(ii)(2).
---------------------------------------------------------------------------
\85\ 84 FR 55731 (Oct. 17, 2019).
\86\ Id.
---------------------------------------------------------------------------
Because this safe harbor was not available when existing models
began, we recognize that the applicable participation documentation
would not affirmatively reference that this safe harbor is available
for particular arrangements or incentives as required by paragraphs
1001.952(ii)(1) and (2). Consequently, we clarify that for the Medicare
Shared Savings Program and any existing model that has a fraud and
abuse waiver issued by OIG, CMS may determine that this safe harbor is
available for specific CMS-sponsored model arrangements and CMS-
sponsored model patient incentives that began prior to issuance of this
final rule. To do so, CMS would at its discretion issue a public notice
or notice to individual CMS-sponsored model participants that such
parties can seek protection for such arrangements under this safe
harbor as of the effective date of that notice. For example, if a
particular CMS-sponsored model has a waiver for patient engagement
incentives, the parties may rely either on the fraud and abuse waiver
or, following notice from CMS that this safe harbor may be available
for protection of future incentives, this safe harbor provided all of
the waiver's or safe harbor's conditions, as applicable, are met.
d. Duration
Summary of OIG Proposed Rule: We proposed that the duration of safe
harbor protection would align with the duration of the participation
documentation under a CMS-sponsored model, including a period of time
after that model ends to allow for reconciliation.\87\ We indicated
that we might finalize one or a combination of the following options:
(i) Terminating protection after the end of the performance period or
within a certain time period after the end of a performance period;
(ii) terminating protection upon termination of the CMS-sponsored model
participation documentation or within a certain period of time after
that; and (iii) terminating protection after the last payment or
exchange of anything of value made by a CMS-sponsored model party under
a CMS-sponsored model occurs, even if the model has otherwise
terminated. We also solicited comments on whether a CMS-sponsored model
participant should be able to continue to provide the outstanding
portion of any service to a patient if the service was initiated before
its participation documentation terminated or expired.
---------------------------------------------------------------------------
\87\ Specifically, the OIG Proposed Rule stated that the ``safe
harbor would protect the last payment or exchange of value made by
or received by a CMS-sponsored model party following the final
performance period that the CMS-sponsored model participant that is
a party to the arrangement participates in the CMS-sponsored
model.'' 84 FR 55733 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are adding a new paragraph
1001.952(ii)(4) that specifies timeframes for when safe harbor
protection begins and ends. The details of each timeframe are explained
in greater detail below.
Comment: While generally agreeing with our proposal that most safe
harbor protections should end at the conclusion of the model, a
commenter suggested that there are some instances when OIG should
consider extended safe harbor protection for CMS-sponsored model
patient incentives. For example, a commenter recommended that OIG
continue safe harbor protection if ceasing protection would affect
continuity of care for patients or if the protected incentives promoted
positive outcomes for the patient. Similarly, another commenter
recommended that patients be allowed to retain any incentives received
prior to the termination or expiration of the participation
documentation of the CMS-sponsored model participant. Furthermore, the
commenter also recommended protecting participants who continue to
provide the same service to a patient for a terminated model if the
service was initiated before the model was terminated or expired.
Response: We agree with commenters, in part. The proposed
regulatory text at paragraph 1001.952(ii)(2)(v) stated that patients
would be permitted to retain any incentives received prior to the
termination or expiration of the participation documentation of the
CMS-sponsored model participant. We are finalizing that proposed
provision in this final rule, but it is now included in paragraph
1001.952(ii)(4)(iii).
We also agree that there are circumstances where it may be
appropriate to continue protection for patient incentives given after
the date on which the model concludes. However, this safe harbor
protects only patient incentives that are furnished consistent with the
CMS-sponsored model. In the OIG fraud and abuse waiver context, we have
protected patient incentives that continued past expiration or
termination of an agreement for a certain period of time. For example,
in connection with the Bundled Payments for Care Improvement (BPCI)
Advanced Model, we indicated that the waiver for beneficiary incentives
would continue to apply for patients who were in a ``clinical episode''
that began during an ``Agreement Performance Period,'' as those terms
were defined in the Participation Agreement for that particular model,
recognizing that the clinical episode might not conclude before the end
of the Agreement Performance Period.\88\ However, not all models may be
tied to particular clinical episodes. If a model ends, or a particular
CMS-sponsored model participant's participation documentation
terminates, the safe harbor would not protect patient incentives
indefinitely, even if the incentive benefits or improves outcomes for a
particular patient. More specifically, we are providing at new
paragraph 1001.952(ii)(4)(iii) that safe harbor protection would
continue for incentives given on or after the first day on which
patient care services may be furnished under the CMS-sponsored model as
specified by CMS in the
[[Page 77814]]
participation documentation and no later than the last day on which
patient care services may be furnished under the CMS-sponsored model,
unless a different timeframe is established in the participation
documentation (e.g., a clinical episode if such a concept is
incorporated into a model). Thus, if the participation documentation
expressly specifies a period of time beyond the end of a final
performance period or other termination event during which a CMS-
sponsored model patient incentive may be given, then that incentive
would be protected during that extended timeframe, assuming all other
safe harbor conditions are met. If the participation documentation does
not specify an extended timeframe, then this safe harbor protects only
incentives furnished until the last day on which patient care services
may be furnished under the CMS-sponsored model (e.g., the last day of
the final performance period). In addition, for clarity, we are
specifying that protection for CMS-sponsored model patient incentives
begins on or after the first day on which patient care services may be
furnished under the CMS-sponsored model as specified by CMS in the
participation documentation. In general, this would be the first day of
the first performance period during the model.
---------------------------------------------------------------------------
\88\ See Notice of Amended Waivers of Certain Fraud and Abuse
Laws in Connection With the Bundled Payments for Care Improvement
Advanced Model (Jan. 1, 2020), available at https://www.cms.gov/files/document/notice-amended-waivers-certain-fraud-and-abuse-laws-connection-bundled-payments-care-improvement.pdf.
---------------------------------------------------------------------------
This approach is generally consistent with timeframes incorporated
into fraud and abuse waivers for existing models. We further note that
some arrangements that cease to meet the requirements of this safe
harbor could be structured to fit into the safe harbor for patient
engagement and support at paragraph 1001.952(hh).
Comment: With respect to CMS-sponsored model arrangements, a
commenter recommended that the safe harbor protect the last payment or
exchange of value made or received by a CMS-sponsored model party
following the final performance period in which the CMS-sponsored model
participant that is a party to the arrangement participates, even if
the model has otherwise terminated.
Response: We agree, and it was our intent in the OIG Proposed Rule
that the safe harbor protect remuneration exchanged pursuant to CMS-
sponsored model arrangements for a limited period of time after the
CMS-sponsored model expires or is terminated to allow for necessary
reconciliation. We are addressing the duration of safe harbor
protection in new paragraph 1001.952(ii)(4), which provides greater
clarity than addressing the issue in certain defined terms. We address
both the start date and end date for protection in a manner that aligns
with the particular CMS-sponsored model. The start or end date for
protection may differ depending on whether the CMS-sponsored model is
governed by participation documentation in the form of a legal
instrument setting forth the terms and conditions of a grant or a
cooperative agreement. For remuneration provided in connection with
arrangements under a CMS-sponsored model governed by participation
documentation other than a legal instrument setting forth the terms and
conditions of a grant or cooperative agreement, the safe harbor
protects the exchange of remuneration between CMS-sponsored model
parties that occurs on or after the first day on which services under
the CMS-sponsored model begin and no later than six months after the
final payment determination made by CMS. The first day on which
services begin is often the first day of the first performance period
of a model, which may be referred to in the participation documentation
as the ``Start Date.'' If a CMS-sponsored model has an ``implementation
period'' included in the participation documentation, the first day on
which ``services under the CMS-sponsored model begin'' would be the
first day of the implementation period, unless otherwise specified by
CMS in the participation documentation. For a CMS-sponsored model
governed by a legal instrument setting forth the terms and conditions
of a grant or cooperative agreement, the safe harbor protects the
exchange of remuneration between CMS-sponsored model parties that
occurs on or after the first day of the period of performance (as
defined at 45 CFR 75.2), which is specified in the Notice of Award, or
such other date specified in the participation documentation and no
later than six months after closeout occurs pursuant to 45 CFR 75.381.
We emphasize, however, that the safe harbor protects only
remuneration between or among CMS-sponsored model parties under a CMS-
sponsored model arrangement for which CMS has determined that this safe
harbor is available, and that a ``CMS-sponsored model arrangement''
includes only ``a financial arrangement between or among CMS-sponsored
model parties to engage in activities under the CMS-sponsored model . .
. .'' Therefore, the safe harbor does not protect remuneration
exchanged between CMS-sponsored model parties for activities such as
care coordination or other patient-care activities that occur before
the model begins or beyond the termination or expiration of the model.
Any such activities that are undertaken after the model expires or is
terminated are not ``activities under the model.'' \89\ Payment that is
made within the specified timeframe in paragraph 1001.952(ii)(4)(i) or
(ii) for such services that were completed prior to termination or
expiration of the final model performance period can be protected,
similar to reconciliation payments that would necessarily be completed
after expiration or termination of the final model performance period.
In addition, CMS may specify that no remuneration may be exchanged
after termination of the participation documentation if a participant
is terminated from the CMS-sponsored model for cause. Any such
remuneration would be prohibited by the model and thus not protected by
the safe harbor. We also recognize that some CMS-sponsored model
participants might want protection for certain arrangements that begin
before a model starts (``pre-participation''). This safe harbor
protects only financial arrangements among, and patient incentives
furnished by, parties participating in the CMS-sponsored model. Any
pre-participation arrangements not governed by participation
documentation (in contrast to arrangements in an implementation period
that is part of a CMS-sponsored model, as explained above) would need
to comply with existing law, including another safe harbor, or CMS
could request a fraud and abuse waiver be issued to cover activities in
the pre-participation time period.
---------------------------------------------------------------------------
\89\ In contrast, some CMS-sponsored models may require various
administrative or analytical services that can occur only after a
model terminates or expires (e.g., data or financial analysis,
including services related to the reconciliation process).
Remuneration related to those required activities, which would be
described in the participation documentation, would be protected by
this safe harbor, if all conditions are met.
---------------------------------------------------------------------------
8. Cybersecurity Technology and Related Services (42 CFR 1001.952(jj))
Summary of OIG Proposed Rule: We proposed to establish a new safe
harbor at paragraph 1001.952(jj) to protect nonmonetary donations of
certain cybersecurity technology and related services to help improve
the cybersecurity posture of the health care industry. We proposed to
define ``cybersecurity'' as the process of protecting information by
preventing, detecting, and responding to cyberattacks, and we proposed
to include within the scope of covered technology any software or other
types of information technology, other than hardware. In an effort to
foster
[[Page 77815]]
beneficial cybersecurity donation arrangements without permitting
arrangements that might negatively impact beneficiaries or Federal
health care programs, we proposed a number of conditions on
cybersecurity donations protected by the safe harbor. We also included
an alternative proposal to protect donations of cybersecurity hardware
in more limited circumstances. These proposals are summarized in more
detail in following sections of this preamble.
Summary of Final Rule: We are finalizing, with modifications, the
safe harbor at paragraph 1001.952(jj). The modifications are summarized
in more detail in following sections. This safe harbor will protect
arrangements intended to address the growing threat of cyberattacks
impacting the health care ecosystem. In addition to software and other
types of information technology, the final safe harbor will protect
certain cybersecurity hardware donations that meet conditions in the
safe harbor. We are not finalizing our alternative proposal to require
parties to conduct a risk assessment prior to donating hardware.
a. General Comments
Comment: Most commenters generally supported OIG's proposed
cybersecurity technology and related services safe harbor, with several
commenters supporting the safe harbor as proposed. Some commenters
highlighted that patients and providers of all sizes benefit when small
and under-resourced providers can better protect themselves against
cybersecurity threats. For example, a commenter stated that the safe
harbor would significantly benefit small and rural provider groups that
lack the required resources to install needed cybersecurity measures.
Another commenter stated that four in five physicians in the United
States currently have experienced some form of cybersecurity attack
compromising patient privacy.\90\ According to a commenter, with the
growing cost of cybersecurity software, it is essential that
stakeholders be able to donate cybersecurity software to entities with
which they interact that may not be able to afford the software. This
commenter highlighted the threat that infiltrated data systems could
lead to the corruption of health records, while another commenter
explained that patient safety is the most critical concern when
cyberattacks occur, especially when they impact a patient's electronic
health records or medical devices. At least one of these commenters
noted that cyberattacks could result in disclosure of sensitive patient
information and could alter the treatment that a patient is prescribed,
among other negative consequences.
---------------------------------------------------------------------------
\90\ See Healthcare and Public Health Sector Coordinating
Councils, Health Industry Cybersecurity Practices: Managing Threats
and Protecting Patients, available at https://www.phe.gov/Preparedness/planning/405d/Documents/HICP-Main-508.pdf.
---------------------------------------------------------------------------
Response: We agree that there is an urgent need to improve
cybersecurity hygiene in the health care industry to protect patients
and the health care ecosystem overall. As discussed in more detail
below, we are finalizing the safe harbor, with several modifications.
Comment: A small number of commenters expressed general concerns
about the proposal. One commenter warned that the safe harbor should
not be used to further intentional or unintentional anticompetitive
behavior, while another commenter stated that a safe harbor of this
kind is bound to be abused, regardless of the types of safeguards OIG
implements. Another commenter asked OIG to reconsider this safe harbor
and whether cybersecurity protection and any donations related to the
same are understood sufficiently at this time to warrant a safe harbor.
Response: While we appreciate the concerns expressed by these
commenters, we believe that this safe harbor can be an important tool
to help the health care industry address the prevalent and increasing
cybersecurity threats facing the industry, which can negatively impact
the quality of care delivered to beneficiaries, among other things.\91\
Any donation of valuable technology or services to physicians or other
sources of Federal health care program referrals may pose the risk of
harms associated with fraud and abuse, and such risk may increase as
the value of the donated technology or services increases. Similarly,
any time a health care industry stakeholder is permitted to give
something for free or at a reduced cost to actual or potential referral
sources, there is a risk that such donation or discount will affect
competition because entities with greater financial resources may be in
a better position to provide the donation or discount or a more
valuable donation or discount. However, we believe that the combination
of safeguards in the safe harbor, as finalized, appropriately balances
the risks against the potential benefits of properly structured
donations to help address the critical cybersecurity needs of the
health care industry.
---------------------------------------------------------------------------
\91\ See for example Health Care Industry Cybersecurity Task
Force, Report on Improving Cybersecurity in the Health Care
Industry, June 2017 (HCIC Task Force Report), available at https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf
(recommending safe harbor protection for cybersecurity donations).
---------------------------------------------------------------------------
b. Purpose of Donation
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(jj)(1) to limit safe harbor protection to donated technology
and services that are necessary and used predominantly to implement and
maintain effective cybersecurity. We solicited comments on the breadth
of protected technology and services, particularly surrounding
multifunctional technologies and services that might have use or value
to a recipient beyond implementing and maintaining effective
cybersecurity, such as donations that are otherwise used in the normal
course of a recipient's business, which we did not propose to protect.
Summary of Final Rule: We are finalizing, with modifications, our
proposal to limit the applicability of the cybersecurity safe harbor to
technology and services that are necessary and used predominantly to
implement, maintain, or reestablish cybersecurity. However, in the
final cybersecurity safe harbor as established here, this limitation
will be placed in the introductory paragraph of 1001.952(jj), instead
of a condition in 1001.952(jj)(1). (The remaining conditions of the
safe harbor will be finalized with redesignated numbering to account
for this organizational change; for example, proposed paragraph
1001.952(jj)(2)(i) will be finalized at paragraph 1001.952(jj)(1)(i),
and so forth). We are also removing the phrase ``certain types of''
before ``cybersecurity technology and services'' from the introductory
paragraph to avoid ambiguity regarding the scope of the safe harbor. As
finalized, the cybersecurity safe harbor introductory paragraph will
read as follows: As used in section 1128B of the Act, `remuneration'
does not include nonmonetary remuneration (consisting of cybersecurity
technology and services) that is necessary and used predominantly to
implement, maintain, or reestablish effective cybersecurity, if all of
the conditions in paragraphs (jj)(1) through (4) of this section are
met.
This organizational change does not alter the scope of remuneration
protected by the safe harbor. This reorganization of the final
cybersecurity safe harbor is intended to ensure consistency with the
EHR safe harbor, without altering or affecting the substance of the
``necessary and used predominantly'' standard as discussed in the
proposed rule. As finalized, the introductory paragraph of the
[[Page 77816]]
cybersecurity safe harbor mirrors the introductory paragraph in the EHR
safe harbor at paragraph 1001.952(y), which provides that donated items
or services must be necessary and used predominantly to create,
maintain, transmit, receive, or protect electronic health records. We
believe this consistency is especially important insofar as certain
cybersecurity software may be donated under both safe harbors.
Comment: A number of commenters supported the ``necessary and used
predominantly'' standard. A commenter noted that this provision would
ensure the legitimacy of donations and help differentiate the
technology and services that may have multiple uses beyond
cybersecurity. Another commenter urged OIG to require a clear nexus
between the cybersecurity donation and the business relationship. The
commenter explained that the cybersecurity technology should be
necessary for the provision of the services involved, such as when a
hospital donates cybersecurity technology to a physician to ensure the
secure transfer of personal health information and thus improve care
coordination for shared patients. The commenter stated that this safe
harbor should not protect cybersecurity technology donations that are
used as a way to entice new business.
Response: The goal of this condition is to ensure that donations
are made to address the legitimate cybersecurity needs of donors and
recipients, not to induce new Federal health care program business. We
decline to adopt the ``clear nexus'' standard suggested by the
commenter, and we reiterate that the donation must be ``necessary''
under this condition. It is unlikely that a donation would be necessary
for the donor or recipient to implement, maintain, or reestablish
effective cybersecurity if it is not connected to the underlying
services furnished by either party (e.g., ensuring the secure transfer
of information between the parties).
We explained in the OIG Proposed Rule that the core function of the
donated technology or service must be to protect information by
preventing, detecting, and responding to cyberattacks. We also provided
a nonexhaustive list of examples of technology and services that we
believed would be necessary and used predominantly to implement,
maintain, or reestablish effective cybersecurity.\92\
---------------------------------------------------------------------------
\92\ These examples included any services associated with
developing, installing, and updating cybersecurity software; any
kind of cybersecurity training services, such as training recipients
how to use cybersecurity technology, how to prevent, detect, and
respond to cyber threats, and how to troubleshoot problems with the
cybersecurity technology (e.g., ``help desk'' services specific to
cybersecurity); and any kind of cybersecurity services for business
continuity and data recovery services to ensure the recipient's
operations can continue during and after a cyberattack. 84 FR 55735-
55736 (Oct. 17, 2019). Additional examples are in this final rule.
---------------------------------------------------------------------------
We are not finalizing a risk assessment condition (described in
more detail in section III.B.8.g), but parties remain free and are
encouraged as a general matter to obtain a risk assessment to evaluate
their cybersecurity needs. We are finalizing a condition whereby donors
may not directly take into account the volume or value of referrals or
other business generated between the parties when determining the
eligibility of a potential recipient for donated technology or
services, or the amount or nature of the technology or services to be
donated. This should address the concern regarding parties that
improperly use the safe harbor for donations to entice new business.
Comment: Another commenter suggested that in cases where
cybersecurity is built into software that gives physicians access to a
hospital's computer system, the technology and services should be
deemed to be necessary and used predominantly to implement and maintain
cybersecurity.
Response: Software that gives physicians access to a hospital's
computer system may be protected if it meets all conditions of the safe
harbor. However, software that has multiple functions, one of which is
cybersecurity, would not meet the necessary and predominant use
standard in the introductory paragraph at 1001.952(jj). Conversely, if
software has multiple functions but cybersecurity is the predominant
function, then that software may be eligible for protection under this
safe harbor. Available safe harbor protection of specific software
would require an analysis of the facts and circumstances specific to
particular arrangement. The advisory opinion process remains available
for parties that seek an individualized determination from our office.
Comment: A commenter representing the dental industry urged OIG to
permit, with appropriate safeguards, both nonmonetary donations and
monetary remuneration for the purchase of cybersecurity technologies
and services. The commenter suggested that permitting monetary
remuneration in appropriate circumstances could help alleviate the
final rule's unintended adverse effects on competition, such as when a
donor wishes to supply cybersecurity technology to two competing small
providers, and one of the small providers has already purchased the
technology but the other has not. The commenter asserted that
protecting monetary reimbursement to the first provider and an in-kind
donation to the second provider would be fairer than protecting a
donation to one competitor and not the other.
Response: We respectfully disagree with the suggestion to protect
monetary remuneration or reimbursement for cybersecurity technology and
services. As explained elsewhere in this final rule, we view cash and
cash-equivalent remuneration to potential referral sources as
inherently higher risk under the Federal anti-kickback statute and the
Beneficiary Inducements CMP. We also highlight that the example
provided by the commenter likely would not satisfy the other conditions
of this safe harbor even if it protected monetary remuneration in the
form of reimbursement. For instance, reimbursing a provider for
technology and services already obtained by a provider would not
satisfy the condition that the donation be necessary and predominantly
used to implement, maintain, or reestablish effective cybersecurity. In
particular, if the recipient already has an effective cybersecurity
program, any monetary reimbursement likely would be viewed as
duplicative and not used to implement, maintain, or reestablish
effective cybersecurity, in addition to being outside the scope of
remuneration protected by this safe harbor, which is limited to in-kind
remuneration.
Comment: A commenter suggested that the scope of permissible
cybersecurity services under paragraph 1001.952(jj)(1) should be broad
and varied, provided that the donated services substantially further
the interests of strengthening cybersecurity for the end user. The
commenter agreed with our proposal that donors should have the
discretion to choose the level of cybersecurity technology and services
they donate to physicians (or other health care providers) based on a
risk assessment of the potential recipient or based on the risks
associated with the type of interface between the parties.
Response: We are not adopting the commenter's suggestion. Requiring
the donation to be necessary and used predominantly to implement,
maintain, or reestablish effective cybersecurity is an appropriate
safeguard that limits safe harbor protection to the legitimate
cybersecurity needs of donors and recipients.
[[Page 77817]]
a. Protected Donors
Summary of OIG Proposed Rule: We did not propose in regulatory text
to restrict the types of individuals and entities that may qualify for
protection under this safe harbor as donors, but we indicated that we
were considering some restrictions. We solicited comments on whether
particular types of individuals and entities should be ineligible for
protection under the safe harbor.
Summary of Final Rule: We are finalizing a policy to protect all
donors, without any limitations on the type of individual or entity
donating cybersecurity technology and services, as long as the other
conditions of the safe harbor are satisfied.
Comment: A number of commenters recommended that the safe harbor
protect a broad range of donors, with commenters suggesting that
limitations on donors could stifle advances in care coordination,
health information security, or both. Commenters stated that other
conditions of the safe harbor, including the written agreement
requirement and restrictions on taking into account referrals, would
effectively safeguard against potential abuses. Commenters provided a
number of examples of entities encompassing a range of stakeholder
types that desire to make cybersecurity donations. A commenter
highlighted potential industry confusion regarding whether the proposed
safe harbor would protect donations by cybersecurity vendor firms to
patients and requested clarification that such donations do not
implicate the Federal anti-kickback statute.
Response: We agree with the commenters who urged protection for a
broad range of donor entities and individuals, and we are finalizing an
agnostic approach to the types of individuals and entities that may
donate technology and services protected by this safe harbor. The need
to improve the cybersecurity posture of the health care industry is
paramount to restrictions on donors traditionally found in other safe
harbors, such as paragraph 1001.952(y). Donations of cybersecurity
technology and services are self-protective measures the industry can
take because a cybersecurity breach to a recipient's system can have a
devastating impact on the donor and others connected to its system.
As we stated in the OIG Proposed Rule, the donor-type restrictions
included in the EHR safe harbor at paragraph 1001.952(y) are necessary
in that safe harbor and distinguishable from the cybersecurity safe
harbor because donations under the EHR safe harbor facilitate the
exchange of clinical information between a recipient referral source
and the donor, and present a greater risk that the donation is for the
donor to secure additional referrals from the recipient or otherwise
influence referrals or other business generated. We are confident that
the other safeguards in this safe harbor appropriately address the
risks associated with permitting parties to donate valuable technology
and services to potential referral sources such that a limitation on
the scope of protected donors is not necessary.
In response to the comment inquiring about donations from
cybersecurity vendor firms, such donations may not implicate the
Federal anti-kickback statute or the Beneficiary Inducements CMP (e.g.,
when the donor is not in a position to induce, influence, or even
receive referrals of Federal health care program business or to
influence a beneficiary's selection of a particular practitioner,
provider, or supplier). Any analysis of donations by cybersecurity
vendor firms would require an evaluation of the facts and circumstances
to determine whether the Federal anti-kickback statute or the
Beneficiary Inducements CMP is implicated.
Comment: Several organizations representing individuals and
entities in the laboratory industry recommended making laboratories
ineligible as protected donors. For example, a commenter stated that
the same concerns surrounding inclusion of pathology practices and
laboratories under the EHR safe harbor apply to cybersecurity
donations. According to a commenter, when laboratories were protected
donors under the EHR safe harbor, physicians implicitly or explicitly
conditioned referrals on EHR donations, and EHR vendors encouraged
physicians to request more costly EHR software and services from
laboratories, putting laboratories in an untenable position. The
commenter expressed concern that the same could happen with
cybersecurity donations if laboratories were protected under this safe
harbor. Another commenter added that protecting laboratories and
pathology practices under the safe harbor could negatively affect
access to health care services, quality, competition, costs to Federal
health care programs, and utilization, and that the proposed condition
related to the volume and value of referrals would not sufficiently
curb the risk of abuse.
Response: We appreciate the concerns raised by commenters
representing the laboratory industry, particularly in light of the
industry's experience with the EHR safe harbor. As finalized, the
cybersecurity safe harbor does not contain any limitations on the type
of individual or entity eligible for protection. All individuals and
entities, including laboratories, play a role in protecting the health
care ecosystem from cybersecurity threats. The promulgation of this
regulation, however, does not require laboratories to donate
cybersecurity technology or services, nor does it restrict laboratories
from charging fair market value for any cybersecurity technology and
services furnished.
To address the concerns about potential recipients conditioning
referrals on donations, we are finalizing a condition at paragraph
1001.952(jj)(1)(ii) that prohibits recipients from conditioning
referrals and future business on a cybersecurity donation. Donations or
solicitations of cybersecurity technology and services conditioned on
business or in exchange for Federal health care program referrals would
not be protected by this new safe harbor and would be highly suspect
under the Federal anti-kickback statute.
b. Permitted Recipients
Summary of OIG Proposed Rule: The proposed safe harbor would
protect donations of cybersecurity technology and related services to
any individual or entity without limitation, including when the
recipient is a patient. We indicated that we were considering whether
additional or different safeguards would be appropriate, particularly
when the recipient is a patient, and solicited comments on this topic.
Summary of Final Rule: We are finalizing, without modification, our
proposal to protect donations of cybersecurity technology and related
services to any individual or entity without limitation and without any
additional or different safeguards for any recipient.
Comment: A number of commenters agreed with the proposal to protect
all potential recipients of cybersecurity donations, including
patients. A commenter stated that it is valuable to provide patients
with a limited amount of cybersecurity protection to protect patient
medical records, particularly as patients and providers become more
interconnected. Another commenter recommended protecting donations to
patients to facilitate secure transmission of data from devices
prescribed to patients and secure communication between the patient and
the health care provider. A commenter noted that with the expected
increase of patient-generated health data there will be an increased
need to ensure that all data
[[Page 77818]]
sources and endpoints, including remote monitoring systems used by
patients, use good cybersecurity practices.
Response: We agree with commenters that the scope of protected
recipients should be unrestricted and should include patients; in
particular, cybersecurity donations to patients can serve as a valuable
tool in protecting health information, devices, and communications in
an increasingly interconnected environment.
Comment: Commenters suggested additional safeguards to ensure
prevention of fraud and abuse with respect to donations to patients
including: (i) A monetary limit on the donation; (ii) measures that
would limit the donation to something the patient does not already
possess; and (iii) restrictions against any type of multifunctional
software or device. Another commenter perceived, with the growth of
application programming interface (API) connections, a need to use
techniques such as those outlined by the Open Web Application Security
Project (OWASP) to protect the confidentiality and integrity of the
patient's health record. Conversely, another commenter suggested that
it is unlikely that a patient would be incentivized to seek treatment
from a provider solely because of the offer of cybersecurity protection
due to the limited nature of these cybersecurity donations.
Response: We believe that the final rule has appropriate safeguards
against fraud and abuse with respect to donations to patients without
the addition of conditions specific to such donations. For example, we
are finalizing the restrictions against donors and recipients
conditioning referrals and other business on cybersecurity donations.
We also are finalizing the requirement in the introduction paragraph to
1001.952(jj) that a donation be necessary and used predominantly for
cybersecurity purposes, as explained in more detail section III.B.8.b.
If a patient already possesses appropriate technology and services,
a donation of duplicative or equivalent technology and services likely
is unnecessary for cybersecurity purposes, and multifunctional
donations are unlikely to satisfy the predominant use standard. There
may be specific facts and circumstances in which the safe harbor would
protect replacement cybersecurity technology. For example, if a
potential recipient's technology is outdated and poses a security risk,
replacement cybersecurity technology would likely be necessary
depending on the specific facts and circumstances.
We have designed this safe harbor while recognizing the critical
need to protect patient data and privacy from cyberattacks. The safe
harbor conditions, as finalized, help ensure that cybersecurity
donations to patients address that critical need and mitigate the risk
of fraud or abuse stemming from such donations. Additional safeguards
specific to donations to patients are not needed. This safe harbor also
does not change other laws, regulations, or other requirements related
to the privacy and security of patient data. Parties seeking to donate
cybersecurity technology to a patient may have other obligations under
other laws to safeguard patient data.
The safe harbor does not require donations to meet specific
standards to protect patient data from cyberattacks or other
cybersecurity threats. Parties are free to choose the cybersecurity
technology or services that best meet their needs and achieve
cybersecurity goals as long as the donation meets all conditions of the
safe harbor. For example, while not required for safe harbor
protection, parties could elect to agree that any donated technology
must satisfy certain third-party standards, is certified by a third
party, or is certified or approved through another method to ensure the
donation can provide necessary cybersecurity safeguards. Voluntarily
meeting a third-party standard does not mean the donation is protected
by this safe harbor. To receive safe harbor protection, donated
technology or services must otherwise satisfy the conditions of the
safe harbor.
Comment: A commenter recommended that OIG consider limiting
recipients to those entities with an ``established relationship'' with
the donor, such that there is evidence that the donor and recipient
interface. The commenter offered as an example a requirement that a
physician practice has to have providers who are members of a health
system's medical staff in order for such practice to receive a
protected donation from the health system. For a protected donation by
a physician practice to a patient, the commenter suggested requiring
the patient be an ``established patient'' of the practice.
Response: For this cybersecurity safe harbor, we are not adopting
the commenter's recommendation to require an established relationship
between the donor and the recipient. Although we have incorporated a
similar ``established patient'' concept in the local transportation
safe harbor at paragraph 1001.952(bb), we believe such limitation might
work against the stated goal of this safe harbor to enable widespread
improvements to the cybersecurity of the connected health care
ecosystem through appropriate donations. We note that other safeguards
included in the final safe harbor, such as the requirement in the
introduction paragraph to 1001.952(jj) that the donation be necessary
and used predominantly to implement, maintain, or reestablish effective
cybersecurity, as well as restrictions against marketing or related to
the volume and value of referrals and other business generated, serve
to protect against the concerns addressed by the ``established
patient'' concept in other safe harbors, such as the local
transportation safe harbor, and are more workable for this safe harbor.
Comment: A commenter stated that donations of technology to a
patient may need to be treated differently from donations to a practice
or provider because any donation to a patient would rely on a single
software use license, which is difficult to implement and manage.
Furthermore, the commenter stated that a donation to a patient may
require additional services to implement such technology on patients'
devices, which is not practical to offer on a large scale. According to
the commenter, providers donating such technology may not have the
resources to provide support services to patients and may wish to
donate technical support services via third parties. But the commenter
highlighted that using third parties to provide such services may
create additional risks for providers and confusion for patients.
Response: We appreciate that cybersecurity technology and services
donations to patients involve different considerations, and we
anticipate that donors will evaluate those considerations before making
donations to patients. Safe harbors are voluntary, and providers are
under no obligation to donate cybersecurity technology and services to
patients or to structure arrangements to satisfy the conditions of the
safe harbor finalized here. As we stated in the OIG Proposed Rule,
protected donations may include services associated with installing and
updating cybersecurity software as well as cybersecurity training
services, such as training recipients on how to use the technology and
troubleshoot problems with the cybersecurity technology. The donor
could furnish such donated services on its own or contract with a third
party to furnish such services.
We reiterate that a donation to patients also must be necessary.
The determination of which cybersecurity technology and services are
necessary for patients likely will look much different than such
determination with
[[Page 77819]]
respect to health care entities. Patients' interaction with or access
to a health care provider's system or network is often more limited
than another health care provider's interaction or access. For example,
patients may interact or access a health care provider's system through
a patient portal or by authorizing a third party to access their
electronic health data through a mobile application. In those
instances, cybersecurity likely is built into the patient portal, the
authentication mechanism, or the API services used by the mobile
application. We expect that providers evaluating potential donations to
patients would take into account existing cybersecurity measures and
the nature of the patient's interaction with or access to systems when
determining whether any donation to the patient is necessary.
e. Definition of ``Cybersecurity''
Summary of OIG Proposed Rule: We proposed to define
``cybersecurity'' as the process of protecting information by
preventing, detecting, and responding to cyberattacks. The proposed
definition was derived from the National Institute for Standards and
Technology (NIST) ``Framework for Improving Critical Infrastructure
Cybersecurity'' (NIST CSF).\93\ We intended to define cybersecurity
broadly to avoid unintentionally limiting donations.
---------------------------------------------------------------------------
\93\ See NIST CSF, Version 1.1 (Apr. 2018), available at https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing this definition with
certain clarifications at paragraph 1001.952(jj)(5)(i).
Comment: Several commenters agreed with the proposed definition of
``cybersecurity,'' derived from the NIST CSF, and commenters generally
agreed that the final rule should include a broad definition to provide
sufficient flexibility. A commenter was generally supportive of the
definition of ``cybersecurity'' but believed it should include the
process of protecting information through ``identifying'' and
``recovering'' from cyberattacks, to account for the entire lifecycle
of a cyberattack. The commenter surmised that the addition of
``recovering'' would protect ``backup services'' that support
reestablishing cybersecurity and reduce the impact of ransomware
extortion. Relatedly, several commenters noted that the OIG Proposed
Rule omitted the word ``reestablish'' in the first condition at
paragraph 1001.952(jj)(1), making it inconsistent with the parallel
exception to the physician self-referral law as proposed by CMS.
Commenters urged OIG to adopt text that includes ``reestablish'' in
the first condition at paragraph 1001.952(jj)(1). Specifically, several
commenters recommended that paragraph 1001.952(jj)(1) read, ``[t]he
technology and services are necessary and used predominantly to
implement, maintain, or reestablish effective cybersecurity'' (emphasis
added). Commenters asserted that the inclusion of ``reestablish'' in
the safe harbor would make explicit that the safe harbor protects post-
incident activities, such as the donation of a consultant's time to
assist with conducting root cause analyses and identifying needed
procedural improvements.
Response: We agree that we should rely on the NIST CSF as a basis
to define ``cybersecurity'' and believe that this definition, as
finalized, provides sufficient flexibility while also providing an
appropriately defined scope of what is protected under the safe harbor
consistent with the goals of the safe harbor. As explained in the OIG
Proposed Rule, the goal of this definition is to broadly define
cybersecurity and avoid unintentionally limiting the scope of
donations. For this reason, we also removed the phrase ``certain types
of'' before ``cybersecurity technology and services'' from the initial
paragraph at 1001.952(jj) to avoid ambiguity; cybersecurity technology
and services that meet all conditions of the safe harbor are protected.
We are not adding additional terms to the definition because the
definition of ``cybersecurity'' is derived from the NIST CSF
glossary.\94\ We believe the use of the NIST CSF definition, in
combination with the conditions of this safe harbor, provides donors
and recipients needed flexibility while also mitigating the risks of
fraud and abuse. The NIST CSF is widely accepted across public and
private sectors, all types of industries, and international
organizations. It provides a commonly understood language for donors
and recipients seeking to use this safe harbor to improve their
cybersecurity posture. While this safe harbor does not condition
protection of donations on compliance with the NIST CSF, we encourage
potential donors and recipients to ensure a comprehensive, systematic
approach to identifying, assessing, and managing cybersecurity risks.
---------------------------------------------------------------------------
\94\ Id. at 45.
---------------------------------------------------------------------------
The additional terms suggested by commenters, such as
``identifying'' and ``recovering,'' also appear in the NIST CSF. The
NIST CSF organizes basic ``cybersecurity activities'' into five
functions: Identify, protect, detect, respond, and recover.\95\ The
definition of ``cybersecurity'' in this safe harbor likely would apply
to donations of cybersecurity technology and services that are used
predominantly and are necessary for these five functions and the
related subfunctions and cybersecurity outcomes that are part of the
NIST CSF. We have not been persuaded to adopt a more specific
definition of cybersecurity by incorporating specific terminology from
the NIST CSF and we are finalizing the definition as proposed for the
policy reasons explained above.
---------------------------------------------------------------------------
\95\ Id. at 6.
---------------------------------------------------------------------------
In response to commenters who said that the term ``reestablish''
was not in the first condition at paragraph 1001.952(jj)(1), we are
finalizing a clarification to extend protection to donations that are
necessary and used predominantly to implement, maintain or reestablish
effective cybersecurity. This change is reflected in the final version
of the initial paragraph for 1001.952(jj). As we noted in the preamble
to the OIG Proposed Rule, protected donations would include business
continuity software that mitigates the effects of a cyberattack and
data recovery services to ensure that the recipient's operations can
continue during and after a cyberattack. Additionally, as we stated in
the OIG Proposed Rule, we intend to align closely with the
corresponding CMS exception where appropriate.\96\
---------------------------------------------------------------------------
\96\ 84 FR 55734 (Oct. 17, 2019).
---------------------------------------------------------------------------
We note that the safe harbor does not, however, protect payments of
any ransom to or on behalf of a recipient in response to a cyberattack,
which we would not view as ``reestablishing'' effective cybersecurity
(nor would we view it as nonmonetary remuneration, as required for
protection under the safe harbor). Although we believe the proposal
sufficiently included this concept, for the reasons stated above we
have added the word ``reestablish'' in the final version of the
introductory paragraph to 1001.952(jj) to provide clarity and to align
with CMS's corresponding physician self-referral law exception for
cybersecurity donations.
Comment: A commenter applauded the definition of ``cybersecurity''
for being fairly broad and including donations of APIs. The commenter
requested, however, that the definition be modified to account for the
so-called three pillars of information security: Confidentiality of
information, integrity of information, and availability of information.
[[Page 77820]]
Response: We are not modifying the definition of cybersecurity. As
discussed previously, our intention was to broadly define
``cybersecurity'' and use terminology within an industry-recognized
standard. We believe the NIST CSF definition of cybersecurity meets
those policy goals.
We recognize, however, that the three pillars of confidentiality,
integrity, and availability of information are fundamental concepts to
cybersecurity. The NIST CSF similarly recognizes these pillars. An
outcome category under the ``protect'' function includes that data
``are managed consistent with the organization's risk strategy to
protect the confidentiality, integrity, and availability of
information.'' \97\ Therefore, the definition of ``cybersecurity,''
which includes ``the process of protecting information,'' accounts for
these principles while also providing flexibility and certainty to
donors as to the scope of protected cybersecurity donations.
---------------------------------------------------------------------------
\97\ See NIST CSF, Version 1.1, pg. 32 (Apr. 16, 2018) available
at https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
---------------------------------------------------------------------------
Comment: A commenter stated that the proposed definition of
cybersecurity seems oversimplified and is not comprehensive. The
commenter suggested that the definition of ``cybersecurity'' should be
inclusive of any unauthorized use, even without deliberate criminal
activity or a specific cyberattack, and recommended broadening the
definition accordingly. Another commenter noted that the proposed
definition of ``cybersecurity'' includes the term ``cyberattack,''
which the commenter found both vague and representative of only one
type of threat to electronic data. The commenter encouraged OIG to
adopt the definition found on the Department of Homeland Security (DHS)
website, which describes cybersecurity as ``the process of protecting
networks, devices, and data from unauthorized access or use and the
practice of ensuring confidentiality, integrity, and availability of
information.'' The commenter requested that any change to the
definition be employed consistently across other relevant safe harbors
(e.g., paragraph 1001.952(y)).
Response: We decline to modify the definition. First, the safe
harbor definition of ``cybersecurity'' does not limit donations of
cybersecurity technology and services to those that prevent only
criminal misconduct. The definition of ``cybersecurity'' is agnostic to
the intent--criminal or otherwise--of an ``unauthorized user.'' We also
believe the definition used in this final rule, derived from the NIST
CSF, is broad enough to address the commenter's concerns about
``unauthorized users'' as well as the definition from the DHS website.
Specifically, our final regulatory definition of ``cybersecurity'' is
broad enough to result in safe harbor protection for technology and
services that protect networks, devices, and data from unauthorized
access or use, including those that ensure the confidentiality,
integrity, and availability of information.
Comment: One commenter stated that the proposed definition of
``cybersecurity'' fails to capture all aspects of security controls
relevant to patient information, systems processing, or retention of
patient information. The commenter recommended the following definition
for cybersecurity: ``[p]revention of damage to, protection of, and
restoration of computers, electronic communications systems, electronic
communications services, wire communication, and electronic
communication, including information contained therein, to ensure its
availability, integrity, authentication, confidentiality, and
nonrepudiation; or the prevention of damage to, unauthorized use of,
exploitation of, and--if needed--restoration of electronic information
and communications systems, and the information they contain, in order
to strengthen the confidentiality, integrity, and availability of these
systems; or the process of protecting information by preventing,
detecting, and responding to attacks.''
Response: We are not adopting this suggestion. Notwithstanding, we
believe that the principles underlying the commenter's definition,
which are derived from NIST and other Federal Government sources,
generally are included in the definition of ``cybersecurity.'' Further,
we are not modifying the definition of cybersecurity as suggested by
the commenter because some of the commenter's proposed additions to
regulatory text could be misread to protect multifunctional equipment.
For example, ``restoration of computers, electronic communications
systems, electronic communications services, wire communication, and
electronic communication,'' could be misread by donors to protect
donations of multifunctional hardware and other multifunctional
donations (e.g., computers or entire communications systems) as part of
restoration efforts, which are not protected by this safe harbor. The
safe harbor protects donations of cybersecurity technology and services
that are necessary and used predominantly to implement, maintain, or
reestablish effective cybersecurity.
Comment: Several commenters suggested that OIG finalize a broad and
industry-neutral definition of ``cybersecurity'' to permit flexibility
for future changes, adaptions, and variations in the dynamic world of
cybersecurity. A commenter stated that the proposed safe harbor is
shortsighted and should include a more comprehensive definition of
potential technology solutions for cybersecurity attacks.
Response: We agree with commenters that the cybersecurity safe
harbor should be broad and rely on an industry-neutral definition.
Consequently, we are finalizing a definition derived from the NIST CSF.
The NIST CSF is industry agnostic and applies to any critical
infrastructure in the United States, which includes health care. We are
not using a definition that would incorporate specific technology
solutions for cyberattacks. Such an approach could make the safe harbor
definition obsolete as new cybersecurity technologies are developed and
implemented. We believe the broad, neutral definition finalized here
allows donors and recipients the flexibility to determine which
cybersecurity technology and services are necessary and predominantly
used to implement, maintain, or reestablish effective cybersecurity.
Additionally, we note that effective cybersecurity is broader than
technology solutions. Protected donations of cybersecurity technology
and services are just one component of cybersecurity. Regardless of the
conditions of this safe harbor, we encourage parties to consult
cybersecurity industry standards such as the NIST CSF to ensure a
comprehensive, systematic approach to identifying, assessing, and
managing cybersecurity risks.
f. Definitions of ``Technology'' and Protection of Hardware
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(jj)(6) to define ``technology'' as any software or other type
of information technology, other than hardware. In the preamble to the
OIG Proposed Rule, we noted our concern about donations of valuable,
multifunctional hardware being disguised as payments for referrals, but
also recognized that some hardware may in fact be limited to
cybersecurity functionality, such as two-factor authentication dongles,
and indicated that we were considering including such hardware in the
safe harbor.
[[Page 77821]]
Summary of Final Rule: We are finalizing, with modification, our
proposed definition at paragraph 1001.952(jj)(5)(ii). Based on public
comments, the modified final rule provides that donations of certain
hardware will be permitted under the exception as long as the donation
satisfies the other conditions of the safe harbor. In particular, we
highlight that the introductory paragraph for 1001.952(jj) requires
that donations be necessary and used predominantly for effective
cybersecurity. In most cases, multifunctional hardware would not be
used predominantly for effective cybersecurity and thus would fall
outside the scope of protection of this safe harbor.
Comment: Some commenters agreed with using the NIST CSF as a basis
for the definition of ``technology'' and recommended that any final
regulation allow sufficient latitude for various types of technology
classifications (software and certain hardware components) and not be
limited to a one-size-fits-all paradigm. Some commenters agreed with
excluding hardware from the definition of ``technology'' and,
therefore, from protection under this safe harbor, citing program
integrity risks. A large number of commenters objected to the exclusion
of hardware from the definition of ``technology.'' Many commenters
highlighted that the line between hardware, software, services, and
other technology that is neither hardware, software, nor a service, is
increasingly blurred and such technologies are often packaged together
as a bundle. Others suggested that hardware donations are a
foundational requirement to operationalize cybersecurity best
practices. Some commenters noted that certain cybersecurity software
requires specific hardware and sought protection for such hardware. For
example, a commenter noted that firewalls involve the use of both
hardware and software and suggested that many clinicians would not have
the technical knowledge to configure the firewalls. A commenter
recommended permitting donation of low-cost hardware and possibly
adding a dollar threshold that could not be exceeded for the total
donation.
Other commenters highlighted that failing to extend safe harbor
protection to multifunctional cybersecurity hardware (or software)
would limit the utility of the safe harbor because cybersecurity
technology often is not standalone in nature. Commenters provided
examples of multifunctional hardware they deemed beneficial to
cybersecurity hygiene, such as encrypted servers, encrypted drives,
upgraded wiring, physical security systems, fire retardant or warning
technology, and high-security doors.
Response: Consistent with our solicitation of comments in the OIG
Proposed Rule and in careful consideration of the responses from
commenters, this final rule expands the definition to include certain
hardware. To receive safe harbor protection, donations of such hardware
must satisfy all of the conditions of the safe harbor, and specifically
the requirement that the hardware be necessary and used predominantly
to implement, maintain, or reestablish effective cybersecurity. We
intend this condition to make donations of multifunctional hardware
ineligible for safe harbor protection in most cases, even if such
hardware is low-cost, because such donations likely would not satisfy
the predominant use condition. For instance, some of the examples
provided by commenters would not satisfy the predominant use standard
because by design they have functions that extend well beyond
cybersecurity, including servers, drives, upgraded wiring, physical
security systems, fire retardant or warning technology, and high-
security doors. For example, although the donation of an encrypted
server might improve the recipient's cybersecurity, the server likely
would not be used predominantly for effective cybersecurity because the
recipient is likely to use it predominately for other purposes, such as
hosting its computing infrastructure. We note, however, that the safe
harbor protects services, including installing cybersecurity software.
Therefore, if an entity donates cybersecurity software, it can also
install and configure such software on a recipient's system. We do not
believe a monetary cap is necessary for this safe harbor.
Comment: A number of commenters urged OIG to expand protection for
single-function hardware technologies that have limited or no
functionality outside of cybersecurity, such as computer privacy
screens, two-factor authentication dongles and security tokens, facial-
recognition cameras for secure access, biometric authentication, secure
identification card and device readers, intrusion detection systems,
data backup systems, and data recovery systems. Some commenters opposed
any such expansion.
Response: We agree with commenters that certain hardware is limited
to cybersecurity uses and, as stated above, have finalized the
definition of ``technology'' so that safe harbor protection includes
such hardware. However, in order to receive safe harbor protection,
donations of hardware must satisfy all of the conditions of the safe
harbor and, specifically, the predominant use requirement in the
initial paragraph to 1001.952(jj). Some of the examples provided by
these commenters including computer privacy screens, two-factor
authentication dongles, security tokens, facial-recognition cameras for
secure access, biometric authentication, secure identification card and
device readers, intrusion detection systems, data backup, and data
recovery systems could be protected by the safe harbor if all
conditions of the safe harbor are satisfied because their functionality
could be predominantly for effective cybersecurity.
We are not finalizing the additional proposed condition that would
have required donors and recipients to conduct a risk assessment prior
to donating hardware as a means of attaining safe harbor protection for
hardware. As finalized, the safe harbor protects hardware donations the
same way that software and service donations are protected, that is by
meeting all conditions of the safe harbor.
Comment: A commenter explained that it is important for OIG to
recognize and make clear that typically it is not the actual software
that is purchased by providers because the software is owned by the
vendor. Instead, providers purchase the rights to use the software,
which is accomplished through licensing. Therefore, with regards to
donations, the software itself will not be donated; it will be the
license to use that software. The commenter also recommended allowing
installment and repairs to be among the types of technology and
services, the donation of which is protected by the safe harbor.
Response: We also recognize that in some instances, providers
purchase the rights to use the software, which is accomplished through
licensing, and donate that use or license rather than the software
itself. Donating such licenses can be protected under this safe harbor
in the same way that donating software is protected, if all conditions
of the safe harbor are met. We also agree with the commenter that
installment and repairs can be included among the protected technology
and services, provided that the donations of such installment and
repairs squarely satisfy the safe harbor's conditions, including that
the donation is necessary and used predominantly to implement,
maintain, or reestablish effective cybersecurity.
g. Alternate Proposal
Summary of OIG Proposed Rule: We included an alternate proposal to
allow parties to donate hardware, subject to
[[Page 77822]]
the other conditions of the proposed safe harbor, if such hardware is
reasonably necessary based on a risk assessment of the donor and
recipient.
Summary of Final Rule: We are not finalizing this alternate
proposal.
Comment: Several commenters supported including hardware and did
not agree that a risk assessment should be required for protected
donations of hardware. A commenter observed that while donors should be
free to require and even donate a cybersecurity risk assessment,
adopting such a requirement to protect donations of hardware could slow
the proliferation of cybersecurity technology. A commenter objected to
requiring a written risk assessment from either party, or in multiparty
arrangements from any party. Another commenter stated that OIG should
not adopt a security framework tying cybersecurity technology to
particular industry standards and should not require the preparation of
special security risk assessments or management documents. Instead, the
commenter recommended that OIG recognize any safeguard that advances
the HIPAA security standards.
Response: For the reasons stated above, we are not finalizing this
alternative proposal. Parties may have other legal obligations to
conduct risk assessments, and this safe harbor does not affect any such
requirements. Furthermore, we are not requiring cybersecurity
technology and service donations to meet specific standards. Parties
also remain free to donate cybersecurity risk assessments under this
safe harbor if all of the other conditions are satisfied. Parties are
encouraged to perform risk assessments to determine donor and recipient
vulnerability to cyberattacks and to assist in creating their own
cybersecurity programs.
Comment: Several commenters recommended requiring a risk assessment
to receive protected hardware or other donated cybersecurity products
for various reasons. For example, a commenter highlighted that a risk
assessment can determine what type of protection is needed when there
are vulnerabilities and ensure that the cybersecurity product is
effective once implemented. A commenter requested that it not be a
requirement for the recipient to perform any risk assessment, as they
may not have the appropriate knowledge and expertise to do so. Instead,
the commenter suggested that the recipient have the option to perform
the risk assessment if they have the knowledge and expertise to do so;
otherwise, it could be completed by the donor or a qualified third
party.
Several commenters suggested that any definition or scope of ``risk
assessments'' should rely on definitions set out by NIST publications
and further suggested that OIG should rely on the comprehensive NIST
definition. Some commenters requested that OIG provide template risk
assessment documentation.
A commenter suggested that parties be required to maintain the
initial risk assessment, which could be used to compare the
``baseline'' risk assessment to a future risk assessment to help
understand whether any previously identified gaps were resolved.
Response: For reasons previously stated, we are not requiring a
risk assessment as a condition of this safe harbor. We agree that
cybersecurity risk assessments are valuable tools that can evaluate
vulnerabilities and identify cybersecurity solutions, and parties
remain free to obtain such risk assessments, or to donate them as long
as the conditions of this safe harbor are met. For example, one method
parties might use to establish that a donation was necessary for
cybersecurity is to utilize findings from a legitimate risk assessment
to demonstrate that a recipient had a vulnerability that was necessary
to mitigate.
h. Scope of Protected Technology and Services
Summary of OIG Proposed Rule: We proposed to protect a broad range
of technology and services, excluding hardware, and solicited comments
on this approach.
Summary of Final Rule: We are finalizing protection for a broad
range of technology and services, including certain hardware. We
provide additional clarity on the scope of this protection and several
examples below.
Comment: Most commenters recommended that we finalize protection
for a broad range of donations, and some requested specific language or
clarifications. In particular, several commenters asked OIG to consider
the implications of cloud-based and subscription-based products and
services. Another commenter requested OIG provide clarity related to
the scope of protected donations through examples of the types of
software and services allowed (e.g., provision of a full-time
cybersecurity officer). Some commenters also noted that a
cybersecurity-specific help desk may not be realistic and recommended
that OIG protect donations of general help desk services, whether
through the donor's IT department or the vendor's help desk services. A
commenter urged OIG to protect patches and software updates.
Response: As finalized, the safe harbor protects donations of a
broad range of cybersecurity technology and services. This includes
certain cybersecurity hardware, as discussed above, as well as a
multitude of cybersecurity services and technology. Cybersecurity
services and technology would include both locally installed
cybersecurity software and cloud-based cybersecurity software,
including patches and updates of such software or patches and updates
of other software or programs if the patch or update is predominantly
for cybersecurity purposes. Protected donations, however, are
constrained by the initial paragraph to 1001.952(jj), which requires
that the donation is necessary and used predominantly to implement,
maintain, or reestablish effective cybersecurity. This safe harbor is
intended to cover a wide range of cybersecurity technology and services
that have specific functionality, as constrained by the initial
paragraph for 1001.952(jj). This approach means that most technology
and services that include cybersecurity as one function of multiple
functions will not be protected by this safe harbor. For instance,
depending on the facts and circumstances of a particular arrangement,
donating a virtual desktop that includes access to programs and
services beyond cybersecurity software likely would not be protected
because the donation likely would include functions not necessary and
predominantly used to implement, maintain, or reestablish effective
cybersecurity, such as claims and billing applications. We explicitly
decided not to protect technology or services that may provide some
beneficial cybersecurity effects as one feature of a broader suite of
services because that broad scope of protection could apply to nearly
any technology or service. We believe such a broad scope of protection
under this safe harbor would elevate the risk that valuable donations
could improperly influence the recipient. Understanding those
tradeoffs, we conclude that the significant need for the health care
system to improve cybersecurity is better served by this safe harbor
only protecting cybersecurity technology and services that have
specific functionality, as constrained by the initial paragraph to
1001.952(jj), but with fewer other conditions that would limit certain
aspects of a donation (e.g., a monetary cap on the value of a
donation).
Donors and recipients that would like to protect the donation of
technology or services that are not necessary or are
[[Page 77823]]
used predominantly to implement, maintain, or reestablish cybersecurity
should assess those potential arrangements under the Federal anti-
kickback statute as well as other potentially applicable safe harbors,
such as the EHR safe harbor at paragraph 1001.952(y). Alternatively,
the advisory opinion process remains available to parties seeking a
legal opinion regarding the scope of the safe harbor as applied to a
specific set of facts and circumstances.
For the same reasons, we are not extending protection for donations
of general IT help desk services because cybersecurity is not the
predominant use of such services. However, we are aware of
cybersecurity-specific software and services that include customer
service and help desk features for cybersecurity assistance. Such help
desk services, if they are necessary and predominantly used for
implementing, maintaining, or reestablishing cybersecurity, could meet
the introductory paragraph for 1001.952(jj) and may be protected by
this safe harbor if all other conditions are met. Relatedly, donating
services through a donor organization's primary service desk or IT help
desk, limited to reporting cybersecurity incidents, could satisfy this
requirement because the service or help desk responsibilities would be
used predominately for cybersecurity incident reporting. Staffing a
recipient's practice with a full-time cybersecurity officer, however,
would only be protected by this safe harbor if that officer's duties
were used predominately for implementing, maintaining, or
reestablishing effective cybersecurity and were necessary. If the
officer performed general information technology services or provided
other non-cybersecurity value to the recipient's business, then the
donation may not meet the requirements in the initial paragraph for
1001.952(jj).
Comment: A commenter asked OIG to clarify that services such as
assurance, assessment, and certification programs that incorporate
cyber-risk management could receive safe harbor protection.
Response: To the extent the assurance, assessment, and
certification programs that incorporate cybersecurity risk management
suggested by the commenter satisfy all of the conditions of the safe
harbor, including the requirements in the initial paragraph for
1001.952(jj), they could be protected. We note, however, that if
cybersecurity is just one component or feature of the assurance,
assessment, and certification programs referenced by the commenter,
then the other features are not likely to be necessary and used
predominantly to implement, maintain, or reestablish effective
cybersecurity, and the cybersecurity safe harbor would not protect the
referenced services, although they could be protected under another
safe harbor.
Comment: A commenter expressed concern that the OIG Proposed Rule
would create separate safe harbors for various types of technology,
resulting in a piecemeal approach to tools that must work together to
drive care coordination. The commenter urged OIG to broaden the
cybersecurity items and services safe harbor and the EHR safe harbor to
be flexible enough to protect technology that can help facilitate the
movement to value-based care. Several commenters specifically
recommended that any final cybersecurity safe harbor protect data
analytics and reporting functionalities. Another commenter asked that
OIG clarify that arrangements involving sharing data and technology,
including cybertechnologies that keep the data secure, are not illegal
remuneration when used for care coordination purposes.
Response: We recognize that multiple safe harbors may protect
various types of technology donations. Several safe harbors finalized
elsewhere in this final rule protect certain remuneration to facilitate
care coordination and the transition to value-based care, such as the
value-based safe harbors at 1001.952(ee)-(gg). Data analytics,
reporting functionalities, and other information technology used to
facilitate the movement to value-based care may be protected under
these safe harbors, provided the arrangement squarely satisfies the
conditions of any applicable safe harbor. However, we note that
cybersecurity items in and of themselves likely would not meet the
definition of the ``coordination and management of care,'' as explained
in the preamble above. Relatedly, data analytics and other information
technology, when coupled with a cybersecurity donation, would not meet
the requirement that the donation be necessary and used predominantly
to implement, maintain, or reestablish effective cybersecurity.
We emphasize that arrangements involving sharing data could
potentially involve remuneration that implicates the Federal anti-
kickback statute. For instance, while standing on its own, basic
sharing of patient records for purposes of care coordination or
treatment of patients is unlikely to implicate the statute, the
provision of data analysis, data aggregation, or other services of
independent value to the recipient likely would be the sort of
remuneration that implicates the statute. Any assessment of Federal
anti-kickback statute implications, available safe harbor protection,
and potential liability under the statute, would require an analysis of
the facts and circumstances specific to the particular arrangement.
Data analytics and other information technology that may be
protected by the value-based safe harbors at 1001.952(ee)-(gg) can
include built-in cybersecurity protections. For example, those safe
harbors do not require the data analytics software to be free from
cybersecurity protections to meet their conditions. Such software might
normally include security features, such as a secure login and
authentication, as part of the normal software development and could be
protected by the value-based safe harbors, depending on the facts and
circumstances.
Where parties seek safe harbor protection for the donation of
technology, parties do not need to protect separate functions of that
technology under different safe harbors if the donation meets the terms
of a single safe harbor. This cybersecurity safe harbor is intended
only to protect cybersecurity technology and services. Other safe
harbors protect donations that may include cybersecurity features as
part of a broader donation, without regard to whether the cybersecurity
features would meet the requirements of the cybersecurity safe harbor
(e.g., a donation of data analytics software that includes
cybersecurity features may be protected by the value-based safe harbors
at 1001.952(ee)-(gg), or an EHR system with cybersecurity features may
be protected by the EHR safe harbor at 1001.952(y)).
Unless the data analytics and reporting functionality is
predominantly used to analyze and report on cybersecurity threats or
attacks (rather than more broadly facilitating the movement to value-
based care), then it typically would not satisfy the initial paragraph
for 1001.952(jj), which requires that the cybersecurity donation be
necessary and used predominantly to implement, maintain, or reestablish
effective cybersecurity.
Comment: A commenter recommended that OIG clarify the scope of what
the cybersecurity technology and services must protect, such as
cybersecurity to protect electronic health records, medical devices, or
other information technology that uses, captures, or maintains
individually identifiable health information. The commenter stated that
the proposed safe harbor was silent as to the ``object'' of the
cybersecurity protection and an explicit statement setting broad
parameters about the purpose of
[[Page 77824]]
donated cybersecurity technology and services would provide guidance
and cover future technology advances. Another commenter encouraged OIG
to permit donations related to medical device cybersecurity, which the
commenter identified as a growing area of vulnerability. The commenter
posited that promoting the security of medical devices would create
added protection for patient privacy and safety.
Response: We are not defining the ``object'' or ``subject'' of the
cybersecurity protection. The safe harbor protects a wide range of
cybersecurity technology and services that are necessary and used
predominantly to implement, maintain, or reestablish effective
cybersecurity. If all other conditions of the safe harbor are
satisfied, this could include cybersecurity donations in connection
with medical devices, EHR, and other information technology.
Comment: A commenter supported the inclusion of a broad array of
cybersecurity services as part of the safe harbor, including numerous
examples from the OIG Proposed Rule. In addition, the commenter
recommended adding services to the list included in the OIG Proposed
Rule, such as consulting services deployed not to conduct only a risk
assessment or analysis, but to work with the practice to develop and
implement specific cybersecurity policies and procedures. The commenter
also suggested protection for subscription fees to vendor security
products that assist practices in developing policies and procedures in
support of a risk assessment. Another commenter requested that OIG
provide further examples of what would and would not be protected by
the safe harbor.
Response: We provided examples of items and services that would be
protected by this safe harbor in the preamble to the OIG Proposed Rule
that are still valid under the final rule and provide additional
examples in this final rule.\98\ The examples included in the OIG
Proposed Rule apply to the safe harbor, as finalized, and continue to
illustrate the scope of the technology and services potentially
protected by the safe harbor. We emphasize that we intend for the safe
harbor to protect a broad array of technology and services. Donations
of services that meet all conditions of this safe harbor would be
protected. That would include donations where the donor arranges for or
otherwise pays for third-party vendors or consultants to provide
cybersecurity services that are necessary and used predominantly to
implement, maintain, or reestablish effective cybersecurity. We note,
however, that reimbursing a recipient or providing monetary
remuneration for such services would not be protected by this safe
harbor because the safe harbor only protects nonmonetary remuneration.
---------------------------------------------------------------------------
\98\ 84 FR 55735-6 (Oct. 17, 2019).
---------------------------------------------------------------------------
The advisory opinion process remains available for parties seeking
a legal opinion regarding the scope of the safe harbor as applied to a
specific set of facts and circumstances.
Comment: A commenter asked OIG to include protection for
implementation, management, and remediation services within the scope
of this safe harbor, as these will fully optimize donations.
Response: The safe harbor would protect donations that include
implementation, management, and remediation services, including those
provided through a third party, if all conditions of the safe harbor
are satisfied. As we stated in the OIG Proposed Rule, the safe harbor
may protect services such as developing, installing, and updating
cybersecurity software, and training recipients how to use it. We also
stated in the OIG Proposed Rule that ``cybersecurity as a service'' may
be protected, which includes third-party services for managing and
monitoring the cybersecurity of a recipient.
Comment: While many commenters expressed concern about the
effectiveness of the safe harbor if it does not protect a broad scope
of technology and services, other commenters recommended limiting the
scope of protected technology and services. A commenter noted that
effective cybersecurity protection could require a whole suite of
services, such as active management, monitoring, and developing an
effective response system if an issue arises, and it may not be
possible for an outside entity to provide such a broad range of
services.
Response: This safe harbor protects a wide range of cybersecurity
technology and services that satisfy the conditions of the safe harbor.
It is intended to remove one actual or perceived barrier to improving
the cybersecurity posture of the health care industry. While this safe
harbor does not and cannot solve all cybersecurity issues for the
health care industry, OIG believes that cybersecurity donations are
just one tool that the health care system can use to improve its
cybersecurity. We encourage providers and other actors to engage in
other cybersecurity efforts, consistent with industry standards and
applicable laws, to improve the cybersecurity of the entire health care
system.
i. Monetary Cap
Summary of OIG Proposed Rule: We solicited comments on whether the
safe harbor should include a monetary value limit on the total amount
of donations that a donor can make to a recipient.
Summary of Final Rule: We are not finalizing a condition imposing
any monetary limit.
Comment: A commenter recommended that if the final safe harbor
protects hardware, OIG should not impose any cap on the value of the
donated hardware. Another commenter encouraged OIG to finalize the safe
harbor without imposing a monetary limit on the value of applicable
remuneration. Some commenters recommended a cap as a potential
safeguard.
Response: We are not finalizing any monetary cap on the value of
remuneration protected by this safe harbor. We believe most
cybersecurity donations are made for purposes of self-preservation from
the risk of cyberattack. Therefore, donors are incentivized to donate
what is required to achieve effective cybersecurity and not make
excessive donations beyond the scope of what is needed to protect
themselves. Furthermore, the initial paragraph for 1001.952(jj) limits
donations of technology and services to those necessary and used
predominantly to implement, maintain, or reestablish cybersecurity,
which also serves to limit any excessive value of donations. The
conditions at paragraphs 1001.952(jj)(1) and (2) ensure that the
cybersecurity safe harbor does not protect donations that are tied to
Federal health care program referrals or are otherwise conditioned on
Federal health care program business. These conditions help mitigate
the risk that more valuable donations may lead to more referrals or
future business.
The threat-reduction purpose of cybersecurity technology and the
conditions of the safe harbor work together to limit the risk of fraud
or abuse caused by improper donations and a monetary cap is not needed
for the cybersecurity safe harbor.
j. Deeming Provision
Summary of OIG Proposed Rule: We solicited comments on whether to
create a provision in the final rule that would allow donors and
recipients to demonstrate compliance with the condition at paragraph
1001.952(jj)(1) by meeting certain additional standards. Specifically,
we suggested a ``deeming provision'' that would allow donors or
recipients to demonstrate that the donation satisfies proposed
paragraph
[[Page 77825]]
1001.952(jj)(1) if it furthers a recipient's ability to comply with a
written cybersecurity program that reasonably conforms to a widely
recognized framework or set of standards, such as one developed or
endorsed by the National Institute of Standards and Technology (NIST)
or another American National Standards Institute-accredited standards
body, such as the International Organization for Standardization.
Summary of the Final Rule: We are not finalizing a ``deeming
provision.''
Comment: A number of commenters supported the inclusion of a
``deeming provision'' in the final rule and offered suggestions on how
to implement such a provision. Several commenters suggested that the
``deeming provision'' should apply if the donation furthers a
recipient's compliance with a written cybersecurity program that
reasonably conforms to a widely recognized cybersecurity framework,
such as one developed by NIST, or guidelines developed by the
Department of Health and Human Services Office for Civil Rights (OCR)
in collaboration with the Office of the National Coordinator for Health
Information Technology (ONC). One commenter recommended that any
reference to cybersecurity standards, frameworks or risks be based on
existing independent frameworks, ideally drawn from NIST standards.
Response: We are not finalizing a ``deeming provision'' for the
cybersecurity safe harbor. We are concerned that a deeming provision
could have the inadvertent effect of protecting multifunctional
hardware, software, or other technology and services because the
donation conforms to a written cybersecurity protocol following
industry standards. Specifically, if a donor or recipient were to
demonstrate that a donation of hardware furthered its compliance with a
written cybersecurity program that includes items such as laptops,
servers, or other types of multifunctional hardware, parties may use
the ``deeming provision'' in attempting to protect hardware that is not
necessary or used predominantly to implement, maintain, or reestablish
effective cybersecurity. Although we are not finalizing a voluntary
``deeming provision,'' parties are encouraged to consider implementing
cybersecurity programs that follow widely recognized industry
frameworks. Parties may also voluntarily include their own standards to
apply to donations.
However, even if donations further compliance with a written
cybersecurity program that is consistent with a widely recognized
industry cybersecurity framework or a party's own standards, that does
not automatically mean that any cybersecurity donation is ``deemed''
necessary or used predominantly to implement, maintain, or reestablish
effective cybersecurity. Parties should undertake a careful analysis of
any donations for which they seek safe harbor protection to ensure
compliance with all conditions of the safe harbor.
Comment: Some commenters urged that any reference to standards or
frameworks used in any ``deeming provision'' be illustrative and not
exclusive, so as to avoid unnecessary constraints and allow for the
application of future frameworks. Another commenter agreed with
inclusion of a ``deeming provision'' but recommended that such
provision remain voluntary. Several commenters objected to any
``deeming provision,'' noting that it would add an unnecessary burden
without providing any meaningful protection against fraud and abuse. A
commenter stated that physicians may struggle to understand what
``reasonable conformance'' looks like or when a framework or standard
is considered ``widely recognized.'' A commenter stated that a
stringent ``deeming provision'' could create additional barriers to
mitigating the risks of cybersecurity threats. One commenter sought
clarity on the ``deeming provision,'' asking whether the recipient must
show financial need to satisfy the ``deeming provision,'' and another
commenter supported a ``deeming provision'' when the cost of the
donation of technology and services exceeds a specified monetary limit.
Response: Safe harbors are voluntary; this safe harbor does not
require any individual or entity to offer free or discounted
cybersecurity technology or services, nor does it require any
individual or entity to structure any donations of cybersecurity
technology and services to satisfy the conditions of the safe harbor.
Notwithstanding, for the reasons stated above we are not finalizing a
``deeming provision'' in this safe harbor. We also agree with the
commenter that parties may struggle to understand what ``reasonable
conformance'' looks like or when a framework or standard is considered
``widely recognized.'' Without selection of one or more specific
frameworks, any ``deeming provision'' could be subject to manipulation.
Comment: One commenter suggested that OIG adopt the same ``deeming
provision'' that appears in the EHR safe harbor at paragraph
1001.952(y)(2).
Response: We decline to adopt the commenter's suggestion. The
``deeming provision'' included in the EHR safe harbor at paragraph
1001.952(y)(2) relates to donations of EHR items and services
satisfying the interoperability condition in paragraph 1001.952(y)(2)
using ONC Certification standards rather than the ``necessary and used
predominantly'' standard in this cybersecurity safe harbor. Therefore,
the commenter's suggested ``deeming provision'' is not applicable in
this context and, for the reasons stated above, we are not finalizing
any ``deeming provision'' in this safe harbor.
k. Volume and Value Condition
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(jj)(2) that donations would not be protected under this safe
harbor if donors directly take into account the volume or value of
referrals or other business generated between the parties when
determining the eligibility of a potential recipient for the technology
or services, or the amount or nature of the technology or services to
be donated. Donations also would not be protected if donors condition
donations of technology or services, or the amount or nature of the
technology or services to be donated, on future referrals. Similarly,
we proposed at paragraph 1001.952(jj)(3) that donations would not be
protected if the recipient or the recipient's practice (or any
affiliated individual or entity) makes the receipt of technology or
services, or the amount or nature of the technology or services, a
condition of doing business with the donor.
Summary of Final Rule: We are finalizing, without modification,
these conditions, but renumbering them as 1001.952(jj)(1) and (2).
Comment: Commenters generally supported the provision restricting
donors from directly taking into account the volume or value of
referrals or other business generated between the parties when
determining the eligibility of a potential recipient for the technology
or services, or the amount or nature of the technology or services
donated. Commenters also supported OIG's proposal that potential
recipients should not be permitted to condition future business with
the donor on the receipt of cybersecurity donations. A commenter
recommended that OIG set guardrails to ensure that industry
stakeholders do not donate cybersecurity in order to influence referral
patterns. Some commenters also agreed that OIG should not finalize a
list of selection criteria that, if met, would be deemed not to
directly take into account the volume or value of referrals or other
business generated between the parties, similar to the provision within
the EHR safe harbor at paragraph
[[Page 77826]]
1001.952(y)(5). A commenter agreed that donations of cybersecurity
technology and services do not present the same risks as donations of
EHR software and information technology. Thus, a list is unnecessary.
Response: We are finalizing paragraphs 1001.952(jj)(1) and (2) as
proposed. We agree with commenters who recommended that we not include
a list of selection criteria deemed not to directly take into account
the volume or value of referrals, similar to paragraph 1001.952(y)(5).
We agree with the commenter who described such a list as unnecessary.
Additionally, the safe harbor conditions we are finalizing, viewed in
their totality, guard against donations to influence referral patterns,
so additional guardrails are unnecessary.
Comment: A commenter representing hospitals and health systems
expressed concern that the provision of cybersecurity technology and
related services to physician practices could increase the risk of
fraud and abuse if the donations are used as a bargaining chip, thus
facilitating cost-shifting from entities in need of such services and
potential donors, rather than cooperation between the entities. Another
commenter representing the laboratory industry expressed concerns about
physicians starting or encouraging ``bidding wars'' between
laboratories, insinuating that the laboratory that offers or makes the
most generous donation will get the physician's referrals (and,
likewise, some laboratories in fact may act inappropriately and promise
a donation in exchange for future referrals).
Response: We acknowledge the commenters' concerns about
inappropriate donations designed to induce referrals. We are finalizing
paragraphs 1001.952(jj)(1) and (2) as proposed to preclude such conduct
from protection under this safe harbor. Like the commenters, we are
concerned about the ``bargaining chip'' and ``bidding war'' scenarios,
and we emphasize that donors that condition donations on referrals--and
potential recipients who demand donations as a condition of doing
business or continuing to do business--would not qualify for protection
under this safe harbor. Furthermore, such offers and solicitations may
violate the Federal anti-kickback statute.
Comment: A provider trade association noted that donations of
cybersecurity technology and services are typically made by software
developers and medical device manufacturers, not providers. The same
trade association cautioned that cybersecurity-related donations should
be based on risk to the donor's own software, systems, or network, and
suggested that such donations should be available to all similar
entities with similar risk assessments and without regard to business
relationships or affiliations.
Response: As we stated above, this safe harbor is agnostic to the
types of individuals and entities donating the protected cybersecurity
technology and services. We believe the requirement that donations be
necessary and used predominantly to implement, maintain, or reestablish
effective cybersecurity, combined with requirements related to the
volume and value of referrals and other business generated, provide
safeguards to ensure that donations are made for necessary
cybersecurity purposes.
In response to the commenter's suggestion that donations should be
made available to similarly situated entities, we note that the safe
harbor is voluntary. A donor can choose the entities to which it
donates. Furthermore, it is likely impracticable that donors would make
donations available to all similar entities with similar risk
assessments. Even in those circumstances, the donor and a potential
recipient may have needs that are different than those for other
similarly situated entities based on the specific cybersecurity needs
inherent in connecting to the specific systems with which the donor
interacts. We emphasize that determining whether a cybersecurity
donation meets the conditions of the safe harbor requires an analysis
of the specific facts and circumstances.
l. Recipient Contribution
Summary of OIG Proposed Rule: We did not propose a requirement that
donors of cybersecurity technology and services collect a monetary
contribution from recipients. In connection with our alternative
proposal that would cover hardware, we solicited comments on whether we
should require a contribution from a recipient if a donation included
hardware.
Summary of Final Rule: We are not finalizing a contribution
requirement as a condition to this safe harbor, regardless of whether
hardware is included in the donation.
Comment: Many commenters agreed with our proposal not to require a
recipient of protected cybersecurity technology and services to
contribute to the overall cost of the donation. Commenters suggested
that a contribution requirement in the context of this safe harbor may
act as a barrier to donations because it may be: (i) Administratively
burdensome to calculate or track contributions; (ii) imprecise; or
(iii) cost-prohibitive for recipients who lack adequate resources to
contribute. A commenter stated that the pressing requirement to upgrade
the cybersecurity of the nation's health care systems should not be
held hostage to the ability of capital-constrained medical practices to
pay money for such security. Several commenters agreed with our
conclusion in the OIG Proposed Rule that forgoing a contribution
requirement in this safe harbor would free recipients' resources to
invest in other technology not protected by the safe harbor, such as
updating legacy technologies. Several commenters requested that donors
have the option to require a contribution from recipients.
Response: We agree with commenters who recommended against
including a contribution requirement in this safe harbor. Rather than
investing resources in a contribution, the final rule frees up
recipients to invest resources in other technology not protected by the
safe harbor, such as updating legacy multifunctional hardware that may
pose a cybersecurity risk or simply investing in their own computers,
phones, and other hardware foundational to their businesses, caring for
patients, and interacting with their providers. Additionally, we are
finalizing only those conditions that are critical to guarding against
fraud and abuse in the context of cybersecurity donations in order to
provide regulatory flexibility for donations intended to counterbalance
the significant cybersecurity threats against the nation's health care
ecosystem.
We have concluded that a contribution requirement would be
burdensome in the context of cybersecurity donations because the
necessity of donated services may vary unpredictably--varying weekly or
even daily--in response to cybersecurity threats. We understand that
cybersecurity patches and updates are frequent and would need to be
applied or aggregated across an entire set of recipients using the same
technology or services, further complicating contribution amounts for
each end user. Also, we are concerned that recipients might be
unwilling or unable to accept cybersecurity donations due to
potentially unpredictable costs they might incur after the initial
donation. In the context of cybersecurity donations, a contribution
requirement would pose a barrier to donations that, on balance, is
outweighed by the need for widespread improvement of
[[Page 77827]]
cybersecurity hygiene in the health care industry.
As we stated in the OIG Proposed Rule, donors are free to require
recipients to contribute to the costs of donated cybersecurity
technology and services as long as the determination of a contribution
requirement, or the amount of the contribution, does not take into
account the volume or value of referrals or other business between the
parties. For example, if a donor donates without any required
contribution cybersecurity services to a high-referring physician
practice but requires a low-referring physician practice to contribute
to the cost of such services, the donor could violate the conditions at
paragraph 1001.952(jj)(1)(i) and (ii).
Comment: Several commenters supported a contribution requirement
for various reasons. One commenter representing the laboratory industry
discussed that industry's experience with the EHR safe harbor at
paragraph 1001.952(y), concluding that absent a contribution
requirement, vendors have little incentive to offer competitive
pricing. The commenter stated that its experience with EHR donations
may extend to cybersecurity donations, and cybersecurity technology
vendors' sales representatives may urge physicians that require
cybersecurity software and services to direct their requests to
laboratories likely to make a donation, increasing the demand for the
vendors' cybersecurity technology. Another commenter suggested that
although recipients should have a vested interest in the products they
are using, a 15 percent contribution may be too high for some
providers, suggesting that a smaller contribution could be a fair
compromise. A number of commenters requested a carve-out to any
finalized contribution requirement for small and rural providers, those
in medically underserved areas, and federally qualified health centers.
Several commenters argued for consistency in any contribution
requirement across safe harbors, noting that because cybersecurity is
part and parcel of other technology it could impose undue complications
to require recipients to contribute to some donations but not others.
Several commenters asserted that OIG should consider a flexible
contribution requirement that would provide for a comparable investment
across provider types rather than a flat percentage contribution.
Response: For the reasons stated in the preceding response, we have
concluded that a contribution requirement of any percentage is not
appropriate for this safe harbor. Donations of cybersecurity technology
and services do not present the same type or magnitude of risks as
donations of electronic health records software and other information
technology. As we stated in the OIG Proposed Rule, cybersecurity
donations, if legitimate, are more likely to be based on considerations
such as security risks--especially the exposure of the donor when
connecting to the recipient--and are less likely to be based on
considerations relating to the volume and value of referrals or other
business generated. We believe the safeguards in the final safe harbor,
including restrictions against recipients conditioning their referrals
or business on donations, are sufficient to account for the potential
pressure from vendors. Furthermore, suspected fraud and abuse can be
reported to OIG's hotline at https://oig.hhs.gov/fraud/report-fraud/index.asp.
m. Patching and Updates
Summary of Proposed Rule: Related to the issue of recipient
contribution, the OIG Proposed Rule discussed the unique, practical
difficulties of a contribution in the context of cybersecurity patching
and updates.
Summary of Final Rule: We are not finalizing any specific
regulatory text relating to patching and updates. We view these as
protected under the safe harbor if all other conditions of the safe
harbor are satisfied.
Comment: Several commenters asked that we protect the costs or
services associated with ongoing cybersecurity software updates and
other patches. A commenter highlighted that patching and updates are
critical to managing cybersecurity risks, and that prohibiting their
donation could neutralize any benefits resulting from any final safe
harbor. A commenter noted that, given the fast-paced nature of
developments in cybersecurity, it is likely that new tools will need to
be deployed on at least an annual basis. Another commenter requested
clarification regarding whether accepting a routine or critical update
would result in loss of safe harbor protection, noting that patching is
sometimes given to providers for free (because it is built into the
contracts with vendors) and some patches may be focused on security
while others may be more general.
Response: We agree with commenters that patching and updates are
critical to managing cybersecurity risks, and this final safe harbor
protects such patches and upgrades if all conditions of the safe harbor
are squarely satisfied. We note that this final rule does not require a
contribution from the recipient, as discussed above, so routine patches
and upgrades given for free to recipients will not result in loss of
safe harbor protection, as long as all safe harbor conditions are met.
Donors who collect a percentage contribution from any recipient,
according to the written agreement with the recipient, may need to
collect a contribution for any patches and updates pursuant to the
terms of the parties' agreement. It is possible for donors to structure
any required recipient contribution in a number of ways as long as
neither the decision to collect the contribution nor the amount or
nature of the contribution is based on the volume or value of referrals
or other business generated between the parties. For example, a donor
is free to structure donations that require a percentage or sum certain
contribution for the initial cybersecurity donation but not for
subsequent patches and upgrades as long as the donor does so
consistently and according to the terms of the written agreement.
n. Writing Requirement
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(jj)(4) that a donor and recipient set forth a written
agreement that is signed by the parties and that describes the
technology and services being provided, and the amount of the
recipient's contribution, if any.
Summary of Final Rule: We are finalizing, with modification, a
writing requirement at paragraph 1001.952(jj)(3). We are not requiring
that the writing be a single document, and we made certain
clarifications, including that the signed documentation must include a
general description of the technology and services provided.
Comment: Commenters generally supported a writing requirement. A
commenter asserted that a written agreement between donors and
recipients of cybersecurity technology and services will bring
transparency to the donation process. Another commenter agreed that a
signed agreement is necessary to ensure that both parties understand
what is being donated and the terms of the agreement, including long-
term maintenance and support of the technology.
Response: We agree with commenters that a writing requirement will
bring transparency to the donation process and ensure that the parties
understand the scope of the donation and the responsibilities of both
parties. The safe harbor's writing requirement mandates that parties
articulate in writing a general description of the donation, and if the
donor will require a contribution
[[Page 77828]]
the parties must specify that amount. We anticipate that parties would
include in their general description of the donation some details about
the initial technology or service provided as well as any provision of
long-term maintenance, support, patching, or updates they intend to
include within the scope of the donation. We do not anticipate that
parties will specify every unforeseen item or service that might be
necessitated by a future update.
Comment: A commenter stated that a written agreement between donors
and recipients is an acceptable safeguard as long as any requirement
for such agreement is reasonable in scope. The commenter stated that
required terms and conditions in the agreement should be limited, given
the nature of the donation and the relationship between the parties.
For example, the commenter stated that the safe harbor's writing
requirement should not compel written terms other than to describe: (i)
The technology, services, or both to be donated; (ii) commercial terms
as necessary to meet the safe harbor; and (iii) warranties by each
party to use such technology in compliance with applicable laws and
regulations. The commenter also urged OIG to provide a publicly
accessible template cybersecurity donation agreement or standard
cybersecurity donation terms.
Response: We have designed the final writing requirement to be
reasonable in the context of the other conditions in the cybersecurity
safe harbor. We decline to add the specific examples of terms and
conditions to regulation text or provide any template cybersecurity
donation agreement or standard cybersecurity donation terms for parties
to use, as suggested by the commenter. This condition requires that
parties include a general description of the cybersecurity technology
and services to be provided and, if any contribution is required, the
parties must specify the amount. The parties are free to add other
terms to their documentation related to a cybersecurity donation.
Comment: A commenter appreciated our preamble explanation of the
safe harbor's writing requirement but requested that the proposed
regulatory text include the word ``general'' or ``generally'' so that
donors and recipients do not unnecessarily include every item or
potential service in a written agreement. The commenter urged OIG to
revise the regulatory text of the writing requirement to read as
follows: ``[generally] describes the technology and services being
provided. . . .'' The commenter also requested clarification concerning
any value-related writing requirements. The commenter stated that the
proposed regulatory language includes the amount of the recipient's
contribution (if any), while the preamble states that the written
agreement requires a reasonable estimate of the value of the donation.
The commenter supported only including the recipient's contribution (if
any), but requested that if we include a writing requirement related to
specifying the value of the donation, then OIG should require the
writing to include a reasonable estimate of the value of the donation
so as to not introduce any concept of fair market value or the need to
hire a valuation consultant to determine a reasonable estimate.
Response: We appreciate the commenter's concern about the language
included in the proposed regulation text at proposed 1001.952(jj)(4),
and we are finalizing a writing requirement that includes some changes
suggested by the commenter. Specifically, the final regulatory text of
this safe harbor's writing requirement at paragraph 1001.952(jj)(3)
requires that the signed writing include a general description of the
technology and services being provided and the amount of the
recipient's contribution, if any. Through this final writing
requirement, we do not intend to: (i) Introduce any fair market value
requirement; (ii) force parties to determine the fair market value of
the donation; or (iii) compel the parties to hire a valuation
consultant. For purposes of this condition, we interpret ``the amount
of the recipient's contribution, if any'' to mean either the sum
certain a donor will collect as contribution or, if the donor will
collect a percentage of the total value of the donation, the percentage
that will be applied. To be clear, this safe harbor does not include a
recipient contribution requirement; however, if the donor chooses to
require that the recipient contribute, that contribution must be
documented in writing. We also note that if the scope of the donation
changes materially over time, such as when a donor provides more or
fewer technology or services than originally anticipated in the scope
of the arrangement, or if the parties alter the contribution
requirement (if any), we think that best practices would have the
parties document such modifications in writing. If the donor requires a
contribution that applies to the initial value of the donation but not
the subsequent value of patching and upgrades, we anticipate that the
writing would specify such terms.
Comment: A commenter objected to OIG's proposed documentation
requirement, stating that it should be scaled back to avoid imposing
burdensome writing requirements on the parties. The same commenter
argued that a simple acknowledgement that the software donation has
been or will be made available should be sufficient.
Response: We do not believe the writing requirement should be
scaled back. This condition, as finalized, imposes no greater--and
indeed, may require less--burden on the parties to the written
agreement than would otherwise be expected in a commercial transaction
involving the exchange or use of cybersecurity technologies or services
of this nature between parties, such as a user agreement or purchase
order.
Comment: A commenter noted that the OIG safe harbor would require a
signed written agreement between a donor and recipient, while the
corresponding physician self-referral law exception would require only
``written documentation.'' The commenter recommended that OIG revise
the safe harbor to require only written documentation, as opposed to a
formal written agreement.
Response: The formality of a signed writing serves as an important
safeguard by transparently documenting the parties' donation and formal
agreement to any obligations in connection with such donation. However,
we are persuaded not to require that the writing be set forth in a
single, written agreement. We have revised the writing requirement to
permit a ``collection of documents'' approach. To receive safe harbor
protection, the general description of the technology and services
being provided and the amount of the recipient's contribution, if any,
must be set forth in writing and signed by the parties. The terms do
not need to be set forth in a single, signed writing, although we
believe this approach is a best practice from a compliance perspective.
As explained in section III.A.1. of this preamble, some conditions of
our safe harbors are different from CMS's final rule by design in light
of the different statutory schemes.
o. Cost-Shifting
Summary OIG Proposed Rule: We proposed at proposed paragraph
1001.952(jj)(5) that the donor not shift the costs of the technology or
services to any Federal health care program.
Summary of Final Rule: We are finalizing, without modification, the
condition at paragraph 1001.952(jj)(4). We received general support for
the proposed safeguards in the safe harbor, but we did not receive
specific
[[Page 77829]]
comments on the proposed prohibition against cost-shifting. Donor
Liability
Comment: Several commenters urged OIG to provide guidance on a
donor's potential liability for cybersecurity events affecting any
recipients of cybersecurity donations. Several commenters, including an
organization dedicated to serving chief information officers, chief
medical information officers, chief nursing information officers, and
other senior health care IT leaders asserted that without some way to
protect cybersecurity donors from being held responsible for
cybersecurity incidents involving recipients, providers would be
reluctant to donate technology or services for fear of the downstream
risk they might incur. A few commenters suggested that OIG create
protections for donors that safeguard them from risks stemming from
cybersecurity incidents experienced by recipients. Another commenter
similarly urged OIG to collaborate with OCR to develop a mechanism to
limit the donor's liability for cybersecurity events that may occur at
the recipient's location. Commenters recommended that OIG create
protections for donors that indemnify them from risks stemming from
cybersecurity incidents experienced by donors and clarify whether a
donor can be indemnified from an OCR action related to a breach when
such indemnification provisions are included in the parties' written
contract.
Response: Issues relating to downstream liability, indemnification,
or other contracting and business tort issues are beyond the scope of
this rulemaking. However, we highlight that the safe harbor does not
prevent parties from addressing these issues through contracts or other
agreements, and we note that the facts and circumstances of any
remuneration under such agreements may require separate analysis under
the Federal anti-kickback statute.
Comment: One commenter characterized the safe harbor as protecting
recipients from liability concerning fines, ransom, and litigation
risk.
Response: We agree that the general effect of a cybersecurity
donation should help improve a recipient's cybersecurity, thereby
potentially reducing the recipient's liability risk for fines, ransom,
and litigation stemming from a cyberattack. We clarify, however, that
donations protected under this safe harbor do not include monetary
remuneration to a recipient, or on behalf of a recipient, for any
fines, ransom, or litigation stemming from a cyberattack.
p. Other Comments
Comment: A provider trade association cautioned that hospitals and
health systems that donate or subsidize cyber products and services
should not use those as a pretext for discouraging or inhibiting the
exchange of patient health information between providers.
Response: We note that this safe harbor does not exempt entities
and individuals from other applicable State and Federal laws and
regulations related to the commenter's concerns about entities' conduct
that may inappropriately interfere with, prevent, or materially
discourage the exchange of patient health information between
providers. The ONC regulation entitled ``21st Century Cures Act:
Interoperability, Information Blocking, and the ONC Health IT
Certification Program'' \99\ implements provisions of the 21st Century
Cures Act \100\ (Cures Act) that are designed to address occurrences of
information blocking. If patients, providers, or others believe that a
health care provider, health IT developer of certified health IT, or
health information network or health information exchange is engaging
in information blocking, we encourage reporting complaints to HHS
through the Report Information Blocking portal (https://healthit.gov/report-info-blocking).
---------------------------------------------------------------------------
\99\ 85 FR 25642 (May 1, 2020).
\100\ 21st Century Cures Act, Public Law 114-255, 130 Stat.
1033.
---------------------------------------------------------------------------
Comment: In the preamble to the OIG Proposed Rule related to this
safe harbor, we distinguished certain features of cybersecurity
donations from EHR donations. A commenter asked OIG to clarify its
statement that electronic health record donations ``present a greater
risk that [sic] one purpose of the donation is for the donor to secure
additional referrals from the recipient or otherwise influence
referrals or other business generated.'' \101\ Specifically, the
commenter urged us to clarify that this reference to ``one purpose'' is
not intended to introduce the one-purpose test into the rulemaking.
---------------------------------------------------------------------------
\101\ 84 FR 55737 (Oct. 17, 2019).
---------------------------------------------------------------------------
Response: The Federal anti-kickback statute has been interpreted to
cover any arrangement in which one purpose of the remuneration was to
obtain money for the referral of services or to induce further
referrals, and nothing in this final rule changes such interpretation.
In other words, offering remuneration to a purchaser or referral source
potentially implicates the Federal anti-kickback statute if one purpose
is to induce the purchase or referral of Federal health care program
business. Donations of EHR, like any other thing of value, constitute
remuneration for purposes of the Federal anti-kickback statute. Whether
a particular arrangement including a donation of EHR or cybersecurity
technology and services violates the statute would depend on the facts
and circumstances of such an arrangement, including whether the
arrangement complies with a safe harbor.
With respect to the statement the commenter cited from the OIG
Proposed Rule, we confirm that we are not introducing the so-called
one-purpose test as a condition of the safe harbor at 1001.952(jj).
9. Electronic Health Records Items and Services (42 CFR 1001.952(y))
Summary of OIG Proposed Rule: We proposed changes to the EHR safe
harbor at paragraph 1001.952(y), which protects certain arrangements
involving the donation of interoperable EHR software or information
technology and training services. First, we proposed to amend the safe
harbor to clarify that safe harbor protection has always been available
for certain cybersecurity software and services, and to expand the safe
harbor's potential protection of the donation of software and services
related to cybersecurity. Next, we proposed to update the condition at
paragraph 1001.952(y)(2) to specify that for software to be ``deemed''
interoperable, it must be certified by a certifying body on the date it
is donated. We proposed to modify paragraph 1001.952(y)(3), which
already prohibited conduct similar to ``information blocking'' to align
with the proposed information blocking definition and related
exceptions in the ONC, HHS Notice of Proposed Rulemaking ``21st Century
Cures Act: Interoperability, Information Blocking, and the ONC Health
IT Certification Program'' (ONC NPRM).\102\ We also proposed to
eliminate: (i) The condition at paragraph 1001.952(y)(7) that prohibits
the donation of equivalent items or services to allow donations of
replacement technology; and (ii) the sunset provision at paragraph
1001.952(y)(13) to make the safe harbor permanent. Finally, we proposed
to revise the definitions of ``interoperable'' and ``electronic health
record'' and add a definition of ``cybersecurity,'' and include all
definitions relevant to the safe harbor at proposed paragraph
1001.952(y)(14). We also solicited comments on whether we should modify
or eliminate the 15 percent contribution requirement and whether
[[Page 77830]]
we should expand the scope of protected donors.
---------------------------------------------------------------------------
\102\ 84 FR 7424 (Mar. 4, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications, the
changes we proposed to paragraph 1001.952(y). We are finalizing our
proposal to eliminate the sunset provision and the provision that
prohibits the donation of equivalent EHR items and services. We are
finalizing the language explicitly protecting cybersecurity software
and services and the definition of ``cybersecurity.'' We also are
finalizing our revision to paragraph 1001.952(y)(2) to update the
deeming provision, with a minor clarification. We are not finalizing
paragraph 1001.952(y)(3) related to information blocking or our
proposed modifications to the definition of ``electronic health
record.'' We are finalizing our modifications to the definition of
``interoperable,'' but we are not including the phrase ``without
special effort on the part of the user.'' This final rule also revises
paragraph 1001.952(y)(1) to expand the scope of protected donors to
certain entities such as accountable care organizations and health
systems. The final rule maintains the 15 percent contribution
requirement but also includes flexibilities in connection with
administering that requirement.
a. Cybersecurity
Summary of OIG Proposed Rule: To clarify that the safe harbor
protected cybersecurity software and services related to EHRs, we
proposed to amend the introductory language of paragraph 1001.952(y) by
including the phrase ``including certain cybersecurity software and
services'' and adding the term ``protect.'' We also proposed to include
in paragraph 1001.952(y)(14) a definition for ``cybersecurity'' to mean
``the process of protecting information by preventing, detecting, and
responding to cyberattacks.''
Summary of Final Rule: We are finalizing, without modification, the
introductory language of paragraph 1001.952(y) except for a technical
correction by not including the word ``certain.'' We also finalize the
definition of ``cybersecurity,'' as proposed.
Comment: We received several comments in support of expressly
providing safe harbor protection for certain cybersecurity software and
services that protect electronic health records.
Response: We are finalizing protection for cybersecurity software
and services, as described in more detail below. We note that, to avoid
confusion, we made a technical correction by removing the term
``certain'' in the introductory paragraph of the EHR safe harbor. This
change has no substantive effect. This safe harbor protects
cybersecurity software and services as long as the donation meet all
conditions.
Comment: A commenter expressed concern that the EHR safe harbor's
cybersecurity proposal and the separately proposed cybersecurity safe
harbor (proposed at paragraph 1001.952(jj)) have significant overlap
and could lead to confusion if both were finalized. As such, the
commenter suggested that if OIG were to finalize a separate
cybersecurity safe harbor, the proposed cybersecurity-related
clarifications to the EHR safe harbor would not be necessary. The
commenter requested that if OIG were to finalize protection for certain
cybersecurity software and services within the EHR safe harbor, the
agency clarify that the predominant purpose of the software or service
must be cybersecurity associated with the electronic health records.
Similarly, another commenter suggested that creating separate safe
harbors for electronic health records and cybersecurity is taking a
piecemeal approach to tools that must work together for care
coordination.
Response: We recognize that there is a certain amount of overlap
between the cybersecurity safe harbor finalized in this rule and the
EHR safe harbor amended by this final rule. Regardless of this
acknowledged overlap, it is useful to clarify in the EHR safe harbor
that cybersecurity software and services with the predominant purpose
of protecting electronic health records can be protected under the EHR
safe harbor provided the donation satisfies all other safe harbor
conditions. For example, if one party is donating an EHR system that
could be protected under the EHR safe harbor and that EHR system
includes cybersecurity functions to protect the electronic health
records that might not have appeared to meet the safe harbor's previous
standard of being necessary and used predominantly to create, maintain,
transmit, or receive electronic health records, then parties seeking
safe harbor protection may want to structure the donation arrangement
to satisfy the conditions of the EHR safe harbor rather than
potentially also looking to the cybersecurity safe harbor. However, the
new cybersecurity safe harbor also would remain available for the
protection of cybersecurity technology and services if conditions of
that safe harbor were met. If, in contrast to the example above, the
cybersecurity donation were to include a broader suite of products and
services that do not have a predominant purpose to protect the
electronic health records (but are used predominantly to implement,
maintain, or reestablish effective cybersecurity), then parties seeking
safe harbor protection may want to evaluate the arrangement in the
context of the standalone cybersecurity safe harbor.
Comment: Some commenters asked us to broaden the scope of
cybersecurity protection within the EHR safe harbor to, for example,
protect cybersecurity hardware such as network appliances. One
commenter asked that the safe harbor protect without exception
cybersecurity hardware, software, infrastructure, and services. Another
commenter suggested that if the expanded safe harbor does not protect
hardware, it should permit donors to place cybersecurity hardware at
the recipient's location as long as the donor retains title to or a
leasehold interest in the equipment. A commenter noted that in order to
protect donors from cyberattacks, the safe harbor should protect the
donation of any cybersecurity technology and related services without a
contribution requirement to protect any protected health information
shared for groups of patients.
Response: We are not expanding this safe harbor to protect
additional services or hardware, regardless whether the hardware is
donated or loaned to a recipient. The EHR safe harbor is designed to
protect donations of EHR software and services, and expressly excludes
hardware. By including the word ``protect'' in paragraph 1001.952(y),
we are clarifying that the scope of the safe harbor applies to
cybersecurity software or information technology and training services
that are necessary and used predominantly to protect electronic health
records. There is a separate, standalone safe harbor intended to
protect broader cybersecurity donations available at paragraph
1001.952(jj). That safe harbor, as finalized in this rule, protects
cybersecurity hardware and does not have a contribution requirement.
b. Deeming Provision
Summary of OIG Proposed Rule: We proposed minor modifications to
the deeming provision at paragraph 1001.952(y)(2) by changing ``it has
been certified by a certifying body'' to read ``it is certified by a
certifying body.'' We also proposed to remove reference to ``editions''
of certification criteria to align with proposed changes to the
certification program.
Summary of Final Rule: We are finalizing, with modification, our
proposal to revise the condition at
[[Page 77831]]
paragraph 1001.952(y)(2). We are clarifying that for software to be
``deemed'' interoperable, it must be certified by a certifying body
authorized by ONC to certification criteria identified in the then-
applicable version of 45 CFR part 170. We are making a technical edit
to conform the terminology in our deeming provision to the terminology
used in 45 CFR part 170. Specifically, we are removing the phrase
``electronic health record'' preceding ``certification criteria''
because it has been removed from 45 CFR 170 as of June 30, 2020. We are
also deleting the word ``editions.''
Comment: Commenters generally agreed with our proposal to clarify
that software would be deemed interoperable under the safe harbor if,
on the date it is donated, it ``is certified'' by a certifying body
authorized by ONC rather than ``has been certified.'' Some commenters
had questions about our removal of the phrase ``an edition'' before
``the electronic health record certification criteria'' and inquired
whether we should specify that the criteria are the ``latest'' or
``current'' certification criteria.
Response: We agree with comments that we should clarify our
intention for the software to be certified to the then-current
certification criteria. However, rather than inserting new language the
deeming provision will read: ``[f]or purposes of this paragraph (y)(2),
software is deemed to be interoperable if, on the date it is provided
to the recipient, it is certified by a certifying body authorized by
the National Coordinator for Health Information Technology to
certification criteria identified in the then-applicable version of 45
CFR part 170.'' The version of paragraph 1001.952(y)(2) being finalized
maintains nearly identical language from OIG's 2013 final rule
addressing the electronic health records safe harbor (2013 EHR Final
Rule) except that we changed ``it has been certified by'' to ``it is
certified by'' \103\ and, as noted above, we removed the phrase
``electronic health record'' before ``certification criteria.'' We note
that this latter change does not alter the scope of remuneration
protected under this safe harbor; despite removing the phrase in the
deeming provision, the safe harbor continues to protect only items and
services that are used predominantly to create, maintain, transmit,
receive, or protect electronic health records that meet all criteria of
the safe harbor.
---------------------------------------------------------------------------
\103\ 78 FR 79202 (Dec. 27, 2013).
---------------------------------------------------------------------------
Comment: A commenter opposed the concept of an ``optional'' deeming
provision, asserting that it is critical to require that software be
certified by a certifying body authorized by ONC to further support the
goal of value-based arrangements.
Response: We agree that interoperability is a critical condition of
the EHR safe harbor, but we disagree with the commenter that
certification by a certifying body authorized by ONC should be the only
way of meeting this standard. This certification provides donors and
recipients with assurance that their product is interoperable for
purposes of this safe harbor, but such certification is not a
requirement for safe harbor protection.
Comment: A commenter suggested that the proposed change to the
deeming provision creates compliance uncertainty in the context of an
ongoing software donation. In particular, the commenter was concerned
that the proposed wording change would mean that any time after the
initial donation the EHR software loses its certification, the
continued provision of the software including maintenance would
implicate the fraud and abuse laws. Other commenters supported the
proposal to require software to be certified at the time it is provided
to a recipient, with a commenter noting that any updates to donated
systems should also be certified to the most recent standards. A
commenter asked that physicians not participating in the Quality
Payment Program be granted a 5-year grace period under the
interoperability deeming provision so that their donated EHR software
need only be certified to the 2015 edition.
Response: The deeming provision in paragraph 1001.952(y)(2) is
optional. Certification of donated software by a certifying body
authorized by ONC is not required to meet the terms of the safe harbor;
the safe harbor requires that, to receive protection, the software must
be interoperable at the time it is provided to the recipient. To the
extent physicians or other health care providers are seeking protection
of donated EHR items and services under the safe harbor, the donated
EHR software need only be interoperable (as defined at paragraph
1001.952(y)(14)(iii)) to satisfy the condition at paragraph
1001.952(y)(2).
If an EHR item or service loses its certification, it would no
longer satisfy the deeming provision. Therefore, new donations of such
EHR items or services, including updates and patches of the software
would not satisfy the safe harbor's deeming provision. However, if the
EHR items or services were still interoperable (as defined at paragraph
1001.952(y)(14)(iii)), then the safe harbor would protect continued
donation of such software and services, including patches, as long as
all other conditions are met.
c. Information Blocking
Summary of OIG Proposed Rule: We proposed modifying paragraph
1001.952(y)(3) by incorporating a reference to the information blocking
definition and related exceptions in 45 CFR part 171. We solicited
comments on this approach.
Summary of Final Rule: We are not finalizing the proposed
modification to paragraph 1001.952(y)(3) and instead are deleting this
condition from the safe harbor.
Comment: We received a number of comments about our proposal to
incorporate the ``information blocking'' prohibition from the 21st
Century Cures Act (Cures Act) \104\ or the ONC NPRM into the safe
harbor at paragraph 1001.952(y)(3). While commenters did not
necessarily disagree that information blocking should be prohibited,
commenters raised a number of questions and concerns regarding how such
a provision would work in a safe harbor. For example, although we
received from commenters support for our proposal to update the safe
harbor to include a condition that would preclude safe harbor
protection for arrangements that lead to ``information blocking'' as
that term is used in the Cures Act, a number of commenters expressed
concern about relying on the ONC NPRM, which was not yet final.
Commenters were particularly concerned about the array of exceptions to
the definition of ``information blocking'' and incorporation of the
definition of ``electronic health information'' as proposed in the ONC
NPRM.
---------------------------------------------------------------------------
\104\ 21st Century Cures Act, Public Law 114-255, 130 Stat.
1033.
---------------------------------------------------------------------------
Some commenters asked that we clarify which party is responsible to
ensure that information blocking does not occur. For example, some
commenters noted that a donor cannot control what happens to software
after it is donated. Similarly, several commenters recommended removing
or revising the condition that a donor (or any person on a donor's
behalf) does not engage in a practice constituting information
blocking, explaining that a vendor may engage in information blocking
without the donor's knowledge. Commenters expressed contrasting
opinions about the proposed knowledge standard, with some commenters
recommending that it apply to both health care providers and health
plans that voluntarily use the safe
[[Page 77832]]
harbor to protect donations under this safe harbor, while others
recommending that health plans be subject to the ``knows, or should
know'' standard because health plans are not health care providers and
do not have direct patient care responsibilities.
Another commenter noted that if a determination of information
blocking against either a donor or recipient occurs at some time after
a donation, the recipient may be vulnerable to unexpected costs or lose
access to its health information technology if the arrangement suddenly
ends.
Another commenter suggested that, rather than including a
prohibition on information blocking (as such term is defined in the
Cures Act or in 45 CFR part 171) as a safe harbor condition, OIG should
assume that information blocking will not be tolerated and will be
enforced through other authorities.
Response: Based on the comments and assessing the final rule
published by ONC, ``21st Century Cures Act: Interoperability,
Information Blocking, and the ONC Health IT Certification Program''
(ONC Final Rule),\105\ we are not finalizing the proposed information
blocking condition, and we are removing the existing paragraph
1001.952(y)(3), which prohibits the donor or any person on the donor's
behalf from taking any action to limit or restrict the use,
compatibility, or interoperability of the donated EHR items or
services. This condition, when originally implemented in OIG's 2006
final rule creating the electronic health records safe harbor (2006 EHR
Final Rule),\106\ was intended to help ensure that transfers of health
information technology will further the policy goal of fully
interoperable health information systems and will not be misused to
steer business to the donor.\107\ The 2013 EHR Final Rule also
explained that the Department was considering other policies to improve
interoperability, and noted that those policy efforts are better suited
than this anti-kickback statute safe harbor to consider and respond to
evolving functionality related to the interoperability of electronic
health record technology.\108\ At that time, the Department had few
other authorities to directly address information blocking. However,
there are now other enforcement authorities designed to address
information blocking. For example, the Cures Act gave ONC and OIG more
direct authority to address information blocking.\109\ Additionally,
CMS has separate authority to require certain providers and suppliers
to attest that they have not knowingly and willfully limited or
restricted the compatibility or interoperability of their certified
electronic health record technology.\110\
---------------------------------------------------------------------------
\105\ 85 FR 25642 (May 1, 2020).
\106\ 71 FR 45110 (Aug. 8, 2006).
\107\ 71 FR 45127.
\108\ 78 FR 79214 (Dec. 27, 2013).
\109\ Sec. 4002 and 4004 of the Cures Act.
\110\ See 81 FR 77008, 77028 (Nov. 4, 2016).
---------------------------------------------------------------------------
In addition, the Cures Act and the ONC Final Rule recognize that
certain practices likely to interfere with, prevent, or materially
discourage access, exchange, or use of electronic health information
may nonetheless be reasonable and necessary. That is why the Cures Act
directed the Secretary to identify exceptions to the definition of
``information blocking.'' The ONC Final Rule implements eight
exceptions that apply to practices likely to interfere with, prevent,
or materially discourage access, exchange, or use of electronic health
information provided the practice meets the conditions of an exception.
However, the condition at paragraph 1001.952(y)(3) as implemented by
the 2006 EHR Final Rule conditioned safe harbor protection on a party
not taking ``any action to limit or restrict the use, compatibility, or
interoperability'' of the donated EHR items or services. The condition
did not account for actions that may be reasonable and necessary, such
as implementing privacy and security measures.
Recognizing these developments, we agree with the commenter that
these new authorities are better suited than a safe harbor condition to
deter information blocking and penalize individuals and entities that
engage in information blocking. We also agree with commenters that a
recipient is unlikely to have the capabilities to determine whether a
donor (or someone on the donor's behalf) engaged in information
blocking, which includes a level of intent set by statute, or met an
exception to information blocking as set forth in the ONC Final Rule.
Given these potential issues with the proposed modifications to
paragraph 1001.952(y)(3) and limitations of the original condition in
paragraph 1001.952(y)(3) discussed previously, the condition may no
longer be an effective way to achieve the policy goals that served as
the original basis for this condition. Removing the condition at
paragraph 1001.952(y)(3) is responsive to commenters that had questions
about the scope of information blocking practices, how OIG would
determine the party responsible, how the information blocking knowledge
standard in the Cures Act and ONC Final Rule would be assessed in
context of this safe harbor, and how the condition would apply to
parties that may not be subject to the information blocking provision
in section 3022 of the Public Health Service Act (PHSA).
We emphasize, however, that we are maintaining the interoperability
condition in paragraph 1001.952(y)(2). We believe this condition and
the optional deeming provision will ensure that donations of EHR items
and services that meet the conditions of this safe harbor further the
Department's policy goal of an interoperable health system and prevent
donations being made with the intent to lock in referrals by limiting
the flow of electronic health information.
OIG remains committed to taking action against individuals and
entities that engage in information blocking, using specific
authorities to do so. Separate from this rule, OIG published a notice
of proposed rulemaking related to information blocking
enforcement.\111\ That proposed rule, among other things, proposes the
basis and procedures for information blocking enforcement. As stated in
that proposed rule, addressing the negative effects of information
blocking is consistent with OIG's mission to protect the integrity of
HHS programs as well as the health and welfare of program
beneficiaries.\112\
---------------------------------------------------------------------------
\111\ 85 FR 22979 (Apr. 24, 2020).
\112\ Id.
---------------------------------------------------------------------------
d. Sunset Provision
Summary of OIG Proposed Rule: We proposed to eliminate the sunset
provision at paragraph 1001.952(y)(13). As an alternative, we also
proposed an extension of the sunset date for the final rule.
Summary of Final Rule: We are finalizing this proposal by deleting
the sunset provision at paragraph 1001.952(y)(13).
Comment: We received nearly universal support for removing the
sunset provision in paragraph 1001.952(y)(13), which requires that all
protected EHR donations must occur on or before December 31, 2021.
Commenters asserted that the elimination of the sunset date would
provide certainty for the ongoing protection of donations of EHR items
and services. One commenter who generally supported making the safe
harbor permanent recommended that OIG delay doing so until the ONC NPRM
is finalized and available for stakeholder consideration.
Response: We agree that eliminating the sunset provision provides
certainty,
[[Page 77833]]
and we are finalizing our proposal to make this safe harbor permanent
and, as we note above, the ONC Final Rule was issued on May 1, 2020.
e. Contribution Requirement
Summary of OIG Proposed Rule: We did not propose specific changes
to the 15 percent contribution requirement at paragraph
1001.952(y)(11). Instead, we considered and solicited comments on three
alternatives: (i) Eliminating or reducing the percentage of the
contribution required for small or rural practices; (ii) reducing or
eliminating the 15 percent contribution requirement in this safe harbor
for all recipients; or (iii) modifying or eliminating the contribution
requirement for updates to previously donated EHR software or
technology.
Summary of Final Rule: We are retaining the 15 percent contribution
requirement at paragraph 1001.952(y)(11) but removing the requirement
that payment of the contribution be made in advance for updates to
existing EHR systems. To make this modification, we have added new
paragraphs at 1001.952(y)(11)(i) and (ii). Paragraph 1001.952(y)(11)(i)
describes that contributions for initial and replacement EHR items and
services must be made in advance of the donation and contributions for
updates to previously donated EHR item and services need not be paid in
advance. Paragraph 1001.952(y)(11)(ii) is the new location of the
condition that the donor does not finance the recipient's contribution
amount; it does not include any substantive changes.
Comment: A large number of commenters on this topic recommended
that we remove the 15 percent contribution requirement for all
donations and for all recipients. Commenters provided several reasons
to remove the contribution requirement (paragraph 100.952(y)(11)). For
example, some commenters suggested that this requirement restricts the
use of EHRs with interoperable capabilities; that this is not an
effective deterrent to inappropriate EHR donations; and that the
percentage is an arbitrary amount that limits the use of important
patient tools. Commenters noted that any transition to improve EHR
technology can streamline physicians' workflows; alleviate burdens;
allow physicians to spend more time with their patients; and allow
(assuming that the donated technology is truly interoperable) the
sharing of patient records with near equal ease with other providers
using certified EHR technology. Some commenters questioned whether a
recipient contribution reduces the risk of steering and inappropriate
referrals.
Commenters noted that the donation of EHR technology can be
beneficial to recipients who may be unsatisfied with their EHR platform
but lack the resources to transition to a new platform. A commenter
noted that the contribution requirement may be an unreasonable
constraint on how health systems and hospitals finance the needed
infrastructure to implement new value-based payment models and promote
the coordination of care. Commenters cited the added burden involved in
setting the contribution amount in writing and the necessary, ongoing
monitoring to ensure compliance. Commenters also highlighted that
eliminating the requirement would align this safe harbor with the
proposed cybersecurity safe harbor at paragraph 1001.952(jj) for which
OIG did not propose to include a contribution requirement.
Commenters that supported eliminating the contribution requirement
as a condition to this safe harbor still supported allowing the donor
to require a contribution. For example, a commenter suggested that any
contribution requirement should be left up to market forces and
negotiation between the parties. Another commenter stated that the
contribution amount should be at the discretion of the donor as long as
the donor consistently and fairly applies their policy to all
recipients. Finally, a commenter suggested that the contribution
requirement should only be eliminated if the scope of protected donors
remains the same.
Response: We understand the donation recipients' desires to
eliminate the 15 percent contribution requirement. However, after
careful consideration, we continue to believe that the contribution
requirement is an important safeguard against fraud and abuse in light
of the specific risks of inappropriate generation of referrals
presented by donation of EHR items and services. When recipients of
valuable remuneration have some responsibility to contribute to the
cost of the items or services, they are more likely to make
economically prudent decisions and accept only what they need or will
use. As we note below, however, we are adding some flexibilities in
connection with administering the contribution requirement.
Comment: Some commenters raised concerns about eliminating the
contribution requirement. For example, one commenter believed that
physician adoption and use of an EHR system is improved when they have
a certain level of buy-in and share in the financial cost. Similarly,
other commenters suggested that 15 percent represents a fair
contribution amount, serves as a reasonable safeguard to reduce
wasteful spending, and that it is important for recipients to have a
stake in the purchased technology.
Response: We agree with commenters that the contribution amount is
fair and provides a reasonable safeguard. For these and other reasons
discussed in this final rule, we are maintaining the 15 percent
contribution requirement.
Comment: We received support for eliminating the recipient
contribution requirement for at least a subset of recipients. Some
commenters specifically referenced removing the requirement for all
physicians. A majority of these commenters recommended removing the
contribution requirement for at least small and rural providers or
providers serving underserved populations. Some commenters expressed
concern about how we would define ``small'' or ``rural'' if we limited
the exception to those classes of individuals or entities. A number of
commenters requested that the concept of ``small and rural'' practices
be defined broadly and to specifically include free clinics, charitable
clinics, and charitable pharmacies. We also received a recommendation
to adopt the definition of ``small practice'' used in the CMS Quality
Payment Program.\113\ Various commenters requested that the
contribution requirement be eliminated for safe harbor protection
applicable to Indian health care provider recipients. We also received
comments regarding other potential recipients for whom the contribution
requirement may be a financial burden, such as critical access
hospitals, disproportionate share hospitals, and essential hospitals. A
commenter recommended that ``underserved practices'' should be defined
as those in: (i) Medically underserved areas, as designated by the
Secretary under section 330(b)(3) of the PHSA; (ii) primary health care
geographic health professional shortage areas, as designated by the
Secretary under section 332(a)(1)(A) of the PHSA; or (iii) a critical
access hospital. A commenter recommended defining ``rural practices''
as those located in rural areas, as defined in the local transportation
safe harbor at paragraph 1001.952(bb).
---------------------------------------------------------------------------
\113\ 42 CFR 414.1305.
---------------------------------------------------------------------------
Commenters noted that for cash-strapped entities, the contribution
requirement is a financial burden. For example, certain tribal
organizations
[[Page 77834]]
highlighted the financial burden of the EHR safe harbor's contribution
requirement for Indian health care providers and asserted any
contribution requirement may inappropriately divert funding away from
patient care. Some commenters noted that the 15 percent contribution
can be a significant barrier for physician adoption of EHR technology,
even for practices that may not qualify as small or rural practices.
Some commenters noted that the burden is not only in the actual cost of
the contribution but also the administrative tasks associated with
tracking and calculating the 15 percent.
Response: As we explain above, we are retaining the 15 percent
contribution requirement for all recipients seeking protection for EHR
donations under the EHR safe harbor. We agree with the commenters who
expressed concern about defining subgroups of entities to exempt from
this requirement. Even if we were to adopt certain definitions existing
in other regulations or definitions suggested by commenters, some of
those designations can change over time (e.g., a physician practice may
qualify as a ``small practice'' at some but not other points in time
depending on staffing changes), which could create confusion about
implementation of the contribution requirement and raise corresponding
safe harbor compliance concerns. In addition, the fraud and abuse risks
associated with EHR donations apply regardless of the geography or size
of the donation recipient. If cost is a barrier for a particular
recipient, the recipient could request an advisory opinion about an
arrangement without a 15 percent contribution requirement.
Comment: In response to our solicitation of comments on
possibilities to reduce any uncertainty and administrative burden
associated with assessing a contribution for each update, some
commenters addressed other aspects of the contribution requirement. For
example, a commenter expressed concern about the requirement that
contributions must be made in advance. This commenter noted that
recipients may unintentionally fall outside the safe harbor due to
inadvertent late payments and requested that OIG add a remedy period
for mistakes to be corrected without losing safe harbor protection.
Another commenter recommended eliminating the requirement that fees be
collected prior to the receipt of services and recommended instead to
require a commercially reasonable collections process.
Response: Consistent with our solicitation of comments on
uncertainty and administrative burden, and our statement in the OIG
Proposed Rule that we were considering modifying the contribution
requirement as it relates to updates, we are removing the requirement
that payment of the contribution be made in advance for updates to
existing EHR systems. We recognize that updates may need to take place
quickly to remedy security or other problems in an EHR system, and we
understand the commenter's concern about inadvertent late payments
under such circumstances. We believe it is reasonable and does not
create additional risk to bill a recipient for its contribution after
providing the update. The safe harbor does not require a specific
billing method. In other words, a donor could choose to bill a
recipient separately for each update or could bill the recipient
monthly or quarterly to combine the contribution claims for all updates
during a select period of time.
We are not, however, removing the requirement that contributions be
made in advance of an initial donation (including the donation of a
replacement system). Parties seeking safe harbor protection can
effectively plan for an initial donation, with all expenses known up
front, so that there is not the same administrative burden or
uncertainty that parties may experience when invoicing for periodic
updates, and, therefore, there is less risk of inadvertent late
payments. Because the need for safe harbor protection would not be
triggered until the initial donation happens, and the parties have the
ability to wait to make the donation until the contribution is paid, we
are not adopting a cure period for late payments associated with
initial or replacement donations.
Comment: A number of commenters asked that if OIG retains a
contribution requirement on the initial EHR donation, the contribution
requirement be eliminated for updates to the original donation.
Commenters noted that the updates may ensure that the donation
continues to function as needed and to meet current Federal standards
for data exchange. In contrast, a commenter recommended OIG consider
retaining a contribution requirement only for the provision of
replacement technology while eliminating it for the original donation
and any updates to that original system.
Response: As explained above, we are retaining the contribution
requirement for updates but will no longer require that the
contribution for updates be made in advance. We recognize that updates
are crucial for the continuing functionality of a system. However, we
do not think it is feasible to retain a contribution requirement for
certain donations and eliminate it for others. If we were to adopt that
policy, parties might structure donations to game the difference
between donation types. For example, if a recipient were not required
to contribute to updates, parties could structure the ``initial''
donation to consist of a functionality with a small cost and
consequently a small required contribution, with the most valuable
functionality deemed to be an ``update'' with no required contribution.
We believe the risk posed by such arrangements would reduce the
effectiveness of the contribution requirement as a safeguard against
fraud and abuse. For this reason, all donations protected by this safe
harbor require a recipient contribution.
Comment: A commenter requested that if a contribution requirement
is retained, the parties use either the fair market value or the
underlying cost of the donation as the base amount from which the
contribution is calculated. The commenter believed that this would
reduce the administrative burden of compliance, which might allow
smaller providers to donate protected EHR.
Response: The relevant standard in the safe harbor is that ``the
recipient pays 15 percent of the donor's cost for the items and
services.'' We did not propose to change this cost-based standard and
are not finalizing any change. In 2006, when we initially finalized the
EHR safe harbor, we provided an explanation about calculating the cost
of these items and services.\114\ The cost should be clear when a donor
is purchasing an item or service from a vendor. However, we recognized
some software or other modules may be internally developed. We
recommended that parties should use a reasonable and verifiable method
for allocating costs and maintain documentation of such allocation. We
explained there, and maintain here, that the method for allocating
costs would be scrutinized to ensure that they do not inappropriately
shift costs in a manner that provides an excess benefit to the
recipient or results in the recipient effectively paying less than 15
percent of the donor's true cost for the technology.\115\
---------------------------------------------------------------------------
\114\ 71 FR 45133 (Aug. 8, 2006).
\115\ 71 FR 45133 (Aug. 6, 2006).
---------------------------------------------------------------------------
Comment: A commenter encouraged HHS to study whether the 15 percent
recipient contribution requirement has in fact prevented some or many
physicians practices from adopting EHR technology, whether the safe
harbor has produced lasting partnerships and ongoing incentives to use
technology, and whether technology donations
[[Page 77835]]
potentially protected by the safe harbor have resulted in market
consolidation or channel capture that has led to increased costs for
consumers.
Response: Any decision by HHS to study the effectiveness or other
impact of the safe harbor and its conditions is outside the scope of
this rulemaking.
Comment: A commenter recommended not requiring the 15 percent
contribution for cybersecurity donations under this safe harbor. The
commenter noted that some organizations will permit practices to use
their EHR systems only if the practice has certain cybersecurity
protections, and thus the commenter suggested that the party requiring
the cybersecurity protection should pay any costs associated with it.
Response: We are not finalizing separate requirements for different
types of donations within this safe harbor. If a party seeks to protect
a donation of cybersecurity software or services under the conditions
of the EHR safe harbor, then a contribution is required. However,
parties that seek to protect a cybersecurity donation without a
recipient contribution could structure the donation to meet the safe
harbor for cybersecurity technology and related services at paragraph
1001.952(jj).
f. Equivalent Technology and Scope of Protected Donations
Summary of OIG Proposed Rule: We proposed to delete the condition
that prohibits the donation of equivalent items or services at
paragraph 1001.952(y)(7) to allow donations of replacement EHR
technology.
Summary of Final Rule: We are finalizing this proposal by deleting
paragraph 1001.952(y)(7).
Comment: Commenters broadly supported removing the safe harbor
condition at paragraph 1001.952(y)(7) that prohibits the protection of
EHR donations if a recipient possesses items or services equivalent to
those to be donated. Commenters provided a number of reasons for their
support of the elimination of this condition, highlighting that some
physician practices may be working with an EHR system that no longer
meets their needs, is outdated, or is otherwise substandard because
they cannot afford the full cost to replace the system. A commenter
recommended that OIG eliminate this condition but require a documented
rationale for a need for replacement technology.
Response: We agree with the commenters and are finalizing our
proposal to remove the condition at paragraph 1001.952(y)(7) that
prohibits the donation of equivalent items and services. We recognize
that there may be valid business or clinical reasons for a recipient to
replace an entire system rather than update existing technology. Under
this safe harbor, replacement technology is treated the same as a new
donation and would need to meet all conditions of the safe harbor to
receive protection. For example, a recipient of replacement technology
would be required to pay at least 15 percent of the donor's cost for
the items and services before receiving the items and services. We
believe that treating a donation of replacement technology the same as
a new donation strikes an appropriate balance by making necessary
replacements financially feasible for recipients while maintaining
safeguards to limit the risk of recipients inappropriately soliciting
or accepting unnecessary technology.
Comment: Commenters recommended revisions to the language related
to the scope of protected donations. For example, a commenter requested
that the safe harbor be expanded to include training, maintenance, and
upgrades of EHRs. Similarly, a commenter recommended revising the
language to items and services in the form of software, other
information technology, and related services, including implementation,
training and support services. A commenter asked whether the safe
harbor would still potentially protect the ``services'' listed as
examples in the 2006 EHR Final Rule such as connectivity, broadband,
wireless, clinical support, information services related to patient
care, and maintenance. Another commenter was concerned that the safe
harbor protected only donations of technology that have been certified
by ONC. Other commenters asked for a significantly expanded scope of
potentially protected donations including but not limited to: (i)
Hardware; (ii) technology related to information sharing; (iii) cloud-
based items and services; (iv) practice management and revenue cycle
systems and services; (v) clearinghouse services; and (vi) industry-
supported data collection and analytics.
Response: As we note elsewhere in this section, we are removing the
condition at 1001.952(y)(7) from the safe harbor to protect donations
of replacement technology and clarifying the safe harbor to explicitly
protect cybersecurity software and services if all safe harbor
conditions are satisfied. The safe harbor already could protect some of
the items or services suggested by commenters, such as maintenance and
training. The modifications to this safe harbor as finalized, do not
narrow the scope of items or services that could receive safe harbor
protection; the examples listed in the 2006 EHR Final Rule could still
receive safe harbor protection under the amended safe harbor finalized
in this rule.\116\ We also wish to highlight, as we explain elsewhere,
that the safe harbor does not require that donated software is
certified as interoperable by a certifying body authorized by ONC; the
safe harbor requires that donated software is interoperable. Per the
terms of the ``deeming provision,'' certified software is deemed to be
interoperable. The scope of electronic health record items and services
protected by this safe harbor and the optional deeming provision give
donors and recipients appropriate flexibility to determine which items
and services should be donated given their circumstances. For example,
long-term care and post-acute care recipients may need different types
of electronic health record items and services than a physicians group
practice needs.
---------------------------------------------------------------------------
\116\ Specifically, we stated in the 2006 EHR Final Rule that we
interpret `` `software, information technology and training services
necessary and used predominantly' for electronic health records
purposes to include the following, by way of example: Interface and
translation software; rights, licenses, and intellectual property
related to electronic health records software; connectivity
services, including broadband and wireless internet services;
clinical support and information services related to patient care
(but not separate research or marketing support services);
maintenance services; secure messaging (e.g., permitting physicians
to communicate with patients through electronic messaging); and
training and support services (such as access to help desk
services). We interpret the scope of covered electronic health
records technology to exclude: Hardware (and operating software that
makes the hardware function); storage devices; software with core
functionality other than electronic health records (e.g., human
resources or payroll software, or software packages focused
primarily on practice management or billing); or items or services
used by a recipient primarily to conduct personal business or
business unrelated to the recipient's clinical practice or clinical
operations. Furthermore, the safe harbor does not protect the
provision of staff to recipients or their offices. For example, the
provision of staff to transfer paper records to the electronic
format would not be protected.'' 71 FR 45125.
---------------------------------------------------------------------------
We did not propose and thus are not finalizing in this safe harbor
any expansion that would protect donated hardware. For any of the other
software or services for which commenters requested safe harbor
protection, the standard remains as we proposed, i.e., that the items
or services must be necessary and used predominantly to create,
maintain, transmit, receive, or protect electronic health records. For
example, some technology related to information sharing could meet this
standard, such as the donation of software or services related to
application programming interfaces (APIs) used to support the exchange
of
[[Page 77836]]
electronic health information. Parties seeking to rely on the safe
harbor need to analyze the EHR donation arrangement to ensure that it
squarely meets all of the safe harbor's conditions.
g. Protected Donors
Summary of OIG Proposed Rule: We solicited comments on either
removing the restrictions on protected donors in paragraph
1001.952(y)(1)(i) or revising the paragraph to protect donations from
entities with indirect responsibilities for patient care, such as
health systems or accountable care organizations that are neither
health plans nor submit claims for payment.
Summary of Final Rule: This final rule expands the scope of
protected donors to certain entities that are comprised of the types of
individuals or entities listed as protected donors in paragraph
1001.952(y)(1)(i)(A). To effectuate this change, we added paragraphs
1001.952(y)(1)(i)(A) and (B), which describe the entities previously
considered protected donors to include the new entities considered
protected donors as established by this final rule.
This final rule expands the scope of protected donors to certain
entities that are comprised of the types of individuals or entities
listed as protected donors in paragraph 1001.952(y)(1)(i)(A), as
described in more detail below.
Comment: We received a range of comments in response to our
suggestion that we may consider expanding the scope of protected
donors. At one end of the spectrum, we received a suggestion not to
change the scope of protected donors at all. At the other end, a
commenter stated that the safe harbor should protect donations from all
entities. However, the most common recommendation from commenters on
this topic was to expand the scope of protected donors to entities with
indirect responsibility for patient care such as health systems,
accountable care organizations, clinically integrated entities, and
other entities that bear financial risk in patient outcomes. Commenters
noted that these types of entities have little incentive to abuse the
safe harbor and that protecting donations from certain entities that do
not bill the Federal health care programs would facilitate expanded use
of technology that may reduce the cost of care and increase care
coordination. We also received a request to continue excluding
laboratories from the scope of protected donors.
Response: We agree with commenters who recommended expanding the
scope of protected donors to include entities comprised of the types of
entities currently covered as protected donors (e.g., parent companies
of hospitals, health systems, and accountable care organizations). We
see little added risk to protecting donations of interoperable
electronic health records software or information technology and
training services by entities such as health systems or accountable
care organizations. These entities may have financial risk for patient
outcomes and generally do not directly receive referrals. However, we
believe the risk is too high to expand safe harbor protection to
donations from all entities. We continue to have concerns about
protecting EHR donations made by laboratories or manufacturers or
suppliers of items. Accordingly, donations made by these entities will
continue to be ineligible for protection under the EHR safe harbor.
Comment: A commenter asked whether the safe harbor protects
donations from pharmaceutical manufacturers that participate in Federal
health care programs.
Response: Pharmaceutical manufacturers generally do not bill
Federal health care programs and are not comprised of entities that
bill Federal health care programs and therefore are not protected
donors under the safe harbor. While we recognize that some
manufacturers have implemented programs that include more direct
contact with patients and payors, the concerns we expressed in the
preamble to the 2006 EHR Final Rule \117\ continue to exist today. If a
manufacturer that operates its business in a way that it believes would
meet the terms of this safe harbor has questions about whether any
donation would be protected by the safe harbor or present a low risk of
fraud and abuse under the Federal anti-kickback statute, the advisory
opinion process remains available.
---------------------------------------------------------------------------
\117\ 71 FR 45128 (``We have not included as protected donors
pharmaceutical . . . manufacturers. . . . These entities do not
provide health care items or services to patients or submit claims
for those services. Our enforcement experience demonstrates that
unscrupulous manufacturers have offered remuneration in the form of
free goods and services to induce referrals of their products. Given
this enforcement history, and the lack of a direct and central
patient care role that justifies safe harbor protection for the
provision of electronic health records technology, we are not
including manufacturers as protected donors. We believe there is a
substantial risk that, in many cases, manufacturers' primary
interest in offering technology to potential referral sources would
be to market their products.'')
---------------------------------------------------------------------------
Comment: A commenter requested that the safe harbor protect
donations made only by donors that provide EHR access to pharmacists.
The commenter stated that some health information technology systems
block pharmacists' visibility into relevant clinical information from
other health care providers.
Response: The safe harbor does not limit the scope of protected
donors to donors that grant EHR access to a specified range of
providers or suppliers. However, for a donation to be protected, it
must be interoperable and should not inappropriately interfere with,
prevent, or materially discourage access, exchange, or use of
electronic health information (e.g., inappropriately limit visibility
to relevant clinical information). To the extent that patients,
providers, or others believe that a health care provider, health IT
developer of certified health IT, health information network, or health
information exchange is engaging in information blocking, we encourage
reporting complaints to HHS through the Report Information Blocking
portal, which is available at https://healthit.gov/report-info-blocking.
Comment: A commenter requested that the EHR safe harbor protect
donations made by multiple donors for different types of technology to
a single recipient, as long as the technology meets the
interoperability requirements. The commenter recommended the safe
harbor specifically protect the donation of supplemental, nonequivalent
EHR applications that supplement a recipient's current EHR system and
noted that such applications could come from different donors. The
commenter further proposed the safe harbor require a clinical necessity
analysis for ``add-on'' EHR applications in addition to replacement
technology.
Response: Nothing in the amended safe harbor, as it is being
finalized, would prevent safe harbor protection of donations of ``add-
on'' EHR applications or donations from multiple donors. Protection
offered by this safe harbor is not limited to EHR products that include
within a single product a sufficiently comprehensive array of functions
to constitute an ``EHR system.'' Instead, as explained in the 2006 EHR
Final Rule, the safe harbor also applies to donations of software that
serve a specific function related to electronic health records, such as
interface and translation software and secure messaging. In some
instances, those functions may be part of a larger EHR software
product, or they may be implemented via standalone software that
interacts with a provider's electronic health record system. If each
donation squarely satisfies the requirements of the amended safe
harbor--including the requirement that the software is or the
information technology and training services are
[[Page 77837]]
necessary and used predominantly to create, maintain, transmit,
receive, or protect electronic health records--such donations could be
protected regardless of whether the technology is donated by one or
multiple donors.
We did not propose and thus are not finalizing a condition that
requires a clinical necessity analysis of donations. Such condition
would not be necessary in the safe harbor given the totality of its
conditions.
h. Definitions
i. Electronic Health Record
Summary of OIG Proposed Rule: We proposed to modify the definition
of ``electronic health record'' in paragraph 1001.952(y)(14)(iv) to
mean: ``a repository of electronic health information that: (A) Is
transmitted by or maintained in electronic media; and (B) relates to
the past, present, or future health or condition of an individual or
the provision of healthcare to an individual.''
Summary of Final Rule: We are not finalizing the proposed
definition of electronic health record and instead retain the previous
definition. This final rule moves the definition of ``electronic health
record'' to paragraph 1001.952(y)(14)(iv).
Comment: Several commenters expressed general support for our
proposed revision to the definition of ``electronic health record,''
particularly to the extent that the definition would align with the
definition included in the Cures Act. However, a number of commenters
were concerned about our proposal to use the term ``electronic health
information'' as the ONC NPRM proposed to define such term. Commenters
asserted that the regulatory definition proposed by ONC is overly broad
and may extend far beyond what Congress intended under the Cures Act.
For example, a commenter argued that under the proposed definition a
patient's computer or mobile telephone could be considered an
electronic health record if the patient obtained a copy of their health
record through electronic transmittal. Commenters also made several
suggestions to limit the scope of ``electronic health information.''
Response: As we stated in the OIG Proposed Rule, we did not intend
for our proposed modifications to the definition of ``electronic health
record'' to make a substantive change to the scope of protection.\118\
We thank commenters for highlighting the complexities that our changes
inadvertently might have introduced. To remain true to our intent, we
are not finalizing any proposed changes to the definition of
``electronic health record.'' We will retain the existing definition in
the safe harbor, which appears at paragraph 1001.952(y)(14)(iv).
---------------------------------------------------------------------------
\118\ See 84 FR 55742 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: A commenter recommended that the definition of
``electronic health record'' should be standardized across all Federal
regulations, as permitted by the relevant statutory framework. However,
the commenter expressed doubt that changing the definition of
``electronic health record'' as OIG proposed would keep up with a
dynamic redefinition of how electronic health care is provided.
Response: A suggestion to standardize definitions across Federal
regulations is outside the scope of this final rule. As noted above, we
are not finalizing any changes to the definition.
Comment: A commenter recommended that OIG define the parameters of
the EHR safe harbor to ensure that the scope of covered technology
under the ``electronic health record'' definition protects products
beyond those that are standalone EHRs (e.g., products that connect to,
amplify the capabilities of, or leverage the data in EHRs to promote
coordination and management of care). According to the commenter, there
are emerging technologies that leverage data in EHRs without creating
new records and enable patients to leverage technology to maintain
longitudinal records. To modernize the safe harbor to accommodate these
developments, a commenter asked that OIG clarify that the term
``repository'' in the current and proposed definition of EHR is not
limited to existing models of EHR. The commenter also recommended that
OIG delete ``predominantly'' from the safe harbor or otherwise broaden
the remuneration protected by the safe harbor by adding the italicized
words in the following phrase from the EHR definition: ``software or IT
functionality necessary and used predominantly to support or improve
[italics added] the creation, maintenance, transmission, receipt or use
of EHR.''
Response: By proposing to revise the definition of ``electronic
health record,'' we did not intend to change the scope of protection
under the safe harbor. We are retaining the existing definition of
``electronic health record'' and are not adopting the commenter's
suggestion. Emerging technologies that leverage EHR data may be
protected by the safe harbor. The term ``repository'' carries its
common meaning: A place where something such as data can be stored and
managed. If emerging technologies are necessary and used predominantly
to create, maintain, transmit, receive, or protect electronic health
records, and all of other conditions of the safe harbor are met, then
donations of such technologies would be protected.
Donations of software or information technology services do not
need to be necessary and used predominately for all five functions
listed in paragraph 1001.952(y)(1) to be protected. Rather, the
software or information technology services must meet at least one of
the five functions. For example, if software is not used to create an
electronic health record but is necessary and used predominately to
transmit electronic health records, donations of such software may be
protected by this safe harbor if all other conditions are met. If an
entity has questions about whether specific technology donations would
be protected by the safe harbor or present a low risk of fraud and
abuse under the Federal anti-kickback statute, the advisory opinion
process remains available.
Comment: A commenter supported the current definition of
``electronic health record'' rather than the proposed revisions to the
definition. However, the commenter asked OIG to further clarify this
definition so that it would include a longitudinal electronic record of
patient health information generated by one or more encounters in any
care delivery setting that automates and streamlines the clinician's
workflow.
Response: We are adopting the recommendation to retain our current
definition of ``electronic health record.'' We agree that the
commenter's example of a longitudinal electronic record appears to meet
this definition. However, we recommend that parties conduct their own
analysis of the particular facts and circumstances of any arrangement
as applied to the definition. The advisory opinion process remains
available for parties that seek an individualized determination.
ii. Interoperable
Summary of OIG Proposed Rule: We proposed to update the definition
of the term ``interoperable'' to align with the statutory definition of
``interoperability'' added by the Cures Act to section 3000(9) of the
PHSA and move it to paragraph 1001.952(y)(14)(iii). We proposed to
define ``interoperable'' as able to ``(A) securely exchange data with,
and use data from other health information technology without special
effort on the part of the user; (B) allow for complete access,
exchange, and use of all electronically accessible health information
for authorized use under applicable State or Federal law; and (C)
[[Page 77838]]
does not constitute information blocking as defined in 45 CFR part
171.''
Summary of Final Rule: We are finalizing, with modifications, an
updated definition of ``interoperable'' in paragraph
1001.952(y)(14)(iii). We are removing the phrase ``without special
effort on the part of the user'' in paragraph 1001.952(y)(14)(iii)(A),
and we are not finalizing proposed paragraph 1001.952(y)(14)(iii)(C)
that would have incorporated the information blocking regulations in
the definition of interoperability.
Comment: We received general support for our effort to update the
definition of ``interoperable.'' However, some commenters asked for
further clarification of the phrase ``without special effort on the
part of the user.''
Response: First, we are finalizing the first two proposed criteria
of the ``interoperability'' definition except, as explained below, we
are removing the phrase ``without special effort on the part of the
user.'' We are removing the third criterion we proposed in the
``interoperable'' definition: ``[d]oes not constitute information
blocking as defined in 45 CFR part 171.'' That criterion raises similar
issues that we discussed in section 9.c above regarding the information
blocking condition at former paragraph 1001.952(y)(3). Removal of that
condition is consistent with our rationale described in more detail
above.
We had proposed for the first prong of the definition of
``interoperable'' that it mean able to ``[s]ecurely exchange data with
and use data from other health information technology without special
effort on the part of the user.'' While the phrase ``without special
effort on the part of the user'' is used in the definition of
``interoperability'' in the Cures Act,\119\ the phrase ``without
special effort'' also is used in conditions of certification in the
Cures Act.\120\ As we make clear above in section 9.b, while software
certified by ONC is ``deemed'' to be interoperable, certification is
not required for safe harbor compliance. Therefore, to avoid any
implication that we are incorporating a certification requirement into
the definition of ``interoperable'' as it is used in this safe harbor,
we are removing the reference to ``without special effort on the part
of the user.''
---------------------------------------------------------------------------
\119\ Section 4003(a)(2), Public Law 114-255, 130 Stat. 1033.
\120\ Id.
---------------------------------------------------------------------------
Comment: A commenter expressed concern about the Federal
Government's definition of ``interoperability,'' as defined in the ONC
NPRM, which the commenter believes inappropriately focuses solely on
high volumes of data transferred or access to every piece of health
information ever collected. The commenter asserted that we should
prioritize the transfer of and access to secure, meaningful data in
order to avoid: (i) Confusing patients who lack context; and (ii)
overburdening physicians with irrelevant information.
Response: First, as we note elsewhere in this section, we are
revising this safe harbor such that the definition of ``interoperable''
no longer refers to the definition proposed in the ONC NPRM. Second,
interoperability of donated EHR items and services is an important
condition of the safe harbor. The definition adopted in this final rule
states that ``interoperable'' means ``able to'' securely exchange data
and ``allow for complete access, exchange, and use of'' certain health
information. In other words, this definition does not require the
transfer of massive quantities of data; it requires that such transfers
be possible.
i. Other Comments
Comment: A commenter suggested that OIG continue to consider how
data is being shared and ensure that information blocking is not
occurring. The commenter specifically recommended that the safe harbor
require that all VBE participants be able to review and have access to
information on different EHR systems used in any value-based
arrangement and have the ability to import and export data that can
help further the purpose of the value-based arrangement. In addition,
the commenter recommended that physicians and others providing care to
beneficiaries under value-based arrangements should have the ability to
select the EHRs that are best suited for the applicable patient
population.
Response: The safe harbor does not mandate how or which types of
EHR software or information technology services a donor or recipient
may select. Because we are finalizing a change to eliminate the
restriction on donations of equivalent technology, we hope that parties
will have more flexibility to receive protected donations of EHR
software that best suit the needs of the parties. However, we emphasize
that this safe harbor is not specific to or limited to EHR software or
information technology services donated in the context of value-based
arrangements. The value-based safe harbors finalized here at paragraphs
1001.952(ee),(ff), and (gg) could be available to protect the donation
of health information technology pursuant to a value-based arrangement,
provided all conditions of an applicable safe harbor are squarely
satisfied. In addition, for the reasons that we explain in detail
above, we are not finalizing information blocking provisions as
conditions of this safe harbor.
OIG remains committed to addressing information blocking through
other authorities. Parties should submit information blocking
complaints to HHS through the Report Information Blocking portal
(https://healthit.gov/report-info-blocking).
Comment: A commenter asked OIG to clarify when certain arrangements
such as data sharing arrangements could implicate the Federal anti-
kickback statute. The commenter posited that when technology is shared
for transitions of care or to streamline and improve the referral
process as a matter of CMS policy, it does not implicate the Federal
anti-kickback statute.
Response: A ``data sharing arrangement'' can vary greatly in the
scope of data or services being exchanged. Simply transmitting
individual patient data for transitions of care between, for example,
an acute care provider and post-acute care provider would not implicate
the statute. However, sharing specific patient data for care of that
patient is distinct from a data sharing arrangement that involves
aggregating data for research, marketing, or other purposes unrelated
to treating the specific patients whose data is being shared. With
respect to technology for data sharing, many types of ``technology''
would constitute remuneration under the Federal anti-kickback statute
but, as we have repeatedly stated, certain limited-use technology that
is integral to the services an individual or entity provides would not
implicate the statute.\121\ The parties to a particular data sharing
arrangement would need to perform an analysis of the facts and
circumstances to determine whether any data or technology shared
constitutes remuneration under the statute and, if so, whether a safe
harbor such as the EHR safe harbor could protect the donation. The
advisory opinion process is also available for a legal opinion
regarding the facts and circumstances of a particular arrangement.
---------------------------------------------------------------------------
\121\ 78 FR at 79210 (``The donation of free access to an
interface used only to transmit orders for the donor's services to
the donor and to receive the results of those services from the
donor would be integrally related to the donor's services. As such,
the free access would have no independent value to the recipient
apart from the services the donor provides and, therefore, would not
implicate the anti-kickback statute.'').
---------------------------------------------------------------------------
[[Page 77839]]
10. Personal Services and Management Contracts and Outcomes-Based
Payment Arrangements (42 CFR 1001.952(d))
Summary of OIG Proposed Rule: We proposed to modify the existing
safe harbor for personal services and management contracts at paragraph
1001.952(d). For paragraph 1001.952(d)(1) we proposed to: (i)
Substitute for the requirement that aggregate compensation under these
agreements be set in advance a requirement that the methodology for
determining compensation be set in advance; (ii) eliminate the
requirement that if an agreement provides for the services of an agent
on a periodic, sporadic, or part-time basis, the contract must specify
the schedule, length, and the exact charge for such intervals; and
(iii) change the paragraph numbering. These proposals are summarized at
sections III.B.10.a and b below.
We also proposed to create new paragraphs 1001.952(d)(2) and (3) to
protect certain outcomes-based payments (as defined). The proposals for
this new protection are summarized at section III.B.10.c, d, and e
below.
Summary of Final Rule: We are finalizing the modifications to the
existing safe harbor for personal services arrangements at paragraph
1001.952(d)(1), as proposed. We are finalizing the new provisions for
outcomes-based payments at paragraphs 1001.952(d)(2) and (3), with
modifications summarized at sections III.B.10.c, d, and e below.
a. Elimination of Requirement To Set Aggregate Compensation in Advance
Summary of OIG Proposed Rule: We proposed to substitute for the
requirement that aggregate compensation under these agreements be set
in advance a requirement that the methodology for determining
compensation be set in advance in paragraph 1001.952(d)(1).
Summary of Final Rule: We are finalizing this modification as
proposed.
Comment: Commenters on this topic overwhelmingly supported the
proposed removal of the requirement to set aggregate compensation in
advance and its replacement with a requirement that the compensation
methodology be set in advance. Commenters offered a variety of reasons
for their support. For example, a commenter valued these changes
because they provide enhanced flexibility to independent medical groups
and other providers seeking to develop innovative care delivery models.
Another commenter suggested that this change allows for greater
flexibility in personal services arrangements while continuing to
incorporate safeguards that limit potential abuse.
Another commenter explained a view that incentive compensation in
comanagement arrangements or bundled payment arrangements often has to
be structured in a formulaic manner, and it is not possible for
hospitals and physicians to know at the beginning of the arrangement
whether and to what extent the physicians may meet the requirements for
earning incentive compensation or the actual amount of compensation
available. The commenter believed the proposed change would address
this existing impediment to safe harbor protection. The commenter also
appreciated that the proposed change would more closely parallel the
set-in-advance requirement under the physician self-referral law
exception for personal services arrangements at 42 CFR 411.357(d),
which would simplify a stakeholder's analysis of protection under the
safe harbor and exception when both laws apply to an arrangement.
Response: We are finalizing this provision as proposed. This change
modernizes the safe harbor and should provide enhanced flexibility to
the health care industry to undertake innovative arrangements,
including arrangements that support the transition to value and better
coordinated care for patients.
Comment: A commenter expressed concern that certain proposed
changes to this safe harbor were not specific enough. In particular,
the commenter warned that replacing a requirement to set aggregate
compensation in advance with a requirement to identify the methodology
for determining compensation could allow entities to structure
agreements that look acceptable on the surface, but actually take into
account the volume and value of referrals.
Response: We agree with the commenter that implementing a more
flexible approach to specifying compensation could protect arrangements
that differ in structure from arrangements the safe harbor currently
protects. However, we believe that other safe harbor conditions
mitigate the risk identified by the commenter, namely the protection of
arrangements that take into account the volume and value of referrals.
For example, we continue to require parties seeking protection under
the safe harbor to adhere to the safe harbor's other conditions (e.g.,
aggregate compensation must be consistent with fair market value in an
arm's length transaction and may not be determined in a manner that
takes into account the volume or value of any referrals or other
business generated between the parties). Arrangements that do not
squarely satisfy these conditions would not be protected by the safe
harbor. In other words, despite the safe harbor's increased flexibility
related to specifying compensation, the safe harbor would not protect
an arrangement by which the aggregate compensation is determined in a
manner that takes into account the volume or value of referrals or
other business generated.
Comment: Some commenters requested further guidance on whether a
payment methodology based on ``actual expenses incurred'' constitutes a
methodology that is sufficiently set in advance to satisfy the safe
harbor condition as proposed. For example, a commenter inquired about
compensation in an arrangement wherein a hospital leases an employed
clinician from a physician practice on a full- or part-time basis.
Specifically, the commenter sought clarification regarding whether the
safe harbor would protect compensation under the employee lease from
the hospital to the practice based on a methodology related to the
physicians practice's actual expenses incurred for employing such
clinician (e.g., salary, benefits, bonus, liability insurance,
overhead). Another commenter requested guidance as to whether payment
based on annual aggregate costs could be prorated to an hourly rate and
charged based on completion of time records.
Response: We appreciate the commenter's examples of potential
arrangements that may be structured to comply with the personal
services safe harbor as finalized. It is possible to structure an
arrangement to fit within the safe harbor by using an hourly rate or
other set, verifiable formula provided that all other conditions of the
safe harbor are met. However, whether compensation under an employee
lease that is based on actual expenses incurred would satisfy the
requirement that the compensation methodology be set in advance or
otherwise meet the safe harbor would depend on the facts and
circumstances. The commenter specifically cited salary, benefits,
liability insurance, overhead expenses, and a bonus. For example,
assume that the hospital leases the physician part-time from the
physician's practice and agrees to pay the practice the percent of the
practice's actual expenses in employing that physician that correlate
to the percentage of the physician's work actually performed for the
hospital. We would expect that an
[[Page 77840]]
employee's salary, benefits, and liability insurance typically would be
set in advance; overhead expenses possibly also would be set in
advance. Consequently, the parties could structure these elements of
the part-time employee's expenses to satisfy the condition that the
compensation methodology be set in advance. However, depending on the
structure and criteria for receiving a ``bonus,'' that portion of the
practice's expenses--and therefore, the compensation methodology for
the part-time employee lease--might not be set in advance and might not
meet other criteria of the safe harbor. For example, if a bonus that
took into account the volume or value of referrals between the parties
was part of the compensation under the lease, the hospital's
compensation to the practice for the part-time employee lease would not
be protected by the safe harbor.
The intent behind these modifications is to provide enhanced
flexibility while mitigating the risk of parties periodically adjusting
the agent's compensation to reward referrals or to promote unnecessary
utilization of services. Parties seeking protection under this safe
harbor must evaluate the specific facts and circumstances of their
arrangement to determine whether the compensation methodology over the
term of the agreement is set in advance before any payment under the
arrangement is made. Any remuneration also must meet all other
conditions of the safe harbor for protection.
Comment: Some commenters agreed with our proposals but asked OIG to
define certain terminology under the safe harbor such as ``fair market
value'' and ``does not take into account the volume or value of
referrals,'' and asked OIG to harmonize OIG's interpretations of this
terminology under the Federal anti-kickback statute with CMS's
interpretations of this terminology under the physician self-referral
law in the proposed rule CMS issued in connection with the Regulatory
Sprint (CMS NPRM),\122\ to the extent possible given the differences in
the two laws. For example, a commenter recommended that OIG adopt CMS's
interpretation of the volume or value standard as proposed by CMS in
the CMS NPRM. Another commenter sought clarification from OIG that
incentive compensation paid to a physician under a comanagement,
bundled payment, or internal cost savings arrangement would not take
into account the volume or value of referrals under the Federal anti-
kickback statute if the physician is paid a percentage of savings per
``case.'' According to the commenter, the more cases performed may
result in more savings, more losses, or something in between. A
commenter asserted that ``value'' in the construct of ``fair market
value'' should not solely relate to what an entity would pay regardless
of the outcome. According to the commenter, OIG should consider
defining ``fair market value'' in a manner that recognizes the value of
savings attributable to the services to the entity paying the incentive
compensation rather than the time value of the services or the value of
the services based on metrics, or any relevant fee schedule. A
commenter recognized that OIG cannot opine on ``fair market value'' in
an advisory opinion but requested that OIG explain whether certain
compensation methodologies (e.g., using an hourly rate as a
compensation methodology or a percentage of savings attributable to an
agent) could constitute fair market value under the Federal anti-
kickback statute.
---------------------------------------------------------------------------
\122\ 84 FR 55766 (Oct. 17, 2019).
---------------------------------------------------------------------------
Another commenter sought confirmation that OIG interprets the term
``commercially reasonable'' consistent with CMS's proposed
interpretation in the CMS NPRM, specifically ``that the particular
arrangement furthers a legitimate business purpose of the parties and
is on similar conditions as like arrangements. An arrangement may be
commercially reasonable even if it does not result in profit for one or
more of the parties.''
Response: We did not propose to define or interpret fair market
value, commercially reasonable, or the phrase ``takes into account the
volume or value of referrals or business otherwise generated,'' nor are
we adopting the commenter's suggestion that we interpret these terms,
for purposes of applying the Federal anti-kickback statute and safe
harbor regulations, consistent with CMS's interpretations of such
terms. These terms have long existed throughout our existing safe
harbors at section 1001.952 without further definition or
interpretation by OIG and are well-established. Whether or not fair
market value is or was paid or received for any personal services
provided by an agent to a principal under this safe harbor depends on
the specific arrangement's facts and circumstances, and we decline to
interpret examples with limited information.
Comment: Certain commenters were concerned that Indian health care
service providers cannot utilize this safe harbor because of the
requirement that each party in the arrangement pay fair market value
for services. According to commenters, the fair market value for Indian
health facility jobs and services may not align with the fair market
value elsewhere. Some of these commenters recommended that the fair
market value for Indian health facilities be lowered and relate more to
the economic realities of provider recruitment and retention in tribal
communities. Commenters also noted that some part-time contractors
currently use the fair market value standard to extract pay that
exceeds the fair market value for jobs within Indian health programs.
Response: We understand the commenters' concerns with respect to
establishing personal services arrangements in facilities or regions
where salaries might be lower than the fair market value found in other
nearby areas. We are not defining fair market value or further
specifying the appropriate methodologies for parties to use when
determining fair market value in this final rule. Based on our law
enforcement experience, arrangements in which parties offer or provide
free or below fair market services to those in a position to refer
federally payable business to the offeror can be problematic under the
Federal anti-kickback statute. However, we agree that fair market value
can vary by region, setting, or other factors. For example, an hourly
rate for certain specialist services in Manhattan likely would be
higher than the hourly rate for the same services in rural Mississippi
or at an Indian health facility.
Comment: A commenter recommended that OIG expand the writing
requirement within the safe harbor to include contemporaneous
documentation rather than a signed agreement. The commenter noted that
the CMS NPRM proposed to remove the formality of a signed agreement and
modified this requirement in certain physician self-referral law
exceptions to allow documentation that constitutes an agreement under
applicable state law, which the commenter believes will ease the
regulatory burden for stakeholders to document the arrangement.
Response: We did not propose to modify the requirement that an
agency agreement be set out in writing, thus we are not finalizing any
change to that requirement. As we explained above, the physician self-
referral law and the Federal anti-kickback statute are different laws
with different standards for liability. Having a signed, written
agreement that meets all requirements of the safe harbor is a core
safeguard that is necessary for parties to demonstrate that they intend
to comply with all requirements of the safe harbor, have structured the
compensation
[[Page 77841]]
methodology appropriately, and have a meeting of the minds on the
services and payment to be provided under the arrangement. However, we
note that the safe harbor does not specify a particular format for the
agreement. The written agreement requirement can be met either through
a single, formal, signed agreement or through a collection of documents
if such collection of documents includes all of the required elements
of the safe harbor and is signed by the parties (e.g., by signing each
document that makes up the agreement, or by signing a single signed
document that incorporates separate documents by reference).
b. Elimination of Requirement To Specify Schedule of Part-Time
Arrangements
Summary of OIG Proposed Rule: We proposed to eliminate the
condition in the safe harbor paragraph 1001.952(d)(5) that requires
that if an agreement provides for the services of an agent on a
periodic, sporadic or part-time basis, the contract must specify the
schedule, length, and the exact charge for such intervals.
Summary of Final Rule: We are finalizing this modification as
proposed.
Comment: Commenters generally appreciated the proposed removal of
the requirement that, for part-time arrangements, the contract must
specify the schedule, length, and the exact charge for such intervals.
Multiple commenters stated that eliminating the requirement that part-
time contractual arrangements specify exact interval schedules allows
for greater flexibility in protected personal services arrangements,
while the safe harbor continues to incorporate safeguards that limit
potential abuse. For example, a commenter noted the proposal could
apply to dialysis facility medical directors who provide their services
on a part-time basis. The commenter highlighted the unpredictable
nature of dialysis care and that the frequent need to respond to urgent
medical emergencies can impede the ability of nephrologists serving as
dialysis facility medical directors to adhere to predetermined
schedules. In contrast, a commenter expressed concern that eliminating
this requirement may increase the risk that either services will not be
rendered or that the payment for services may vary based on referrals
and recommended additional documentation requirements.
Response: We are finalizing the removal of the requirement to
specify the exact schedule of part-time arrangements, as proposed. We
note that this change to the safe harbor should accommodate a broad
range of part-time or sporadic-need value-based payment and care
arrangements in furtherance of the Department's goals in connection
with the Regulatory Sprint. We did not propose additional documentation
requirements, and we continue to believe, as we stated in the OIG
Proposed Rule, that other conditions sufficiently safeguard against the
harms mentioned by a commenter.\123\
---------------------------------------------------------------------------
\123\ 84 FR 55744-45 (Oct. 17, 2019).
---------------------------------------------------------------------------
c. Proposal To Protect Outcomes-Based Payments
Summary of OIG Proposed Rule: At proposed paragraphs 1001.952(d)(2)
and (3), we proposed to protect outcomes-based payment arrangements
between a principal and an agent that reward improving patient or
population health by achieving one or more outcome measures that
effectively and efficiently coordinate care across care settings, or by
achieving one or more outcome measures that appropriately reduce payor
costs while improving, or maintaining the improved, quality of care. We
proposed several safeguards. Under proposed paragraphs 1001.952(d)(2),
protected payments would be between parties collaborating to measurably
improve or maintain improvement in quality of care or appropriately and
materially reduce costs of payments (without diminution of the quality
of care), and the agent receiving the payment would need to meet at
least one evidence-based, valid outcomes measure meeting specified
criteria, including selection based on credible medical support. Under
proposed paragraph 1001.952(d)(2)(iii), the payment methodology would
be set in advance, commercially reasonable, consistent with fair market
value, and not determined in a manner that directly takes into account
the volume or value of referrals or other business generated between
the parties.
Additionally, at paragraph 1001.952(d)(2), we proposed safeguards
to protect clinical decision-making, guard against stinting on care,
and ensure written documentation, monitoring, periodic rebasing of
outcome measures, and corrective action of deficiencies in the quality
of care. The term of protected arrangements would be at least 1 year.
At proposed paragraph 1001.952(d)(3), we proposed making certain
entities ineligible for safe harbor protection under the outcomes-based
payments provisions in a manner similar to the proposed definition of
VBE participant at proposed paragraph 1001.952(ee)(12), and we proposed
that outcomes-based payments would exclude payments related solely to
achievement of internal cost savings for the principal. We indicated
that we were considering excluding payments based on patient
satisfaction or convenience measures.
Summary of Final Rule: We are finalizing, with modifications, the
new protection for outcomes-based payments at paragraphs 1001.952(d)(2)
and (3). We revised the definition of ``outcomes-based payment'' in
paragraph 1001.952(d)(3)(ii) to clarify that the payment may be a
reward for successfully achieving an outcome measure or a recoupment or
reduction in payment for failure to achieve an outcome measure.
Paragraph 1001.952(d)(2)(i) consolidates and streamlines proposed
paragraphs 1001.952(d)(2)(i) and (ii) related to acceptable outcomes
measures; to receive a protected outcomes-based payment, the agent must
achieve one or more legitimate outcome measure selected based on
clinical evidence or credible medical support and with specified
benchmarks related to quality of care, a reduction in costs, or both.
At paragraph 1001.952(d)(2)(vii)(B), we revised our proposal related to
``rebasing'' of outcomes measures to clarify that the parties must
periodically (i) assess and (ii) revise benchmarks and remuneration
under the agreement as necessary to ensure that any remuneration is
consistent with fair market value in an arm's-length transaction as
required by paragraph 1001.952(d)(2)(ii).
We finalize the proposed requirements related to fair market value,
commercial reasonableness, and the volume or value of business at
paragraph 1001.952(d)(2)(ii). At paragraph 1001.952(d)(2)(iii), we
finalize the writing requirement proposed at paragraph
1001.952(d)(2)(viii). In paragraph 1001.952(d)(2), we finalize
additional safeguards related to clinical decision-making, stinting on
care, a 1-year term, monitoring, and counseling and promotion of
unlawful business, as proposed.
At paragraph 1001.952(d)(3)(iii), we finalized the scope of
entities ineligible for safe harbor protection for making outcomes-
based payments to include: (i) Pharmaceutical companies; (ii) PBMs;
(iii) laboratory companies; (iv) pharmacies that primarily compound
drugs or primarily dispense compounded drugs; (v) manufacturers of a
device or medical supply, as defined in paragraph (ee)(14)(iv); (vi)
medical device distributors or wholesalers that are not otherwise
manufacturers of a device or medical
[[Page 77842]]
supply, as defined in paragraph (ee)(14)(iv) of this section; or (vii)
DMEPOS companies. In the same paragraph, we finalize our policy to
exclude payments for internal cost savings or payments based solely on
patient satisfaction or patient convenience measures.
We clarify in both paragraph 1001.952(d)(2)(ii) and paragraph
1001.952(d)(3)(ii) that the remuneration may be ``between or among''
the parties, rather than being limited to remuneration from the
principal to the agent. We reordered the provisions from paragraphs
(d)(2)(iii)-(vii) without making additional substantive changes. We
made technical corrections in paragraph 1001.952(d)(2) to replace the
word ``satisfy'' with the word ``achieve'' in order to use a consistent
term throughout the safe harbor.
Comment: Many commenters supported OIG's proposal to expand the
existing safe harbor for personal services and management contracts by
creating new provisions at paragraphs 42 CFR 1001.952(d)(2)-(3) to
protect certain outcomes-based payments. Some expressed support for
protection for outcomes-based payments but encouraged OIG to provide
greater specificity regarding the types of payment arrangements,
specific outcome measures, and specific requirements for measuring
achievement of outcomes that would qualify for protection under these
proposed provisions to the safe harbor. A commenter asked OIG to
clarify that the list of examples in the OIG Proposed Rule's preamble
was not all-inclusive, but merely a representative list of the types of
arrangements that may be protected under the safe harbor. Another
commenter cautioned against referencing or creating an exhaustive list
of specific types of payments that could qualify as ``outcomes-based
payments'' because that approach would be too limiting. Another
commenter requested that OIG reiterate its recognition that outcomes-
based payment arrangements may vary in structure and that the safe
harbor should provide flexibility for arrangements designed to achieve
appropriate quality of patient care as well as appropriate efficiency
and cost-saving goals. Many commenters believed the proposals were
unnecessarily limited, overly complex, and potentially difficult for
physicians to implement, and another commenter found the monitoring of
arrangements overly burdensome.
Response: We intend for the outcomes-based payments safe harbor to
support outcomes-based payments that facilitate care coordination,
encourage provider engagement across care settings, and advance the
transition to value. At the outset, we note that in response to general
comments regarding the complexity of this safe harbor and for the sake
of clarity, we streamlined the language we had proposed in paragraphs
1001.952(d)(2)(i) and (ii) such that the safe harbor still expressly
specifies that the agent must achieve one or more legitimate outcome
measures selected based on clinical evidence or credible medical
support, but we are not finalizing the proposed language relating to
the measures being specific, evidence-based, and valid. As we explain
in greater detail in section III.B.3.b above in our discussion of
outcome measures in the care coordination safe harbor, based on public
comment, we changed the terms ``evidence-based'' and ``valid'' to
``clinical evidence'' and ``legitimate'' to offer some additional
flexibility while reflecting our intention that measures be credible
and appropriate. In selecting outcome measures, parties have broad
latitude under this safe harbor to identify opportunities for improving
or maintaining the improvement of patient care and reducing costs to
payors in ways that are scientifically valid, measurable, and
transparent.
We are not limiting protection under the safe harbor to a specific
set of arrangements such as value-based arrangements. In the OIG
Proposed Rule, we listed certain arrangements that may be protected
under the safe harbor, provided the arrangement meets every requirement
of the safe harbor.\124\ We are not limiting the protection provided by
this safe harbor to a particular list of arrangements or particular
types or structures of arrangements or measures.
---------------------------------------------------------------------------
\124\ 84 FR 55745 (Oct. 17, 2019).
---------------------------------------------------------------------------
We take a broader approach by providing additional protection to a
variety of stakeholders, which should facilitate innovation in
designing compensation arrangements that are value-based. As we stated
in the OIG Proposed Rule, we strive to provide flexibility in this safe
harbor, but we also must include appropriate safeguards, such as
monitoring and assessment requirements, to protect patients and Federal
health care programs.
Comment: We received comments on our proposed definition of
``outcomes-based payment'' and its interaction with other requirements.
For example, a commenter recommended that we remove the language in the
``outcomes-based payment'' definition that appears to make effectively
and efficiently coordinating care across care settings a required
factor in an outcome measure. A commenter also asked that we harmonize
the terms we use to describe ``outcome measures'' throughout the safe
harbor. For example, a commenter indicated that the definition of
``outcomes-based payment'' is not consistent with the way payments are
made under existing alternative payment models. A commenter recommended
a technical change to paragraph 1001.952(d)(2) to specify that the safe
harbor protects outcomes-based payments made by a principal to an agent
as compensation for the services of the agent.
Response: We are not making the change to paragraph 1001.952(d)(2)
suggested by a commenter to refer to payments from a principal to an
agent. However, we note that the safe harbor protects any ``outcomes-
based payment,'' and that term is defined in paragraph 1001.952(d)(3).
In this final rule, we revised that definition to protect payments
``between or among a principal and an agent'' that meet certain
criteria, as described in more detail below.
In addition, we removed the language in the definition of
``outcomes-based payment'' regarding effectively and efficiently
coordinating care across care settings, and instead rely on a reference
to paragraph 1001.952(d)(2)(i) in which outcome measures are described.
We believe that this change also addresses the commenter's concern
about different terminology in those two sections. We also are revising
the proposed requirement that the outcome measure measurably improves
quality of patient care or appropriately and materially reduces payor
costs to provide that the measure must be used to quantify: (i) Quality
improvements (or maintenance of improvements in quality); (ii) material
reductions in payor costs or expenditure growth while maintaining or
improving the quality of care for patients; or (iii) both. Finally, we
note that this safe harbor is not the only option for protecting
payments under alternative payment models. Participants in such models
may be able to look to the safe harbor for CMS-sponsored models at
paragraph 1001.952(ii), or the value-based safe harbors at paragraphs
1001.952(ee)-(gg).
Comment: A commenter urged OIG to use ``outcome measures'' under
paragraph 1001.952(d)(2) consistently with the use of the term under
paragraph 1001.952(ee) to reduce complexity.
Response: We interpret the term ``outcome measure'' under this safe
harbor to have the same meaning as
[[Page 77843]]
under any other safe harbor that uses it, including paragraph
1001.952(ee). We note, however, that different safe harbors protect
different types of remuneration, include different safeguards, and use
additional terms. For example, in the safe harbor for care coordination
arrangements, the ``outcome or process measure'' must have a benchmark
related to improving or maintaining improvements in the coordination
and management of care for the target patient population, while
``outcome measures'' under this safe harbor must have benchmarks that
relate to improving or maintaining the quality of patient care,
reducing costs or growth in expenditures to payors, or both. If a party
seeks safe harbor protection for a particular arrangement, the
arrangement need only meet one safe harbor to qualify for protection
but the arrangement must comply with all conditions of the chosen safe
harbor.
Comment: A commenter urged that outcomes-based payments should
include a service component to prevent sham arrangements that simply
maintain the status quo. Similarly, a few commenters suggested that OIG
limit parties that may pay outcomes-based payments to parties
participating within a VBE to prevent fraud and abuse, such as sham
arrangements through which no service is provided. A commenter asked
whether an outcomes-based payment agreement that requires exclusive or
minimum level of use of a product (e.g., product standardization) to
achieve an outcomes-based payment could be protected by the safe harbor
as long as the principal makes a determination that such the
requirement for exclusivity or minimum use will not preclude it from
making decisions in its patients' best interests.
Response: As we stated in the OIG Proposed Rule, measures that
simply seek to reward the status quo would not meet the safe harbor
condition that requires parties to select legitimate outcome
measures.\125\ However, we are not limiting the scope of entities that
may make outcomes-based payments to VBEs or VBE participants. We
believe that the conditions parties must meet for safe harbor
protection will sufficiently mitigate the risk of fraud and abuse.
---------------------------------------------------------------------------
\125\ 84 FR 55746 (Oct. 17, 2019).
---------------------------------------------------------------------------
We agree that the safe harbor does not necessarily preclude product
standardization. If the product standardization measures selected by
the parties under the outcomes-based payment arrangement do not limit
any party's ability to make decisions in their patients' best interest
and meet the other terms of the safe harbor, then they could be part of
an outcomes-based payment arrangement.
Comment: A trade association commented that only sophisticated
health systems with advanced data analytics have the capability to
internally develop outcome measures while small, underserved, and rural
practices would not have the resources to develop these measures
internally. For example, a commenter noted that measuring outcomes can
be a challenging and resource-intensive process that takes time to
evaluate, especially on the individual participant level in a large
entity with significant numbers of participants and multiple specialty
areas.
Response: We recognize that structuring and implementing outcomes-
based payment arrangements that satisfy the conditions of this safe
harbor may be more onerous than structuring and implementing
traditional personal service arrangements under the existing personal
services and management contracts safe harbor (e.g., a party striving
to satisfy the outcomes-based payment arrangements provisions must
determine legitimate outcome measures, establish the types of services
to be performed to achieve an outcome measure, set benchmarks, monitor
and assess achievement, and ultimately achieve outcome measures). We
understand the commenter's concern regarding the potential
administrative and financial impact that developing outcome measures
may have on small, underserved, and rural providers. Participation in
an outcomes-based payment arrangement is entirely voluntary, as is
structuring outcomes-based payments to satisfy the conditions of this
safe harbor. To the extent that parties wish to enter into an outcomes-
based payment arrangement and structure such arrangement to satisfy the
conditions of this safe harbor, the parties have discretion in the
selection of outcome measures. Providers serving small, underserved, or
rural communities may select outcome measures that would not impose an
inappropriate financial burden on the parties to effectuate.
Comment: A commenter asked OIG to include process measures (e.g.,
providing or not providing a specific treatment) that are supported by
strong evidence of improving an outcome within the types of valid
outcome measures that may serve as the basis for payment under the safe
harbor. Another commenter recommended that we require outcomes-based
arrangements to include a service component.
Response: We agree that process measures supported by strong
evidence of improving an outcome may serve as a component of outcome
measures that an agent must achieve to receive an outcomes-based
payment. For example, an outcomes-based payment arrangement may measure
the agent's compliance with certain steps of a care process (e.g.,
providing mammograms) to improve a specific health outcome. In section
III.B.3.b above, we explain the rationale for permitting process
measures to be included in the care coordination arrangements safe
harbor but not in the outcomes-based payment provisions discussed here
(although a process measure could be included as part of an outcomes
measure); that rationale focuses on the different remuneration
permitted under the two safe harbors and the different standards set
forth by each safe harbor.
Under the modified regulatory text, outcome measures must be
selected based on clinical evidence or credible medical support and be
used to: (i) Quantify improvements or maintenance of improvements in
the quality of patient care; (ii) quantify a material reduction in
costs to, or growth in expenditures of, payors while maintaining or
improving quality of care for patients; or (iii) both. In addition, as
we proposed in the OIG Proposed Rule a ``measure'' related to patient
satisfaction or convenience would not meet the criteria of an outcome
measure.\126\ For similar reasons to those we discuss in connection
with outcomes measures for paragraph 1001.952(ee), the final rule at
paragraph 1001.952(d)(3)(iii)(C) provides that an outcomes-based
payment based solely on patient satisfaction or patient convenience
measures would not be protected. We recognize that patient satisfaction
and patient convenience can be relevant factors in patient care.
However, we do not consider these types of measures, standing alone, to
provide adequate protection against abusive or sham payment
arrangements for purposes of granting safe harbor protection.
---------------------------------------------------------------------------
\126\ 84 FR 55708 (Oct. 17, 2019).
---------------------------------------------------------------------------
We anticipate that most outcomes-based arrangements would include
certain services to meet the conditions of the safe harbor, and the
regulatory text includes several references to services. However, we
believe that adding a separate requirement specific to performing
services could add confusion, and that existing conditions in paragraph
1001.952(d)(2) safeguard against sham arrangements.
[[Page 77844]]
Comment: A commenter asked OIG not to require outcome measures to
measurably improve the quality of patient care once the quality of care
metric has been achieved. Instead, the commenter suggested that OIG
focus on payment incentives that reduce costs after quality targets are
met. On the other hand, a commenter expressed concern that allowing
payment for ``maintaining improvement'' would invite sham arrangements
that disguise payments in exchange for referrals for merely maintaining
the status quo.
Response: We share the concern about the potential for sham
arrangements associated with maintaining cost or quality. However, we
also recognize that parties may succeed in reaching the desired outcome
on quality or cost containment but need to be incentivized to maintain
it to prevent subsequent reductions in attained quality or cost
containment. To achieve the desired outcome, parties may need to invest
resources at the beginning of an arrangement (e.g., to develop new
protocols and engage in training). However, a continued expenditure of
resources also may be necessary to avoid regression from any progress
made. These are the types of issues we would expect parties to assess
and, as necessary, revise benchmarks and remuneration under the
arrangement to benchmarks to continue to achieve the desired outcome on
a periodic basis. For example, if parties had an outcome measure
related to reducing falls to a certain level from a starting benchmark
point in a skilled nursing facility, and they eventually achieve a fall
rate benchmark that no longer has room for improvement, a revised
outcome measure might be to maintain that low fall rate (i.e., the new
fall rate becomes the starting benchmark, and the outcome measure is to
maintain it rather than reduce it). Any outcomes-based payment made for
a new outcome measure would still have to meet all conditions of the
safe harbor, including that the methodology for setting compensation is
consistent with fair market value. For example, the fair market value
of an outcomes-based payment made to an agent to maintain the desired
level of quality of care may be lower than the fair market value of an
initial outcomes-based payment made for implementing operational
changes necessary to achieve the quality of care outcome measure.
Comment: A commenter indicated that it currently operates outcomes-
based payment arrangements and suggested that OIG impose the following
three requirements to ensure that all outcomes-based payments are
legitimately made toward advancing the clinical and cost-saving goals
of the arrangement and not merely payments for referrals: (i) Require
outcome measures to be well-defined, meaningful to patients, achievable
in a defined timeframe, and agreed upon by the parties; (ii) require
outcome measures to be tracked through claims data, existing
registries, EHRs, or other low-cost mechanisms; and (iii) require the
arrangement to deliver measurable outcomes that improve patient quality
of care and other benefits to the health care system through lower cost
of care, other efficiencies, or shared accountability, or both.
Response: We appreciate the commenter's helpful suggestions. While
we are not using the precise wording offered by the commenter, we
believe the language finalized in the regulation captures many of the
concepts suggested by the commenter. Similar to the commenter's
suggestion of requiring meaningful, well-defined outcome measures, we
require that the outcome measures be selected based on clinical
evidence or other credible medical support and be used to quantify
improvements to or maintenance of improvements in the quality of care
or material reductions in cost to (or growth in expenditures of)
payors, while maintaining or improving the quality of care of patients.
We are not setting a timeline by which parties must achieve outcomes or
requiring that parties must specify a timeline under which outcomes
must be achieved because we recognize that the timeframe necessary to
achieve certain outcome measures can vary greatly, depending on the
measure and other characteristics, and that it may be challenging for
parties to specify a certain timeline to achieve outcomes. Likewise, we
do not specify any particular mechanism for tracking progress toward
meeting outcome measures. We are not requiring parties to track outcome
measures through claims data. However, the parties must regularly
monitor and assess the agent's performance under the specified outcome
measure(s), including its impact on patient quality of care and make
any necessary adjustments. Parties also must periodically assess and,
as necessary, revise the benchmarks and remuneration under the
arrangement to ensure remuneration is consistent with fair market
value. We do not believe mandating specific documentation methods is a
necessary safeguard against fraud and abuse; parties may conduct and
document such monitoring in any way that makes sense for the particular
arrangement.
Comment: A commenter asked OIG to remove the proposed requirement
that an outcome measure ``appropriately and materially'' reduce costs
or growth in expenditures for payors because the commenter believed
this provision was too subjective. A commenter requested that OIG
provide greater certainty to stakeholders by establishing concrete
methods that parties could use to determine whether an outcome measure
improves quality of care under an arrangement. Another commenter
disagreed with the proposed safe harbor requirement that the agent
achieve the outcome measure in order to receive payment, asserting that
constant achievement of any outcome measure is not practical in health
care.
Response: We are making certain changes to ensure that parties
appropriately measure and quantify the results of the arrangement on
patient quality of care and costs. We are finalizing our proposal
requiring the agent to achieve the outcome measure for the payment to
be protected.\127\ We believe this requirement serves as an important
safeguard to ensure that remuneration is for legitimate outcomes
anticipated through implementing the arrangement and is not a vehicle
for rewarding referrals. We are not requiring particular methods to
evaluate quality improvements (or maintenance of improvements in
quality) under any protected arrangement because we believe that
evaluation methods may be specific to each arrangement and may evolve
in the future as parties innovate in new ways. We are modifying the
proposed language by replacing ``appropriately and materially'' with a
requirement that the agent achieve one or more legitimate outcome
measures that meet conditions described elsewhere in this preamble. We
believe this modification will allow parties additional flexibility to
determine how to quantify quality improvements (or maintenance of
improvements in quality) to accommodate different types of outcomes-
based payment arrangements among a variety of stakeholders.
---------------------------------------------------------------------------
\127\ We recognize that the Federal anti-kickback statute
applies both to the offer and the receipt of remuneration, and
parties may not know at the time of the offer of an outcomes-based
payment (i.e., when the parties develop and initiate the
arrangement) whether the outcome measure(s) will be achieved.
Assuming all other safe harbor conditions are met when the
remuneration is offered under an outcomes-based payment arrangement,
the offer would be protected, even if the agent fails to achieve the
outcome measure. However, any payment made for an outcome measure
not successfully achieved would not meet the safe harbor conditions
under paragraph 1001.952(d)(i) and would not be protected.
---------------------------------------------------------------------------
[[Page 77845]]
Comment: Numerous commenters urged OIG to broaden its proposal to
protect payments that solely provide cost savings to a payor to include
cost savings to providers. Some commenters argued that limiting
protection to arrangements that achieve cost savings to a payor would
make the safe harbor unworkable in practice and encouraged OIG to
include arrangements that achieve cost savings to a provider to
incentivize changes in physician behavior that are necessary to
facilitate the transition to value-based care. A commenter posited that
outcomes-based payments by nature involve standardization on a given
system, protocol, or both to improve efficiencies and better coordinate
and deliver care.
A few commenters indicated that cost savings arrangements for cost-
reporting providers would not immediately produce cost reductions for
payors but may eventually lower Medicare costs because the cost
reductions may be reflected in future bundled payment rates.
Response: Having considered the comments, we decline to broaden the
safe harbor to protect outcomes-based payments for arrangements that
reduce internal costs only to the providers making the payments. We are
concerned that such payments, while potentially beneficial in
generating efficiencies, pose risks to patient care that outweigh the
potential for the arrangements to further the care coordination and
efficiency goals of this rulemaking if protected.
In some cases, such as hospital-physician gainsharing, arrangements
that reduce internal costs may benefit only the hospital making the
payments without necessarily contributing to better care coordination,
improvements in quality of care, or appropriate reductions in costs. We
are concerned that some payments, such as a payment to select a less
expensive device or to discharge a patient more quickly, could lead to
reductions in the quality or safety of patient care. Moreover, apart
from quality of care concerns such payments would not offer a
corresponding reduction in the payments made by Medicare or another
Federal health care program. In the absence of a potential efficiency
benefit to Federal health care programs, and in light of patient care
concerns, we are not protecting payments that relate solely to the
achievement of internal cost savings for the principal making the
payment as an ``outcomes-based payment.''
However, properly structured arrangements that compensate
physicians for services performed and achieve hospital internal cost
savings can serve legitimate business and medical purposes. Depending
on the specific facts and circumstances, such arrangements could
potentially be structured in a manner that complies with paragraph
1001.952(d)(1), as finalized.
Comment: Numerous commenters opposed the proposed safe harbor
requirement that the methodology for determining the aggregate
compensation (including any outcomes-based payments) paid between or
among the parties over the term of an agreement be consistent with fair
market value, commercially reasonable, and not be determined in a
manner that directly takes into account the volume or value of
referrals or other business generated between the parties, arguing that
there are no industry standards applicable to outcomes-based payments
available to date. A commenter expressed concern about only prohibiting
the aggregate compensation from being determined in a way that
``directly'' takes into account the volume or value of referrals.
Others supported these safe harbor requirements but asked for
clarification from OIG on these terms, or asked OIG to align OIG's view
of these standards to be consistent with the definitions of these terms
proposed in the CMS NPRM as they relate to the physician self-referral
law.
Others argued that legitimate, outcomes-based arrangements should
be able to take into account the volume or value of referrals within
the payment methodology. A few commenters suggested that OIG remove the
fair market value requirement.
Response: We recognize that the process of evaluating whether an
outcomes-based payment arrangement is consistent with fair market value
may evolve and adapt as the health care industry shifts to value-based
care payment models and outcomes-based payments. However, we believe
that ensuring that the aggregate remuneration is consistent with fair
market value helps ensure that monetary remuneration is paid for
services that achieve legitimate outcome measures rather than
referrals.
We are not adopting any particular standard for determining that
the aggregate compensation methodology is consistent with fair market
value to provide parties sufficient flexibility to analyze fair market
value as applicable to specific arrangements and in arrangements that
may not currently exist today. As explained above in our discussion of
the elimination of the requirement to set aggregate compensation in
advance, we decline to adopt the fair market value standard proposed by
CMS under the physician self-referral law. We are finalizing our
proposal to require that the compensation methodology for determining
the outcomes-based payment not directly take into account the volume or
value of referrals or other business generated between the parties. We
believe this will provide parties flexibility to structure arrangements
that incentivize providers to achieve an outcome measure, even if the
methodology indirectly takes into account the volume or value of
referrals.
Comment: A commenter questioned whether the safe harbor protects
``reverse-flow payments'' from an agent to a principal and recommended
that OIG revise the definition for ``outcomes-based payment'' to
protect payments from an agent to a principal when a targeted outcome
or cost metric has not been achieved (i.e., shared-losses payments).
Response: In the OIG Proposed Rule, we explained that a shared-
losses payment could constitute an ``outcomes-based payment.'' \128\ We
are finalizing this position through revisions to the regulatory text
at paragraph 1001.952(d)(3)(ii) to clarify that an outcomes-based
payment is a payment ``between or among a principal and an agent'' that
meets the criteria listed in paragraphs 1001.952(d)(3)(ii)(A) and (B),
and includes payments in the form of recoupment from or reduction in
payment to an agent.
---------------------------------------------------------------------------
\128\ 84 FR 55745 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: Several commenters objected to the safe harbor including a
specific timeframe after which parties seeking protection for outcomes-
based payments would have to rebase their benchmarks. Commenters noted
that any such time limits would be artificial. A commenter concerned
with the negative effects of annual rebasing on preventive care
provided the following example: One clinician takes preventive care
steps to prevent colon cancer or to identify cancer at an earlier stage
(e.g., through colonoscopies, blood work) in the first year, which has
the effect of reducing the risk of cancer for 5 years, while another
clinician does not take any preventive care steps for a patient and the
patient develops cancer 4 years later. According to the commenter, if
rebasing is done on an annual basis, the second clinician would be
rewarded for providing care at no cost and good outcomes during that 1
year, while the first clinician would not be rewarded because the
clinician provided high-cost care with no discernible improvement of
outcomes during that limited timeframe.
[[Page 77846]]
Some commenters noted that finalizing a safe harbor condition that
specifies timeframes for rebasing may have a negative impact on
participation in outcomes-based arrangements. For example, because
margins for improvement against benchmarks may be more challenging or
impossible to meet over time, parties may be disincentivized to enter
into these arrangements in the first place, or incentivized to unwind
them after initial improvements, due to concerns about having an
arrangement structure that does not squarely meet a safe harbor. Some
of the commenters noted that, if there must be a specific timeframe in
the safe harbor, that timeframe should be at least 5 to 10 years. In
contrast, a commenter recommended that benchmarks be adjusted at least
yearly to limit the risk that ``evergreen'' arrangements could be used
as a vehicle to evade legitimate outcome obligations and instead to
reward referrals.
Several commenters supported the standard we proposed in the OIG
Proposed Rule requiring outcome measures to be periodically rebased, as
applicable, during the term of the agreement. As an alternative, a
commenter suggested that OIG revise this provision to require that the
parties periodically reevaluate whether an outcome measure should be
rebased throughout the term or expressly state that under some
circumstances it may be appropriate upon review to maintain an existing
outcome-based measure. In support of a nonspecific periodic review
approach, commenters noted that the time period for implementing
interventions and other actions needed to influence outcome measures
can vary greatly, as can the time period needed for results to fully
appear in outcome measures data. In addition, commenters asserted that
some outcomes measures may not be tied to a baseline performance level
at all. Commenters also highlighted that outcomes-based payments may be
made for maintaining improvement in quality of patient care, in which
case the targets for the outcomes-based payment would not be altered. A
commenter noted that providers and collaborators continually analyze
their results, and value-based purchasing programs incentivize parties
to adjust outcome measures in a timely manner. We also received a
request for clarification on any durational limits on outcome-based
payments or if there are parameters related to when they must end
(i.e., whether an arrangement must end upon achieving the initial
outcome measure or if it can continue through implementing a new
outcome measure or maintaining the initial achievement).
Response: We note first that for an agent to receive a protected
outcomes-based payment under the final safe harbor, the agent must have
achieved a specified, legitimate outcome measure. For an outcome to be
measurable, there must be some sort of benchmark, whether that
benchmark is a starting point (e.g., a 10 percent reduction from X) or
reflects an end point (e.g., 90 percent of the time, X happened or was
avoided). We agree with commenters that a one-size-fits-all approach is
not appropriate for assessing benchmarks. However, we also agree with
the commenter who highlighted the concern we raised in the OIG Proposed
Rule about ``evergreen'' arrangements \129\ in which outcome measures
are not properly monitored and the remuneration is paid in exchange for
referrals, after any intended benchmarks have been met (or without
determining that the outcome measure was achieved).
---------------------------------------------------------------------------
\129\ 84 FR 55747 (Oct. 17, 2019).
---------------------------------------------------------------------------
To illustrate, we point to the example from a commenter as it is
summarized above, with two clinicians taking different approaches to
patients with respect to colon cancer prevention and detection. Setting
aside the potentially disparate impact on patient health, health
outcomes, and quality of care, and looking only at costs for purposes
of this example, one clinician may increase costs to payors in the
short term by increasing preventive care but may save money in the
longer term, while the other clinician may have limited costs in the
short term, but by failing to detect the cancer early may increase
costs to payors in the long term. However, it is not clear in the
example what the outcome measure might be. By way of example for
illustrative purposes, the U.S. Preventive Services Task Force
recommends colon cancer screening beginning at age 50. A reasonable
outcome measure might be a specific percentage increase in the
practice's patient population first getting screened between age 50 and
55. Parties would need to evaluate an appropriate benchmark year (i.e.,
a percentage increase in first screenings from which year), and whether
over time the percentage change should be updated, the benchmark year
should be changed, or both. In addition, the amount of remuneration
paid for achieving the outcome measure should be reassessed to
determine whether it is fair market value. For example, a practice may
need to develop new processes, training, and take other steps initially
to achieve an outcome measure. While certain work must continue in
future years to continue achieving the desired outcomes (whether it is
for continuing to improve quality of patient care or materially reduce
cost, or to maintain the achieved improvements in those areas), the
outcomes-based payment may be less than it was during the initial
year(s). If the outcome measure was based on the cost savings over the
course of a year, an annual reassessment of the benchmark and
remuneration would be appropriate to meet that safe harbor requirement.
We also recognize that some outcome measures might be on a longer
timetable for reassessment (e.g., a percentage reduction in costs over
a 5-year time span). Therefore, the outcome measure might not need to
be reassessed for 5 years (but an outcomes-based payment also would not
be protected by this safe harbor until such outcome is achieved).
We have revised the regulatory text in the final rule to address
many of the issues the commenters raised. These revisions are
consistent with the substance of what we proposed in the OIG Proposed
Rule. In the OIG Proposed Rule, we had solicited comments on defining
the term ``rebasing'' and had described the fraud and abuse risk we
were trying to prevent (e.g., arrangements in which outcome measures
are not properly monitored or assessed and could be used as a vehicle
to reward referrals well after the desired provider behavior change or
savings benchmark has been met \130\). Specifically, in this final
rule, rather than stating that, for each outcome measure, the parties
must ``rebase during the term of the agreement, to the extent
applicable,'' we are stating that the parties must ``[p]eriodically
assess and, as necessary, revise benchmarks and remuneration under the
agreement to ensure that the remuneration is consistent with fair
market value in an arm's-length transaction as required by
(d)(2)(ii).'' Thus, for safe harbor protection, all parties must assess
the arrangement periodically (e.g., determine whether continued use of
a benchmark or a measure is appropriate and whether the remuneration is
appropriate for achieving that outcome measure), and then the parties
should make any adjustments to benchmarks or remuneration that may be
necessary to meet other conditions of the safe harbor.
---------------------------------------------------------------------------
\130\ 84 FR 55747 (Oct. 17, 2019).
---------------------------------------------------------------------------
[[Page 77847]]
d. Outcomes-Based Payments: Entities Not Eligible for Protection
Summary of the OIG Proposed Rule: We proposed making certain
entities ineligible for safe harbor protection under the outcomes-based
payments provisions, as described in section III.B.10.c.
Summary of the Final Rule: We are finalizing our policy to make
certain entities ineligible for safe harbor protection. Specifically,
the following entities will be ineligible to use the safe harbor: (i)
Pharmaceutical companies; (ii) PBMs; (iii) laboratory companies; (iv)
pharmacies that primarily compound drugs or primarily dispense
compounded drugs; (v) manufacturers of a device or medical supply, as
defined in paragraph (ee)(14)(iv); (vi) medical device distributors or
wholesalers that are not otherwise manufacturers of a device or medical
supply, as defined in paragraph (ee)(14)(iv) of this section; and (vii)
DMEPOS companies. In addition, the final rule clarifies that DMEPOS
companies do not include a pharmacy or a physician, provider, or other
entity that primarily furnishes services.
Comment: Numerous commenters, including stakeholders representing
pharmaceutical and medical device manufacturers and laboratories,
opposed carving out pharmaceutical and medical device manufacturers,
manufacturers, distributors, and suppliers of DMEPOS, and laboratories
from the protection under the safe harbor. For example, a commenter
suggested that medical device manufacturers should be protected because
they can make valuable contributions to value-based care. Other
commenters supported OIG's proposal, with some commenters requesting
that we make additional entities ineligible for protection, such as
device manufacturers, distributors, wholesalers, PBMs, and pharmacies.
Response: As laid out in the OIG Proposed Rule, we remain concerned
that pharmaceutical and medical device companies, DMEPOS companies, and
laboratories may inappropriately use outcomes-based payment
arrangements to market their products or divert patients from a more
clinically appropriate item or service, provider, or supplier without
regard to the best interests of the patient or to induce medically
unnecessary demand for items and services.\131\ In the OIG Proposed
Rule, we proposed to exclude from safe harbor protection payments made
directly or indirectly by a pharmaceutical manufacturer; a
manufacturer, distributor, or supplier of durable medical equipment,
prosthetics, orthotics, or supplies, or a laboratory. We proposed to
exclude these parties based on our enforcement and oversight experience
and for reasons similar to the reasons for proposed exclusion of these
entities from the definition of VBE participant (for further discussion
of these reasons, readers are referred to section III.B.2.e.ii above).
We explained that this provision reflected our concerns that these
types of entities are heavily dependent on prescriptions and referrals
and might use outcomes-based payments primarily to market their
products to providers and patients. We further said we were considering
excluding pharmacies (including compounding pharmacies), PBMs,
wholesalers, and distributors for the same reasons we proposed to
exclude them from the definition of VBE participant. With respect to
PBMs, wholesalers, and distributors, their businesses are closely
connected to the sale of manufacturer products, which provides an
additional reason to exclude them along with manufacturers.
---------------------------------------------------------------------------
\131\ 84 FR 55746 (Oct. 17, 2019).
---------------------------------------------------------------------------
Additionally, we said in the OIG Proposed Rule that we were
considering for the final rule the exclusion of medical device
manufacturers from participation in the outcomes-based payments
arrangements safe harbor.\132\ We explained our historical law
enforcement experience with matters involving kickbacks paid to
physicians, hospitals, and ambulatory surgical centers to market
various medical devices, such as devices used for invasive procedures;
in some cases, these schemes resulted in patients getting medically
unnecessary care. We also explained our longstanding concern with
physician-owned distributorships of medical devices because of
financial incentives to perform more (or more extensive) procedures
than are medically necessary and to use the devices sold by the
distributorship instead of more clinically appropriate devices.\133\
---------------------------------------------------------------------------
\132\ 84 FR 55705 (Oct. 17, 2019).
\133\ Id.
---------------------------------------------------------------------------
For the reasons stated in the OIG Proposed Rule, we are finalizing
the provision as follows: Outcomes-based payments made directly or
indirectly by the following entities are ineligible for protection
under this safe harbor: (i) A pharmaceutical manufacturer, distributor,
or wholesaler; (ii) a pharmacy benefit manager; (iii) a laboratory
company; (iv) a pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs; (v) a manufacturer of a device or medical
supply, as that term is defined in paragraph 1001.952(ee)(14)(iv) of
this section; (vi) a medical device distributor or wholesaler that is
not otherwise a manufacturer of a device or medical supply, as defined
in paragraph (ee)(14)(iv) of this section; or (vii) an entity or
individual that sells or rents durable medical equipment, prosthetics,
orthotics, or supplies covered by a Federal health care program (other
than a pharmacy or a physician, provider, or other entity that
primarily furnishes services). We are not making payments made by
pharmacies ineligible for safe harbor protection (except with respect
to pharmacies that primarily compound drugs or primarily dispense
compounded drugs for the reasons described in section III.B.2.e.ii.f
above), although we suspect outcomes-based payments made by pharmacies
might be relatively rare. As noted in a comment and response summarized
in section III.B.2.e.iv above, pharmacies often serve as the key point
of contact between patients and the health care system and provide many
services to patients. For the same reasons we describe in that section,
we do not believe that program integrity concerns warrant excluding
them from protection under this safe harbor. We have modified the
language describing DMEPOS companies to clarify that a pharmacy (other
than a compounding pharmacy) or physician, provider, or other entity
that primarily furnishes services remains eligible to make protected
payments even if they also have some DMEPOS business. We did not
propose, and did not intend, to exclude physicians or other providers.
We are mindful that there may be legitimate uses for outcomes-based
payments by these sectors. However, we are concerned that the proposed
safe harbor conditions were not intended to be, and are not, tailored
to outcome-based contracting or payments in these sectors. As noted in
the OIG Proposed Rule, we may consider outcomes-based contracting for
pharmaceutical products and medical device manufacturers in future
rulemaking. Outcomes-based payment arrangements involving these sectors
should be analyzed for compliance with the Federal anti-kickback
statute based on their facts and circumstances, including the intent of
the parties. The entities that are ineligible to receive protection
under this safe harbor for making outcomes-based payments remain
eligible to use the modified personal services and management contracts
safe harbor at paragraph 1001.952(d)(1).
[[Page 77848]]
e. Writing and Monitoring
Summary of OIG Proposed Rule: With paragraph 1001.952(d)(2)(viii),
we proposed a requirement of a signed writing evidencing the outcomes-
based payments agreement. We proposed at paragraph 1001.952(d)(2)(vii)
a requirement that the parties regularly monitor and assess the agent's
performance for each outcome measure, including the impact of the
outcomes-based payments arrangement on quality of care, and rebase
outcomes measures periodically.
Summary of Final Rule: We are finalizing, with modifications, the
writing requirement for outcomes-based payments and we moved the
requirement from paragraph 1001.952(d)(2)(viii) to paragraph
1001.952(d)(2)(iii). As modified, the written agreement must include at
a minimum a general description of the types of services to be
performed under an outcomes-based payment arrangement. We are also
finalizing the monitoring and assessment requirement with clarification
regarding the rebasing requirement. Under the final rule parties must
periodically assess and, as necessary revise, benchmarks and
remuneration under the agreement to ensure that any remuneration is
consistent with fair market value in an arm's-length transaction as
required by paragraph 1001.952(d)(2)(ii).
Comment: Commenters generally agreed that some type of written
agreement should be required for safe harbor protection, but commenters
did not necessarily agree with the specific condition OIG proposed. On
the one hand, a commenter was concerned about arrangements losing safe
harbor protection by not technically meeting the requirement of all
services being documented, considering the need for some arrangements
to be flexible. On the other hand, a commenter recommended that the
safe harbor include additional documentation requirements, such as:
Documentation of benchmarking methodologies; metrics for how to assess
objectively its outcome measure(s) and documentation of the execution
of any such assessment; records created at the time they entered into
the agreement identifying the basis for the determination of
compensation and the clinical evidence or credible medical support
considered; and contemporaneous documentation of the services performed
and the outcomes achieved. This commenter asserted that these
additional documentation requirements would help prevent post-hoc
justifications for conduct that the parties did not actually believe
was permissible at the time, and that a lack of documentation is a way
individuals and entities try to hide lack of compliance with a safe
harbor.
Response: We understand the need for flexibility in outcomes-based
arrangements. However, the safe harbor must include safeguards to avoid
protecting arrangements that reward referrals. In the OIG Proposed
Rule, we proposed that the written agreement include at a minimum: (i)
The services to be performed by the parties for the term of the
agreement; (ii) the outcome measure(s) the agent must achieve to
receive an outcomes-based payment; (iii) the clinical evidence or
credible medical support relied upon by the parties to select the
outcome measure(s); and (iv) the schedule for the parties to regularly
monitor and assess the outcome measure(s). We believe it is critical
for parties to include the outcome measures, the basis for selecting
the outcome measures, and the monitoring and assessment schedule in an
agreement at the outset of the arrangement.
However, we are modifying the requirement that the agreement
specify the services to be performed over the term of the agreement. We
recognize that the parties may not be aware of every step necessary to
achieve a certain outcome measure when the agreement becomes effective
and that the needed services might change over time to achieve the
desired outcome measure. Protected remuneration under paragraph
1001.952(d)(2) is dependent upon meeting the outcome measure, not
necessarily the specific steps a party may have taken to achieve that
measure. Therefore, we are modifying the regulatory text to specify
that the agreement must include at a minimum a general description of
the types of services to be performed. We note, however, that other
conditions of the safe harbor (e.g., monitoring the arrangement to
assess the agent's performance and impact on patient care) would
necessitate some type of documentation of services or other activities
performed to achieve the outcome measure. We believe that requiring a
general description of the anticipated services, coupled with the other
required elements of the written agreement, strikes the appropriate
balance between transparency needed to protect patients and Federal
health care programs and flexibility for parties to create innovative
arrangements that may need to evolve to achieve the desired results.
Comment: A commenter asked whether an agreement to provide
outcomes-based payments can be signed in advance of the establishment
of the outcome measure(s) and whether the parties' eligibility for
compensation commences on the date the outcome measure(s) are mutually
agreed upon in writing signed by the parties or at some other time.
Response: There may be certain other existing written agreements
between the parties in advance of commencing an outcomes-based payment
arrangement. But for purposes of meeting the writing requirement for
protection under this safe harbor, the parties must agree to the
outcome measure(s) in writing and sign such an agreement in advance of,
or contemporaneous with, the commencement of the terms of the outcomes-
based payment arrangement. Furthermore, eligibility for protected
compensation under this safe harbor commences after achievement of the
outcomes measure (or failure to achieve it by the designated time in
the case of a shared losses payment), assuming all safe harbor
conditions are met.
11. Warranties (42 CFR 1001.952(g))
Summary of OIG Proposed Rule: We proposed to modify the existing
safe harbor for warranties at paragraph 1001.952(g) to: (i) Protect
certain warranties for one or more items and related services upon
certain conditions, such as all federally reimbursable items and
services subject to bundled warranty arrangements must be reimbursed by
the same Federal health care program and in the same payment (``same
program/same payment requirement''); (ii) exclude beneficiaries from
the reporting requirements applicable to buyers; and (iii) define
``warranty'' directly and not by reference to 15 U.S.C. 2301(6).
Summary of Final Rule: We are finalizing the modifications to the
warranties safe harbor as proposed in the OIG Proposed Rule. In
addition, in response to concerns raised by commenters, we are
clarifying in this preamble the scope of buyers' reporting obligations
to make clear the safe harbor is designed to accommodate the various
reimbursement systems under which buyers may report price reductions.
a. Inclusion of Services in Bundled Warranties
We are finalizing our proposal to protect warranties that warranty
a bundle of items or a bundle of items and services. This revision
protects, for the first time, warranties covering services, although
the safe harbor does not provide protection to warranties that warranty
only services. As explained in the OIG Proposed Rule, we believe
warranties for services that are not tied
[[Page 77849]]
to one or more related items could present heightened fraud and abuse
risks.
Comment: Commenters generally supported our proposal to revise the
warranties safe harbor to protect bundled warranties for one or more
items and related services. A commenter noted sellers and buyers, such
as health systems, would have greater flexibility under the safe harbor
to protect related services that are often integral to determining
whether the terms of a warranty, such as a clinical outcome, have been
met. According to the commenter, such services might include, for
example, data collection and analytics, verification of product use
consistent with labeling and governing clinical protocols (including
through confirmatory laboratory testing), and monitoring patient
adherence to prescribed treatment regimens.
Response: We agree with commenters that the revised safe harbor
will offer greater flexibility to buyers and sellers to enter into
innovative arrangements that warranty the value of an entire bundle of
items or that include bundled items and services. We would highlight,
however, that this revision to the warranties safe harbor does not
protect free or reduced-priced items or services that sellers provide
either as part of a bundled warranty arrangement or ancillary to a
warranty arrangement. Instead, it merely protects the offer and
exchange of warranty remedies under a warranty arrangement, provided
all of the safe harbor's conditions are satisfied. As discussed further
below, items and services provided either as part of or ancillary to a
warranty arrangement may not need safe harbor protection or may be
protected by other safe harbors.
Comment: A commenter supported our proposal not to protect
warranties covering only services. Another commenter, however,
recommended that OIG should protect warranties that cover services
only, explaining that medical device manufacturers can play a role in
offering data analytics via software solutions, for example to predict
post-treatment health care conditions and costs and thereby reduce
utilization of higher-acuity post-acute services. According to the
commenter, offering warranties that guarantee outcomes from using such
services would provide an incentive for investment from both parties--
the vendor and the provider.
Response: We appreciate the commenter's explanation regarding the
potential benefits of services offerings. As we discussed in the OIG
Proposed Rule, however, we believe services-only warranty arrangements
present a heightened risk of fraud and abuse. In particular, we noted
that the determination of whether services meet a clinical outcomes
goal established by a warranty arrangement can be more subjective than
warranties involving items. We also expressed concern that the
potential to receive a monetary remedy under a services-only warranty
could induce patients to select a particular provider, particularly if
the clinical results are not easily achievable. Parties seeking to
enter into outcomes-based arrangements for only services may look to
the revised personal services and management contracts and outcomes-
based payment arrangements safe harbor at paragraph 1001.952(d) for
potential protection.
Comment: A commenter requested that if OIG finalizes limitations on
the items and services that may qualify for bundled warranties, OIG
should clarify that a warrantied bundle of items and services could
encompass limited support services offered by the manufacturer that are
not federally reimbursable and are offered free of charge. The
commenter asked for this clarification in light of preamble language
from the OIG Proposed Rule stating that the modified safe harbor would
not protect free or reduced-priced items or services that sellers
provide either as part of a bundled warranty arrangement or ancillary
to a warranty arrangement. As an example, the commenter asked OIG to
confirm that the safe harbor would protect a manufacturer's warranty of
the clinical effectiveness of a self-injected drug contingent on the
patient receiving product administration and use education through
nurse support offered by the manufacturer.
Response: We confirm that, under the safe harbor as modified, a
warrantied bundle of items and services could encompass services
offered by the manufacturer that are not federally reimbursable and are
offered free of charge, although we emphasize that the safe harbor only
protects remuneration provided as a warranty remedy; services offered
for free by manufacturers would not themselves be protected under this
safe harbor. The same program/same payment requirement does not
prohibit the inclusion of non-federally reimbursable items or services
in the bundle of items and services being warrantied. Therefore, under
the safe harbor, a manufacturer could offer a bundled warranty that
warranties the clinical effectiveness of a self-injected drug
contingent on the patient receiving post-prescribing product
administration and use education through nurse support offered by the
manufacturer. We also want to confirm and clarify that the modified
safe harbor does not protect free or reduced-priced items or services
that sellers provide either as part of a bundled warranty arrangement
or ancillary to a warranty arrangement. The modifications to the safe
harbor provide protection for warranty remedies stemming from
warranties covering more than one item or more than one item and
service, whereas the original safe harbor for warranties provided
protection for warranty remedies stemming from warranties on only one
item. If non-reimbursable items or services offered for free as part of
a bundled warranty have independent value to a buyer, the parties to
the warranty arrangement may look to other safe harbors to protect the
exchange of those items and services, such as the personal services and
management contracts and outcomes-based payments safe harbor.
Comment: In response to our solicitation of comments regarding the
potential anticompetitive effects that bundled warranties may have--
including barriers to entry for manufacturers and suppliers that cannot
offer bundled warranties--a commenter stated that it did not believe
competitive barriers to entry were a likely outcome, and that any risks
of anticompetitive behavior that may exist are better addressed through
the government's other enforcement authorities to police
anticompetitive behavior. According to the commenter, it is not
uncommon for vendors to partner in selling and offering a warranty for
a bundle of products containing items from different vendors.
Response: We appreciate this comment and recognize that a variety
of models exist in the marketplace for bundled-sale arrangements. We
are not finalizing additional safeguards designed to limit the
potential anticompetitive effects of bundled warranties. We continue to
believe, however, that anticompetitive risks can be reduced by the safe
harbor's provisions prohibiting exclusive-use or minimum-purchase
requirements as a condition of a warranty offering.
Comment: A commenter warned that bundled warranties may harm
competition and limit clinician and patient choice because, even with
the prohibition on exclusivity and minimum-purchase requirements,
sellers could condition a warranty on the purchase of a bundle of
products and services. The commenter suggested that OIG include
language in the safe harbor that no warranty shall interfere
[[Page 77850]]
with a health care provider's autonomy and responsibility to make
clinical decisions with regard to patient care and safety.
Response: We appreciate the commenters' concerns and recognize that
providing protection for bundled warranties could result in some
anticompetitive effects. However, the safeguards we are finalizing in
this rule, including prohibiting exclusivity and minimum-purchase
requirements and limiting the scope of what may be included in a
bundled warranty, provide meaningful protection against anticompetitive
behavior that otherwise may occur. As noted in the OIG Proposed Rule,
protection for bundled warranties may foster beneficial arrangements
that facilitate the use of higher-value items and services. While we
have not included an express requirement that protected warranties
cannot interfere with a health care provider's autonomy and
responsibility to make clinical decisions with regard to patient care
and safety, we emphasize that the modifications to the safe harbor that
we are finalizing are not intended to--and should not--affect
providers' ongoing responsibilities to make clinical decisions in the
best interests of their patients.
Comment: Some commenters recommended that we include other
additional safeguards within the safe harbor. For example, a commenter
urged OIG to consider a safeguard that would prohibit any unfair or
deceptive practice in the marketing of a service warranty. Another
commenter urged us to add a requirement that for a warranty to be
protected under the safe harbor, the manufacturer or supplier must
determine that the warranty is reasonably related to an evidence-based
clinical improvement objective and is commercially reasonable.
Response: As noted above, we believe the safeguards in the OIG
Proposed Rule strike the right balance between protecting beneficiaries
and Federal health care programs while promoting beneficial and
innovative arrangements, such as bundled warranties. In particular, we
have not added a separate prohibition against unfair or deceptive
practices because deceptive commercial practices are already prohibited
by numerous State and Federal laws. We do not believe providing a
separate requirement here is necessary.
We also decline to impose a requirement that warranty arrangements
relate to evidence-based clinical improvement objectives. Although some
warranties may relate to evidence-based clinical improvement outcomes,
many warranty arrangements that the safe harbor could protect, such as
those guaranteeing that an item is defect-free or otherwise functions
as intended, may not have an evidence-based clinical improvement
component.
Finally, we decline to impose a commercial reasonableness
requirement within the warranties safe harbor for the same reasons
articulated above. It is not clear that a commercial reasonableness
requirement would provide additional, meaningful protection against
fraud and abuse in the context of the warranties safe harbor, given the
limited scope of protected remuneration and, in particular, that a
seller may not pay any individual (other than a beneficiary) or entity
for any medical, surgical, or hospital expense incurred by a
beneficiary other than for the cost of the items and services subject
to the warranty.
Comment: Some commenters opposed restrictions on the manner in
which sellers could provide warrantied medication adherence services as
part of a bundled warranty, with those commenters pointing to the
importance of medication adherence services generally and the alignment
that exists between manufacturers' incentives and patients' health
outcomes. Commenters noted that adherence programs can play an
important role in helping patients follow their prescribed treatment
regimens, which has been shown to lead to better patient outcomes,
including fewer hospitalizations and emergency room visits. Commenters
also pointed out that medication nonadherence--the problem of patients
not taking medications in accordance with their health care providers'
directions or otherwise not following their providers' treatment
recommendations--is a major health problem, leading to poor clinical
outcomes and increased health care spending. Commenters also asserted
that the fraud and abuse risks of manufacturers providing medication
adherence services is low because manufacturers have financial,
regulatory, reputational, ethical, and legal incentives to ensure their
products are used only to the extent that they continue to be safe and
effective for patients. Commenters further noted that, when medication
adherence programs are included in outcomes-based contracts,
manufacturers are rewarded for their product working as intended to
promote patients' health and safety and penalized for their product not
working well for patients, which improves the alignment between
manufacturer incentives and patient health and safety.
Although most commenters on the topic did not support restrictions
on the manner in which sellers could provide warrantied medication
adherence services, a few commenters expressed support for a possible
safeguard discussed in the OIG Proposed Rule. In particular, a
commenter expressed support for OIG's proposal to require sellers' use
of independent intermediaries for direct patient adherence activities,
while another commenter supported a prohibition on any direct patient
outreach by a seller offering a warranty. A commenter who shared the
concerns expressed in the OIG Proposed Rule regarding patient outreach
services being provided by manufacturers and suppliers recommended a
safeguard requiring that warrantied patient outreach services be
approved by a licensed medical professional. In doing so, the commenter
expressed concern that drug manufacturers may abuse any safeguard
requiring sellers to use independent intermediaries to perform direct
patient outreach services.
Response: OIG agrees that medication adherence services can have a
significant beneficial impact on patient health and health care costs.
Although we also recognize the potential for greater alignment of
manufacturers' incentives and patient health outcomes in value-based
arrangements, at this time most arrangements for the sale of a drug
reimbursed by a Federal health care program are not outcome-driven, and
we continue to have concerns regarding the direct provision of
medication adherence services by sellers of warrantied items because
their financial incentive to sell their products could result in
medication adherence services that increase fraud and abuse risks, such
as patient harm and overutilization.
Despite these risks, we are not imposing any restriction in this
final rule on the manner in which warrantied medication adherence
services may be provided when offered as part of a bundled warranty. A
limitation on the manner in which sellers of one or more warrantied
items provide such services as part of a bundled warranty may not
materially reduce any fraud and abuse risks, particularly because a
limitation on warranties would not affect the provision of medication
adherence services in contexts other than bundled warranties. For the
same reason, we are declining to impose a requirement that warrantied
medication adherence services must either be provided via an
independent intermediary or subject to the approval of a licensed
medical professional. We emphasize that the warranties safe harbor
would not protect the provision of free or reduced-cost
[[Page 77851]]
medication adherence services furnished by a seller.
Comment: A few commenters asserted that, consistent with existing
OIG guidance, medication adherence services do not constitute
remuneration because they do not have independent value to a buyer but
rather are integrally related to the underlying product. A commenter
noted that, although OIG has expressed concern that manufacturer-
sponsored adherence supports could replace actions that a health care
provider might otherwise take to support medication adherence, the
likelihood of manufacturer adherence supports leading providers to
reduce their own efforts to improve their patients' medication
adherence is very small.
Response: We disagree with the assertion that medication adherence
services never constitute remuneration and thus never implicate the
anti-kickback statute. For example, in Advisory Opinion No. 11-07, we
noted that the vaccine reminder program offered by a manufacturer could
have independent value to health insurers and health care entities and
could confer an additional financial benefit on physicians because the
vaccine reminders were intended to encourage the recipients to schedule
an appointment with their children's health care practitioners, who
likely would be reimbursed for administering the vaccine and possibly
for an associated office visit. As highlighted in this example,
medication adherence services could result in a provider's opportunity
to earn income. We also recognize that medication adherence services
provided to beneficiaries as part of warranty arrangements could have
independent value to the beneficiary, depending on how those
arrangements are structured.
Although the OIG Proposed Rule stated that the provision of free or
below fair market value medication adherence services ``would implicate
the anti-kickback statute,'' \134\ we clarify in this final rule our
position that such services could implicate the statute but would not
necessarily implicate the statute in all circumstances, and that such
analysis would be dependent upon the facts and circumstances of a
specific offering.
---------------------------------------------------------------------------
\134\ 84 FR 55748 n.83 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: A commenter urged OIG to ensure that pharmacies can
continue to provide adherence and medication therapy management
services, including when such activities are compensated at fair market
value by payors, manufacturers, and others within the supply and
payment chain.
Response: The modifications to the warranties safe harbor set forth
in this final rule do not change pharmacies' ability to provide
adherence and medication therapy management services. Any financial
arrangement between pharmacies and payors, manufacturers, and others
within the supply and payment chain could implicate the anti-kickback
statute and should be analyzed on a case-by-case basis for compliance
with the statute. Depending on the facts, other safe harbors may be
available, including the personal services and management contracts and
outcomes-based payments safe harbor.
Comment: A commenter expressed support for a standalone safe harbor
protecting manufacturer-supported patient adherence programs, and other
commenters asked OIG to promulgate an additional rule that expressly
defines how value-based arrangements for drugs can include all relevant
health care entities (including manufacturers, payors, providers, and
patients) and medication adherence programs without running afoul of
the Federal anti-kickback statute.
Response: We appreciate the commenters' requests for further
rulemaking. However, they are outside the scope of this rulemaking.
Comment: A commenter expressed concern regarding the statement in
the OIG Proposed Rule regarding the provision of free or reduced-price
laboratory testing as part of a warranty arrangement. The commenter
asserted that the inclusion of confirmatory laboratory testing under a
warranty arrangement could fit within the revised warranties safe
harbor where a seller engages an independent laboratory under a fair
market value arrangement to perform testing solely to determine whether
the terms of a clinical outcome or other value-based warranty have been
met.
Response: Regardless of whether items and services used to
determine the efficacy of a warranty have independent value to the
buyer, the warranties safe harbor provides protection only for sellers'
offer and provision of warranty remedies, not the offer or sale of the
items and services being warrantied or any items or services used to
determine whether a clinical outcome or other value-based outcome has
been achieved. We recognize that warranty arrangements in some
circumstances may require laboratory testing or other data to
determine, for example, whether clinical or other outcomes have been
met or whether the buyer or patient has adhered to the terms of the
warranty.
We did not intend to suggest in the OIG Proposed Rule that, in all
instances, confirmatory laboratory testing for purposes of determining
whether warrantied outcomes have been achieved would implicate the
anti-kickback statute. Where a seller provides free items and services
ancillary to a warranty arrangement that could have independent value
to the buyer, sellers should analyze such arrangements on a case-by-
case basis to determine whether they implicate the anti-kickback
statute and may look to other safe harbors, such as the safe harbor for
personal services and management contracts and outcomes-based payments,
for protection. In the case of confirmatory laboratory testing relating
to a warranty arrangement, such testing could have independent value to
the buyer if, for example, it alleviates administrative or financial
burdens the buyer otherwise would incur to obtain laboratory testing
for purposes other than the warranty.
b. Requirement for Federally Reimbursable Items and Services Subject to
Bundled Warranty Arrangements To Be Reimbursed by the Same Federal
Health Care Program and in the Same Payment
We recognize the possibility that bundling of one or more items and
related services that are reimbursed under different methodologies or
different payments could create incentives for overutilization or the
potential for cost-shifting. The final rule protects warranties that
apply to one or more items and related services only if the federally
reimbursable items and services subject to the warranty arrangement are
reimbursed by the same Federal health care program and in the same
Federal health care program payment. The same program/same payment
requirement provides important protection against these risks.
Comment: A number of commenters objected to the condition that
federally reimbursable items and services in a bundled warranty
arrangement must be reimbursed by the same Federal health care program
and in the same Federal health care program payment in order to qualify
for protection under the safe harbor. Commenters expressed concern that
this condition would constrain innovation by limiting what items may or
may not be included in a bundle based on reimbursement status, rather
than focusing on clinical efficacy. A trade association representing
providers noted that care coordination arrangements often require
payments
[[Page 77852]]
from different reimbursement methodologies. For example, a joint
replacement can occur in a hospital or ambulatory surgical center and
then a patient may be discharged to a skilled nursing facility or to
home health care. The commenter expressed concern that a warranty
covering this episode of care would not be eligible for safe harbor
protection because of the different payment methodologies. The
commenter recommended OIG implement alternative safeguards in lieu of
the same program/same payment requirement, such as limiting application
of the safe harbor to medically necessary items and services,
prohibiting stinting, and requiring the warranty to be part of a
written care plan by a licensed medical professional.
Other health care providers commented that the proposed same
program/same payment requirement is outdated and unworkable in light of
value-based arrangements that utilize a combination of items, services,
or both, and that it is impracticable to determine that the same
program/same payment requirement will be satisfied for every patient.
Commenters also noted that warranties allow manufacturers to help
providers manage risk when testing out new combinations of devices and
supports, even if they are reimbursed under separate prospective or
composite rate systems.
Response: Although the warranties safe harbor could be used to
protect a wide range of innovative arrangements, it is not designed to
protect warranties involving items purchased by multiple buyers across
different care settings or reimbursed by different payment systems. As
explained further in this final rule, we believe a bundle of products
paid for separately and potentially across different payment systems
poses an increased risk of inappropriate utilization and
overutilization. Such arrangements may qualify for protection under the
value-based safe harbors described in this final rule, such as the safe
harbors for care coordination arrangements (paragraph 1001.952(ee)),
value-based arrangements with substantial downside financial risk
(paragraph 1001.952(ff)), and value-based arrangements with full
financial risk (paragraph 1001.952(gg)). We do not believe that the
proposed alternative safeguards would be as effective--or as
straightforward to apply and interpret--as the same program/same
payment requirement we are finalizing.
Comment: A commenter noted that a manufacturer or supplier seldom
knows all of the ways in which providers might be reimbursed for items
and services included in a bundled warranty arrangement.
Response: As noted above, the warranties safe harbor is not
designed to protect warranty arrangements that span different care
settings or that involve multiple payment systems. Sellers should be
able to craft warranty offerings that meet the terms of the safe
harbor, even if a particular bundle of items or items and services
could potentially be reimbursed in different ways. For example, a
seller's written warranty could specify that warranty remuneration is
available only in circumstances in which the bundle is reimbursed under
the same Federal health care program and in the same payment.
Comment: Commenters noted that the bundled warranty arrangement
approved under Advisory Opinion No. 18-10 would not meet the revised
safe harbor because some of the items in the bundle were separately
reimbursable under certain States' Medicaid programs. Commenters also
observed that various State Medicaid programs employ different
reimbursement methodologies and that even within a single State,
reimbursement methodologies can differ depending on whether
beneficiaries are covered by the State's fee-for-service program or a
Medicaid managed care plan.
Response: We acknowledge that Medicaid programs reimburse items and
services with a variety of payment methodologies, which can include
separate, unbundled reimbursement for some items. We remain concerned,
however, that providing safe harbor protection to warranties containing
separately reimbursable items would introduce a higher risk of fraud
and abuse in the form of potential overutilization, inappropriate
steering, or inappropriate utilization. For example, a buyer may have
an incentive to purchase separately reimbursable items in order to
receive the benefit of a warranty on those items because the buyer will
be reimbursed for each item separately, and if even one item does not
meet the specified level of performance, the buyer could receive the
cost of all items in the bundle. By comparison, if a buyer receives one
warranty payment for all items covered by a bundled warranty, the buyer
has a greater incentive to contain its costs and not purchase
unnecessary items (or services).
The arrangement described in Advisory Opinion No. 18-10 included
the possibility that bundled devices could be separately reimbursed by
State Medicaid programs, although the opinion specified that these
instances would be infrequent and that Medicaid-reimbursed cases
represented a very small part of the requestor's business. Although
warranty remuneration paid resulting from the failure of a separately
reimbursable item or service would not be covered by the warranties
safe harbor, the advisory opinion process remains available for a legal
opinion regarding facts and circumstances that may not be protected by
the safe harbor.
Although we solicited comments on instances when an exception may
be necessary to the provision requiring reimbursement by the same
Federal health care program payment, upon further consideration we do
not believe an exception is necessary. The modified safe harbor
requires that federally reimbursable items and services covered by a
bundled warranty must be reimbursed by the same Federal health care
program payment--not that the items and services be only reimbursable
by one Federal health care program payment. In other words, the
possibility that an item or service is reimbursable under a different
program or by a different payment does not foreclose a manufacturer or
supplier from offering a bundled warranty covering the item or service
as long as the item or service is in fact reimbursed by the same
Federal health care program payment as the other item(s) and service(s)
comprising the warranty bundle.
Although we recognize that it may be difficult for a seller to know
under which reimbursement methodology a particular item or service will
be reimbursed, we believe parties entering into bundled warranty
arrangements could specify in the warranty's written terms that only
items and services reimbursed by the same Federal health care program
payment will be eligible for the warranty. Because warranty remedies
are by their nature furnished after the use of items and services, a
buyer likely knows before making a warranty claim whether the items and
services are or will be reimbursed by the same Federal health care
program payment. Consequently, a warranty undertaking could explicitly
state that warranty remedies are available only for patients or
procedures in which the bundled items and services are reimbursed by
the same program and same payment even where alternative reimbursement
methodologies for those items and services exist.
Comment: A commenter noted that in many cases items or services
included in a bundle are not reimbursed specifically but might be
deemed reimbursed indirectly as part of a payment for another item or
service. In such cases, there might be numerous
[[Page 77853]]
potential payments or reimbursement methodologies which could be viewed
as providing such indirect reimbursement.
Response: The warranties safe harbor does not attempt to address
every possible variation in reimbursement methodologies. We continue to
believe that limiting safe harbor protection to warranties involving
bundled items and services reimbursed under the same program and same
payment is an important safeguard to protect against inappropriate
steering, inappropriate utilization, or overutilization of federally
reimbursable health care items and services. We believe that, in most
circumstances, health care providers can identify the reimbursement
source for a particular item and can also determine whether items and
services subject to a bundled warranty are reimbursed by the same
payment.
Comment: A commenter urged OIG to abandon the same program/same
payment requirement and instead extend protection for bundled
warranties involving items and services reimbursed under multiple
prospective payment or composite rate systems, which the commenter
asserted would protect a broader range of warranties but pose a low
risk of fraud and abuse due to cost-shifting because no warrantied
items would be separately reimbursable. Another commenter suggested
that the safe harbor should protect bundled warranties involving items
and services that are not specifically reimbursed under bundled or fee-
for-service payments but that could be reflected in some manner in a
provider's Medicare cost report.
Response: Although we recognize that warrantying only bundled items
and services reimbursed under prospective payment bundles or composite
rate systems could reduce the risk of cost-shifting between Federal
health care programs, we remain concerned that protecting bundled
warranties across such methodologies could complicate both the
administration of warranties and reporting obligations, and we decline
to expand the safe harbor provision according to the commenter's
suggestion.
Comment: A commenter stated that the same program/same payment
requirement would not protect a warranty bundle consisting of a
particular federally reimbursed drug product when used in conjunction
with a companion diagnostic. According to the commenter, the drug would
be reimbursed under Medicare at the negotiated price (for a Part D
drug) or at ASP plus 6 percent (for a Part B drug), while the companion
diagnostic would be reimbursed under the clinical laboratory fee
schedule.
Response: We appreciate the commenter's concern and acknowledge
that the safe harbor would not protect the type of arrangement
described in this comment. However, the safe harbor could protect a
warranty covering a drug product, and where the seller wants to provide
a companion diagnostic to determine if a warrantied outcome has been
achieved, the seller could look to other safe harbors to protect the
provision of the companion diagnostic to the extent the provision of
the companion diagnostic implicates the anti-kickback statute.
Comment: A commenter asserted that the same program/same payment
requirement could foreclose protection for even one-drug warranties
because drugs are virtually always reimbursed by Medicare, Medicaid
(and usually additional Federal health care programs), with each
program having different payment methodologies for outpatient drugs.
Response: As noted in proposed paragraph 1001.952(g)(5), the same
program/same payment requirement would only apply when a manufacturer
or supplier offers a warranty for more than one item or one or more
items and related services. This requirement would not apply to single-
item warranties.
Comment: A number of commenters expressed concern that the
requirement that federally reimbursable bundled items and services be
reimbursed by the same Federal health care program payment could
inhibit innovative warranties based on the performance of warrantied
items and related services across a patient population (population-
based warranties). A commenter argued that the safe harbor should
accommodate value-based arrangements that study a representative sample
of a patient population and use the results observed from the sample to
determine the price or price concession that is appropriate for product
utilization more broadly. Another commenter asserted that warranties
offered across a patient population have a low risk of fraud and abuse
where none of the items or services is separately reimbursable.
Response: As discussed in the preamble to the OIG Proposed Rule, we
believe the expanded warranties safe harbor will facilitate beneficial
and innovative arrangements between buyers and sellers, such as bundled
warranties. While population-based warranties would not necessarily
pose the same fraud and abuse risk of problematic cost-shifting between
Federal health care programs as warranties covering a bundle of items
and services that are reimbursable under different Federal health care
programs, population-based warranties could pose different fraud and
abuse risks. Specifically, population-based warranties may result in
steering to particular products in a manner that inappropriately limits
patient choice and providers' clinical decision-making and could result
in overutilization or inappropriate utilization of items or services
where a buyer feels compelled to use a certain quantity of a seller's
product in order to be eligible for a warranty remedy. We appreciate
the commenter's request for the warranties safe harbor to protect
value-based arrangements that could inform the price of a product, and
while the modified safe harbor does not specifically protect
population-based warranties, we emphasize our statement in the OIG
Proposed Rule that we may consider specifically tailored safe harbor
protection for value-based contracting and outcomes-based contracting
for the purchase of pharmaceutical products (and potentially other
types of products) in future rulemaking.
c. Capped Amount of Warranty Remedies
The existing safe harbor for warranties contains the limitation
that a manufacturer or supplier must not pay remuneration to any
individual (other than a beneficiary) or entity for any medical,
surgical, or hospital expense incurred by a beneficiary other than for
the cost of the item itself. In the OIG Proposed Rule, at proposed
paragraph 1001.952(g)5), we proposed to adapt this limitation to
accommodate the safe harbor's expanded protection of bundled
warranties. In the modifications to the safe harbor we are finalizing
here, warranty remuneration for any medical, surgical, or hospital
expense incurred by a beneficiary is capped at the cost of the items
and services subject to the warranty.
This cap plays an important role in safeguarding against sellers
providing excess remuneration to providers to induce referrals. The
revised safe harbor offers sellers more flexibility by protecting both
a broader scope of warranties and a potentially higher amount of
warranty remuneration reflecting the cost of the entire bundle of items
or bundle of items and services. This adaptation allows sellers to
offer a valuable remedy to their customers if a product fails to meet a
specified level of performance.
Comment: Although some commenters expressed support for OIG's
proposal to limit the remuneration a
[[Page 77854]]
manufacturer or supplier may pay to any individual (other than a
beneficiary) or entity for any medical, surgical, or hospital expense
incurred by a beneficiary other than for the cost of items and services
subject to the warranty, several commenters objected to this proposed
safeguard. For example, a commenter argued that warranty remedies that
exceed the aggregate value of the warrantied items and related services
are likely to be the key drivers in realizing the potential of value-
based care. Another commenter stated that capping the warranty remedy
based on the collective cost of the warrantied items and services is
insufficient because providers expect vendors offering warranties
addressing long-term population health issues to be financially
accountable for costs greater than the cost of the items and services
subject to the warranty.
Response: As proposed, the revised safe harbor would protect
warranties in which vendors offer to reimburse any medical, surgical,
or hospital expense incurred, up to the cost of the warrantied items
and services incurred by the buyer to acquire those items and services.
The safe harbor could be used to protect reimbursement for hospital
expenses incurred as a result of, for example, a bundle of items that
failed to meet the clinical outcomes guaranteed by a warranty
arrangement. The total warranty remuneration provided, however--
including the cost of any replacement items--would be limited to the
original cost of the items and services incurred by the buyer. We
believe the proposed expansion of this safe harbor provides a
significant and sufficient opportunity for vendors to offer a
meaningful and valuable remedy to their customers to account for the
failure of an item, a bundle of items, or a bundle of items and
services to meet warrantied standards.
Comment: Commenters stated that capping the amount of warranty
remuneration will negatively impact patient care and unnecessarily
stifle innovative value-based arrangements because vendors will not be
able to offer appropriate remedies if warrantied outcomes are not
achieved, such as the provision or payment for medical, surgical,
hospital, or other services and related items in connection with the
replacement or supplementation of a warrantied item, or as an
alternative or supplemental treatment.
Response: We continue to believe that the proposed cap strikes an
appropriate balance between protecting remuneration for warrantied
products and safeguarding against excessive remuneration paid by
vendors to induce referrals. Furthermore, as we explained in the
preamble to the OIG Proposed Rule, the safe harbor, as finalized,
already is broad enough to protect certain value-based arrangements,
such as warranties that offer a clinical outcomes guarantee, as long as
the safe harbor's other requirements are met.
Comment: A commenter stated that there is negligible risk that
manufacturers and suppliers would use warranties to provide excess
remuneration because vendors entering into warranty arrangements face
steep exposure and will take all possible precautions to avoid future
payments under such warranties.
Response: We continue to believe that without limiting the amount
of protected warranty remuneration there is a risk of vendors paying
excessive remuneration to induce further Federal health care business.
For example, without a cap on warranty remuneration, a vendor could pay
for a wide range of consequential expenses resulting from the failure
of a device including, for example, hospitalization expenses, revision
surgery, and other downstream expenses, in addition to providing a
replacement for the faulty device. We believe that would provide too
great an opportunity for sellers to offer generous remuneration to
buyers.
d. Prohibition on Exclusivity and Minimum-Purchase Requirements
We proposed a new safeguard at proposed paragraph 1001.952(g)(6)
that would preclude warranty arrangements from being conditioned on the
exclusive use or minimum purchase of one or more items or services. We
are finalizing this safeguard because we believe it provides important
protection against patient steering that could interfere with clinical
decision-making and against potential anticompetitive effects.
Comment: Some commenters expressed support for the proposed
prohibition on warranties conditioned on a buyer's exclusive use of any
of the manufacturer's or supplier's items or services. Other commenters
argued that these safeguards are unnecessary and possibly contravene
the intent of the proposal. For example, a commenter noted that
warranties constitute a means by which sellers compete against one
another by providing assurances of performance. In addition, commenters
noted that providers can standardize their use of any one of a number
of similar, competitive products, and that such standardization through
exclusivity and minimum-purchase requirements can promote competition
and lower costs without triggering any concerns regarding patient
access to medically necessary items.
Response: We are finalizing the prohibition against sellers
conditioning a warranty on a buyer's exclusive use or minimum purchase
of any of the seller's items or services. Although exclusivity and
minimum-purchase requirements may allow for certain efficiencies, we
view exclusivity and minimum-purchase requirements tied to the offer of
a warranty as potentially abusive steering practices that could result
in, among other things, interference with clinical decision-making,
overutilization or inappropriate utilization, or anticompetitive
effects. Because warranty arrangements can be valuable tools for buyers
to defray the costs associated with an item (and under the modified
safe harbor, multiple items or items and services) that does not
function as expected, the potential for sellers to require exclusivity
and minimum-purchase requirements in exchange for a warranty may lock
buyers into a particular item (and under the modified safe harbor,
multiple items or items and services) and thereby could result in, for
example, a buyer using a particular item in a given case that is not in
the patient's best interest.
Comment: A commenter asserted that exclusivity and minimum-purchase
requirements are features that can promote competition and lower costs,
as in the case of purchase discounts conditioned on the volume of
products purchased. The commenter observed that a warranty might be
conditioned on a minimum- or exclusive-purchase requirement, and that
such requirement would not preclude a buyer from purchasing competitive
products in violation of the requirement; the provider would simply
lose the benefit of the warranty by doing so.
Response: Because warranties can be valuable tools for buyers to
defray the costs associated with an item (or items and services) that
do not function as expected, we reiterate our concerns that
conditioning warranties on exclusivity or minimum-purchase requirements
increases certain fraud and abuse risks, as described above, and thus
we are finalizing the modifications to the safe harbor with the
prohibition on conditioning warranties on such requirements.
Comment: A number of commenters urged OIG to omit or revise the
prohibition against conditioning warranties on minimum-purchase or
exclusivity requirements. In particular, commenters asserted that
population-based warranties typically require that there be some
minimum level of use of the product (and any related services) so
[[Page 77855]]
as to make the outcomes measure statistically meaningful. For example,
a manufacturer might state in a warranty, consistent with clinical
studies, that use of its device will produce the warrantied outcome a
given percentage of the time, but that the warranty is only available
if the device has been used on a large enough number of patients
(typically determined through a minimum-purchase requirement) to
produce a statistically relevant outcomes measure.
Response: We agree that population-based warranties could require a
certain amount of use of a product and any related services to make the
outcomes measure(s) set forth in a warranty undertaking statistically
meaningful. However, for the reasons set forth in this preamble, we are
finalizing the same program/same payment requirement, which means that
protection under the safe harbor as modified does not extend to
warranties for items used across a patient population. Particularly
given this limitation in the safe harbor, we do not believe
conditioning warranties on exclusivity or minimum-purchase requirements
is necessary for sellers to engage in beneficial warranty arrangements
that promote the value of the items and services being warrantied.
Comment: A commenter urged OIG to adopt a permissive approach,
which would protect warranties conditioned upon exclusive-use
arrangements under the safe harbor as long as manufacturers or
suppliers: (i) Have good-faith reasons for adopting exclusive-use
requirements; (ii) take and document reasonable precautions to avoid
stinting on care, cherry-picking, lemon-dropping, or inappropriate
utilization; and (iii) otherwise ensure that neither clinical decision-
making nor patient care choices are adversely impacted.
Response: We appreciate the commenter's recommended safeguards and
the commenter's focus on reducing the fraud and abuse risks associated
with exclusivity requirements. However, for the reasons articulated
above, we view certain risks as an inherent part of warranties
conditioned on the exclusive use of any of a seller's products or
services, and thus we are finalizing a safe harbor provision
restricting warranties conditioned on exclusivity requirements.
Comment: Commenters noted that sellers of items reimbursed under
Federal health care programs are not subject to any general
prohibitions on imposing exclusivity or minimum-purchase requirements
as a condition of making discounts available or otherwise.
Response: To the extent that the commenter refers to the discount
safe harbor and the warranties safe harbor, those safe harbors were
designed to protect remuneration paid under different circumstances,
and therefore it is appropriate to include different safeguards in the
safe harbors.
Comment: A number of commenters asserted that many of the
innovative, risk-based warranty arrangements proposed by manufacturers
may include equipment and consumables that must be used together,
resulting in a requirement to exclusively utilize a manufacturer's
goods in order to obtain warranty protection. The proposed limitation
on exclusive use could hinder these manufacturers from creating and
proposing such warranty-based risk-sharing arrangements.
Response: The revised warranties safe harbor, consistent with the
description in the OIG Proposed Rule, would expand the safe harbor to
explicitly protect warranties in which a bundle of items or a bundle of
items and services must be used together to obtain warranty protection.
The exclusive-use and minimum-purchase prohibitions provide meaningful
protections against inappropriate steering practices and
anticompetitive effects without impacting the ability of manufacturers
and suppliers to offer bundled warranties.
Comment: A commenter requested clarification on how OIG will
interpret the exclusive-use limitation if, for example, a provider
enters into an arrangement to purchase an ``exclusive'' or
``preferred'' product independent of any potential unrelated bundled
warranty offered by the product's manufacturer.
Response: OIG is aware that arrangements exist in which providers
agree to the exclusive purchase of a particular item or designate an
item as ``preferred'' in exchange for favorable commercial terms. The
revised safe harbor is not intended to impact those arrangements.
Rather, the exclusive-use and minimum-purchase provisions in the
revised safe harbor prevent a manufacturer or supplier from receiving
safe harbor protection for a warranty that is conditioned on the
buyer's exclusive use or minimum purchase of items or services offered
by the manufacturer or supplier. We interpret the ``conditioned on''
standard to mean that a causal connection exists between receiving a
warranty (or continuing eligibility for warranty coverage) and
maintaining exclusivity or minimum-purchase levels. The safe harbor
does not prohibit exclusive-use or minimum-purchase provisions that are
conditioned upon commercial terms unrelated to the offer of a warranty.
e. Reporting Requirements
As discussed in the OIG Proposed Rule, industry stakeholders have
expressed concern that the safe harbor's existing reporting requirement
could limit the ability of sellers to offer innovative warranty
arrangements, including warranties that span multiple years.
Stakeholders also have noted that the reporting requirement could make
safe harbor protection unavailable for providers that lack specific
reporting obligations under Federal health care programs or providers
that do not file cost reports.
We are addressing these concerns in this final rule by: (i)
Clarifying in the preamble discussion below that the safe harbor can be
used to protect warranty arrangements that span multiple years; (ii)
changing references in the safe harbor from ``the price reduction'' to
``any price reduction'' to make clear that more than one price
reduction may occur pursuant to a warranty arrangement; and (iii)
clarifying in this preamble that buyers are obligated to report price
reductions in a manner compatible with the reimbursement methodology
for the warrantied items or services, including circumstances in which
a provider does not submit cost reports or a formal ``claim for
payment'' unless the payor does not provide a reporting mechanism.
Lastly, we are making a technical, non-substantive correction to
paragraph 1001.952(g)(3) to remove a comma after ``and'' and before
``when any price reduction becomes known.''
Comment: A commenter noted that many items and services are
reimbursed by Medicare Advantage plans or Medicaid managed care
organizations, and therefore buyers have no obligations to report price
reductions in a ``cost reporting mechanism'' or ``claim for payment,''
as referenced in the warranties safe harbor. The commenter asked OIG to
clarify that a buyer should only be required to report a price
reduction or replacement product obtained as part of a warranty if it
has an obligation to do so under applicable requirements of the Federal
health care program payor making payment for the warrantied item or
service to which the price reduction relates.
Response: In the preamble to the OIG Proposed Rule, we solicited
comments on the burden of current reporting requirements and the need
for more flexible reporting requirements for warranties tied to
clinical outcomes. We emphasize that buyers, other than beneficiaries,
are obligated under the
[[Page 77856]]
safe harbor to report price reductions in a manner compatible with the
reimbursement methodology for the item(s) or service(s) which, as a
commenter pointed out, may not in all circumstances be reported in a
``cost reporting mechanism'' or a ``claim for payment.'' We affirm that
this requirement applies to buyers even when buyers do not have an
express obligation to report a price reduction or replacement product
under applicable requirements of the Federal health care program payor
making payment for the warrantied item or service to which the price
reduction relates. In the event that a payor does not provide any
mechanism for reporting of costs, such reporting is not required in
order for a buyer to obtain safe harbor protection.\135\
---------------------------------------------------------------------------
\135\ We remind parties to warranty arrangements that they must
comply with all legal obligations associated with Medicare cost
reporting and other applicable requirements of any Federal health
care program payor, including those related to billing and payment
for replaced devices offered without cost or with a credit. For
example, we note that under the Medicare inpatient prospective
payment system if a provider received full credit for the cost of a
device, CMS requires that the credit be reported to the Medicare
program and the cost of the device is subtracted from the DRG
payment. See 42 CFR 412.89; 42 CFR 412.2(g) and Medicare Claims
Processing Manual, CMS Pub. 100-04, Ch. 3, Sec. 100.8.
---------------------------------------------------------------------------
Comment: In light of our preamble discussion regarding the timing
of reporting requirements, including the protection for outcomes-based
warranty arrangements in which buyers could receive return payments
from manufacturers over several years, commenters requested additional
clarification with respect to reporting requirements. In particular,
commenters requested clarification that multiple warranty payments
related to the same item or bundle of items and services could be
reported at various points throughout a warranty arrangement, and that
buyers are obligated to report such payments at the time they are
received. A commenter suggested that OIG revise the manufacturer
reporting requirements such that price reductions must appear either on
an invoice or a statement, or on a series of invoices or statements.
The commenter also suggested revising paragraph 1001.952(g)(3)(ii) such
that the manufacturer is obligated to provide the buyer with
documentation of the price reduction calculation in the same fiscal
year as the purchase or the following fiscal year.
Response: We agree with the commenters that, under the warranties
safe harbor, buyers can report multiple warranty payments related to
the same item or bundle of items and services at various points
throughout a warranty arrangement. Paragraph 1001.952(g)(1) already
requires buyers to report ``any price reduction'' obtained as part of
the warranty. We are finalizing corresponding revisions to paragraph
1001.952(g)(3) to change all references to ``the price reduction'' to
``any price reduction'' to make clear that more than one price
reduction may occur pursuant to a warranty arrangement. With respect to
the commenter's suggestion to allow sellers to report price reductions
on a series of invoices or statements, we believe this expansion of the
safe harbor is unnecessary because sellers must either: (i) Report
price reductions on the initial invoice or statement the manufacturer
sends to the buyer; or (ii) when the amount of any price reduction is
not known at the time of sale, report the existence of the warranty on
the invoice or statement, and later provide the buyer with
documentation of the calculation of any price reduction resulting from
the warranty. Therefore, sellers must provide information regarding all
price reductions to the buyer regardless of whether sellers report them
on an invoice or statement or otherwise. Lastly, the modifications to
the warranties safe harbor set forth in this final rule do not include
a requirement for the seller to provide the buyer with documentation of
the price reduction calculation in the same or following fiscal year of
the buyer. We expect buyers and sellers to fulfill their reporting
obligations under paragraphs 1001.952(g)(1) and 1001.952(g)(3) in a
timely manner but are not otherwise prescribing a timeline for doing
so.
Comment: A commenter requested clarification that buyers are
entitled to use any reasonable methodology for purposes of allocating a
rebate that does not relate to a specific item or service across all
bundled items and services to which the warranty rebate relates.
Response: We understand that, in some circumstances, remuneration
paid pursuant to a bundled warranty will be related to more than one
item or service that fails to meet the specifications set forth in the
warranty undertaking. The safe harbor does not set forth a specific
methodology to allocate reporting across multiple items or a
combination of items and services. OIG believes that in most cases a
warranty remedy paid pursuant to a bundled warranty should be reported
proportionately to the cost of each bundled item or service, but we
wish to provide flexibility for buyers to adopt different but
reasonable allocation methodologies in circumstances in which, for
example, the failure of the bundle to meet the agreed specifications
results disproportionately from the failure of a particular item or
service.
Comment: A commenter supported the proposal to expressly exclude
beneficiaries from the reporting requirements applicable to other
buyers.
Response: We appreciate the commenter's support, and we are
finalizing revisions to the warranties safe harbor to exempt
beneficiaries from the reporting requirement for buyers.
Comment: A commenter noted that a cost reduction under a warranty
might be received long after the warrantied item has been purchased by
a provider, particularly when the clinical outcome from the use of the
item may be measured several years after the initial purchase of the
item. Accordingly, the commenter recommended that OIG specifically
provide for safe harbor purposes that such a rebate must be reported
only after it is received.
Response: We agree that the reporting requirement is not triggered
until remuneration is received under the warranty arrangement. We also
recognize that the failure of an item or service to meet specifications
might not occur until a period of years after purchase.
f. Definition of ``Warranty''
We proposed and are finalizing at paragraph 1001.952(g)(7) to
define ``warranty'' directly and not by reference to 15 U.S.C. 2301(6).
By defining ``warranty'' directly, we clarify that the warranties safe
harbor is available for drugs and devices regulated under the Federal
Food, Drug, and Cosmetic Act, whereas the definition set forth in 15
U.S.C. 2301(6) potentially excludes FDA-regulated drugs and devices.
The safe harbor protects not only warranties covering a ``product'' but
warranties covering an item or bundle of items, or services in
combination with one or more related items. Finally, the new definition
parallels the prior definition's language requiring a written promise
that an item, bundle of items, or bundle of items and services is
defect-free or will meet a specified level of performance over a
specified period of time.
As we explained in the OIG Proposed Rule, we interpret the
definition of ``warranty'' to apply to warranty arrangements
conditioned on clinical outcomes guarantees, provided other safe harbor
requirements are met.
Comment: Commenters expressed support for the proposed revisions to
the warranties safe harbor, including adopting a new definition of the
term ``warranty.'' Several commenters offered proposed revisions to the
types of remuneration articulated in proposed
[[Page 77857]]
paragraph 1001.952(g)(7)(ii). In particular, commenters urged OIG to
confirm that a partial refund or retrospective rebate resulting in a
price adjustment would constitute a ``refund'' or ``other remedial
action,'' as those terms are used in paragraph 1001.952(g)(7)(ii).
Response: As explained in the preamble to the OIG Proposed Rule,
OIG's proposed definition is largely modeled after the definition of
``warranty'' in the Magnuson-Moss Act, codified at 15 U.S.C. 2301(6),
which defines ``refund'' as refunding the actual purchase price (less
reasonable depreciation based on actual use where permitted by rules of
the Commission). Although we have not explicitly adopted this
definition, it provides persuasive guidance as to how we would
interpret the term ``refund.''
Regardless of how ``refund'' is defined, our proposed safe harbor
contemplates that manufacturers or suppliers may ``take other remedial
action'' if an item fails to meet the specifications set forth in the
written arrangement. It is conceivable that a partial refund or
retrospective rebate resulting in a price adjustment would constitute
``other remedial action'' as long as all other conditions of the safe
harbor were met.
Comment: Several commenters recommended that OIG expand the list of
permissible types of remuneration in paragraph 1001.952(g)(7)(ii) to
allow for ``reperformance of services.''
Response: Our definition of ``warranty'' includes an arrangement
``to refund, repair, replace, or take other remedial action. . . .'' If
a warranty arrangement is connected to the sale of a bundle of items
and services, ``reperformance of services'' likely would be an ``other
remedial action'' under the safe harbor as long as all other safe
harbor conditions were satisfied, including that the total remuneration
provided (in whatever form) cannot exceed the cost of the items and
services subject to the bundled warranty arrangement.
Comment: A commenter recommended that in addition to protecting
warranty arrangements that provide remuneration in the event of product
failure, the safe harbor should allow vendors to receive success
payments in the event legitimate value-based objectives are achieved.
Response: The warranties safe harbor is designed to protect
warranty arrangements in which vendors offer remuneration to their
customers in the event one or more items, or a bundle of one or more
items and related services, fails to meet a specified level of
performance. The safe harbor does not by its terms protect arrangements
in which customers pay success fees to vendors contingent upon
achieving certain outcomes. Depending on how such an arrangement is
structured, remuneration paid by a customer to a vendor might not
implicate the anti-kickback statute, or it might fall within a
different safe harbor, such as the revised safe harbor for personal
services and management contracts and outcomes-based payment
arrangements. Any such arrangements should be reviewed and analyzed
under the anti-kickback statute on a case-by-case basis.
Comment: A commenter urged OIG to provide examples of the types of
clinical outcomes guarantees that could be protected under the
warranties safe harbor. Another commenter expressed concern regarding
whether outcomes can properly be guaranteed by suppliers or
manufacturers of warrantied items.
Response: As noted above, we believe the expanded warranties safe
harbor could be used to protect a wide range of warranty arrangements
including, as we discussed in the preamble to the OIG Proposed Rule,
warranty arrangements conditioned on clinical outcomes guarantees. In
this final rule, we decline to provide specific examples of the types
of clinical outcomes guarantees that might be protected because we do
not wish to narrow the scope of innovative arrangements that might seek
coverage under the safe harbor.
Comment: A commenter asked OIG to clarify that the warranties safe
harbor would protect an arrangement in which a warranty payment could
vary depending on the product's performance on one or more dimensions
specified in the warranty arrangement, as opposed to the warranty
payment being a fixed amount.
Response: The warranties safe harbor--both in its existing form and
as modified by this final rule--is silent on whether a warranty
arrangement protected under the safe harbor can have a single
triggering condition or multiple triggering conditions in order to
qualify for safe harbor protection. We believe, however, that a
warranty arrangement could have multiple triggering conditions based on
specifications set forth in the warranty undertaking. In such an
arrangement, the seller must still comply with paragraph 1001.952(g)(4)
in determining the maximum amount of remuneration it could offer for
any given item, bundle of items, or bundle of items or services.
Comment: Some commenters encouraged OIG to make clear that a
``buyer'' as referenced in the safe harbor includes an indirect buyer
such as a payor or pharmacy benefit manager. Another commenter asked
OIG to coordinate with CMS to recognize that reimbursement for or
replenishment of items and services, pursuant to a warranty
arrangement, is excludable from price reporting under CMS's government
pricing regulations and guidance, including determining how warranty
arrangements involving pharmaceutical products and manufacturer-
supported adherence programs impact CMS's determination of best price.
Response: The warranties safe harbor does not contain a definition
of the term ``buyer,'' and the modifications to the safe harbor that we
are finalizing do not affect the scope of individuals and entities that
may receive protection under the safe harbor as buyers. Consistent with
our approach elsewhere in this final rule, we decline to label certain
individuals or entities as ``buyers'' in order to encourage innovation.
The commenter's request regarding price reporting under CMS pricing
regulations and guidance is outside the scope of this rulemaking.
Comment: A commenter expressed concern that the safe harbor's
definition of warranty is not sufficiently broad to protect warranties
that guarantee achievement of value-based outcomes.
Response: As modified, the safe harbor protects arrangements that
guarantee ``a specified level of performance'' of an item, a bundle of
items, or a bundle of items and services. We clarified in the preamble
to the OIG Proposed Rule that the warranties safe harbor's protection
could extend to arrangements conditioned on clinical outcomes
guarantees, which could include warranties conditioned upon ``value-
based'' outcomes that meet the safe harbor's other requirements. We
believe this offers buyers and sellers significant flexibility to
structure arrangements that guarantee achievement of value-based
objectives in the context of a warranty. The advisory opinion process
remains available for parties seeking OIG's legal opinion on a specific
arrangement.
12. Local Transportation (42 CFR 1001.952(bb))
Summary of OIG Proposed Rule: We proposed to modify the existing
safe harbor for local transportation at paragraph 1001.952(bb) to: (i)
Expand the distance limitations applicable to residents of rural areas
from 50 to 75 miles (including for shuttle services); and (ii) remove
any mileage limitation for a patient transported from an inpatient
facility from which the patient has been discharged after admission as
[[Page 77858]]
an inpatient to the patient's residence or another residence of the
patient's choice. We indicated that we were considering and solicited
comments on whether to eliminate the mileage limitation for patients
discharged from certain settings and to extend the safe harbor to
protect transportation for nonmedical purposes that may improve or
maintain patient health. We provided preamble guidance to clarify that
we believe nothing in the language of the safe harbor precludes
protection for transportation offered through ride-sharing services and
invited commenters to share any basis for disagreement. We also
proposed a technical change to move undesignated definitions set forth
in the note to paragraph 1001.952(bb) to a new paragraph
1001.952(bb)(3).
Summary of Final Rule: We are finalizing the proposed modifications
to the safe harbor at paragraph 1001.952(bb), with modifications. With
respect to transportation following an inpatient admission, we clarify
that the mileage limits do not apply when the patient is discharged
from an inpatient facility following inpatient admission or released
from a hospital after being placed in observation status for at least
24 hours. We retain our guidance regarding rideshare programs and do
not extend protection under the safe harbor to transportation for non-
medical purposes. We finalize the technical reorganization.
a. Expansion of Mileage Limit for Patients Residing in Rural Areas
Comment: Many commenters supported our proposal to increase the
mileage limit for safe harbor protection of transportation of residents
of rural areas to 75 miles. One such commenter explained that an
expansion to 75 miles would meaningfully ``capture'' the communities
and patients it serves and enable those patients who live farther away
to access specialty services such as cancer care, neurology,
transplant, and other specialties that are typically concentrated in
larger hospitals located in urban areas. Another commenter stated that
because many rural residents must travel more than 50 miles to obtain
medically necessary services, increasing the limit to 75 miles likely
would improve access to health care for many rural residents.
However, not all commenters agreed. A commenter explained that
rural areas are increasingly reporting shutdowns of local health care
providers, which increases the distance traveled to receive necessary
care. The commenter pointed to examples of closings of nursing homes
resulting in patients being moved farther away. The commenter explained
that a mileage limitation of 75 miles in rural areas would be
insufficient because it is not uncommon for skilled nursing facilities
and assisted living facilities to be located 150 miles or more from
hospitals, physician's offices, outpatient facilities, and other
clinical locations. The commenter advocated for OIG to expand the
mileage limitation to 150 miles in rural areas; alternatively, the
commenter suggested that OIG expand to 75 miles for all patients and
150 miles for transports originating in a rural area as defined under
the U.S. Census Bureau's classification guidelines.
Response: We are finalizing the proposed expansion to 75 miles for
residents of rural areas. In the OIG Proposed Rule, we explained that
commenters to the OIG RFI stated that the existing local transportation
safe harbor's 50-mile limit for rural areas was insufficient because
many residents of rural areas needed to travel more than 50 miles to
obtain medically necessary services. We proposed to increase the
mileage limit for rural areas to 75 miles and solicited comments on
whether this increase would be sufficient. We further solicited data
and evidence about appropriate distances, as well as information about
patients needing transportation and how longer distance transportation
would be provided. We indicated that we would use the information to
assist us in determining whether an increased distance limit is
necessary and practical and whether it is likely to be subject to
abuse.
For the following reasons, we have determined that an increase to
75 miles is necessary and practical, and we are finalizing the 75-mile
limit. In combination with all of the conditions of the safe harbor, we
conclude that the increased mileage limit is not likely to be subject
to abuse. Commenters on this topic universally supported an expanded
mileage limit for rural areas, and many supported our specific proposal
of 75 miles. The final safe harbor will expand safe harbor protection
and facilitate access to health care for residents of rural areas,
including those seeking types of specialty care often concentrated in
urban areas. The expanded mileage limit facilitates access to care for
rural area patients whose travel distances have increased due to
provider closings.
The existing safe harbor contains a single, uniform mileage limit
for rural areas, offering a bright line standard that is practical and
clear to administer from a compliance perspective. Our final rule
preserves this structure. Accordingly, we are not adopting the
suggestion to create a longer distance standard applicable only to
transports originating in rural areas. Nor are we adopting the
suggestion to extend the mileage limit for rural areas to 150 miles.
The safe harbor is intended for local transportation and this limit to
local transportation is rooted in the legislative history in connection
with the Beneficiary Inducements CMP. In enacting the CMP provision
prohibiting inducements to Federal and state health care program
beneficiaries, Congress intended that the statute not preclude the
provision of complimentary local transportation of nominal value.\136\
We are concerned that 150 miles would be neither local nor
appropriately address risks of abuse, such as inducing beneficiaries to
travel long distances for care when they might prefer and be able to
obtain comparable care more locally.
---------------------------------------------------------------------------
\136\ H.R. Conf. Rep. No. 104-736 at 255. See also 79 FR 59717,
59722-23 (Oct. 3, 2014); 81 FR 88368, 88379 (Dec. 7, 2016).
---------------------------------------------------------------------------
We are mindful of the disruptions and burdens on patients in rural
areas when local providers close and patients are transferred or must
seek care at more distant locations. The news reports cited by the
commenter describe some patients being transferred from closed nursing
facilities between 50 and 75 miles away and others moving longer
distances. We believe the expanded limit we are finalizing should help
many patients facing longer travel distances. We recognize that the
safe harbor will not protect every instance of needed transportation.
This does not mean that programs offering transportation for rural area
patients at greater distances are unlawful. To the contrary, such
programs may be lawful depending on their facts and circumstances and
would need to be evaluated on a case-by-case basis under the statute,
including with respect to the intent of the parties. We remind
stakeholders that the OIG advisory opinion process remains available
for parties seeking to determine whether a particular arrangement
complies with the law. We note that our further modification of the
safe harbor to eliminate any distance limit for beneficiaries needing
transportation from hospital inpatient or observation stay services to
their residences, which can include nursing facilities, will also
assist residents in rural areas facing longer travel distances to
obtain health care.
Comment: While some commenters found the increase of the limit for
transportation of residents of rural communities to 75 miles to be
sufficient
[[Page 77859]]
to address patient needs, many commenters advocated for OIG to expand
the mileage limit further for certain categories of patients, such as
those patients who live in areas without public transportation, those
who have no health care facilities within 75 miles of their home, or
those who lack access to specialty health care services due to the
closures of nearby rural hospitals. For example, a transportation
company shared OIG's desire to expand transportation access in rural
areas and explained that 20 percent of Americans live in rural areas
but that rural hospital closures have increased significantly in recent
years. The commenter suggested that OIG remove the distance limit so
that it could provide transportation for rural patients who now have to
travel longer distances to receive care. According to the commenter,
rural communities face limited transportation options, and reliable
transportation could effectively close gaps in access to care.
Commenters suggested various options that generally would tie
protection for transportation beyond 75 miles to a patient's medical
need. For example, a commenter recommended that we protect
transportation that is greater than 75 miles if the eligible entity
determines that a patient requires a medical procedure and the nearest
provider of such procedure is more than 75 miles from the patient's
residence. At least one commenter suggested that we impose additional
monitoring requirements when transportation in excess of the proposed
mileage limit is necessary.
Another commenter suggested protection for transportation exceeding
75 miles when the provider certifies in writing that there is no
alternative provider available within 75 miles of the patient's home
and that the transportation is furnished based on patient need using a
good faith, individualized determination that the transport is
necessary to facilitate the patient's access to medically necessary
items or services. However, some commenters expressed concern that
requiring a demonstration of need for transportation exceeding 75 miles
would unnecessarily complicate the provision of transportation
services, could lead to administrative burden, and would not further
the objectives of the safe harbor. At least one of these commenters
suggested that, if it does impose such a condition, OIG should
recognize a range of need assessment tools.
Another commenter suggested that OIG should expand the mileage
limitation beyond 75 miles for ``frontier areas'' (which the commenter
recommended that we define using selected levels from either commuting
codes or frontier and remote codes), but it recommended that we include
safeguards to prohibit bypassing locally available health care. At
least one commenter asserted that no demonstration of financial,
medical, or transportation need should be required for transportation
above the current limits because the requirement for transportation to
be for medically necessary items or services serves as sufficient
protection.
Response: For the reasons in the prior response, we are finalizing
our proposal to increase the rural area mileage limit from 50 miles to
75 miles but are not extending it farther. For the reasons that follow,
we are not adopting the suggestions to expand safe harbor protection
for distances beyond 75 miles in the specific circumstances suggested
by commenters (e.g., instances where eligible entities determine or
certify that there is a medical need, areas lacking public
transportation or access to specialty health care services, or areas
where rural hospitals have closed).
We are maintaining the current safe harbor design of a single,
uniform mileage limit for rural areas, which offers bright-line
guidance and reduces administrative burden, including the
administrative burden associated with the need to obtain certifications
and/or other evidence of need determinations. We acknowledge and agree
with commenters' concerns that imposing a patient need standard for
exceptions to the general mileage limitations in the safe harbor could
be administratively burdensome, and we are not adopting a patient need
standard as a condition of the safe harbor. In the 2016 rule finalizing
the local transportation safe harbor, we stated that while we
understand that a set mileage limit is not a one-size-fits-all
solution, we believe that a bright-line rule is easier for all parties
to apply.\137\ This remains true. Specifically, the expansion of the
mileage limitation combined with the bright-line rule should benefit
many patients in rural and underserved areas and should be easy for
eligible entities to apply in practice.
---------------------------------------------------------------------------
\137\ 81 FR 88388 (Dec. 7, 2016).
---------------------------------------------------------------------------
Furthermore, if we were to expand the mileage limit for specific
types of patient need, we are concerned that providers could develop
arbitrary criteria that do not reflect legitimate need and are subject
to abuse. We are also concerned that, in many instances, exceptions
could swallow the mileage-limitation rule, which we view as a
fundamental safeguard and consistent with the safe harbor's intended
focus on local transportation.\138\ On balance, including additional
monitoring or certification conditions would not mitigate these
concerns sufficiently to warrant the extra administrative burden.
---------------------------------------------------------------------------
\138\ 81 FR 88387-89 (Dec. 7, 2016).
---------------------------------------------------------------------------
In finalizing this proposal, we aim to balance the needs of rural
patients to have access to quality health care with our concerns that
patients could be transported for unnecessary care or be swayed to use
a more distant provider even when they may prefer to receive items or
services from a local provider. Transportation arrangements in rural
areas or to address specific fact patterns such as hospital closures,
lack of public transportation, or access to specialty health care
services are not necessarily unlawful and would be evaluated for
compliance with the statute on a case-by-case basis, including with
respect to the intent of the parties. Individuals and entities that
participate in value-based enterprises as VBE participants may look to
the patient engagement and support safe harbor paragraph 1001.952(hh)
as an additional or alternative avenue of protection for certain
transportation services. Parties may also use OIG's advisory opinion
process for specific facts and circumstances that may fall outside safe
harbor protection.
Comment: Some commenters requested wholesale exemption from any
mileage limitations under the safe harbor. Several commenters
representing Indian health care providers asked that the safe harbor
not include any mileage limitations for transportation provided by
Indian health care providers; in addition, some of these commenters
advocated removing any restrictions regarding the use of Federal funds
by Indian health care providers for the cost of transportation
furnished to their beneficiaries. Some of these commenters recommended
that OIG expand the safe harbor to protect free emergency
transportation and air transportation for patients of Indian health
care providers.
A commenter that represents community health centers recommended
that OIG exempt certain health centers from the mileage limits because
Federal regulations issued by the Health Resources and Services
Administration require certain health centers to provide transportation
services as needed for adequate patient care.\139\
---------------------------------------------------------------------------
\139\ 42 U.S.C. 254b(b)(1)(A)(iv).
---------------------------------------------------------------------------
Another commenter suggested that OIG expand the safe harbor for
[[Page 77860]]
transportation for homeless individuals in a manner that aligns with
California Health and Safety Code section 1265.2(o), which requires
documentation that a hospital prior to discharge of a homeless patient
has offered the homeless patient transportation to a specified
destination if that destination is within a maximum travel time of 30
minutes or a maximum travel distance of 30 miles of the hospital.
Numerous commenters suggested that OIG expand the mileage limit for
``special patient populations,'' such as patients undergoing cancer or
behavioral health treatment or receiving dialysis services, regardless
of whether such patients reside in a rural or urban area. According to
these commenters, these special patient populations often need
transportation services to care facilities over much greater distances
than 25 or 75 miles in order to access quality care to treat their
medical conditions. At least one such commenter recommended that OIG
require providers to use ``reasonable measures'' (e.g., a shortage of
appropriate medical facilities or health care professionals in a
geographic area) that would be evaluated based on the totality of the
circumstances for each individual.
Response: In developing this final rule, we considered the comments
offered by entities that provide services for communities with unique
health care needs. The commenters raise important considerations about
access to care for Tribal, rural, and underserved communities, an area
of ongoing interest for OIG in our work to look at the effectiveness of
HHS programs. Here, however, we have concerns regarding the fairness of
eliminating the mileage limitation for populations of patients with
specific health conditions while imposing mileage restrictions on
patients with other health conditions. It would also be difficult to
craft a fair and sufficiently bright-line rule allowing for exceptions
to the mileage limitation based on ``reasonable measures'' evaluated on
a case-by-case basis. Furthermore, any such exception would be
difficult to administer.
We note that lack of access to care in a particular geographic area
could be a relevant factor in determining on a case-by-case basis
whether a particular local transportation arrangement involves an
improper inducement to a beneficiary under the Federal anti-kickback
statute or Beneficiary Inducements CMP. Depending on the specific facts
and circumstances of the arrangement, arrangements could comply with
the statutes even if they do not fit in the safe harbor. OIG's advisory
opinion process is better suited than the local transportation safe
harbor to evaluate arrangements on a case-by-case basis.\140\ Moreover,
depending on the specific facts of the arrangement, transportation
furnished by a VBE participant to patient populations including those
identified by the comments summarized above could be structured to
qualify for protection under the patient engagement and support safe
harbor paragraph 1001.952(hh) that we are finalizing in this rule.
---------------------------------------------------------------------------
\140\ OIG, OIG Adv. Op. Nos. 00-07, 09-01, 15-13, and 16-02.
(OIG has issued several favorable advisory opinions in this area.)
---------------------------------------------------------------------------
In response to commenters that requested OIG remove any
restrictions regarding the use of Federal funds for the cost of
transportation furnished to their patients, we did not propose to
modify the existing prohibitions on shifting the cost of protected
transportation to any Federal health care program, other payors, or
individuals, and we are not finalizing any such changes here. The
existing prohibition serves important program integrity purposes, as
described in the 2016 final rule.\141\ In addition, we recognize that
other statutes or regulations may govern an entity's provision of
transportation to patients and may impact the ability of an entity to
structure an arrangement that squarely satisfies the conditions of the
local transportation safe harbor.
---------------------------------------------------------------------------
\141\ 81 FR 88389 (Dec. 7, 2016).
---------------------------------------------------------------------------
Where parties are required by Federal or State law to provide
transportation services to certain patients or to provide
transportation services as part of a service covered by a Federal
health care program or other Department program, those arrangements
might not implicate the Federal anti-kickback statute. If the patient
is entitled to receive services under their Federal health care program
coverage, the parties should assess whether there is any remuneration
passing to the patient; providing a covered item or service paid for by
a Federal health care program alone would not result in an exchange of
any remuneration under the Federal anti-kickback statute. However,
there could be circumstances under which a provider or supplier, when
furnishing a covered item or service, does give a Federal health care
program beneficiary something of value, or remuneration, thereby
implicating the Federal anti-kickback statute. For example, the Federal
anti-kickback statute would be implicated by a provider waiving or
reducing any required cost-sharing obligations for the covered item or
service incurred by a Federal health care program beneficiary or
providing ``extra'' items and services for free that are not part of
the covered item or service. Furthermore, we remind stakeholders that
an arrangement that does not satisfy all conditions of the local
transportation safe harbor does not necessarily violate the Federal
anti-kickback statute. The advisory opinion process remains available
to stakeholders seeking prospective protection for transportation
arrangements that do not fit within the four corners of the safe
harbor.
As an initial matter, we note that this safe harbor, as finalized,
does not modify existing Federal law regarding IHS appropriations for
transportation services furnished to its beneficiaries. While some
commenters sought safe harbor protection for air transportation
furnished to certain populations, we note that we exclude protection
for free or discounted air transportation under the existing local
transportation safe harbor and we did not propose changes to this
provision. Although we are not adopting this suggestion, we are
promulgating clear mileage limits to provide additional flexibilities
to stakeholders to benefit all patients, including patients served by
Indian health care providers and community health centers. With respect
to the comment requesting protection for free emergency transportation,
we did not propose changing the safe harbor's restriction on ambulance-
level transportation and are not making this change. To the extent free
emergency transportation means waiving beneficiary cost-sharing--cost-
sharing waivers based on good faith--individualized determinations of
the beneficiary's financial need have long been acceptable under OIG
guidance.
Comment: A commenter asked OIG to consider protecting
transportation to an alternative health care provider without a mileage
limitation in the event that one of a provider's locations must divert
scheduled patients with urgent needs due to a disaster or similar
emergency circumstances.
Response: We are not adopting this recommendation to remove the
mileage limitation for the reasons noted above with respect to other
commenter suggestions for specific exceptions to the mileage limit
based on various types of need. OIG is mindful of the need to protect
patients whose availability of care is impacted by natural disasters,
public health emergencies, and other exigent circumstances. For
example, in response to the COVID-19 public health emergency, OIG has
publicly answered inquiries from the health care community regarding
the application of
[[Page 77861]]
OIG's administrative enforcement authorities under the Federal anti-
kickback statute and the Beneficiary Inducements CMP, including to
transportation arrangements.\142\ It is important to note that the
presence of exigent circumstances can be a relevant factor in
determining whether the Federal anti-kickback statute would be
implicated or violated by a particular transportation arrangement.
---------------------------------------------------------------------------
\142\ See FAQs-Application of OIG's Administrative Enforcement
Authorities to Arrangements Directly Connected to the Coronavirus
Disease 2019 (COVID-19) Public Health Emergency, available at
https://oig.hhs.gov/coronavirus/authorities-faq.asp (describing
that, under the unique and exigent circumstances resulting from the
COVID-19 outbreak, certain modest transportation assistance would
present a low risk of fraud and abuse under the Federal anti-
kickback statute and the Beneficiary Inducements CMP).
---------------------------------------------------------------------------
Comment: Numerous commenters encouraged OIG to expand the mileage
limitation for transportation furnished to patients that reside in
urban areas, as defined by the existing safe harbor. A commenter
asserted that many Metropolitan Statistical Areas extend beyond 25
miles, and some health care providers in those communities have
developed evidenced-based clinical quality intervention strategies for
high-risk patients that rely on free patient transportation. At least
one commenter suggested that providing urban patients with safe,
reliable transportation over a distance greater than 25 miles is a low-
cost, high-value way to ensure access to care, and advocated for OIG to
expand the mileage limit for urban areas from 25 miles to at least 50
miles. Another commenter urged OIG to add flexibility in instances when
the nonrural patient demonstrates a financial, medical, or
transportation need.
Response: We did not propose to expand the mileage limits for
protected transportation furnished to patients residing in urban areas
and, therefore, we are not finalizing any such expansion here.
b. Elimination of Distance Limitations on Transportation of Discharged
Patients to Their Residence
Comment: Many commenters strongly supported OIG's proposal to
eliminate any distance limit on transportation furnished to a patient
who has been discharged from a facility after admission as an
inpatient, regardless of whether the patient resides in an urban or
rural area, if the transportation is to the patient's residence or
another residence of the patient's choice. Numerous commenters
recommended that OIG clarify in the final rule that a ``residence''
includes custodial care facilities, including but not limited to
nursing facilities, which can serve as a patient's residence on a
permanent basis. Another commenter asked OIG to confirm that a
patient's residence may include a homeless shelter.
Response: We confirm that we intend for the term ``residence'' as
used in paragraph 1001.952(bb)(1)(iv)(B) to include custodial care
facilities that may serve as a patient's permanent or long-term
residence provided that the patient established the custodial care
facility as a residence before receiving treatment by the facility from
where the patient is being transported. In addition, we intend the term
``residence'' to include a homeless shelter when a patient is homeless
or established the homeless shelter as a residence prior to hospital
admission. While not raised by commenters, we also affirm our statement
in the OIG Proposed Rule that a residence of the patient's choice can
include the residence of a friend or relative who is caring for the
patient post-discharge.\143\ As long as the other requirements of this
safe harbor are met, transportation to these locations would be
protected. We also confirm our intention, as noted in the OIG Proposed
Rule's preamble and raised in the comment above, that this post-
discharge analysis is not dependent on whether the patient resides in a
rural or urban setting.\144\
---------------------------------------------------------------------------
\143\ 84 FR 55751 (Oct. 17, 2019).
\144\ 84 FR 55751 (Oct. 17, 2019).
---------------------------------------------------------------------------
c. Transportation to Locations Other Than a Patient's Residence or a
Residence of the Patient's Choice
Comment: Many commenters, including multiple associations
representing health care providers, advocated for OIG to modify the
safe harbor to protect transportation to any location of the patient's
choice, including to another health care facility when there is a
medical need for the transfer. Commenters provided various examples of
instances when they believe hospitals, other providers, and patients
could benefit when patients are transferred to other facilities. For
example, some commenters explained that individuals seen in the
emergency room may require transportation to another health care
facility, while a trade association representing hospitals stated that
a patient's medical needs may require being discharged from an
inpatient facility directly to post-acute care.
Another commenter expressed concern that, without the ability to
provide transportation to another health care facility, skilled nursing
facilities may be limited in their ability to transport discharged
patients to a hospital, to a hospice, or to other long-term care
facilities. Another commenter added that SNF patients often require
transportation services following discharge to accommodate any mobility
limitations.
Response: After considering the comments, we are not extending safe
harbor protection to transportation of patients to any location of
their choice or another provider or facility. In developing this final
rule, we reviewed and weighed the examples provided by commenters of
situations when they believed it would be beneficial for a patient to
be transported to another provider following discharge as an inpatient
from a facility. We agree that the examples described by the commenters
could benefit patients in many circumstances. However, we believe that
protecting transportation between health care providers in a position
to refer to each other is not sufficiently low risk to warrant safe
harbor protection because of the risk that such transportation
arrangements could be used to steer patients to health care facilities
that may not be in the patients' best interests; for instance, the
entity sponsoring the transportation might limit transportation
improperly to affiliated facilities to generate system revenue and as a
result may interfere with patient choice. Arrangements that do not fit
in the safe harbor are not necessarily prohibited under the anti-
kickback statute. Under the final rule, patients discharged from
inpatient facilities may be offered transportation to a nursing
facility if it is their residence.
In this final rule, OIG is finalizing a new safe harbor at
paragraph 1001.952(hh) that may protect certain patient engagement
tools and supports including transportation when the offeror of the
transportation is a VBE participant. As long as all of the safe
harbor's conditions are satisfied, the safe harbor at paragraph
1001.952(hh) could protect transportation of patients from an inpatient
hospital to another health care facility for post-acute care treatment.
In addition, we emphasize that safe harbors are voluntary and that
any assessment of liability under the Federal anti-kickback statute
requires an analysis of the facts and circumstances specific to the
arrangement, including the intent of the parties. For arrangements that
do not meet all requirements of the safe harbor, the party could seek
an advisory opinion.
[[Page 77862]]
d. Elimination of Distance Limitations for Patients Other Than Those
Discharged After an Inpatient Admission
Comment: Numerous commenters requested that OIG expand the proposed
exemption from distance limitations beyond discharged hospital
inpatients to include patients treated in a hospital outpatient
department, ambulatory surgery center, or hospital emergency room, as
well as patients held in observation status at the hospital for a
substantial period of time but who are not admitted. For example, a
trade association representing hospitals asserted that patients may
travel a significant distance to obtain treatment that does not require
an admission, and the commenter believed that transportation home for
these patients without a limitation on distance would be appropriate.
The commenter suggested that OIG could provide parameters for protected
transportation so that it is not used as a workaround to the mileage
limitations that otherwise serve as a condition of the safe harbor. To
this point, a commenter suggested that an appropriate safeguard to
limit potential fraud concerns would be to require a medical
justification to receive transportation home for reasons other than an
inpatient discharge (e.g., after a colonoscopy or after receiving
stitches, a licensed medical professional could determine that a
patient is unable to travel home safely).
Response: As finalized in this rule, the mileage limitation of this
safe harbor does not apply in two circumstances. First, we confirm our
intention, as noted in the OIG Proposed Rule's preamble, that the
elimination of the mileage limitation applies after admission as an
inpatient. Second, we are persuaded by commenters that we should expand
the safe harbor by removing the mileage limitation when a patient is
discharged after spending 24 hours in observation status. We indicated
in the OIG Proposed Rule that we were considering including
transportation for patients who have been under observation status for
a timeframe of at least 24 hours. We are including this provision in
the final rule because we believe that transportation home following an
extended stay in observation status at a hospital is sufficiently
similar to transportation home following an inpatient discharge and to
prevent any safe harbor compliance challenges resulting from a
patient's status as an inpatient or outpatient in the hospital.
We also solicited comments regarding transportation home for
patients seen in the emergency department or following a procedure at
an ambulatory surgery center. We are mindful that available
transportation home for these patients could help address a legitimate
need. However, we are not removing the mileage limitation for other
patients categorized as outpatients, including patients who are seen in
the emergency room but not under observation for at least 24 hours, or
patients discharged from an ambulatory surgical center. It is not clear
that we could define acceptable medical justifications or make
distinctions about categories in this safe harbor. Moreover, creating
an exception to the mileage limitations in the safe harbor for local
transportation for these categories of patients would make the
exception so expansive and overly broad so as to limit the utility of
the mileage limitations as safeguards against potentially abusive
arrangements. The OIG advisory opinion process remains available for
particular transportation programs not covered by this safe harbor.
In promulgating this safe harbor, we observed that Congress did not
intend to preclude the provision of local transportation of nominal
value in the context of beneficiary inducements. Although the Federal
anti-kickback statute has no such exception for remuneration of nominal
value, we stated that protection of complimentary local transportation
that met certain requirements that limit the risk of fraud and abuse
was warranted.\145\ We believe that transportation home following
inpatient discharge or a stay in observation status at a hospital for
at least 24 hours poses a sufficiently low risk of inducing patient
referrals to the hospital, provided all safe harbor conditions are met.
---------------------------------------------------------------------------
\145\ 81 FR 88379 (Dec. 7, 2016).
---------------------------------------------------------------------------
e. Local Transportation for Health-Related, Nonmedical Purpose
Comment: Commenters generally supported extending protection under
this safe harbor to transportation furnished for nonmedical purposes.
For example, some commenters, including trade associations whose
members are hospitals or nurse practitioners, encouraged OIG to protect
transportation to obtain services that address social determinants of
health (e.g., nutrition counseling, chronic disease counseling
services, housing services), even if those services do not constitute
medical care. The commenters posited that these services have a direct
effect on a patient's health outcomes and well-being and are critical
to achieving effective care transitions and improved outcomes,
including reduced readmissions. One such commenter asked OIG to support
hospitals' efforts to connect patients to nonmedical care and foster
innovative community collaboration.
Another commenter advocated for protection of transportation to
access nutritious foods, suggesting that patients living in a ``food
desert'' may have difficulties obtaining such foods, which the
commenter asserted could potentially lead to increased health care
costs later if the patients develop nutritional issues that require
medical attention. A commenter also suggested that transportation to
food stores, food banks, other non-health care social services (e.g.,
housing assistance), or agencies that offer employment or vocational
training would be appropriate for safe harbor protection. A commenter
asked OIG to clarify the types of non-medical purposes that OIG
believes should not be protected by any expansion of the safe harbor.
Some commenters suggested potential safeguards for expanded safe
harbor protection for transportation for non-medical purposes.
Recognizing the need to minimize the risk of fraud and abuse that may
arise in conjunction with non-medical transportation, such as inducing
beneficiaries to receive unnecessary health care items and services,
these commenters suggested a variety of safeguards such as: (i)
Imposing restrictions on an entity's ability to condition receipt of
non-medical transportation support on continued receipt of health care
services from a particular provider; (ii) requiring the entity to
utilize an independent transportation vendor to arrange for
transportation; (iii) requiring the entity to tie any transportation
service to a specific quality improvement, social determinant of
health, or public health initiative; (iv) requiring that the
transportation is unlikely to interfere with, or skew, clinical
decision-making; and (v) requiring providers to document the patient's
need for such non-medical transportation (e.g., patient's income,
medical condition).
Another commenter suggested the existing conditions of the safe
harbor, combined with an appropriately tailored scope of nonmedical
transportation purposes (e.g., a direct connection to the coordination
and management of care), would be a sufficient safeguard against
abusive transportation initiatives.
Response: We are not expanding the local transportation safe harbor
to protect patient transportation for nonmedical purposes. In response
to the OIG RFI, we received comments suggesting that transportation for
nonmedical purposes may improve
[[Page 77863]]
patient health, and we solicited comments on whether the safe harbor
could be expanded to protect transportation for these purposes without
creating an unacceptable risk of fraud and abuse, such as inducing
beneficiaries to receive unnecessary health care items and services.
Some commenters suggested potential safeguards (e.g., requiring the
entity to tie any transportation service to a specific quality
improvement, social determinant of health, or public health
initiative). While we do not doubt that properly structured
transportation for non-medical needs can help patients maintain or
improve their health, we believe that protecting transportation for
non-medical purposes under paragraph 1001.952(hh), which limits
protection of transportation to tools and supports furnished by VBE
participants, rather than under the safe harbor for local
transportation, presents the lowest risk approach to protecting
patients and Federal health care programs from fraudulent and abusive
transportation schemes.
We continue to believe that the risk of beneficiaries being
improperly induced to obtain items or services is too high for safe
harbor protection when the transportation is for non-medical purposes.
As we explained in the 2016 final rule establishing the local
transportation safe harbor, a transportation program offered by a
provider or supplier inherently poses a risk both of inducing patients
to get items or services that they might otherwise not have obtained
and to get services from that provider or supplier. In the case of
transportation for medically necessary items and services, we think
that risk is acceptable. However, we believe the risk is too high when
the transportation is for non-health-related purposes.\146\ We noted
that it would be difficult to determine whether non-medical
transportation is related to the patient's health care (e.g.,
transportation to a shopping center that includes both a grocery store
and a movie theater). We went on to say that transportation for
nonmedical purposes very well might be more frequent than
transportation for medical appointments, which would give larger
providers a significant competitive advantage over smaller entities or
individual suppliers.\147\ We explained that transportation for
nonmedical purposes would not violate the statute if it is not for the
purpose of inducing individuals to obtain federally reimbursable items
and services.
---------------------------------------------------------------------------
\146\ 81 FR 88384 (Dec. 7, 2016).
\147\ 81 FR 88384 (Dec. 7, 2016).
---------------------------------------------------------------------------
Notwithstanding the foregoing, we are mindful of the importance of
addressing social determinants of health, and for this reason among
others we are finalizing a new safe harbor at paragraph 1001.952(hh)
that protects nonmedical transportation offered by VBE participants if
such transportation has a direct connection to the coordination and
management of care of the target patient population and meets the other
conditions of the safe harbor. In promulgating paragraph 1001.952(hh),
we recognize that transportation to address social determinants of
health could improve patients' overall health and reduce health care
costs. However, without the safeguards embedded within the VBE
framework, including accountability for advancing value-based purposes,
we are concerned that transportation for non-medical purposes could be
used improperly to recruit patients or incentivize overutilization of
items or services; therefore, OIG is not extending the local
transportation safe harbor to include transportation for nonmedical
purposes.
f. Use of Ride-Sharing Services
Comment: Commenters supported OIG's clarification in the OIG
Proposed Rule that transportation furnished through ride-sharing
services could be protected by the safe harbor and that, for purposes
of this safe harbor, there is no difference between taxis and ride-
sharing services. A commenter emphasized the importance of these
services with respect to patients with driving restrictions, cognitive
impairments, and mobility limitations. While some commenters did not
believe a change to the regulatory text was needed, at least one
commenter recommended that we amend the safe harbor to protect
transportation via ride-sharing services explicitly; according to this
commenter, the safe harbor is ambiguous with respect to ride-sharing
services, which discourages some providers from entering into
arrangements with ride-sharing services.
A commenter recommended that OIG clarify whether a ride-share
service can advertise a partnership with a hospital or health system to
promote patient awareness and utilization of such services. Another
commenter urged OIG not to make providers responsible for knowing or
controlling the advertising practices of taxi companies, ride-sharing
services, or other transportation providers.
Response: We support the use of ride-sharing services or other
patient transportation services similar to a taxi service by eligible
entities to make local transportation available for their patients. The
safe harbor protects certain free or discounted local transportation
made available by an eligible entity, and we confirm that an eligible
entity may make such transportation available through ride-sharing
arrangements or through other means of local transportation that may
exist in the future (e.g., self-driving cars). We do not believe an
amendment to the regulatory text is necessary. Indeed, nothing in the
language of the safe harbor prevents the use of ride-sharing services
by eligible entities as long as all other conditions of the safe harbor
are met. As we explained in the OIG Proposed Rule, although we do not
explicitly refer to ride-sharing services within the safe harbor, we
see no meaningful differences between these services and taxis, or
other similar technology that serve as a taxi service should they
become available in the future.\148\ We are not explicitly including
specific transportation methods within the regulatory text to avoid
being overly proscriptive and to allow eligible entities sufficient
flexibility to outsource these services appropriately while satisfying
every condition of the safe harbor.
---------------------------------------------------------------------------
\148\ 84 FR 55752 (Oct. 17, 2019).
---------------------------------------------------------------------------
We note that eligible entities that make transportation services
available to patients by using ride-sharing or other similar
transportation service providers must meet all requirements of the safe
harbor and ensure such service providers also meet all requirements of
the safe harbor to receive protection, including for example the
prohibitions against luxury transportation and publicly marketing or
advertising the free or discounted local transportation services.
In the OIG Proposed Rule, we explained that a taxi company, ride-
sharing service, or other provider of transportation could advertise
that it provides transportation to medical appointments and suggest to
patients that they contact their medical providers to determine whether
free or discounted transportation is available to their facilities. We
stated, however, that it cannot advertise that it provides free or
discounted transportation to a particular health care provider or group
of providers because such customer-specific advertising is within the
control of the customer (i.e., the eligible entity paying for the
transportation) to prohibit, and therefore would be imputed to the
customer and would disqualify transportation furnished by
[[Page 77864]]
the customer from safe harbor protection.\149\ Accordingly, we strongly
suggest that eligible entities that furnish local transportation to
patients and choose to rely on this safe harbor have mechanisms in
place to ensure this condition of the safe harbor is satisfied.
---------------------------------------------------------------------------
\149\ 84 FR 55752 (Oct. 17, 2019).
---------------------------------------------------------------------------
13. Accountable Care Organization (ACO) Beneficiary Incentive Program
(42 CFR 1001.952(kk))
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(kk) to codify the statutory exception to the definition of
``remuneration'' at section 1128B(b)(3)(K) of the Act, as added under
section 50341 of the Budget Act of 2018, for ACOs operating a CMS-
approved beneficiary incentive program under the Medicare Shared
Savings Program, as defined under section 1899(m) of the Act. We
proposed to clarify that an ACO may furnish incentive payments only to
assigned beneficiaries and to interpret the statutory language in the
Budget Act of 2018 stating, ``if the payment is made in accordance with
the requirements of such subsection [section 1899(m) of the Act],'' to
mean ``if the incentive payment is made in accordance with the
requirements found in such subsection.'' We did not propose any
additional safe harbor conditions that incentive payments made by an
ACO to an assigned beneficiary under an ACO Beneficiary Incentive
Program established under section 1899(m) of the Act would have to
satisfy, and we solicited comments on the proposed lack of additional
conditions.
Summary of Final Rule: We are finalizing the safe harbor without
modifications.
Comment: Several commenters expressed support for the ACO
Beneficiary Incentive Program safe harbor. For example, a commenter
posited that incentivizing patients to attend primary care appointments
may improve patient outcomes and reduce downstream medical expenses.
Another commenter agreed with OIG's proposal not to establish
additional safe harbor conditions to protect incentives under an ACO
Beneficiary Incentive Program that satisfies the statutory exception
and regulatory requirements.
Response: We are finalizing the regulation text as proposed. We
note that we do not interpret the statutory exception found at section
1128B(b)(3)(K) of the Act, nor the safe harbor finalized at paragraph
1001.952(kk), to require satisfaction of any requirements found outside
section 1899(m) of the Act (e.g., the regulatory requirements
established by CMS implementing the ACO Beneficiary Incentive Program
found at 42 CFR 425.304(c)).
Comment: A commenter supported the codification of the ACO
Beneficiary Incentive Program exception in a safe harbor but
recommended that OIG broaden the exception to protect any future
beneficiary incentives covered under CMS-sponsored payment models and
beneficiary incentive options that may be available in the future.
According to the commenter, the ACO Beneficiary Incentive Program is
too limited and the commenter has advised CMS that ACOs, and
alternative payment models (APM) more broadly, should be able to
provide beneficiary incentives to subsets of their population. Another
commenter requested that OIG expand the safe harbor to protect ACOs
participating in any Innovation Center demonstration, noting that
several ACO demonstrations have risk-bearing standards that exceed
those in the Medicare Shared Savings Program.
Response: This safe harbor codifies a statutory safe harbor that is
specific to ACO Beneficiary Incentive Programs; the commenters'
suggestions are beyond the scope of the statute and our proposal. To
the extent the commenters are requesting safe harbor protection for
beneficiary incentives provided through existing CMS-sponsored models
developed pursuant to section 1115A(d)(1) of the Act, any fraud and
abuse waiver applicable to beneficiary incentives under the relevant
model would potentially provide protection as long as the beneficiary
incentive arrangement squarely satisfies the conditions of the
applicable waiver. Moreover, we are finalizing a new safe harbor for
CMS-sponsored models at paragraph 1001.952(ii) that protects certain
CMS-sponsored model patient incentives under models for which CMS has
determined that paragraph 1001.952(ii)(2) should apply. This new safe
harbor is described more fully in section III.B.7 of this preamble.
Comment: A trade association representing community pharmacists
recommended that pharmacists be included in the definition of an ``ACO
professional'' and that pharmacy services should constitute qualifying
services for purposes of the ACO Beneficiary Incentive Program safe
harbor. According to the commenter, including pharmacy services as
qualifying services would give pharmacists more resources to provide
medication adherence services more efficiently to further enhance care
coordination.
Response: The commenter's suggestion is beyond the scope of the ACO
Beneficiary Incentive Program statutory exception found at section
1128B(b)(3)(K) of the Act that OIG proposed to codify at paragraph
1001.952(kk). Section 1899(h) of the Act defines an ACO professional
for purposes of the Medicare Shared Savings Program, and section
1899(m) of the Act sets forth the scope of qualifying services. CMS
administers the Medicare Shared Savings Program on behalf of the
Secretary, which includes promulgating regulations interpreting the
statutory definition of ACO professional and the scope of qualifying
services; for this reason, any requests to expand these terms should be
directed to CMS.
Comment: A commenter supported the proposed safe harbor but
recommended that OIG consider the administrative burden associated with
the ACO Beneficiary Incentive Program. In particular, the commenter
noted that several requirements of the ACO Beneficiary Incentive
Program (e.g., recordkeeping requirements) are burdensome.
Response: The commenter's suggestion is beyond the scope of this
rulemaking. Section 1899(m) of the Act contains certain programmatic
reporting and documentation requirements for beneficiary incentives
under the Medicare Shared Savings Program, and CMS has promulgated
additional regulations implementing the ACO Beneficiary Incentive
Program.\150\ The new safe harbor at paragraph 1001.952(kk) does not
alter existing documentation requirements or impose any additional
documentation requirements. Furthermore, section 50341(b) of the Budget
Act of 2018 does not give OIG authority to waive programmatic
documentation requirements set forth in section 1899(m) of the Act or
in CMS regulations.
---------------------------------------------------------------------------
\150\ 42 CFR 425.304(c)(4)(i).
---------------------------------------------------------------------------
Comment: A commenter requested additional guidance on the specifics
of the protected remuneration under this safe harbor.
Response: The new safe harbor at paragraph 1001.952(kk) protects
incentive payments made by an ACO to an assigned beneficiary under a
beneficiary incentive program established under section 1899(m) of the
Act if the incentive payment is made in accordance with the
requirements found in section 1899(m) of the Act. We interpret the
statutory language in the
[[Page 77865]]
Budget Act of 2018 stating, ``if the payment is made in accordance with
the requirements of such subsection [section 1899(m) of the Act]'' to
mean ``if the incentive payment is made in accordance with the
requirements found in such subsection.''
We read this provision broadly to incorporate all the requirements
found in section 1899(m) of the Act as requirements of the ACO
Beneficiary Incentive Program statutory exception to the definition of
``remuneration'' under the Federal anti-kickback statute. In other
words, as we stated in the preamble to the OIG Proposed Rule, we
interpret this statutory requirement to mean that for an incentive
payment to satisfy the ACO Beneficiary Incentive Program statutory
exception, and the corresponding safe harbor interpreting the statutory
exception, all of the requirements enumerated at section 1899(m) of the
Act--related both to ACO Beneficiary Incentive Programs and incentive
payments made pursuant to such programs--must be satisfied. We do not
interpret the statutory exception at section 1128B(b)(3)(K) of the Act
to require satisfaction of any requirements found outside of section
1899(m) of the Act. For instance, CMS, which administers the Medicare
Shared Savings Program, has promulgated programmatic regulations
setting forth more detailed requirements for implementing an ACO
Beneficiary Incentive Program in accordance with section 1899(m) of the
Act. While compliance with these regulations is not a condition of
satisfying the safe harbor, it would be prudent for ACOs to review
these regulations to ensure that their ACO Beneficiary Incentive
Programs meet all applicable programmatic requirements.
C. Civil Monetary Penalty Authorities: Beneficiary Inducements CMP
1. Exception for Telehealth Technologies for In-Home Dialysis (42 CFR
1003.110)
Summary of OIG Proposed Rule: We proposed to amend the definition
of ``remuneration'' under the Beneficiary Inducements CMP by codifying
the statutory exception enacted as part of the Budget Act of 2018.
Specifically, we proposed to add an exception to the definition of
``remuneration'' in paragraph 1003.110 at proposed paragraph
1001.110(10) for the provision of certain telehealth technologies
related to in-home dialysis services. The proposed exception would
protect the provision of telehealth technologies by a provider of
services or renal dialysis facility to an individual with end-stage
renal disease (ESRD) who is receiving home dialysis paid for by
Medicare Part B, provided the donation meets conditions proposed in the
OIG Proposed Rule. We proposed a condition that would require uniform
provision of technology. In addition, we proposed to define
``telehealth technologies'' as multimedia communications equipment that
includes at a minimum audio and video equipment permitting two-way,
real-time interactive communication between the patient and distant
site physician or practitioner used in the diagnosis, intervention, or
ongoing care management--paid for by Medicare Part B--between a patient
and the remote healthcare provider.
Summary of Final Rule: We are finalizing this provision with
several modifications at paragraph 1003.110(10) to align with the
statutory exception in 1128A(i)(6)(J). As explained in more detail
below, we are removing most of the additional proposed conditions and
proposed regulatory text language that were not in the statutory
exception. Additionally, the final rule modifies the definition of
``telehealth technologies'' and includes physicians as a type of
practitioner that can donate telehealth technologies to a patient. We
are not finalizing the other proposed conditions on which we solicited
comments.
a. General Comments
Comment: Commenters on this topic overwhelmingly supported our
proposed exception, in many cases as proposed. For example, a commenter
stated that the exception would enhance access to telehealth services
for vulnerable patients, including those who are immobile or located in
rural areas, and would encourage patients to appropriately address
their chronic condition. Commenters observed that telehealth
technologies will provide an important tool for dialysis facilities and
other providers to ease patients' adoption of home dialysis as their
treatment modality of choice and that increased use of telehealth
services benefit patients, including through reduced travel to and from
physician visits. A commenter expressed that broad protection under the
Beneficiary Inducements CMP would be consistent with policy priorities
of Congress and the Department, as well as under the Executive Order
entitled ``Advancing American Kidney Health.'' Another commenter noted
the Administration's policy goal of increased rates of uptake and
retention of in-home dialysis and urged OIG to consider the impact
technologies have outside of an isolated clinical visit, such as
dialysis modality education and support group access.
Some commenters raised concerns about the need for safeguards
against risks such as inappropriate steering, lemon-dropping, and
cherry-picking of patients by providers and the use of free at-home
technologies to entice patients to use a particular provider,
especially when the technology could also be used for other purposes
beyond the provision of telehealth services. Some commenters urged us
to adopt the statutory exception without any additional conditions that
could create barriers to patients accessing telehealth services, more
administrative burden, or additional duties on staff. A commenter
stated that the additional conditions and other potential safeguards in
the OIG Proposed Rule preamble are unnecessary.
Response: We have made several modifications to the final exception
that address the commenters' general concerns. Consistent with the
statutory exception at section 1128A(i)(6)(J) of the Act and the OIG
Proposed Rule, these modifications finalize a broader definition of
``telehealth technologies,'' reduce the number of conditions from the
OIG Proposed Rule, and modify the proposed conditions to more closely
align to the statute. The final exception incorporates the statutory
text from section 1128A(i)(6)(J) and the two statutory conditions at
1128A(i)(6)(J)(i) and (ii). We describe the specific rationale for each
of these modifications in greater detail below.
These modifications reflect our understanding as stated in the OIG
Proposed Rule that this is a narrow exception to the CMP beneficiary
inducement statute. Primarily, the exception is limited to a subset of
patients receiving in-home dialysis and certain, enumerated providers
in the statutory exception.\151\ Because the exception finalized here
is only available to established patients who are receiving specific
services paid for by Medicare Part B, the potential for fraud and abuse
is reduced. Similar to our rationale related to the definition and use
of target patient population in the patient engagement and support safe
harbor at paragraph 1001.952(hh), we believe that remuneration
connected to an objectively defined set of patients decreases the risk
that valuable remuneration will be offered to patients as an inducement
to seek care or as a reward for receiving care. For the purposes of
this exception, Congress established the patient population as
[[Page 77866]]
those receiving in-home dialysis paid for by Medicare Part B.
---------------------------------------------------------------------------
\151\ 84 FR 55754 (Oct. 17, 2019).
---------------------------------------------------------------------------
Additionally, the two statutory conditions address common risks of
fraud and abuse associated with remuneration furnished to
beneficiaries. The first, which bars telehealth technologies from being
offered as part of any advertisement or solicitation, protects against
improper marketing schemes that entice beneficiaries to receive
unnecessary services or select providers or services based on promises
of valuable gifts rather than medical best interests. The second
statutory condition requires that the telehealth technologies are
provided for the purpose of furnishing telehealth services related to
the recipient's ESRD; this condition tailors the statutory protection
to arrangements that assist beneficiaries in managing their ESRD,
reducing risk that the provision of telehealth technologies induce
orders or purchases of other, unrelated items and services. These
statutory limitations reduce the risks of fraud and abuse associated
with providing certain beneficiaries with free telehealth technologies.
We share commenters' concerns that offering valuable technology for
free to patients has the potential to impact a patient's selection of a
provider, and we agree that this exception should not be used to
effectuate inappropriate steering, lemon-dropping, or cherry-picking of
patients. The risk of fraud and abuse associated with selectively
deciding which patients receive telehealth technologies is mitigated by
conditions finalized in this rule (e.g., telehealth technologies are
protected if provided to a beneficiary already receiving in-home
dialysis paid for by Medicare Part B and if that patient initiated
contact or scheduled an appointment with the donor (paragraphs (10)(i)
and (ii) in 42 CFR 1003.110)).
This final rule strives to foster the policy goal of: (i) Ensuring
that beneficiaries can choose and benefit from medically appropriate
in-home dialysis care, as determined by the beneficiary and their
provider, physician, or renal dialysis facility; (ii) protecting
beneficiaries against coercive marketing schemes that do not serve
their best interests; and (iii) ensuring that providers, physicians,
and renal dialysis facilities are seeking the protection of the
exception use telehealth technologies for purposes related to
beneficiaries' ESRD as contemplated in the statutory exception. We have
endeavored to reduce administrative and staff burden wherever possible,
consistent with these goals.
b. Definition of ``Telehealth Technologies''
Summary of OIG Proposed Rule: Using the definition of ``interactive
telecommunications system'' pursuant to 42 CFR 410.78(a)(3) as a
basis,\152\ we proposed to define ``telehealth technologies'' as
multimedia communications equipment that includes, at a minimum, audio
and video equipment permitting two-way, real-time interactive
communication between the patient and distant site physician or
practitioner used in the diagnosis, intervention, or ongoing care
management--paid for by Medicare Part B--between a patient and the
remote healthcare provider. We proposed to exclude telephones,
facsimile machines, and electronic mail systems from the definition.
However, we proposed that smartphones with two-way, real-time
interactive communication through secure video conferencing
applications would not be considered ``telephones.'' We sought comments
on this definition and whether ``telehealth technologies'' should
include technologies such as software, a webcam, data plan, or
broadband internet access that facilitates the telehealth encounter.
---------------------------------------------------------------------------
\152\ In response to the COVID-19, HHS and CMS have exercised
emergency authorities and regulatory flexibilities to help health
care providers respond to the COVID-19 public health emergency.
Specific to telehealth covered by Medicare Part B, CMS has expanded
the types of technology that can be used to provide telehealth
services, the types of services that can be provided via telehealth,
certain coverage requirements related to originating and distant
sites, and other flexibilities. Most of these flexibilities will
remain in place until the Secretary ends the declaration of a public
health emergency for COVID-19. See for example 85 FR 19230 (Apr. 6,
2020), COVID-19 Emergency Declaration Blanket Waivers for Health
Care Providers, available at https://www.cms.gov/files/document/summary-covid-19-emergency-declaration-waivers.pdf; 85 FR 27550 (May
8, 2020), Additional Policy and Regulatory Revisions in Response to
the COVID-19 Public Health Emergency and Delay of Certain Reporting
Requirements for the Skilled Nursing Facility Quality Reporting
Program, available at https://www.govinfo.gov/content/pkg/FR-2020-05-08/pdf/2020-09608.pdf.
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications, the
regulatory text defining ``telehealth technologies'' in response to
comments and in a way that is technology agnostic, as described further
below.
Comment: Several commenters agreed with our proposed definition of
``telehealth technologies'' based on 42 CFR 410.78(a)(3), including our
proposal to exclude smartphones from our interpretation of what
consists of a ``telephone'' for the purposes of our proposed
``telehealth technologies'' definition because it would help expand
access to medically necessary care. A commenter suggested OIG finalize
a technology-neutral definition of ``telehealth technologies'' and
urged us not to detail specific technologies or services, which are
likely to change over time to facilitate the development of more
efficient means of delivering the same services. While a commenter
agreed with excluding telephones, facsimile machines, and electronic
mail systems from the definition of ``telehealth technologies'' because
the commenter did not view them as providing the required services,
other commenters asserted that these technologies should not be
included. For example, a commenter explained that these technologies do
not constitute ``telehealth technologies'' as standalone items but can
be used to supplement a telehealth encounter.
Several commenters were supportive of including the broader range
of technologies considered in the OIG Proposed Rule (e.g., software and
data plans). Commenters suggested that these technologies, which alone
will not facilitate a telehealth encounter, may be required by some
patients to access telehealth services. A commenter asserted that the
exception should protect any type of technology as long as it
contributes to accomplishing the telehealth service. The commenter also
urged OIG to consider that software protected under the exception must
be easily downloadable, be easy to use for patients, and meet HIPAA
standards.
Another commenter supported narrowly defining ``telehealth
technologies'' as the ``interactive communications system'' necessary
for the telehealth service. According to the commenter, a broader
definition could inappropriately induce a beneficiary to consider in-
home dialysis because of the availability of technology benefits rather
than the clinical appropriateness of the treatment approach. A
commenter also suggested that if necessary we include a list of items
ineligible for protection under this exception.
Response: We agree with those commenters that recommended a broader
definition that includes items and services that facilitate telehealth
services because the goal of this exception, as explained in the OIG
Proposed Rule, is to protect a wide range of technologies to better
support in-home dialysis. Specifically, this final rule modifies the
definition of ``telehealth technologies'' by removing references to
specific types of technology, limits on the type of communication, and
a requirement that telehealth services be paid for by Medicare Part B.
We are revising language to clarify that the definition means
technology used to support
[[Page 77867]]
communication between providers and patients in instances when the
communication is distant or remote, and when the communication is for
diagnosis, intervention, or ongoing care management. For purposes of
the telehealth technologies exception to the definition of
``remuneration'' authorized under section 1128A(i)(6)(J) of the Act,
this final rule defines ``telehealth technologies'' to mean hardware,
software, and services that support distant or remote communication
between the patient and provider, physician, or renal dialysis facility
for the diagnosis, intervention, or ongoing care management. We note
that the revised definition includes all of the technologies that we
proposed would constitute telehealth technologies and be protected if
all conditions of the exception were met: that is, multimedia
communications equipment, including audio and video equipment
permitting two-way, real-time interactive communication with the
patient.
The revised definition also now includes technologies that we
proposed to specifically exclude from the definition: Telephones,
facsimile machines, and electronic mail systems. The final definition
is technology agnostic. We emphasize that the revised definition
retains the element that the technology supports provider and patient
communication for diagnosis, intervention, or ongoing care management.
Additionally, for a donation of technology to be protected it must meet
all conditions of this exception, not just satisfy the revised
definition of ``telehealth technologies.'' This includes the condition
at paragraph (10)(i) in 42 CFR 1003.110 that requires the telehealth
technology be provided for the purpose of furnishing telehealth
services related to the recipient's end-stage renal disease. If a
provider, physician, or facility determines that a fax machine meets
this condition and the revised definition (and the donation meets all
other conditions) then it would be protected by this exception.
This modification is consistent with the statutory exception and
our solicitation of comments in the proposed rule. In the OIG Proposed
Rule, we proposed to define ``telehealth technologies'' to encompass
``multimedia communications equipment'' that included at a minimum
audio and video equipment with distant site, interactive communications
functionality between patients and physicians or practitioners. We
considered whether to broaden the definition to include technology such
as software, webcams, data plans, and broadband internet access that
facilitate a telehealth encounter and solicited specific comments on
the treatment of telephones, facsimile machines, and electronic mail
systems.
We are modifying the definition to focus on the functionality of
the technology to support telehealth rather than specific types. The
revised definition is technology neutral to provide flexibility to
providers, physicians, and renal dialysis facilities to determine what
telehealth technology is needed for the purpose of furnishing
telehealth services related to an individual's ERSD. By ``technology
agnostic,'' we mean that the technology is not limited to specific
technologies or services, which are likely to change over time. For
telehealth and virtual care specifically, we believe a technology-
agnostic approach is especially important given, for example, the
widespread and rapid changes to telehealth during the response to the
COVID-19 public health emergency. This approach will also allow the
exception to continue to be available to support telehealth services
for ESRD beneficiaries as technology evolves. We recognize that the
revised definition will allow for a wider range of technology to be
provided to beneficiaries than the proposed regulatory text. We also
recognize the potential for ``telehealth technologies'' as defined more
broadly in this final rule to inappropriately induce patients to pursue
in-home dialysis over a dialysis facility or select a particular
provider or physician. However, we believe the risk is mitigated
because the exception is available for a defined set of patients
already receiving in-home dialysis, marketing is not allowed, and other
conditions provide safeguards against fraud and abuse.
The revised definition is supported by the statutory exception in
section 1128A(i)(6)(J) of the Act. The statute gives the Secretary
authority to define ``telehealth technologies'' and protects
technologies provided for the purpose of furnishing telehealth services
related to the individual's ESRD. The statute did not limit the
telehealth technology or technology services under the exception to any
related Medicare definitions. In contrast, section 1128A(i)(6)(J) of
the Act states that a provider of services or a renal dialysis facility
are defined as those terms are used in title XVIII (Medicare).
``Telehealth technologies'' in section 1128A(i)(6)(J) and the term
``telehealth services'' in 1128A(i)(6)(J)(ii) do not include a
reference to specific statutory or regulatory definitions. Therefore,
the statute provides the Secretary additional flexibility to interpret
these terms differently than any related Medicare definitions. We
similarly interpret the term ``telehealth services'' differently than
the scope of telehealth services paid for by Medicare Part B. For a
more detailed discussion of the term ``telehealth services'' used in
paragraph (10)(ii) in 42 CFR 1003.110, see section III.C.1.e below.
Based on the statutory exception and flexibility afforded by the
statutory exception and the response to our solicitation on the
appropriate scope of technology covered by this exception, we are
modifying the definition in the regulatory text of ``telehealth
technologies'' to focus on core functionality to support telehealth
services and be technology agnostic. As several commenters noted,
telehealth technologies are ineffective without the ability to connect
any device facilitating telehealth services, and the purpose of this
exception would not be advanced without those capabilities. We agree
and have expanded the definition of telehealth technologies to include
services that support distant or remote communication between the
patient, provider, or renal dialysis facility for diagnosis,
intervention, or ongoing care management. For example, the finalized
definition would include internet service or data plans.
We emphasize that although this definition would encompass various
technologies, to receive protection under the exception arrangements
for providing telehealth technologies to beneficiaries must squarely
satisfy the other conditions in the exception, including that the
technologies are provided for the purpose of furnishing telehealth
services related to the recipient's ESRD.
In this preamble we offer examples of technology we view as within
the scope of the final definition of ``telehealth technologies.'' We
are not providing an exhaustive list in regulatory text or preamble to
avoid inadvertently limiting telehealth technologies that donors
determine are best suited to facilitate telehealth services to
beneficiaries with ESRD and to allow for the evolution of technology.
We are not including a condition related to ease of use for telehealth
technologies furnished to patients, which we believe is a consideration
for the patient and the clinician and is not needed as a fraud and
abuse safeguard. Parties would need to comply with any other applicable
government regulations that address ease of use or functioning of
telehealth technology. Similarly, HIPAA and other Federal and State
privacy and security laws apply notwithstanding this exception;
therefore, we do not believe
[[Page 77868]]
an additional condition within this exception is necessary.
Comment: Several commenters asserted that limiting ``telehealth
technologies'' to two-way, real-time interactive communications
equipment is overly narrow and could bar protection of many beneficial
technologies that pose no greater risk than technologies included in
the proposed definition. As an example, some commenters suggested that
equipment used to monitor and report data to physicians and dialysis
facilities (e.g., Bluetooth-enabled stethoscopes and thermometers)
would not qualify under the proposed definition but could provide
valuable clinical benefits. A commenter suggested that OIG follow the
example provided in the current Kidney Care Choices Model operated by
the Innovation Center that allows the use of asynchronous store-and-
forward technologies and the forwarding of health history to a
clinician for review outside of a real-time interaction. Several
commenters recommended including real-time (synchronous) and store-and-
forward (asynchronous) audio and video platforms. A commenter stated
that an audio-only platform may be appropriate to assess whether the
patient's condition necessitates an office visit.
Response: We agree with commenters who suggest revising the
definition to include broader forms of technology, including
technologies that enable asynchronous communications between the
patient and a distant site physician or practitioner. We have revised
the definition of ``telehealth technologies'' to cover a more expansive
range of technology than the proposed definition. This modification to
the definition would cover technology based on its function, rather
than specific types of technology. This would include equipment that
could be used to monitor and report data to physicians and dialysis
facilities (e.g., Bluetooth-enabled stethoscopes and thermometers)
where appropriate, provided such technologies satisfy the other
conditions of the exception. We believe the donor of any protected
telehealth technologies--who per the terms of the exception must be
currently providing the in-home dialysis, telehealth services, or other
ESRD care to the patient--is in the best position to determine whether
real-time or asynchronous information is appropriate and whether such
technologies serve the purpose of furnishing telehealth services
related to the recipient's ESRD. We do not believe the distinction
between two-way, real-time technology and asynchronous technology
materially changes the fraud and abuse analysis associated with
providing patients valuable technology. Relatedly, we agree that some
audio-only technology may be appropriate to assess whether the
patient's condition necessitates an office visit and could contribute
substantially to the provision of telehealth services to a patient.
As explained above, the definition of ``telehealth technologies''
set forth in this final rule is technology agnostic and is not limited,
for example, to technologies used for two-way, real-time interactive
communication. We believe this final definition will extend protection
to many of the specific technologies identified by commenters as long
as other conditions of the exception are met.
Comment: A commenter encouraged OIG to define the minimum set of
capabilities required for a telehealth physician visit to include at
least real-time bidirectional video interaction with audio. The
commenter recommended the definition for ``telehealth technologies''
include tools such as peripheral devices or applications that the
physician deems necessary to complete a proper assessment of the
patient during a telehealth service, including remote monitoring and
asynchronous messaging.
Another commenter recommended OIG adopt the full definition of
``interactive telehealth system'' at 42 CFR 410.78 in lieu of the
proposed ``telehealth technologies'' definition but expand the
definition to protect the use of asynchronous technologies in certain
geographic areas (e.g., areas that are medically underserved). The same
commenter also recommended including peripheral or supporting
technology in the definition, which could support the use of remote
patient monitoring.
Response: As described above, we have modified the definition of
``telehealth technologies'' to clarify the scope of technologies with
telehealth capabilities protected by this exception. With respect to
real-time bidirectional video interaction with audio, we view such
technology as within the scope of the proposed definition as well as
the definition finalized here. We also agree with the commenter that
the definition should include tools such as peripheral devices or
applications that the physician deems necessary to complete a proper
assessment of the patient during a telehealth service. The definition
of ``telehealth technologies'' encompasses the peripheral or supporting
technologies for remote patient monitoring noted by the commenter.
Asynchronous technologies would also meet the definition of telehealth
technologies and could be protected if all conditions of the exception
are met. For example, many types of remote patient monitoring
technology are asynchronous and used to support remote communication
between a patient and their physician for diagnosis, intervention, and
ongoing care management. We did not propose and are not adopting any
geographic limitation. Such restrictions are not necessary due to the
other safeguards in the safe harbor, and further narrowing the limited
statutory exception is not consistent with the statutory text (e.g.,
section 1128A(i)(6)(J) of the Act is not connected to telehealth
services paid for by Medicare Part B, which are historically subject to
geographic limitations).
We note that policies regarding what constitutes a physician
telehealth service are outside the scope of this rulemaking because it
is limited to requirements for an exception to the Beneficiary
Inducements CMP.
Comment: Another commenter recommended aligning the exception with
the list of services payable under the Medicare Physician Fee Schedule
when furnished via telehealth by expanding the definition of
``telehealth technologies'' to include communications-based
technologies in addition to telehealth technologies.
Response: We believe the commenter is referring to the telehealth
technologies used to furnish ``communications technology-based
services'' such as virtual check-in and remote assessment services that
are separately billable under Medicare Part B. As discussed above, we
have revised the definition of ``telehealth technologies,'' and it
would include technologies that facilitate communications for these
services including, by way of example, virtual check-in services. This
exception protects a wide range of telehealth technologies that are
provided for the purposes of furnishing remote or distant services
through various modalities, including telehealth services, virtual
check-in services, e-visits, monthly remote care management, and
monthly remote patient monitoring.
Consistent with this approach, as explained more fully above, we
have modified the telehealth technologies definition so that it is not
dependent on Medicare Part B payment for telehealth services.
Relatedly, as explained more fully below, we are also modifying
paragraph 10(iii) under the definition of ``remuneration'' in 42 CFR
1003.110 so that protection of telehealth
[[Page 77869]]
technologies is not conditioned on their being provided for the purpose
of furnishing ``telehealth services'' paid for by Medicare Part B.
c. Furnished by Specified Individuals and Entities Currently Providing
Care to the Patient
Summary of OIG Proposed Rule: Section 1128A(i)(6)(J) of the Act
limits the exception to technologies provided ``by a provider of
services or a renal dialysis facility (as such terms are defined for
purposes of title XVIII) to an individual with end-stage renal disease
who is receiving home dialysis for which payment is being made under
part B of such title . . . .'' We proposed to implement this statutory
provision in two ways. First, we proposed to use the precise statutory
text in the introductory text in paragraph (10) under the definition of
``remuneration'' in 42 CFR 1003.110. Second, we proposed a condition at
paragraph (10)(i) that interprets the statutory language so that the
exception would be available only to the provider of services or the
renal dialysis facility that is currently providing in-home dialysis,
telehealth services, or other ESRD care to the patient. We explained
that the intent of this condition was to ensure that the exception only
protected the provision of telehealth technologies to patients with
whom the provider or renal dialysis facility had a prior clinical
relationship. A beneficiary has a prior clinical relationship with the
donor if the patient is receiving home dialysis, telehealth services,
or other ESRD care from the donor. We also specifically solicited
comment on this interpretation recognizing that this limitation may
pose challenges.
We also sought comment on but did not propose specific regulatory
text for whether we should interpret the statutory exception to apply
not only to the ``provider of services or the renal dialysis facility
(as those terms are defined in title XVIII of the Act)'' but also
``suppliers,'' as defined in title XVIII of the Act, so that the
exception would be consistent with the broader goals to expand patient
access to in-home dialysis care furnished by their physician in section
50302(b) of the Budget Act of 2018.
Summary of Final Rule: We are finalizing, with modifications, the
proposed condition at paragraph (10)(i) that interprets the statutory
language so that the exception would be available only to the provider
of services or the renal dialysis facility that is currently providing
in-home dialysis, telehealth services, or other ESRD care to the
patient. The final rule limits the exception to telehealth technologies
furnished by a provider of services, physicians, or a renal dialysis
facility currently providing in-home dialysis, telehealth services, or
other ESRD care to the patients or has been selected or contacted by
the patient to schedule an appointment or provide services.
Comment: Several commenters supported both of our proposals
implementing section 1128A(i)(6)(J) of the Act, including the
interpretation that the provision of telehealth technologies is limited
to patients with whom the donors have a prior clinical relationship.
Several commenters shared OIG's concern that expanding the exception to
protect the provision of telehealth technologies to new patients or to
patients who are not currently receiving ESRD services or care from the
individual or provider of services or the facility may result in
inappropriate steering.
However, another commenter expressed concern that this
interpretation would be operationally difficult to implement and could
reduce the benefits of the otherwise permissible telehealth
technologies. According to the commenter, once patients have selected a
provider, they should not have to wait for telehealth services
furnished through protected arrangements until they are already
receiving in-home dialysis. The commenter asserted that delaying
telehealth technologies in this context may disrupt normal care
delivery methods.
Response: Consistent with section 1128A(i)(6)(J) of the Act and our
proposed interpretation, limiting the exception to telehealth
technologies furnished by a provider of services, physicians, or a
renal dialysis facility currently providing in-home dialysis,
telehealth services, or other ESRD care to the patients is consistent
with the statutory language and an appropriate safeguard against
inappropriate steering and patient recruitment. As such, we are
finalizing the introductory language of paragraph (10) under the
definition of remuneration in 42 CFR 1003.110 as proposed.
We also are finalizing the condition at paragraph (10)(i) under the
definition for ``remuneration'' in 42 CFR 1003.110 with modifications.
Specifically, we have modified this condition by adding the following
clause: ``or has been selected or contacted by the individual to
schedule an appointment or provide services.''
We agree with the commenter who suggested that once a patient has
selected a provider, physician, or facility, the patient should be
eligible to receive telehealth technologies. The purpose of the
proposed condition was to limit the risk of the technologies being used
as a recruiting tool or to facilitate the provision of unnecessary
services. However, because protected telehealth technologies may not be
offered as part of any advertisement or solicitation, we believe that
making telehealth technologies available to patients who contact the
provider, physician, or facility on their own initiative is
sufficiently low risk to warrant protection by this exception. Thus a
provider, physician, or facility may offer or furnish telehealth
technologies to a patient with ESRD who is receiving home dialysis paid
for by Medicare Part B after the patient selects and initiates contact
with a provider, facility, or physician to schedule an appointment or
other services.\153\ This approach is consistent with our intent in the
OIG Proposed Rule to prevent arrangements from being protected by the
exception where the donor does not have a preexisting clinical
relationship with the patient and to reduce the risk of inappropriate
patient recruitment or marketing schemes.
---------------------------------------------------------------------------
\153\ If a patient is unable to call a provider or physician
himself or herself, or has otherwise given consent for a person
(e.g., a family member, a case manager, or a provider or supplier
when the patient is attending an appointment or receiving services)
to schedule appointments or upcoming services for him or her, then a
request for an appointment or upcoming services made on behalf of
the patient is sufficient to meet the patient-initiated contact
requirement.
---------------------------------------------------------------------------
We view a patient reaching out to schedule an appointment or other
services and asking whether assistance in facilitating telehealth
services might be available as low risk in light of the other
conditions in the exception, such as the limitation on advertisement
and solicitation discussed further below. Patient-initiated contact is
also distinguishable from a provider, facility, or physician initiating
contact with a new patient (or to the patient's case manager) and
soliciting the patient to elect in-home dialysis or to switch
providers, coupled with an offer of telehealth technologies. The former
would be protected (if all other conditions of the exception are met)
and the latter would not.
Comment: Several commenters opposed extending the exception to
apply to suppliers as defined in title XVIII of the Act because it
could result in telehealth technologies being offered to patients
without any provider reviewing whether the technology is an appropriate
offering for the particular patient's clinical condition and, more
generally, increases the risk for
[[Page 77870]]
inappropriate use or offering of technologies. A commenter also
asserted that expanding protected donors to include protection for
suppliers is not consistent with congressional intent. A commenter
asserted that protection under the exception should be limited only to
nephrologists and dialysis providers who are directly responsible for
the provision of care to home dialysis patients.
Response: This final exception, consistent with our solicitation in
the OIG Proposed Rule, protects telehealth technologies provided by
physicians as defined in title XVIII of the Act who are providing in-
home dialysis, telehealth services, or other ESRD care to the
recipient. This modification will be included in the introductory
language of paragraph (10) and in paragraph (10)(i) under the
definition to remuneration in 42 CFR 1003.110. As explained in the OIG
Proposed Rule and further below, this modification is consistent with
section 50302 of the Budget Act of 2018. In particular, physicians--
notably but not exclusively nephrologists--are central to the provision
of telehealth services related to ESRD care that would be furnished
using the telehealth technologies, as described in the statute. For
example, without the inclusion of physicians, telehealth technologies
furnished by a patient's nephrologist could not receive protection
under this exception.
As part of the Creating High-Quality Results and Outcomes Necessary
to Improve Chronic Care Act of 2018,\154\ section 50302 of the Budget
Act of 2018 amends section 1881(b)(3) of the Social Security Act to
permit an individual with ESRD receiving home dialysis to elect to
receive their monthly ESRD-related clinical assessments via telehealth,
if certain other conditions are met. CMS implemented these statutory
changes through amendments to 42 CFR 410.78 and 414.65.\155\ Under
those CMS rules, the newly covered monthly ESRD-related clinical
assessments furnished via telehealth would be provided by a physician
at the distant site who is licensed under State law to furnish the
covered monthly ESRD-related clinical assessments.\156\ It is
consistent with the OIG Proposed Rule and section 50302 of the Budget
Act of 2018 that this exception protect the provision of telehealth
technologies offered by physicians (e.g., nephrologists) furnishing
monthly ESRD-related clinical assessments via telehealth for patients
receiving home dialysis. Under the new CMS rules, the physicians
performing these clinical assessments are well positioned to understand
what telehealth technologies should be provided to the ESRD patient for
the purpose of furnishing telehealth services.
---------------------------------------------------------------------------
\154\ S. 870, 115th Congress (Sept. 26, 2017).
\155\ 83 FR 59495 (Nov. 23, 2018).
\156\ 42 CFR 410.78(b) specifies in part that ``Medicare Part B
pays for covered telehealth services included on the telehealth list
when furnished by an interactive telecommunications system if the
following conditions (are met, such as) . . . [t]he physician or
practitioner at the distant site must be licensed to furnish the
service under State law. The physician or practitioner at the
distant site who is licensed under State law to furnish a covered
telehealth service described in this section may bill, and receive
payment for, the service when it is delivered via a
telecommunications system.''
---------------------------------------------------------------------------
We agree with commenters that expanding the exception to a broad
range of practitioner types by using ``suppliers'' poses risk and, upon
further review, we see no support in the statute for doing so. Section
1128J(i)(6)(J) of the Act conditions protection on the connection
between the provider of services or renal dialysis facility and caring
for an individual with ESRD. The definition of ``suppliers'' in title
XVIII includes a physician or other practitioner, a facility, or other
entity (other than a provider of services) that furnishes items or
services under this title. That definition covers numerous practitioner
and entity types, many of which are not providing ESRD services. We are
concerned that including these practitioners and entities would not
further the ESRD-related purposes of the exception, were not
contemplated by Congress, and could pose risk that these parties would
offer telehealth technologies to steer beneficiaries to select them as
a supplier or to their products and services. In light of that risk and
consistent with the section 1128J(i)(6)(J) of the Act, we are
finalizing the exception by including ``physicians'' but not
``suppliers'' (as that term is defined in title XVIII).
Section 1861(r) of the Act defines the term ``physician.'' That
definition includes a limited set of practitioners including doctors of
medicine or osteopathy, doctors of dental surgery, doctors of podiatric
medicine, doctors of optometry, and chiropractors. Under this final
exception, a physician must meet this definition in 1861(r) of the Act
and, consistent with paragraph 10(i) in 42 CFR 1003.110, be providing
in-home dialysis, telehealth services, or other ESRD care to the
patient. Consequently, it is unlikely that all practitioner types under
1861(r) would be eligible for protection for providing telehealth
technologies under this exception. For example, it is unlikely that
dental surgeons, doctors of podiatric medicine, or chiropractors would
be providing telehealth services to ERSD patients.
d. Prohibition on Advertisement or Solicitation
Summary of OIG Proposed Rule: We proposed to incorporate the
statutory requirement in section 1128A(i)(6)(J)(i) of the Act that the
telehealth technologies are not offered as part of any advertisement or
solicitation. We proposed to interpret the terms ``advertisement'' and
``solicitation'' consistent with their common usage in the health care
industry.
Summary of Final Rule: We are finalizing this condition as
proposed.
Comment: A commenter expressed support for the proposal precluding
the protection of telehealth technologies offered as part of an
advertisement or solicitation.
Response: We are including this protection in the final rule,
consistent with the statute. As stated in the OIG Proposed Rule, we
interpret the terms ``advertising'' and ``solicitation'' consistent
with prior rulemakings. We emphasize that whether a particular means of
communication constitutes an advertisement or solicitation will depend
on the facts and circumstances.\157\
---------------------------------------------------------------------------
\157\ 81 FR 88373 (Dec. 7, 2016).
---------------------------------------------------------------------------
Additionally, consistent with our interpretation in the OIG
Proposed Rule, we note that it is important for patients to receive
information about their health care options, and that not all
information provided to beneficiaries is advertising or solicitation.
Stakeholders should interpret the terms ``advertisement'' and
``solicitation'' consistent with their common usage in the health care
industry.
e. Provided for the Purpose of Furnishing Telehealth Services Related
to an Individual's End Stage Renal Disease
Summary of OIG Proposed Rule: We proposed to interpret the
condition at section 1128A(i)(6)(J)(ii) of the Act that the telehealth
technologies are provided ``for the purpose of furnishing telehealth
services related to the individual's [ESRD]'' to mean that the
technologies: (i) Contribute substantially to the provision of
telehealth services related to the individual's ESRD; (ii) are not of
excessive value; and (iii) are not duplicative of technology that the
beneficiary already owns if that technology is adequate for telehealth
purposes. We proposed to interpret ``telehealth services related to the
individual's ESRD'' to mean only those telehealth services paid for by
Medicare
[[Page 77871]]
Part B. We stated that we would consider technology to be of excessive
value if the retail value of the technology were substantially more
than required for the telehealth purpose.
We sought comment on but did not propose regulatory text on the
following issues: (i) Whether we should require that the person
furnishing the telehealth technologies make a good faith determination
that the individual to whom the technology is furnished does not
already have the necessary technology and that such technology is
necessary for the telehealth services provided; (ii) whether we should
adopt a more restrictive exception that would protect technologies that
provide the beneficiary with no more than a de minimis benefit for any
purpose other than furnishing telehealth services related to the
individual's ESRD; (iii) whether we should adopt a different standard
that would protect telehealth technologies only when furnished
predominantly for the purpose of furnishing telehealth services related
to the individual's ESRD; and (iv) whether the exception should require
the provider or facility to retain ownership of any hardware and make
reasonable efforts to retrieve the hardware once a beneficiary no
longer needs it for the permitted telehealth purposes.
Summary of Final Rule: We finalizing this condition, with
modification, to use the statutory language in section
1128J(i)(6)(J)(ii) of the Act. We are finalizing this condition
consistent with the statutory exception to read: The telehealth
technologies are provided for the purpose of furnishing telehealth
services related to the individual's end-stage renal disease.
Comment: Several commenters supported our interpretation of section
1128A(i)(6)(J)(ii) of the Act as proposed. Commenters appreciated what
they believed to be meaningful guardrails to ensure that the provision
of telehealth technology does not serve as an inducement to select a
particular provider and shared our concerns regarding the potential for
providers to offer such remuneration to steer patients with whom they
do not have a prior clinical relationship to themselves.
Some commenters argued that our proposed interpretation of ``for
the purpose of furnishing telehealth services related to the
individual's [ESRD]'' was more restrictive than the statutory language
required. For example, a commenter supported removing the word
``substantially'' from the phrase ``contributes substantially to the
provision of telehealth services,'' observing it adds a restriction
that does not appear expressly in the statute.
A commenter noted that certain telehealth technologies may have
some benefit to a patient beyond facilitating telehealth services
related to the individual's ESRD, but most uses can be limited from a
technical standpoint. For those services for which it would not be
feasible to limit use, such as data services, the commenter believed
that such services could be provided based on a patient's clinical
need, geographic need, or both, and removed when the patient no longer
has a clinical or geographic need for the services (e.g., the patient
is no longer treated in the home).
Response: We are not finalizing our proposed language. Instead, we
are modifying this condition to use the statutory language in section
1128J(i)(6)(J)(ii) of the Act. We agree with commenters that the
proposed condition added additional requirements not included in the
statute. To the extent that the exception needed additional safeguards,
the Secretary has the authority to implement those under section
1128J(i)(6)(iii) of the Act. Therefore, we are finalizing this
condition consistent with the statutory exception to read: The
telehealth technologies are provided for the purpose of furnishing
telehealth services related to the individual's end-stage renal
disease.
As explained in the OIG Proposed Rule, we have concerns about the
provision of valuable technology improperly inducing a beneficiary to
choose a particular provider, physician, or facility. The limited
nature of the exception and the conditions finalized in this rule
provide reasonable and necessary safeguards against fraud and abuse.
For example, the conditions at paragraphs 10(i) and (ii) work together
to prevent protection under the exception if the provider, physician,
or renal dialysis facility is marketing or using the potential
provision of technology to induce and obtain new patients.
Based on the statutory language and matching condition finalized
here, we believe a wide range of technologies could be protected.
However, we emphasize that a determination regarding whether the
provision of telehealth technologies meets the condition at paragraph
10(ii) in the definition of ``remuneration'' at 42 CFR 1003.110
requires a case-by-case assessment of the functionality of the
technologies to be provided and telehealth services being furnished to
the ESRD patient.
We are not including a condition as suggested by the commenter that
would require a donor to technically limit the telehealth technologies
provided. Under this condition and the definition of ``telehealth
technologies'' as finalized, technologies that are multifunctional and
have purposes in addition to furnishing telehealth services related to
the individual's ESRD are not precluded and may be protected. For
example, this condition could protect a tablet that a patient would use
to access telehealth services for their ESRD care, even though the
tablet has other purposes or functionalities (e.g., ability to download
any mobile application) as long as such provision meets all conditions
of the exception.
Comment: Several commenters opposed OIG's considered interpretation
of this statutory condition--``the telehealth technologies are provided
for the purpose of furnishing telehealth services related to the
individual's [ESRD]''--that would restrict telehealth technologies to
those that do not provide the beneficiary with more than a de minimis
benefit outside of the telehealth services related to the individual's
ESRD. Commenters suggested that such a condition would limit access to
needed technology, add unnecessary burden and uncertainty, or impede
the objective of expanding in-home dialysis patients' use of telehealth
services. A commenter recognized that allowing devices with non-health
care functions could be considered an inducement but highlighted that
patients who receive such devices also must accept the obligations and
responsibilities of home dialysis, which the commenter believes serves
as an appropriate safeguard.
Another commenter expressed concerns that the de minimis benefit
standard might create complications for patients with multiple health
needs that could be fulfilled by the same device, and the commenter
asserted that it would not be a good use of resources for a patient to
be prescribed two separate digital health tools when one would meet all
of the patient's clinical needs.
Response: We agree with commenters and are not finalizing a de
minimis benefit standard in this exception.
Comment: Several commenters supported prohibiting providers from
giving patients telehealth technologies for home dialysis that are of
excessive value or duplicative of technology that the beneficiary
already owns. A commenter found these guardrails particularly important
given the limited number of vendors currently offering home dialysis
equipment and supplies. The commenter asserted that the limited
competition in the home dialysis market would make acquisition costs of
telehealth technologies particularly
[[Page 77872]]
significant for small and independent providers who lack market share
advantages used in negotiations with vendors. Another commenter
requested further clarification on what donations would be considered
of ``excessive value.''
Response: For the reasons noted above, we are finalizing paragraph
(10)(iii) in 42 CFR 1003.110 to mirror the statutory language at
section 1128J(i)(6)(J)(ii) of the Act, without a requirement that the
telehealth technologies not be of excessive value. Additionally, we are
not finalizing a condition elsewhere that requires the telehealth
technologies not be of excessive value. The limited nature of the
exception and the other conditions provide appropriate safeguards.
The value of the telehealth technologies provided to a patient may
be a fact or circumstance used to assess whether the provision of such
technology meets the finalized condition at paragraph 10(iii) in the
definition of ``remuneration'' at 42 CFR 1001.130. In other words,
depending on the facts and circumstances, technology of excessive value
could indicate that the technology is not being provided for the
purpose of furnishing telehealth services related to the individual's
ESRD. Excessively valuable technology beyond what is reasonable for
furnishing telehealth services related to ESRD could also indicate that
the technology is part of a prohibited advertisement or solicitation
under paragraph (10)(ii).
As stated in the OIG Proposed Rule, providing telehealth technology
with substantial independent value might serve to inappropriately
induce the beneficiary. In the context of this exception, that risk
materializes because excessive value of the telehealth technology may
make the purpose of the donation suspect and call into question whether
it is related to furnishing telehealth services. For example, if a $50
per month data plan would facilitate the connection needed for the
patient to access telehealth services, the provision of a $100 per
month data plan might raise concerns that the data plan is being
offered for a purpose other than access to telehealth services.
Similarly, if the donor knows that the patient already has a data or
internet service plan that would facilitate the furnishing of
telehealth services and furnishes such a plan anyway, a question could
arise about the purpose of the remuneration to the patient.
Comment: A commenter stated that if telehealth technologies are
provided for the purpose of furnishing telehealth services related to
the individual's end-stage renal disease, and if the donated telehealth
technologies meet the other elements of the exception, no dollar value
limit should be necessary because the purpose cannot be to induce
beneficiaries to select particular providers. Two other commenters
recommended including a condition requiring the recipient's payment of
at least 15 percent of the offeror's cost for the in-kind remuneration.
Another commenter recommended a $500 annual cap to ensure the
technology did not act as an inducement for referrals.
Response: We did not propose a contribution requirement or an
annual monetary cap. We believe the combination of safeguards we are
finalizing implement the statutory conditions in section 1128A(i)(6)(J)
of the Act and safeguard against risks of fraud and abuse.
Comment: Related to the proposed requirement that the telehealth
technologies be necessary and nonduplicative of technology the patient
already has, a commenter stated that a patient's existing personal use
technology may have some of the necessary capabilities but also may
lack all components necessary to be reliable and fully functional for
accessing telehealth services. The commenter further asserted it would
not be efficient or practical to require that the provider furnish
additional necessary components to the patient's existing technology--
and any associated installation and support services--to make it fully
capable of accessing telehealth services. For example, the commenter
referenced a patient who has a personal computer without video
capabilities. The commenter surmised that it is more logical and cost-
effective to provide a ready-to-use integrated device focused solely on
their ESRD clinical assessments and related ESRD care support to the
patient instead of trying to retrofit the computer, which could involve
identifying and installing missing components and providing
technological support for this personal-use equipment. The commenter
recommended that if the patient's personal technology does not have all
the necessary components for telehealth, provision of fully integrated
telehealth technology should be protected under the exception.
Response: We are not finalizing a requirement that the telehealth
technologies not be duplicative of technology that the beneficiary
already owns in paragraph 10(iii) in the definition of ``remuneration''
at 42 CFR 1001.130. This condition is being finalized consistent with
the statutory condition at section 1128J(i)(6)(J)(ii) of the Act.
Additionally, we are not finalizing a condition elsewhere that requires
the telehealth technologies not be duplicative of technology that the
beneficiary already owns. The limited nature of the exception and the
other conditions provide appropriate safeguards.
Assessing whether telehealth technologies would be duplicative of
technology that the beneficiary already has may be a fact or
circumstance used to determine whether the provision of such technology
meets the finalized condition at paragraph 10(iii) in the definition of
``remuneration'' at 42 CFR 1001.130. For example, if a patient has
existing telehealth technology and is already able to receive
telehealth services, providing the patient with additional telehealth
technology may not have the purpose of furnishing telehealth services.
A true determination would have to be based on the specific facts and
circumstances of the additional provision of telehealth technologies,
including the telehealth services provided to the patient and the
patient's condition.
We highlight that if a patient's existing technology does not have
all the necessary components or capabilities to support the telehealth
services, then those facts are favorable in determining that the
provision of telehealth technology to that patient meets the condition
at paragraph (10)(iii). With respect to the decision between
``retrofitting'' a patient's existing technology or providing fully
integrated telehealth technology, meeting this exception is not
specifically conditioned on whether the technology is fully integrated
or retrofitted. In making a determination about the technology to
provide and potential protection under this exception, providers,
physicians, and renal dialysis facility will have to assess the
particular facts and circumstances for that patient and the potential
technology. To be clear, we do not intend for this exception to result
in providers, physicians, and renal dialysis facilities that provide
telehealth technologies attempting to retrofit a patient's existing
technology. To the extent that technology already owned or used by a
patient with ESRD would not be adequate for the telehealth services,
that fact weighs favorably in determining that providing new telehealth
technology meets the condition at 10(iii) under the definition of
``remuneration'' in 42 CFR 1003.110.
Comment: Many commenters objected to the proposed additional
requirement that the party furnishing the technology make a good faith
determination that the
[[Page 77873]]
individual to whom the technology is furnished does not already have
the necessary telehealth technology. Some commenters stated that the
primary proposal--that the technology is not of excessive value and is
not duplicative of technology that the beneficiary already owns if that
technology is adequate for the telehealth purposes--provides adequate
protection against technologies being used as inducements for
duplicative or unnecessary telehealth services. Other commenters
supported the proposed ``good faith determination'' requirement.
Another commenter asked us to clarify what a ``good faith'' effort to
determine that the patient does not have the necessary technology
means, because the commenter is concerned that this provision could
lead to increased physician burden. A commenter stated that requiring
facilities or providers to make a good faith determination regarding
whether the recipient already has access to telehealth technologies
places a potentially ongoing burden to investigate a home dialysis
patient's personal life to ensure that they do or do not possess such
technology. The commenter asked whether a facility or provider must
consistently audit patient technology access to ensure that the loaned
or donated technology does not become duplicative over time. The
commenter suggested that patients should be able to opt out of
telehealth technologies furnished by a provider or facility, even if
specified in their plan of care, because they already have access to
such technology. In this way, the responsibility falls to the patient
to report access to technology, not on the facility or provider to
ensure that the patient does or does not possess such a device. Some
commenters supported the proposed additional ``good faith
determination'' requirement.
Response: We are not including a condition in this final exception
that requires a good faith determination that the individual to whom
the technology is furnished does not already have the necessary
telehealth technology. Consistent with the discussion related to the
condition on duplicative technology, we note that assessing whether
providing telehealth technologies would be duplicative of technology
that the beneficiary already has may be a fact or circumstance used to
determine if the provision of such technology meets the finalized
condition at paragraph 10(iii) in the definition of remuneration at 42
CFR 1003.110.
In response to the commenters' questions regarding what constitutes
a good faith effort, we want to clarify that this exception does not
condition protection on investigating the patient's personal life or
auditing the technology that a patient may already have available. When
determining whether the provision of telehealth technology meets this
condition, specific facts and circumstances about the patient will need
to be considered. This would include the patient's health condition,
telehealth services provided to the patient, and how the telehealth
technologies support furnishing telehealth services relating to the
patient's condition. Most of the information about the patient is
likely gathered as part of the clinical and monthly assessments that
patients receiving in-home dialysis receive or is gathered through the
normal course of patient and provider interaction about the patient's
condition and treatment.
That said, nothing in this exception prevents physicians,
providers, and facilities from asking patients about their existing
technology needs and capabilities; nothing requires patients to answer
such inquiries. We would expect that conversations about patients'
existing technology would inform donors' decision-making with respect
to furnishing telehealth technologies consistent with this exception.
We do not prescribe how providers, physicians, and facilities make the
determination whether providing telehealth technologies meets the
condition that the technology be for the purpose of furnishing
telehealth services related to the patient's ESRD.
As modified, we do not believe this final exception will increase
provider, physician, or renal dialysis facility burden, nor expose
patients to unwarranted intrusions. Conditions of this exception
implement the statutory exception in section 1128A(i)(6)(J) of the Act.
The statutory exception gives providers, physicians, and renal dialysis
facilities the flexibility to provide telehealth technologies for the
purpose of furnishing telehealth services related to patients' ESRD.
This may help increase options for ESRD patients to manage their care
by making telehealth more widely available. We also note that use of
this exception is voluntary.
Comment: A commenter recommended that as a condition for
protection, the telehealth technology provided to the patient should be
necessary for the provision of the telehealth services and, where
possible, restricted to the functions that facilitate the provision of
care (e.g., a tablet that can only be used for telehealth services),
and ensure a secure, safe, and satisfactory user experience. However,
the commenter explained that some telehealth technologies may be
duplicative or overlap with technology the patient may already have
access to and that the condition may result in an overly burdensome
patient intake process, to include an accounting of all of the
patient's technology (e.g., items in a patient's possession as well as
the operating systems and compatibility with the telehealth offering).
The commenter suggested that instead of protecting only nonduplicative
telehealth technologies, OIG limit protected telehealth technologies to
what is reasonably necessary for the furnishing of telehealth services
and require that providers, suppliers, and facilities provide the
patient with disclosure language that the telehealth equipment is
provided for their ESRD-related treatment and care, and that it is the
responsibility of the patient to use the device for these specific
purposes only.
Response: We did not propose a condition that the telehealth
technology be necessary for the provision of telehealth services and
are not finalizing such a condition. As explained above, we are also
not finalizing a condition that requires a good faith determination
that the individual to whom the technology is furnished does not
already have the necessary telehealth technology. We emphasize
telehealth technology is not protected unless the technology is
provided for the purpose of furnishing telehealth services related to
the individual's end-stage renal disease.
We are not finalizing the condition that would require the person
who furnishes the telehealth technologies to take reasonable steps to
limit the use of the telehealth technologies by the individual to the
telehealth services described on the Medicare telehealth list. We agree
with the commenter that there may be practical and operational
challenges with such a requirement. Additionally, the combinations of
safeguards finalized in this rule appropriately protect against
potential fraud and abuse and this condition, which we considered in
the OIG Proposed Rule, is not necessary.
Comment: A commenter expressed support for our proposal to
interpret ``telehealth services related to the individual's [ESRD]'' to
mean telehealth services paid for by Medicare Part B because the
proposal ensures that all Part B telehealth services are treated
consistently by defaulting to the statutory definition for telehealth
services. Another commenter suggested that we clarify that, in order to
qualify for protection under the exception, the telehealth technologies
must be used for
[[Page 77874]]
the Part B clinical assessment and also may be used for additional
clinical support and patient monitoring directly related to the ongoing
ESRD care.
Many other commenters urged us not to adopt this interpretation,
asserting that it was too narrow. Commenters noted that patients with
ESRD could benefit from telehealth services that might not be covered
by Part B--including patient education, dietary counseling, and
monitoring vital signs--that may assist with managing comorbidities
(which may or may not be related to the patient's ESRD) and preventing
further progression of kidney disease. A commenter stated that while
the care provided via telehealth technologies should be primarily
related to the management of ESRD, dialysis providers are well-suited
to treat the ``whole person'' with the assistance of telehealth
technologies. The commenter sought to provide telehealth technologies
that might support virtual ESRD management (e.g., nurse assessment,
social worker support, dietician care), as well as telehealth
technologies that may address ESRD-related issues and comorbidities
possibly included in value-based care models (e.g., fistula evaluation
and specialty visits for comorbidity management). Commenters also
asserted that protecting a broader range of telehealth services would
further the Department's goal of encouraging care coordination and
Congress' intent in enabling in-home dialysis. Some commenters asserted
that the statute does not require limiting the telehealth services to
those paid for by Medicare Part B. A commenter also noted that payment
for ESRD services under Medicare Part B is through a bundled payment
and it is therefore impossible to have the technology tied to any
particular reimbursed service.
Response: We are not finalizing our proposed interpretation of
``telehealth services related to the individual's [ESRD]'' to mean
telehealth services paid for by Medicare Part B. We did not propose
regulatory text to implement this interpretation, and therefore, are
not making corollary modifications to the regulatory text. We explain
in more detail below that we broadly interpret the term ``telehealth
services'' to apply a wide range of services that are provided with
telehealth technologies. However, we are not adopting a specific
definition of ``telehealth services'' for this exception. We provide
additional explanation about our interpretation of the term
``telehealth services'' below.
We agree with commenters that section 1128A(i)(J)(6) of the Act
does not limit telehealth services to those paid for by Medicare Part
B. The definition of ``telehealth technologies'' in section
1128A(i)(6)(J) and the term ``telehealth services'' in
1128A(i)(6)(J)(ii) are not limited to related definitions in Medicare.
The statute provided the Secretary flexibility to interpret these terms
differently than the Medicare definitions in Title XVIII of the Act.
Consistent with the statutory exception and for the purpose of this
exception, we are not limiting the term ``telehealth services'' to
those that would be paid for by Medicare Part B. We recognize that this
means providers, physicians, and renal dialysis facilities will have
flexibility to determine whether telehealth technologies are provided
for the purpose of furnishing telehealth services related to the
individual's ERSD. The limited nature of the exception and the other
safeguards appropriately limit the risk of fraud and abuse. For
example, one risk of inappropriate beneficiary inducements is that they
will lead to a practitioner providing medically unnecessary services to
the patient. The limited nature of this exception mitigates that risk
(e.g., this exception is limited to Medicare Part B beneficiaries
receiving in-home dialysis). It is unlikely that a beneficiary could be
induced to receive medically unnecessary in-home dialysis to receive
free telehealth technologies. In-home dialysis is invasive treatment
and requires significant up-front training.
Additionally, under the same sections the beneficiary must be
receiving in-home dialysis paid for by Medicare Part B. That mitigates
and provides additional protection against providers, physicians, and
renal dialysis facilities that seek to use telehealth technologies to
induce and bill for medically unnecessary telehealth services related
to the patient's ESRD condition. If the provider is seeking to bill
Medicare for telehealth services that use telehealth technologies
protected by this exception, those services must meet all Medicare
requirements, including medical necessity. This exception does not
affect Medicare requirements for ESRD services or telehealth services.
Furthermore, billing for medically unnecessary telehealth services is
not protected by this exception and such conduct would implicate
criminal and civil health care fraud statutes. Therefore, this
exception does not need to link the term ``telehealth services'' to
those paid for by Part B as an additional safeguard for the purposes of
this exception. To the contrary, we agree with commenters that limiting
telehealth services to services currently paid for by Medicare Part B
would unnecessarily limit the utility of the exception to support
patients' ESRD care and use of home dialysis. To the extent that the
telehealth services are not billable to Medicare, there is reduced risk
that free telehealth technology is being offered as an inducement for
billable services.
We are not finalizing a definition of ``telehealth services''
specific for this exception. Instead, we are providing an
interpretation of the term in the preamble of this rule. The exception
protects the provision of a broad range of telehealth technologies, as
we explained above in the discussion of that definition. If we were to
limit the term to telehealth services paid for by Medicare Part B, then
the types of technology would be limited to those identified in section
1834(m) of the Act and 42 CFR 410.78 (i.e., audio and video equipment
permitting two-way, real-time interactive communication). Similarly, if
we were to define ``telehealth services,'' we might inadvertently limit
the scope of the telehealth technologies definition that is intended to
be broad.
As stated previously, we intend for this exception to apply to all
types of telehealth technology that are provided for the purposes of
furnishing distant or remote services through various modalities. At a
minimum, such services include the following types covered by Medicare:
Telehealth services, virtual check-in services, e-visits, remote care
management, and remote patient monitoring. To receive protection,
telehealth technologies do not need to be provided for the purpose of
furnishing a payable Medicare service related to the individual's end-
stage renal disease.
To provide additional examples, this exception would protect
telehealth technology provided for the purpose of furnishing the
following types of telehealth services raised by commenters as long as
the arrangement meets all conditions of the exception: Virtual ESRD
management (e.g., nurse assessment, social worker support, dietician
care), patient education, dietary counseling, and monitoring vital
signs. Other services not listed here may also be considered telehealth
services for the purposes of this exception based on the facts and
circumstances of the care being provided. Accepted clinical and care
practices for use of telehealth, physician judgment, and patient and
caregiver needs and preferences with respect to modalities would be
relevant considerations in assessing the telehealth services under this
specific condition. This exception provides significant flexibility to
providers,
[[Page 77875]]
physicians, and renal dialysis facilities to assess how telehealth
technologies can be provided to support a wide range of telehealth
services related to an individual's ESRD.
Again, this exception does not change the coverage or payment
requirements related to the provision of these services or submitting
claims for reimbursement. Even though this exception may protect a
physician, provider, or renal dialysis facility from CMP liability for
providing a patient telehealth technology for the purpose of furnishing
telehealth services, that does not mean the physician, provider,
facility, or any other individual or entity can bill for those
services.
The other limitation in this condition is that the telehealth
technologies be provided for the purposes of furnishing telehealth
services related to the individual's ESRD. In response to commenters
who recommended that this include telehealth services that address
ESRD-related issues and comorbidities, we agree that this language is
not specifically limited to ESRD. We recognize that patients with ESRD
are likely receiving care for comorbidities that affect their ESRD. It
would be difficult to define in this Beneficiary Inducement CMP
exception criteria that a provider, physician, or renal dialysis
facility could apply to assess whether a telehealth service is or is
not related to an individual's ESRD. We believe the appropriate
approach is to give health care providers flexibility to make this
determination reasonably based on the specific facts and circumstances
of the patient's condition and telehealth services furnished to care
for such condition. Although not required, we believe it would be a
best practice for the donor to document contemporaneously how the
telehealth services relate to the individual's ESRD care, such as to
management of care, monitoring of health, or treatment, potentially
including reference to appropriate clinical or other relevant health or
patient-reported indicators.
Furthermore, we note that several other exceptions and safe harbors
may apply to certain items and services for which commenters sought
protection under this exception, depending on the facts and
circumstances, such as the patient engagement and support safe harbor
finalized in this rule at 42 CFR 1001.952(hh) and the exception to the
definition of ``remuneration'' under the Beneficiary Inducements CMP
for certain remuneration that poses a low risk of harm and promotes
access to care, 42 CFR 1003.110.
f. Ownership and Retrieval of Technology
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we
considered and sought comment on a condition that would require the
provider or facility to retain ownership of any hardware and make
reasonable efforts to retrieve the hardware once the beneficiary no
longer needs it for the permitted telehealth purposes.
Summary of Final Rule: After a consideration of relevant comments,
we are not finalizing this condition.
Comment: Many commenters on this topic expressed support for the
overall concept of requiring the provider or facility to retain
ownership and make reasonable efforts to retrieve the hardware once the
beneficiary no longer needs it. Some commenters did not support a
requirement that the provider or facility retain ownership. Some of
these commenters noted that the concept of ownership in this context
may be rendered moot because the useful life of the device may expire
during the period of use by the patient. Some commenters also
questioned the utility of requiring retrieval of items that are no
longer state-of-the-art or otherwise have minimal value. Many
commenters also expressed concern regarding the administrative burden
associated with tracking and monitoring compliance with a retrieval
requirement.
Many commenters on this topic described potential scenarios in
which technology may be provided to a patient who then ceases to need
it (e.g., the patient receives a transplant). In these circumstances,
commenters were generally supportive of requiring the provider or
facility to retrieve the technology. Several commenters supported
requiring ``reasonable efforts'' to retrieve the hardware in
circumstances when it will not harm the patient, with exceptions for
circumstances when retrieval is impractical, the hardware has greatly
reduced utility or value, or the patient has died. A commenter also
asserted that if the hardware is provided in such a way that the use is
limited to telehealth services, it will not provide substantial
independent value to the beneficiary, and thus the failure to retrieve
after reasonable recovery efforts does not create meaningful inducement
risks.
Response: We are not finalizing a requirement that a provider,
physician, or facility retain ownership of the technology. We also are
not finalizing a retrieval requirement. We note that the condition that
the telehealth technologies be provided to an individual with ESRD and
who is receiving home dialysis for which payment is being made under
Medicare Part B would necessitate termination of technology services
(e.g., recurring monthly data plan fees or applications that require
ongoing subscription fees) if the individual is no longer receiving
home dialysis payable by Medicare Part B. Likewise, technology services
would need to be terminated if the patient is no longer using them for
ESRD-related telehealth services. Further, the exception does not
protect sham donations of technology given to individuals to keep
indefinitely.
g. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We proposed to require as a condition
of protection under the exception that the provider of services or a
renal dialysis facility not separately bill Federal health care
programs, other payors, or individuals for the telehealth technologies,
claim the costs of the telehealth technologies as a bad debt for
payment purposes, or otherwise shift the burden of the costs of the
telehealth technologies to a Federal health care program, other payors,
or individuals.
Summary of Final Rule: We are not finalizing this condition.
Comment: Commenters expressed support for the proposed prohibition
on cost-shifting. No commenters expressed opposition.
Response: Upon consideration of the combination of safe harbor
conditions implemented by this final rule, we are not finalizing the
proposed cost-shifting prohibition. We have concluded that the
combination of final conditions and the limited-nature of this
statutory exception will adequately protect against fraud and abuse
risks, and an additional safeguard related to cost-shifting is not
necessary.
We proposed the cost-shifting condition to protect against the
telehealth technologies resulting in inappropriately increased costs to
Federal health care programs, other payors, and patients. However, we
do not want to exclude arrangements from this exception that involve
furnishing telehealth or other service to the ESRD patient receiving
in-home dialysis and that are also billable to Medicare. We recognize
that those services, as long as applicable Medicare rules are met, may
appropriately result in Medicare paying for costs of certain telehealth
technologies or an appropriate increase in certain Medicare costs.
We did not intend to suggest any limit on appropriate billing of
Federal health care programs or other payors for
[[Page 77876]]
medically necessary items and services furnished in connection with
telehealth technologies provided to ERSD patients receiving in-home
dialysis. If a provider furnishes items or services that are covered as
part of a Federal health care program, the provision of those items or
services alone would not implicate the Federal anti-kickback statute at
all. However, there could be circumstances under which a provider, when
furnishing covered items or services, does give a Federal health care
program beneficiary something of value, or remuneration, thereby
implicating the Federal anti-kickback statute. For example, the Federal
anti-kickback statute would be implicated by a provider waiving or
reducing any required cost-sharing obligations for the covered items
and services incurred by a Federal health care program beneficiary or
providing ``extra'' items and services--that is, that are not part of
the covered item or service--for free. Furthermore, nothing in this
rule exempts parties from responsibility for compliance with all
applicable coverage and billing rules.
Additionally, this final exception covers a wider range of
telehealth technologies used to support the furnishing of telehealth
services than types of technology used to provide Medicare Part B
covered ``telehealth services.'' There may be other Medicare covered
services that would cover the costs of telehealth technologies, as
defined in this exception, as part of a service provided to a
beneficiary receiving in-home dialysis. For example, the remote patient
monitoring services described by the chronic care remote physiologic
monitoring family of codes are covered by Medicare Part B but are not
``telehealth services'' within the meaning of the Medicare statute.
However, remote patient monitoring technologies would meet the
definition of ``telehealth technologies'' in this final exception.
h. Other Potential Safeguards
i. Consistent Provision of Telehealth Technologies
Summary of OIG Proposed Rule: The OIG Proposed Rule considered
several other potential conditions for this exception, including
prohibiting providers and renal dialysis facilities from discriminating
in the offering of telehealth technologies. We solicited comments on
this potential safeguard and whether it would limit the ability of
providers and facilities to offer technologies due to the potential
cost of furnishing the technology to all qualifying patients rather
than a small subset. We also solicited comments on why offering
technology to a smaller subset of qualifying patients might be
appropriate and not increase the risk of fraud and abuse.
Summary of Final Rule: We are not finalizing this condition.
Comment: A few commenters supported some form of a
nondiscrimination standard as appropriate. On the other hand, several
commenters raised concerns regarding a possible condition to the
exception requiring that a provider or facility provide the same
telehealth technologies to any Medicare Part B patient receiving in-
home dialysis, or to otherwise consistently offer telehealth
technologies to all patients, including that the uniform provision of
telehealth technologies would be cost-prohibitive for many providers
and facilities and could result in their decision not to offer any
telehealth technologies. Several commenters encouraged us to adopt more
flexible standards that would allow the provider or facility to
exercise discretion in offering telehealth technologies to ensure that
the patients to whom they offer the technologies are most likely to
benefit from them.
At least one of these commenters suggested that providers and
facilities be permitted to provide telehealth technologies
differentially to patients based on clinical risk assessments, clinical
appropriateness determinations from the patient's physician, or other
clinical or means-based criteria, with another commenter noting that it
is common for providers and payors to focus interventions on higher
risk or higher cost patients. A dialysis provider specified that they
would like the exception to protect the deployment of certain
technologies, such as remote monitoring or wearable devices, to
specific patient populations that may have higher assessed clinical
risk, such as patients that have experienced a recent hospitalization
event.
Other commenters supported the approach of requiring providers or
facilities to consistently offer telehealth technologies to all
patients satisfying specified, uniform criteria, and a commenter
requested that we make clear that a provider or facility would have
flexibility to establish criteria under which only a subset of patients
would be offered telehealth technologies. A commenter noted that
legitimate criteria may include for example patient mobility, access to
transportation options, financial status, and health condition. A
commenter suggested that we identify and carve out criteria that would
not be appropriate, such as the patient's payor or provider.
A dialysis provider encouraged OIG to ensure flexibility to provide
and customize certain telehealth technology offerings to patients based
on for example means-based or rural location needs, and to allow for
changes resulting in the development of new technology. The commenter
noted that the availability and cost of data plans and devices with
wireless cellular service may vary from location to location, and thus
a requirement to furnish the same telehealth technologies to all
patients may not be feasible.
Response: We appreciate the comments that explain why providing the
same telehealth technologies to any Medicare Part B eligible patient
receiving in-home dialysis may be impractical or impossible, and we are
not finalizing that condition. We also are not finalizing a condition
that would require providers, physicians, and facilities to
consistently offer telehealth technologies to all patients satisfying
specified, uniform criteria. As stated in section III.C.1.a above, this
is a narrow statutory exception to the Beneficiary Inducement CMP.
Because the exception finalized here is only available to established
patients who are receiving specific services paid for by Medicare Part
B, the potential for fraud and abuse is reduced.
We recognize that patient need for technology may vary based on
location, availability of transportation, financial status, diagnosis
and treatment plan, or other legitimate and appropriate factors. We
believe the donor is in the best position to identify whether provision
of the technology is appropriate only to a subset of patients receiving
in-home dialysis paid for by Medicare Part B. We are providing
additional flexibilities to donors to determine which beneficiaries
receive telehealth technologies by not finalizing this condition. The
risk of fraud and abuse associated with selectively deciding which
patients receive telehealth technologies is mitigated by other
conditions finalized in this rule (e.g., telehealth technologies are
protected only if provided to beneficiary already receiving in-home
dialysis). Additionally, providers, physicians, and facilities must
still meet Medicare requirements for services provided to the
beneficiary; they cannot bill for medically unnecessary services.
Schemes to submit false claims would implicate other criminal and civil
fraud statutes and would not be protected by this exception to the
Beneficiary Inducement CMP.
Comment: Several commenters encouraged us to adopt a standard that
allows for providing technology on an as-needed basis, recognizing that
some
[[Page 77877]]
patients may choose not to have telehealth services and some patients
may prefer to use their own technology. Other commenters encouraged us
to ensure patients retain the right to choose whether to participate in
telehealth services or utilize telehealth technology.
Response: The design of the final rule allows providers to take
into account patient choice and preferences. We are not finalizing a
condition that would have required physicians, providers, and
facilities to provide telehealth technologies in accordance with
specified criteria applied uniformly. We agree with commenters that
patient choice is paramount, and the decision to select a home dialysis
modality or telehealth services related to the patient's ESRD rests
with the patient. Patients are under no obligation to dialyze in the
home or to receive telehealth services, notwithstanding the
availability of telehealth technologies. We emphasize that protected
telehealth technologies cannot be offered as part of an advertisement
or solicitation, nor should offers of free telehealth technology be
made for the purpose of persuading patients to make clinical decisions
about treatment modalities. In such cases, the telehealth technologies
are not being provided for the purpose of furnishing telehealth
services as required by the statute and this exception.
ii. Notice to Patients
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we stated
that we were considering adding a condition that would require
providers or facilities to provide a written explanation of the reason
for the technology and any potential ``hidden'' costs associated with
the telehealth services to any patient who elects to receive telehealth
technology. We considered this condition in response to concerns raised
in comments submitted in response to the OIG RFI \158\ that patients
may be confused by the technology or the reason they are receiving a
piece of technology and may be unaware of costs associated with
telehealth services. We sought comment on these perceived risks to
patients, whether to include a written notice requirement in the final
rule and, if so, what that notice should state.
---------------------------------------------------------------------------
\158\ 83 FR 43607 (Aug. 27, 2018).
---------------------------------------------------------------------------
Summary of Final Rule: For the reasons stated below, we are not
finalizing this requirement.
Comment: Most commenters on this topic supported the principle of
providing information to patients, but commenters disagreed as to
whether we should adopt a formal notice requirement as a standard for
meeting the exception. Some commenters asserted that there was no need
for a formal notice requirement as a condition of the exception because
this type of communication should be a part of the normal physician-
patient relationship. Others stated that conveying this type of
information is the current standard of medical practice for home
dialysis patients. Other commenters supported having a formal notice
requirement as a condition of the exception, emphasizing the need to
ensure patients have a clear and transparent understanding of the care
they are receiving and the costs of such care. A commenter requested
that OIG provide a sample of any required notice.
Response: We agree that patients need to have a clear understanding
of the care they are receiving and the costs of such care. However, we
also agree with commenters that this information should be conveyed
through the physician-patient relationship or in the normal facility-
patient communications for patients dialyzing at home. We are not
finalizing any notice requirement as part of the exception. Parties are
free to provide written notice explaining the reason for the technology
and any potential costs associated with the telehealth services if they
so choose.
iii. Patient Freedom of Choice
Summary of OIG Proposed Rule: The OIG Proposed Rule considered a
condition to the telehealth technologies exception designed to preserve
patient freedom of choice among health care providers and the manner in
which a patient receives dialysis services (i.e., in-home or in a
facility). Specifically, we considered adding a condition to the
exception that would require offerors of telehealth technologies to
advise patients when they receive such technology that they retain the
freedom to choose any provider or supplier of dialysis services and
receive dialysis in any appropriate setting.
Summary of Final Rule: As explained below, we are not finalizing
this requirement.
Comment: Several commenters, while supportive of patient autonomy
and ensuring that patients are aware of the right to choose
practitioners, providers, suppliers, and dialysis modalities, disagreed
with additional documentation requirements related to informing
patients of these rights for a number of reasons. For example, one
commenter suggested that patients may not wish to receive this
information. The commenter advocated instead for broader protections
for freedom of choice, such as a prohibition on restricting referrals.
Other commenters highlighted the administrative burden of additional
documentation. Commenters stated that notice already is part of the
provider and patient relationship, noting that for certain facilities
any additional documentation requirement would be duplicative of the
notice requirements found in the ESRD Conditions for Coverage (CFCs). A
commenter requested a carve-out for facilities that meet the
requirement under the CFCs. A commenter asserted that it would not add
sufficient value that outweighs the burden of providing a written
explanation of the reason for the technology and any potential
``hidden'' costs associated with the telehealth services to any patient
who elects to receive telehealth technology.
Other commenters supported the proposed requirement and asserted
that patients should be informed that they have the choice whether to
use technologies and that their choice will not in any way influence
the care to which they are entitled. Another commenter suggested that
this should be standard information given to patients receiving ESRD-
related care, regardless of the treatment modality they use. The
commenter shared a concern raised that some patients may be persuaded
to opt for telehealth services due to generous telehealth technologies
and services being offered rather than clinical appropriateness, and
believes this step could prevent any such inappropriate care from
occurring. One commenter proposed to further clarify that the patient
notice or patient consent for use of telehealth technologies include
that the patient is not required to utilize or accept the provision of
such technologies.
Response: We are not finalizing this condition because we believe
in part that existing laws are better suited to protecting patient
freedom of choice and the patient's best interest than a statutory-
based exception to the Beneficiary Inducement CMP, including those
discussed by the commenters. Furthermore, discussion of clinical
appropriateness of in-home dialysis and telehealth services related to
a patient's ESRD is inherent in the physician-patient relationship or
facility-patient relationship, which serves first-and-foremost to
protect the patient's best interest and preserve patient choice. The
condition finalized at paragraph (10)(i) in 1003.110 limits the offer
or furnishing of telehealth technologies to a patient that initiates
contact with the provider, facility, or physician to schedule an
appointment or other
[[Page 77878]]
service also supports patient autonomy, and marketing is not allowed by
the condition at paragraph (10)(ii) in 1003.110. These conditions will
help preserve a patient's choice to select any provider, physician, or
facility without inappropriate influence from such entities.
Comment: A commenter supported informing recipients of their
freedom to choose any provider or supplier of dialysis services but
requested clarification regarding whether telehealth technologies
furnished to certain in-home dialysis patients would also be covered
under the exception to the definition of ``remuneration'' for items or
services that promote access to care and pose a low risk of harm to
Federal health care programs at 1128A(i)(6)(F) of the Act.
Response: As stated above, we believe existing laws are better
suited to protecting patient freedom of choice and nothing in this rule
limits patient's freedom of choice. As we stated in the OIG Proposed
Rule, the provision of telehealth technologies might qualify for
protection under other existing exceptions or safe harbors. Whether a
particular arrangement for the provision of telehealth technologies
meets the requirements of, for example, the exception for arrangements
that promote access to care and poses low risk of harm at
1128A(i)(6)(F) of the Act (and the corresponding regulatory exception
at 42 CFR 1003.110) is a fact-specific analysis beyond the scope of
this rulemaking. We note that parties are also free to request an OIG
advisory opinion.
iv. Materials and Records Requirement
Summary of OIG Proposed Rule: We did not propose a condition
related to the development or retention of materials and records or
another documentation requirement but solicited comments on the fraud
and abuse risks presented by not including such a condition in this
exception.
Summary of Final Rule: We are not finalizing a materials and
records retention requirement.
Comment: Commenters agreed with our approach to omit a materials
and records or other documentation requirement. A commenter noted that
this approach reduces unnecessary administrative burden. Another
commenter pointed to other documentation requirements required by law,
highlighting that these obviate the need for a documentation
requirement in this exception.
Response: We agree that omitting a documentation requirement for
this exception may reduce administrative burden for donors of
telehealth technologies. We believe that in the case of telehealth
technologies provided to individuals with ESRD under this exception,
the absence of a documentation requirement does not materially impact
the attendant fraud and abuse risks. We note, however, that while this
exception is voluntary, parties that rely on it have the burden of
demonstrating that all the conditions are met. Maintaining
documentation that the provision of telehealth technologies satisfies
the exception's conditions may be prudent for compliance purposes.
a. Other Offerors
Comment: Several commenters stated that free and charitable clinics
and charitable pharmacies, especially in rural areas, rely on the use
of telehealth technologies to provide access to specialty care to
uninsured and medically underserved patients. The commenters posited
that eliminating barriers to allow free and charitable clinics and
charitable pharmacies to furnish telehealth technologies to patients
without implicating the physician self-referral law or the Federal
anti-kickback statute would enhance their ability to serve the target
population of uninsured and medically underserved. The commenters
suggest that expanded access to telehealth technologies would enhance
health equity and care coordination, specifically for those who are
uninsured and in rural areas. Another commenter was supportive of the
exception and suggested expansion to allow for the provision of
telehealth technologies by behavioral health providers.
Response: We appreciate the commenters' suggestion that telehealth
technologies may benefit a broader range of patients. Charitable
clinics or charitable pharmacies that meet the conditions in paragraphs
(10)(i) and (ii) (e.g., a provider, physician, or renal dialysis
facility that is currently providing the in-home dialysis, telehealth
services, or other end-stage renal disease care to the patient or has
been selected or contacted by the individual to schedule an appointment
or provide services) may be eligible to protect the provision of
telehealth technologies under this exception. Such a determination must
be based on the facts and circumstance of the specific clinic or
pharmacy, and whether the provision of the telehealth technology meets
all conditions of the exception.
We note that several other exceptions and safe harbors may apply to
the provision of telehealth technologies to patients, depending on the
facts and circumstances, such as the patient engagement and support
safe harbor, finalized in this rule at 42 CFR 1001.952(hh), and the
exception to the definition of ``remuneration'' under the Beneficiary
Inducements CMP for certain remuneration that poses a low risk of harm
and promotes access to care, found at 42 CFR 1003.110.
j. Recipient
Comment: A commenter stated that it is critical to ensure that the
provision without charge of these same technologies to nephrologists
and other treating physicians of home dialysis patients is permissible
under anti-kickback statute. The commenter highlighted that every
dialysis patient is required to have an attending nephrologist, and the
nephrologist is the only individual who is part of the required care
team who is not otherwise employed by the dialysis provider.
Accordingly, the commenter urged us to clarify that the dialysis
provider can also provide members of the care team who are not employed
by the dialysis provider with the technology and software necessary to
accommodate telehealth for dialysis patients.
Response: We appreciate the commenter's concerns, but the
commenter's recommendations are outside the scope of the statutory
exception we codify here, which is an exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP. Specifically,
the regulatory exception we finalize here implements the corresponding
statutory exception in section 50302 of the Budget Act of 2018, which
protects the provision of telehealth technologies ``to an individual
with end-stage renal disease. . . .'' This exception does not protect
remuneration between a dialysis provider and other members of a
patient's care team. As the commenter notes, remuneration among and
between providers and practitioners may implicate the Federal anti-
kickback statute. Parties seeking to protect such arrangements may seek
protection under a safe harbor, such as the care coordination
arrangements safe harbor finalized in this rule at 1001.952(ee).
Parties are also free to request an advisory opinion pursuant to 42 CFR
1008 et seq. related to the facts and circumstances described in this
comment.
Comment: A commenter requested clarity regarding situations in
which technologies provided to beneficiaries could also result in
potential indirect benefits to other providers who may be in a referral
source relationship with the donor of the telehealth technologies,
[[Page 77879]]
including in the context of an integrated care delivery system.
Response: We appreciate the commenter's concern. The Federal anti-
kickback statute is a criminal statute that serves as an important
sanction against fraud when parties intentionally offer or pay
kickbacks to influence referrals. Any indirect benefit to a provider
who may be a referral source for a donor would need to be analyzed
under the Federal anti-kickback statute which, as explained above, is
outside the scope of the statutory exception to the Beneficiary
Inducements CMP that we codify here. As a matter of law, arrangements
that fit in an exception to the Beneficiary Inducements CMP are not
automatically protected from liability under the Federal anti-kickback
statute. Parties seeking to protect remuneration implicating the
Federal anti-kickback statute should assess arrangements to determine
if the arrangement qualifies for protection under a safe harbor.
IV. Provisions of the Final Regulation
This final rule incorporates the regulations and amendments we
proposed in the OIG Proposed Rule, but with changes to the regulatory
text. In this final rule, we modify existing as well as add new safe
harbors pursuant to our authority under section 14 of the Medicare and
Medicaid Patient and Program Protection Act of 1987 by specifying
certain payment practices that will not be subject to prosecution under
the Federal anti-kickback statute. We also codify into our regulations
a statutory safe harbor for patient incentives offered by ACOs to
assigned beneficiaries under ACO Beneficiary Incentive Programs and a
statutory exception to the definition of ``remuneration'' in 42 CFR
1003.110 for certain telehealth technologies furnished to in-home
dialysis patients.
The following is a list of the safe harbors and the exception that
we are finalizing: Modifications to the existing safe harbor for
personal services and management contracts at 42 CFR 1001.952(d);
modifications to the existing safe harbor for warranties at 42 CFR
1001.952(g); modifications to the existing safe harbor for electronic
health records items and services at 42 CFR 1001.952(y); modifications
to the existing safe harbor for local transportation at 42 CFR
1001.952(bb); a new safe harbor for care coordination arrangements to
improve quality, health outcomes, and efficiency at 42 CFR
1001.952(ee); a new safe harbor for value-based arrangements with
substantial downside financial risk at 42 CFR 1001.952(ff); a new safe
harbor for value-based arrangements with full financial risk at 42 CFR
1001.952(gg); a new safe harbor for arrangements for patient engagement
and support to improve quality, health outcomes, and efficiency at 42
CFR 1001.952(hh); a new safe harbor for CMS-sponsored model
arrangements and CMS-sponsored model patient incentives at 42 CFR
1001.952(ii); a new safe harbor for cybersecurity technology and
related services at 42 CFR 1001.952(jj); a new safe harbor for
accountable care organization (ACO) beneficiary incentive program at 42
CFR 1001.952(kk); and an exception for telehealth technologies for in-
home dialysis at 42 CFR 1003.110.
V. Regulatory Impact Statement
As set forth below, we have examined the impact of this final rule
as required by Executive Order 12866, the Regulatory Flexibility Act
(RFA) of 1980, the Unfunded Mandates Reform Act of 1995, Executive
Order 13132, and Executive Order 13771. In section A, we provide an
overview of our analysis of the impact of this final rule. We also
provide additional supporting analysis in section F.
Summary of OIG Proposed Rule: We determined that the aggregate
economic impact of the proposals would be minimal and would have no
effect on the economy or on Federal or State expenditures. We also
determined that the proposals would not significantly affect small
providers. Further, we determined that the rule was neither regulatory
nor deregulatory under Executive Order 13771.
Summary of Final Rule: We are finalizing the determinations set
forth in the OIG Proposed Rule except for the determination under
Executive Order 13771. Here we explain that this final rule is a
deregulatory action under Executive Order 13771. In addition, we
provide additional explanation about our determinations here.
A. Overview of Analysis
By making available the new protections established in this final
rule, we expect health care industry stakeholders will realize
increased flexibility and legal certainty when entering into value-
based, care coordination, and other arrangements that have the
potential to reduce Federal health care program expenditures and
improve the quality of care without sacrificing program integrity.
However, we are unable to quantify--with certainty--the overall
aggregate impact or effect on small providers related to changes in
industry behavior that we can reasonably expect following the effective
date of this final rule. Even so, we believe that our final policies
are reasonably likely to permit, if not encourage, behavior that will
reduce waste in the U.S. health care system, including Medicare and
other Federal health programs, and that these changes will result in
lower costs for both patients and payors, and generate other benefits,
such as improved quality of patient care and lower compliance costs for
providers and suppliers. Below we describe: (1) The need for new and
modified safe harbors and exceptions; (2) an overview of the estimated
impact of the final rule; (3) anticipated outcomes of the final rule;
(4) expanded protections under the final rule and examples of
anticipated arrangements; (5) anticipated beneficial impact of value-
based, care coordination, and patient engagement and support
arrangements; (6) anticipated beneficial impact of the new safe harbor
for cybersecurity technology and services; and (7) anticipated costs.
1. Need for New and Modified Safe Harbors and Exceptions
The Federal anti-kickback statute provides for criminal penalties
for whoever knowingly and willfully offers, pays, solicits, or receives
remuneration to induce or reward, among other things, the referral of
business reimbursable under any of the Federal health care programs,
including Medicare and Medicaid. Health care providers and others may
voluntarily seek to comply with safe harbors so that they have the
assurance that their business practices will not be subject to any
Federal anti-kickback enforcement action. Compliance with an applicable
safe harbor insulates an individual or entity from liability under the
Federal anti-kickback statute. Parties may use any applicable safe
harbor into which they can squarely fit.\159\ However, failure to fit
in a safe harbor does not mean that an arrangement violates the law.
---------------------------------------------------------------------------
\159\ Existing safe harbors that may apply to some care
coordination and value-based arrangements include the employee safe
harbor (42 CFR 1001.952(i)), the personal services and management
contracts safe harbor (42 CFR 1001.952(d)), the various managed care
safe harbors (e.g., 42 CFR 1001.952(t)), and the local
transportation safe harbor (42 CFR 1001.952(bb)). However,
stakeholders have informed us that many arrangements they would like
to enter into cannot fit in the existing safe harbors as currently
structured.
---------------------------------------------------------------------------
The Beneficiary Inducements CMP provides for the imposition of
civil monetary penalties against any person who offers or transfers
remuneration to a Medicare or State health care program (including
Medicaid) beneficiary that
[[Page 77880]]
the benefactor knows or should know is likely to influence the
beneficiary's selection of a particular provider, practitioner, or
supplier of any item or service for which payment may be made, in whole
or in part, by Medicare or a State health care program (including
Medicaid). Compliance with an applicable exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP or compliance
with an exception or safe harbor to the Federal anti-kickback statute
protects such practice from liability under the Beneficiary Inducements
CMP.
In many cases, emerging coordinated care and value-based delivery
and payment arrangements, which encourage functional integration and
coordination between and among providers and other industry
stakeholders, often using financial incentives, may not fit easily or
at all under current safe harbors to the Federal anti-kickback statute,
exceptions to the Beneficiary Inducements CMP, or both. Many value-
based and care coordination arrangements also rely on improving patient
engagement in care through tools or supports (e.g., free or reduced-
cost technology, free local transportation services), potentially
implicating both the Federal anti-kickback statute and the Beneficiary
Inducements CMP. Such tools or supports may not fit easily (or at all)
under existing safe harbors to the Federal anti-kickback statute or
exceptions to the definition of ``remuneration'' under the Beneficiary
Inducements CMP.
Public stakeholders have asserted--through comments to both the OIG
RFI and OIG Proposed Rule, as well as other public forums--that this
lack of clear legal protection has a chilling effect on the development
of effective care coordination arrangements, value-based arrangements,
and arrangements engaging or supporting patients. As a consequence,
this final rule provides greater certainty and protection for care
coordination arrangements, value-based arrangements, patient engagement
tools and supports, and other beneficial arrangements from potential
liability under the Federal anti-kickback statute and Beneficiary
Inducements CMP (as applicable), if the arrangements are properly
structured to satisfy an applicable safe harbor's or exception's
conditions (as applicable).
2. Overview of Estimated Impact of the Final Rule
There is not enough available information to estimate this final
rule's effect on the economy, Federal or State expenditures, or small
providers. In other words, we are not able to provide quantitative
estimates of savings to or expenditures for the Federal health care
programs, providers, and others that will result from this final rule.
More specifically, we lack a basis for determining the scope and
magnitude of financial arrangements for which parties may seek safe
harbor protection.
We lack a basis for making any quantitative estimates for the
following reasons. First, we cannot estimate how many providers and
other industry stakeholders will enter in value-based and care
coordination arrangements or other arrangements protected by these
final safe harbors and exception. This is in part because using and
complying with the safe harbors and exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP finalized here
are voluntary. Indeed, providing remuneration in the context of a care
coordination arrangement and engaging Federal health care program
beneficiaries through the provision of tools and supports are voluntary
as well. Stated otherwise, parties are not required either to enter
into financial relationships that implicate the Federal anti-kickback
statute and Beneficiary Inducements CMP, or to structure any financial
relationships that implicate these statutes to satisfy a safe harbor or
exception, as applicable. Failure to satisfy a safe harbor or
exception, as applicable, does not mean that an arrangement is illegal
under the Federal anti-kickback statute or Beneficiary Inducements CMP.
Parties are free to conduct financial arrangements that do not fit
within the protections set forth in these final regulations provided
that they otherwise comply with the law. Further, while parties often
use safe harbors and exceptions as tools to structure compliant
arrangements, parties may also wait to assert compliance with a safe
harbor as a defense should the Government bring an enforcement action.
For this reason, it is further difficult to estimate usage of these
regulations.
Second, while we can provide examples--as noted below--of
arrangements we believe health care industry stakeholders may enter
into under the protection of these final safe harbors and exception, we
cannot predict the form of all of the arrangements, nor which industry
stakeholders will enter into what form of arrangements. More
specifically, based on comments submitted by stakeholders, our
understanding of currently existing value-based and care coordination
arrangements, and our assumption that there will be continued
innovation, we expect significant heterogeneity in value-based and care
coordination arrangements that seek protection under these safe harbors
and exception. Applying a ``conceptual framework'' developed by RAND
Corporation in an assessment of value-based programs illuminates how
the attributes of value-based care and care coordination arrangements
could vary across the industry, making any basis for quantitative
estimates regarding the impact of the regulatory flexibilities set
forth in this final rule highly speculative.\160\
---------------------------------------------------------------------------
\160\ Cheryl L. Damberg et al., RAND Corp., Measuring Success in
Health Care Value-Based Purchasing Programs (2014), available at
https://www.rand.org/content/dam/rand/pubs/research_reports/RR300/RR306/RAND_RR306.pdf.
---------------------------------------------------------------------------
In particular, the RAND conceptual framework highlights how various
aspects of the arrangements for which parties may seek safe harbor and
exception protection could differ, including: (1) Overarching program
design features with respect to the value-based arrangement (e.g.,
measures, incentive structure, targets for incentives, and quality
improvement support and resources); (2) the characteristics of the
providers and the settings in which they practice, including whether or
not the providers are employees, as well as the characteristics of
other parties to the arrangement; and (3) external factors (e.g., other
payment policies, other quality initiatives, consumer behavior, market
characteristics, and regulatory changes) that can enable or hinder any
response to the incentive. In addition, we expect wide variation in the
patient populations served and their particular needs with respect to
care coordination and tools and supports. To provide an example related
to external factors, whether a provider might need to use the patient
engagement and support safe harbor (paragraph 1001.952(hh)) may depend
on whether the beneficiary's Federal health care program covered the
desired tool and support. An arrangement for the provision of digital
technology that is a covered item or service, when provided in
accordance with coverage and payment rules, does not likely require
safe harbor protection and additional regulatory flexibility in this
final rule. On the other hand, an arrangement for the provision of
noncovered tools and supports for free to a Federal health care program
beneficiary likely implicates the Federal anti-kickback statute and may
implicate the Beneficiary Inducements CMP, may need safe harbor
protection, and would
[[Page 77881]]
benefit from such flexibility. Variation in coverage and payment rules
and changes in such rules over time impact the analysis of the
application of the statutes to arrangements and whether parties would
seek to use the final regulations.
In sum, any estimation of behavioral change--and any resulting
increases or decreases in costs to Federal or State health care
programs, providers and other stakeholders, or patients--would be
highly speculative and too uncertain to be appropriately quantifiable.
While we cannot gauge with certainty savings or costs that may result
from this final rule, the rule reflects our effort to remove barriers
impeding wider adoption of beneficial care coordination and value-based
arrangements identified by stakeholders, while prohibiting arrangements
that would improperly increase utilization, promote anti-competitive
behavior, or result in fraud or abuse. Below we elaborate on the
intended and anticipated beneficial outcomes related to the final rule
as well as some potential costs.
3. Anticipated Outcomes of the Final Rule
We can reasonably predict, however, that the final rule likely will
result in changes to stakeholder behavior. The rule may increase
providers' or others' participation in beneficial value-based, care
coordination, patient engagement and support, and other arrangements to
the extent that providers or others have been concerned that such
arrangements would otherwise implicate the Federal anti-kickback
statute and Beneficiary Inducements CMP. In this regard, and with
respect to the intended outcomes and benefits related to this final
rule, we anticipate that the policies in this final rule may: (1)
Remove barriers to robust participation in beneficial value-based
health care delivery and payment systems, including those administered
by CMS and non-Federal payors; (2) facilitate arrangements for
beneficial patient care coordination among affiliated and unaffiliated
health care providers, practitioners, suppliers, and others; (3) remove
barriers to providing tools and supports to patients to better engage
them in their care and improve health outcomes; (4) provide certainty
for participants in the Medicare Shared Savings Program and Innovation
Center models; (5) facilitate the continued adoption and use of
electronic health records by making permanent the safe harbor for the
donation of such items and services; and (6) promote more robust
cybersecurity throughout the health care system. Some of the benefits
that we anticipate will arise from these intended outcomes are: (1)
Improved care coordination for patients, including Federal health care
program beneficiaries; (2) improved quality of care and outcomes for
patients, including Federal health care program beneficiaries; (3)
potential reduction in compliance costs to individuals and entities to
which the Federal anti-kickback statute's and Beneficiary Inducements
CMP's prohibitions apply; (4) reduction in administrative complexity
and related waste from continued progress toward interoperability of
data and electronic health records; (5) protection against the
corruption of or access to health records and other information
essential to the safe and effective delivery of health care; and (6)
reduction in impacts of cybersecurity attacks, including the improper
disclosure of protected health information (PHI), and reduction in
costs associated with cybersecurity attacks, including ransom payments,
costs to patients whose PHI is improperly disclosed, and costs to
providers, suppliers, and others to reestablish cybersecurity.
With respect to the final rule's impact on parties currently
participating in the Medicare Shared Savings Program and Innovation
Center models, we have determined that this Final Rule would not
significantly alter the conditions upon which such providers and
suppliers operate. Such parties currently must comply with the fraud
and abuse statutes and receive fraud and abuse waivers as needed for
CMS to operate the Medicare Shared Savings Program and test models, as
authorized by statute. Finalizing safe harbors protecting value-based
arrangements, care coordination, and certain patient engagement tools
and supports would not significantly alter these conditions. This is
particularly true in light of the new final safe harbor for CMS-
sponsored models, which is designed to streamline the current fraud and
abuse waiver process and make model participation more uniform with
respect to compliance with fraud and abuse laws.
4. Expanded Protections Under Final Rule and Examples of Anticipated
Arrangements
As explained in greater detail in the preamble above, this final
rule expands safe harbor protection under the Federal anti-kickback
statute to protect the following types of arrangements that, in most
cases, would not fit squarely or with certainty in existing safe
harbors:
Certain remuneration exchanged between or among eligible
participants in a value-based arrangement that fosters better
coordinated and managed patient care.
Certain tools and supports furnished to patients to
improve quality, health outcomes, and efficiency.
Certain remuneration provided in connection with a CMS-
sponsored model.
Certain donations of cybersecurity technology and
services.
Certain donations of electronic health records items and
services.
Certain outcomes-based payments and remuneration in
connection with part-time personal services and management contracts
arrangements.
Certain remuneration in connection with bundled warranties
for one or more items and related services.
Certain free or discounted local transportation given to
Federal health care program beneficiaries.
In addition, this final rule extends protection under the
Beneficiary Inducements CMP to protect certain ``telehealth
technologies'' furnished to certain in-home dialysis patients.
Based on the Department's experience with the Medicare Shared
Savings Program and Innovation Center models, information provided by
commenters on the OIG RFI and the OIG Proposed Rule, and information
shared publicly by providers, suppliers, practitioners, health plans,
and others, following the issuance of this final rule we reasonably
expect parties may seek protection under the final safe harbors and
exception such as the following:
A hospital--in recognition that new reimbursement models
may extend hospital accountability for a patient's health beyond
inpatient or outpatient care--may wish to provide recently discharged
patients with free health coaching, technology that facilitates remote
monitoring, a non-reimbursable home visit, or nutritional supplements
to promote the best health outcomes after discharge.
A hospital, recognizing that clinical collaboration and
care coordination may improve patient transitions from one care
delivery point to the next, may wish to provide care coordinators that
furnish individually tailored case management services for patients
requiring post-acute care.
A medical device manufacturer may wish to offer a
physician practice or hospital a data analysis service to track
clinical practices, clinical outcomes, and patient impact as they
relate to hospital- or health-care-acquired pressure injuries.
A hospital may wish to provide support and to reward
institutional post-acute providers for achieving outcome measures that
effectively and
[[Page 77882]]
efficiently coordinate care across care settings and reduce hospital
readmissions. Such measures would be aligned with a patient's
successful recovery and return to living in the community.
A physician may wish to offer--for free-- a prescription
pickup service to retrieve filled prescriptions from the pharmacy and
get them to the patient to expedite the patient's adherence to the
physician's ordered treatment.
A primary care physician, dialysis facility, or other
provider could furnish a smart tablet that is capable of two-way, real-
time interactive communication between the patient and his or her
physician. In turn, the Federal health care program beneficiary's
access to a smart tablet could facilitate communication through
telehealth and the provision of in-home dialysis services.
5. Anticipated Beneficial Impact of Value-Based, Care Coordination, and
Patient Engagement and Support Arrangements
As explained further below, to the extent that providers and others
elect to use these safe harbors and exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP to protect care
coordination, value-based, and other arrangements, there could be
significant beneficial impacts should the intended effect of the
regulatory flexibilities afforded by this final rule--promoting the
adoption of beneficial value-based arrangements and improved care
coordination--come to fruition.
As noted above, we are unable to quantify with certainty any impact
related to the changes in industry behavior that we can reasonably
expect following the effective date of this final rule. Despite the
inability to quantify impact, we believe that the value-based
arrangements, care coordination arrangements, and patient engagement
and support arrangements protected by this final rule ultimately will
reduce waste in the U.S. health care system.
In particular, a recent review of literature from January 2012 to
May 2019 focusing on unnecessary spending, or waste, in the U.S. health
care system (the 2019 study) indicates that waste related to the
failure of care coordination alone results in annual costs of $27
billion to $78 billion.\161\ Much of the research on waste and
improvement reviewed in the 2019 study was conducted in Medicare
populations. The 2019 study noted empirical evidence that
interventions, such as aligning payment models with value or supporting
delivery reform to enhance care coordination, safety, and value, can
produce meaningful savings and reduce waste by as much as half. The
2019 study also identified waste from administrative complexity
(resulting from fragmentation in the health care system) as the
greatest contributor to waste in the U.S. health care system at an
estimated $266 billion annually, and highlighted the opportunity to
reduce waste in this category from enhanced payor collaboration with
health care providers and clinicians in the form of value-based payment
models. According to the 2019 study, as value-based care continues to
evolve, there is reason to believe that such interventions can be
coordinated and scaled to produce better care at lower cost for all
U.S. residents. Moreover, in value-based and care coordination
arrangements, improvements could reduce waste related to overtreatment
and low-value care, a separate category of waste in the U.S. health
care system.
---------------------------------------------------------------------------
\161\ William H. Shrank et al., Waste in the US Health Care
System, Estimated Costs and Potential for Savings, 322 JAMA 1501
(2019), available at https://jamanetwork.com/journals/jama/fullarticle/2752664.
---------------------------------------------------------------------------
OIG studies regarding the Medicare Shared Savings Program and
participating ACOs have found beneficial impacts through improved
quality of care and reduced spending. A June 2019 evaluation found that
Medicare Shared Savings Program ACOs have developed a number of
strategies that the ACOs found successful in reducing Medicare spending
and improving quality of care.\162\ These strategies include, among
others, engaging beneficiaries to improve their own health, reducing
avoidable hospitalizations and improving hospital care through better
care coordination, and using technology for information sharing. For
example, one ACO in the study used tablets to issue medication
reminders and digital scales to transmit information directly to care
coordinators to help manage the health of beneficiaries with end-stage
congestive heart failure. The ACO reported that hospitalizations for
this group declined, on average, from four times a year to one time.
The evaluation observes that the successful strategies can apply not
only to ACOs but also to other providers committed to transforming the
health care system toward value.
---------------------------------------------------------------------------
\162\ OIG, ACOs' Strategies for Transitioning to Value-Based
Care: Lessons From the Medicare Shared Savings Program (OEI-02-15-
00451), July 19, 2019. Available at https://oig.hhs.gov/oei/reports/oei-02-15-00451.asp.
---------------------------------------------------------------------------
An August 2017 OIG report analyzed spending and quality data from
the first 3 years of the Medicare Shared Savings Program to determine
the extent to which ACOs reduced Medicare spending and improved
quality.\163\ During the period studied, most of the 428 participating
ACOs (serving 9.7 million beneficiaries) reduced Medicare spending
compared to their benchmarks, achieving a net spending reduction of
nearly $1 billion. At the same time, ACOs generally improved their
performance on most of the individual quality measures. ACOs also
outperformed fee-for-service providers on most of the quality measures.
A small subset of ACOs showed substantial reductions in Medicare
spending while providing high-quality care. These high-performing ACOs
reduced spending by an average of $673 per beneficiary for key Medicare
services during the review period. This included significant spending
reductions for high[hyphen]cost services such as inpatient hospital
care and skilled nursing facility care. These ACOs also maintained high
use of primary care services, which can lower utilization and costs for
other care, and reduced the use of costly services such as emergency
department visits. In contrast, other Medicare Shared Savings Program
ACOs and the national average for fee-for-service providers showed an
increase in per beneficiary spending for key Medicare services.
---------------------------------------------------------------------------
\163\ OIG, Medicare Shared Savings Program Accountable Care
Organizations Have Shown Potential for Reducing Spending and
Improving Quality (OEI-02-15-00450), Aug. 28, 2017. Available at
https://oig.hhs.gov/oei/reports/oei-02-15-00450.asp.
---------------------------------------------------------------------------
In addition, we are aware that certain other innovative value-based
and care coordination arrangements exist that have resulted in cost
savings for third-party payors, quality of care improvements, or
both.\164\ While we cannot extrapolate these results to the possible
impact of this final rule, we
[[Page 77883]]
believe the reported success of some of these programs suggests the
promising nature of value-based care and improved care coordination. In
describing the results below, we do not mean to suggest that this rule
prescribes or endorses the interventions inherent to these results.
Further, we emphasize that this final rule simply removes certain
regulatory barriers to implementing value-based and care coordination
arrangements that may be similar to those described below.
---------------------------------------------------------------------------
\164\ See e.g., Brian W. Powers et al., Impact of Complex Care
Management on Spending and Utilization for High-Need, High-Cost
Medicaid Patients, 26 Am. J. Managed Care e57 (2020), available at
https://doi.org/10.37765/ajmc.2020.42402 (finding, in a study of a
complex care management program implemented in Tennessee for high-
need, high-cost Medicaid patients, that the program reduced total
medical expenditures by 37 percent and inpatient utilization by 59
percent); Shreya Kangovi et al., Evidence-Based Community Health
Worker Program Addresses Unmet Social Needs and Generates Positive
Return on Investment, 39 Health Aff. 207 (2020), available at
https://www.healthaffairs.org/doi/full/10.1377/hlthaff.2019.00981
(finding that every dollar invested in the Individualized Management
for Patient-Centered Targets (IMPaCT) intervention, which is ``a
standardized community health worker intervention that addresses
socioeconomic and behavioral barriers to health in low-income
populations,'' yielded a return of $2.47 within a single fiscal year
from the perspective of a Medicaid payer).
---------------------------------------------------------------------------
For example, a case study targeted at determining the specific
factors that reduce Medicare payments and lead to hospital savings in
bundled payment models for lower extremity joint replacement surgeries
(which provide a lump sum payment to be shared among providers for an
episode of care instead of payment for every service performed) in one
Texas health system found that, between July 2008 and June 2015, the
system's five hospitals were able to reduce total Medicare spending per
episode of care by $5,577, or 20.8 percent, in cases without
complications, and by $5,321, or 13.8 percent, in cases with
complications.\165\ The hospitals also recognized $6.1 million in
internal cost savings, along with slight decreases in emergency room
visits and readmission rates, and a decrease in cases with a prolonged
length-of-stay admission. Over half of the internal cost savings were
attributable to reduced implant costs.\166\ We note that the product
standardization incentive programs that contribute to such internal
cost savings involve compensation arrangements between hospitals and
physicians which, depending on their structure, may not satisfy the
requirements of any current safe harbors to the Federal anti-kickback
statute, but to which the new and modified safe harbors may apply.
Relatedly, in 2018, a large health plan announced that it was expanding
a bundled payment program for spinal surgeries and hip/knee
replacements to new markets, after finding savings of $18,000 per
procedure,\167\ and a health network reported over $10 million in
savings in 2017 with more anticipated savings in 2018.\168\
---------------------------------------------------------------------------
\165\ Amol S. Navathe, et al., Cost of Joint Replacement Using
Bundled Payment Models, 177(2) JAMA Internal Med. 214-222 (Feb.
2017), available at https://jamanetwork.com/journals/jamainternalmedicine/article-abstract/2594805.
\166\ Vera Gruessner, 3 Ways Bundled Payment Models Brought
Hospital Cost Savings, Health Payer Intelligence (Jan. 16, 2017),
https://healthpayerintelligence.com/news/3-ways-bundled-payment-models-brought-hospital-cost-savings.
\167\ David Muhlestein et al., Recent Progress In The Value
Journey: Growth Of ACOs And Value-Based Payment Models In 2018,
Health Affairs Blog (Aug. 14, 2018), https://www.healthaffairs.org/do/10.1377/hblog20180810.481968/full/.
\168\ Shane Wolverton, Providers partner with payers for bundled
payments, Becker's Payer Issues (May 10, 2018) https://www.beckershospitalreview.com/payer-issues/providers-partner-with-payers-for-bundled-payments.html.
---------------------------------------------------------------------------
As another example of the potential for cost savings associated
with value-based arrangements, a recent survey of more than 100
commercial payors showed that, in 2018, ``pure FFS'' payment--where
each medical service is billed and paid for separately--accounts for
only 37.2 percent of reimbursement and is expected to drop to 26
percent by 2021.\169\ According to the payors surveyed, payors that
adopted value-based health care delivery and payment models reduced
health care costs by an average of 5.6 percent, improved provider
collaboration, and created more impactful member engagement.
---------------------------------------------------------------------------
\169\ Thomas Beaton, Value-Based Payment Adoption Drives 5.6%
Reduction in Care Costs, Health Payer Intelligence (June 18, 2018),
https://healthpayerintelligence.com/news/value-based-payment-adoption-drives-5.6-reduction-in-care-costs.
---------------------------------------------------------------------------
Further, there are studies that suggest that improved care
coordination may decrease costs and enhance health outcomes. One
randomized, controlled trial evaluated the cost[hyphen]effectiveness of
a home[hyphen]based care coordination program that targeted older
adults with problems self[hyphen]managing their chronic illnesses.\170\
Study participants in the test group received care coordination
services from a nurse and a pill organizer. The results of this study
showed that, for those beneficiaries who participated in the study for
more than 3 months, total Medicare costs were $491 lower per month than
in the control group. Another study conducted by the Centers for
Disease Control and Prevention demonstrated that certain interventions,
such as team-based or coordinated care, increase patient medication
adherence rates.\171\ Specifically, in a 2015 study, patients assigned
to team-based care--including pharmacist-led medication reconciliation
and tailoring, pharmacist-led patient education, collaborative care
between pharmacist and primary care provider or cardiologist, and two
types of voice messaging--were significantly more adherent with their
medication regimen 12 months after hospital discharge (89 percent)
compared with patients not receiving team-based care (74 percent).
---------------------------------------------------------------------------
\170\ Karen Dorman Marek et al., Cost analysis of a home-based
nurse care coordination program, 62 J. Am. Geriatrics Soc'y 2369
(2014).
\171\ Andrea B. Neiman et al., CDC Grand Rounds: Improving
Medication Adherence for Chronic Disease Management--Innovations and
Opportunities, 66 Morbidity & Mortality Wkly. Rep. 1248 (2017),
available at https://www.cdc.gov/mmwr/volumes/66/wr/mm6645a2.htm.
---------------------------------------------------------------------------
In addition, there are reported examples of value-based health care
delivery and payment programs developed and implemented by commercial
health plans that report success. For example, one health plan recently
reported that it saved $1 billion through avoided costs in 3 years of
its recent primary care pay-for-value program that offers primary care
practices rewards for their performance on quality, cost, and
utilization measures, while also improving outcomes for the plan's
members.\172\ According to this plan, members treated by a primary care
provider in the program had 11 percent fewer emergency room visits in
2017 than members treated by a primary care physician not in the
program. The plan also stated that members with a primary care
physician in the program experienced 16 percent fewer inpatient
admissions in 2017 compared to members seeing a primary care physician
not in the program, potentially saving the plan $224 million in
inpatient care costs.\173\
---------------------------------------------------------------------------
\172\ Press Release, Highmark, Inc., Highmark saves more than $1
billion in avoided cost with True Performance program (Oct. 5,
2020), available at https://www.highmark.com/newsroom/press-releases.html#!release/highmark-saves-more-than-1-billion-in-avoided-cost-with-true-performance-program.
\173\ Press Release, Highmark, Inc., Highmark's True Performance
Program Avoided Health Care Costs by More Than $260 Million in 2017
(June 26, 2018), available at https://www.highmark.com/newsroom/press-releases.html#!release/highmarks-true-performance-program-avoided-health-care-costs-by-more-than-260-million-in-2017.
---------------------------------------------------------------------------
A collaboration between a physician-led ACO and a health plan in
North Carolina similarly reportedly reduced costs while improving
quality of care.\174\ Specifically, an analysis conducted by the plan
concluded that the 47 primary care practices that participated in the
collaboration: (1) Reduced the total cost of care by 4.7 percent for
commercial patients; (2) reduced the total cost of care by 6.1 percent
for Medicare Advantage patients; and (3) improved their Medicare star
ratings, on average, from 3 to 4.5 stars. Another analysis by a
different health plan determined that primary care physicians paid
under global capitation improved certain patient outcomes related to
preventive care and chronic conditions, such as
[[Page 77884]]
higher screening rates for colorectal and breast cancer, higher rates
of medication review, and higher controlled blood sugar levels.\175\
---------------------------------------------------------------------------
\174\ Press Release, Blue Cross and Blue Shield of North
Carolina, Primary Care ACOs from Blue Cross NC and Aledade Show
Significant Savings and Quality Improvements (July 20, 2020),
available at https://mediacenter.bcbsnc.com/news/primary-care-acos-from-blue-cross-nc-and-aledade-show-significant-savings-and-quality-improvements.
\175\ UnitedHealth Group, Physicians Provide Higher Quality Care
Under Set Monthly Payments Instead of Being Paid Per Service,
UnitedHealth Group Study Shows (Aug. 11, 2020), available at https://www.unitedhealthgroup.com/newsroom/2020/uhg-study-shows-higher-quality-care-under-set-monthly-payments-403552.html.
---------------------------------------------------------------------------
6. Anticipated Beneficial Impact of New Safe Harbor for Cybersecurity
Technology and Services
The health care sector is among the most targeted industries for
cyberattacks and is also under-resourced to prevent such attacks and
data breaches. As a result, the cost of cybersecurity attacks and
breaches within the health care industry is significant. A study
estimated that data breaches may have cost U.S hospitals $6.2 billion
between 2015 and 2016.\176\ Additionally, other estimates indicate that
a health care organization that is breached faces $8 million dollars in
costs on average as a result of the breach, or $400 per patient record
involved.\177\ The impact of cyberattacks extends beyond increased and
unnecessary recovery and ransom costs. It may limit patient access to a
provider or directly affect patient care. For example, a September 2020
cyberattack on a large health care system in the United States
reportedly affected nearly 400 facilities, causing hospitals to divert
ambulances during the initial stages of the attack. In addition, staff
reported that some lab test results were delayed. The system responded
by suspending user access to its information technology applications
related to operations across the United States, requiring the use of
backup processes, including paper medical record charting and labeling
medications by hand, for nearly 3 weeks.\178\
---------------------------------------------------------------------------
\176\ Ponemon Institute, Sixth Annual Benchmark Study on Privacy
& Security of Healthcare Data (May 2016), available at https://www.ponemon.org/local/upload/file/Sixth%20Annual%20Patient%20Privacy%20%26%20Data%20Security%20Report%20FINAL%206.pdf.
\177\ Health Sector Cybersecurity Coordination Center, A Cost
Analysis of Healthcare Sector Data Breaches (Apr. 4, 2019),
available at https://www.hhs.gov/sites/default/files/cost-analysis-of-healthcare-sector-data-breaches.pdf.
\178\ Jeff Lagasse, Universal Health Services hit with
cyberattack that shuts down IT systems, Healthcare Finance (Sept.
29, 2020), https://www.healthcarefinancenews.com/news/universal-health-services-hit-cyberattack-shuts-down-it-systems-1; Jessica
Davis, UPDATE: UHS Health System Confirms All US Sites Affected by
Ransomware Attack, Health IT Security (Oct. 5, 2020) https://healthitsecurity.com/news/uhs-health-system-confirms-all-us-sites-affected-by-ransomware-attack; Jessica Davis, 3 Weeks After
Ransomware Attack, All 400 UHS Systems Back Online, Health IT
Security (Oct. 13, 2020), https://healthitsecurity.com/news/3-weeks-after-ransomware-attack-all-400-uhs-systems-back-online; and Press
Release, Universal Health Services (Oct. 29. 2020), https://www.uhsinc.com/statement-from-universal-health-services/.
---------------------------------------------------------------------------
According to the Health Sector Cybersecurity Coordination Center
(HC3), health care organizations should consider implementing strong
risk management practices to help prevent data breaches and minimize
any disruptions or loss if a breach occurs.\179\ HC3 highlights that
adequate prevention and preparation for data breaches will protect
patients, minimize direct and indirect costs, and allow for more
efficient operations of a health care organization.\180\ Separately,
the HCIC Task Force's June 2017 report, among other things, highlighted
its review of many concerns related to potential constraints imposed by
the physician self-referral law and the Federal anti-kickback statute.
The report encouraged Congress to evaluate an amendment to these laws
specifically for cybersecurity software that would allow health care
organizations the ability to assist physicians in the acquisition of
this technology, through either donation or subsidy.\181\ The HCIC Task
Force noted that the existing regulatory exception to the physician
self-referral law (42 CFR 411.357(w)) and the safe harbor to the
Federal anti-kickback statute (42 CFR 1001.952(y)) applicable to
certain donations of EHR items and services could serve as an ideal
template for an analogous cybersecurity provision.\182\
---------------------------------------------------------------------------
\179\ Health Sector Cybersecurity Coordination Center, A Cost
Analysis of Healthcare Sector Data Breaches (Apr. 4, 2019), https://www.hhs.gov/sites/default/files/cost-analysis-of-healthcare-sector-data-breaches.pdf.
\180\ Id.
\181\ HCIC Task Force Report, https://www.phe.gov/Preparedness/
planning/CyberTF/Documents/report2017.pdf.
\182\ Id.
---------------------------------------------------------------------------
Further substantiating the need for increased flexibility related
to the donation of cybersecurity technology and services, in 2018, the
American Medical Association surveyed over 1,300 physicians in a
cybersecurity-related survey. Approximately 83 percent of the
participants reported having experienced some sort of cybersecurity
attack.\183\ The study also highlighted that 50 percent of the surveyed
physicians wished they could receive donations of security-related
hardware and software from other providers, and recommended that OIG
develop a safe harbor to permit it.
---------------------------------------------------------------------------
\183\ American Medical Association, Tackling Cyber Threats in
Healthcare, https://www.ama-assn.org/sites/ama-assn.org/files/corp/media-browser/public/government/advocacy/medical-cybersecurity-findings.pdf and https://www.ama-assn.org/sites/ama-assn.org/files/corp/media-browser/public/government/advocacy/infographic-medical-cybersecurity.pdf.
---------------------------------------------------------------------------
As described in section III.B.8 of this final rule, we received
overwhelming support from across the health care industry in response
to our proposal to establish the new safe harbor for cybersecurity
items and services, and we anticipate significant expansion of
cybersecurity efforts through donations following the effective date of
this final rule, similar to the expanded adoption of EHR items and
services reported by stakeholders following the establishment of the
EHR safe harbor in 2006. Support for the new cybersecurity safe harbor
came from many well-resourced organizations that are potential future
donors of cybersecurity technology, such as health plans and large
health systems, as well as from likely recipients of donations and
trade groups representing practitioners.
Because of the cost of cybersecurity attacks to organizations that
wish to donate or receive cybersecurity technology and services, and
the general support among donors and recipients for the new
cybersecurity exception, we anticipate significant investment in
improvements to the cybersecurity hygiene of the health care industry.
An organization's cybersecurity posture is only as strong as its
weakest link, including weaknesses of downstream providers, suppliers,
and practitioners that wish to receive donations; thus, donors are
incented to protect themselves by donating cybersecurity technology and
services that improves their cybersecurity.
There are a variety of factors integral to determining the impact
of this final safe harbor's effect on the cybersecurity hygiene of the
health care industry that remain too speculative to make a quantitative
estimate of the impact of this final rule. We cannot predict with
sufficient certainty various elements that will determine the impact of
this safe harbor. For example, we cannot predict: (1) How many health
care industry stakeholders will donate cybersecurity technology or
services for which parties may seek safe harbor protection; (2) the
specific combinations of items and services that will be donated or how
such donations will improve the cybersecurity hygiene of recipients,
donors, and the health care industry as a whole; and (3) external
factors (e.g., other policies promoting cybersecurity within the health
care industry, how cyber criminals will proliferate and develop new
strategies, how cyberattack recovery costs and ransom costs will
change) that can enable or hinder improved cybersecurity hygiene and
potentially
[[Page 77885]]
result in increased or decreased costs associated with cyberattacks.
Despite this, we expect that the flexibility to donate cybersecurity
technology and services will benefit the ecosystem as a whole, improve
cybersecurity across the industry, and reduce costs associated with
cyberattacks (by improving prevention and detection of cybersecurity
weaknesses and reducing successful cyberattacks, and consequently,
ransom fees and recovery costs). However, we cannot predict the
specific impacts of the flexibility afforded by the cybersecurity
technology and services safe harbor on the costs or benefits to Federal
health care programs, beneficiaries, or the health care industry as a
whole.
7. Anticipated Costs
We also acknowledge that there could be some costs associated with
this final rule. For example, providers and other stakeholders
voluntarily complying with the safe harbors and exception finalized
here may incur legal and administrative costs to appropriately
structure an arrangement to satisfy an applicable safe harbor or
exception. In addition, it is possible providers and others may misuse
the protection afforded by the safe harbors and exception which could
result in increased costs to Federal health care programs or
beneficiaries. It also is possible that providers and other
stakeholders will appropriately use the safe harbors, but a care
coordination or value-based arrangement developed in good faith might
not result in savings to the Federal health care programs or
beneficiaries or improvements in quality of care.
Designing safe harbors with sufficient safeguards against potential
abuses and harms by those who might misuse the safe harbors is not
without challenges. In this final rule, we have tried to strike the
right balance between flexibility for beneficial innovation and
safeguards to protect patients and Federal health care programs.
However, we cannot quantify whether we have struck the appropriate
balance; in particular, we cannot quantify whether achievement of the
intended outcomes (e.g., improved coordination of patient care,
improved quality of patient care, reduced costs to payers) will
outweigh any potential costs.
B. Executive Order 12866
Executive Order 12866 directs agencies to assess all costs and
benefits of available regulatory alternatives and if regulations are
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, public health and safety
effects; distributive impacts; and equity). A regulatory impact
analysis must be prepared for major rules with economically significant
effects (i.e., $100 million or more in any given year). This final rule
codifies a new exception to the definition of ``remuneration'' under
the Beneficiary Inducements CMP and implements new or revised anti-
kickback statute safe harbors. As explained more fully above, we
believe the changes in the final rule to the safe harbors and the new
exception to the Beneficiary Inducements CMP will provide flexibility
for providers and others to enter into certain beneficial arrangements.
In doing so, this final rule imposes no requirements on any party.
Providers and others will be allowed to voluntarily seek to comply with
these provisions so that they have assurance that participating in
certain arrangements will not subject them to liability under the
Federal anti-kickback statute and the Beneficiary Inducements CMP.
These safe harbors and exception facilitate providers' and others'
ability to provide important health care and related services to
communities in need. We estimated that this rule would be
``economically significant'' as measured by the $100 million threshold,
and hence also a major rule under the Congressional Review Act.
Accordingly, we prepared an RIA that presented our estimates of the
costs and benefits of this rulemaking. Thus, this rule has been
reviewed by the Office of Management and Budget.
C. Regulatory Flexibility Act
The RFA and the Small Business Regulatory Enforcement and Fairness
Act of 1996, which amended the RFA, require agencies to analyze options
for regulatory relief of small businesses. For purposes of the RFA,
small entities include small businesses, nonprofit organizations, and
Government agencies. Most providers are considered small entities by
having revenues of $7 million to $35.5 million or less in any one year.
For purposes of the RFA, most physicians and suppliers are considered
small entities.
Comment: We received comments from two associations representing
small and rural providers or Indian health care providers regarding the
level of administrative burden and potential costs associated with
implementing the requirements in certain proposed safe harbors (e.g.,
requiring a writing signed by the parties under certain proposed safe
harbors and requiring a financial contribution by a recipient of
remuneration under the care coordination arrangements safe harbor and
EHR safe harbor), particularly for small and rural providers and Indian
health care providers. For example, a commenter suggested that if OIG
reduced administrative burden on physicians under its final rule, it
would allow physicians to focus on the patient-physician relationship
and the patient's welfare. In addition, a commenter representing Indian
health care providers expressed concern that its stakeholders would
need to make changes to current practices and operations in response to
this rulemaking in order to comply with the Federal anti-kickback
statute and to avoid severe criminal, civil, and administrative
penalties. The commenter also raised concerns regarding potential
administrative burden that may occur if Indian health care providers
revise or amend existing agreements with the Health Resources and
Services Administration to participate in arrangements protected under
new safe harbors. The commenter also asked OIG to exempt Indian health
programs from certain proposed safe harbor contribution requirements.
Response: We reiterate that this final rule does not impose any
obligations on any entity, including Indian health care providers, nor
does this final rule require any entity to make changes to current
practices and operations to comply with the Federal anti-kickback
statute or Beneficiary Inducements CMP. This final rule provides
additional flexibilities for providers and others to enter into care
coordination arrangements with potentially reduced legal risk. As
explained above, structuring financial arrangements to satisfy a safe
harbor or exception is voluntary; indeed, even entering into such
financial arrangements is voluntary. We believe the changes to the safe
harbors and the addition of a new exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP provide industry
stakeholders with additional flexibility if they desire to enter into
certain beneficial arrangements.
We understand the commenter's concern regarding potential costs
associated with contribution requirements included within certain safe
harbors that we are finalizing. However, after careful consideration,
we continue to believe that the contribution requirement is an
important safeguard against fraud and abuse in light of the specific
risks of inappropriate generation of referrals presented by donations
of EHR items and services that could be protected by the EHR safe
harbor(paragraph 1001.952(y)) and care
[[Page 77886]]
coordination arrangements safe harbor (paragraph 1001.952(ee)). As we
explain in our discussion of these safe harbors in sections III.B.3.g
and III.B.9.e above, when recipients of valuable remuneration have some
responsibility to contribute to the cost of the items or services, they
are more likely to make economically prudent decisions and accept only
what they need or will use. The final rule reflects our efforts to
balance additional flexibility for beneficial arrangements that have
potential to reduce costs and improve care with safeguards to protect
against potential abuses, including inappropriate increases in costs to
Federal health care programs and beneficiaries.
We recognize that small or rural entities or Indian health care
providers may incur costs to avail themselves of the safe harbor and
exception protections under the final rule. However, we expect the
costs to be no greater than parties currently incur to comply with the
Federal anti-kickback statute and the Beneficiary Inducements CMP. We
do not expect this final rule to have a significant impact on a
substantial number of small entities or Indian health care providers
because the rules are completely voluntary (i.e., providers are not
required to comply with the conditions of any safe harbor in order to
avoid violating the Federal anti-kickback statute). Furthermore, we
believe the net impact on small businesses that choose to take
advantage of the new flexibilities will be low because we anticipate
that the potential burden associated with certain provisions may be
mitigated by other provisions offering greater flexibility to
providers.
We estimate the changes to the exception to the Beneficiary
Inducements CMP and the Federal anti-kickback statute safe harbors will
impose no incremental burden on covered entities. We are providing
covered entities with the option to adjust their business practices to
better serve patients without adversely affecting their profitability.
As a result, we have concluded that this final rule likely will not
have a significant impact on a substantial number of small providers
and that a regulatory flexibility analysis is not required for this
rulemaking. In addition, section 1102(b) of the Act requires that we
prepare a regulatory impact analysis if a rule under titles XVIII or
XIX or section B of title XI of the Act may have a significant impact
on the operations of a substantial number of small rural hospitals. For
the reasons stated above, we do not believe that any provisions or
changes finalized here will have a significant impact on the operations
of rural hospitals. Thus, an analysis under section 1102(b) of the Act
is not required for this rulemaking.
D. Unfunded Mandates Reform Act
Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law
104-4, also requires that agencies assess anticipated costs and
benefits before issuing any rule that may result in expenditures in any
one year by State Governments, Tribal Governments, or local
governments, in the aggregate, or by the private sector, of $100
million, adjusted for inflation. We believe that no significant costs
will be associated with this final rule that would impose any mandates
on State Governments, Tribal Governments, local governments, or the
private sector that would result in an expenditure of $154 million
(after adjustment for inflation) in any given year.
D. Executive Order 13132
Executive Order 13132 establishes certain requirements that an
agency must meet when it promulgates a rule that imposes substantial
direct requirements for costs on State and local governments, preempts
State law, or otherwise has Federalism implications. In reviewing this
rule under the threshold criteria of Executive Order 13132, we have
determined that this final rule will not significantly affect the
rights, roles, and responsibilities of State or local governments.
E. Executive Order 13771
Executive Order 13771 (January 30, 2017) requires that the costs
associated with significant new regulations ``to the extent permitted
by law, be offset by the elimination of existing costs associated with
at least two prior regulations.'' This final rule has been designated a
significant regulatory action as defined by Executive Order 12866 but
imposes no more than de minimis costs and is a deregulatory action
under Executive Order 13771. This designation has been informed by
public comments.
F. Statement of Need
The Department has identified the broad reach of the Federal anti-
kickback statute and Beneficiary Inducements CMP as potentially
inhibiting beneficial arrangements that would advance the ability of
providers, suppliers, and others to transition more effectively and
efficiently to value-based care and to better coordinate care among
providers, suppliers, and others in both the Federal health care
programs and commercial sectors. Industry stakeholders have informed us
that, because the consequences of potential noncompliance with the
Federal anti-kickback statute and Beneficiary Inducements CMP could be
significant, providers, suppliers, and others may be discouraged from
entering into innovative arrangements that could improve quality
outcomes, produce health system efficiencies, and lower health care
costs (or slow their rate of growth). To the extent providers are
discouraged from entering into these innovative arrangements, patient
care may not be provided as efficiently as possible. In addition, the
potential consequences of noncompliance with these statutes may impede
the ability of providers, suppliers, and others, including small
providers and suppliers or those serving rural or medically underserved
populations, to raise capital to invest in the transition to value-
based care or to obtain infrastructure necessary to coordinate patient
care, including technology. This unnecessarily slows the transition
toward more efficient patient care. This final rule attempts to address
these concerns by removing unnecessary impediments to the
transformation of the health care system into one that better pays for
and delivers value.
To remove regulatory barriers to care coordination and support
value-based arrangements, we faced the challenge of designing safe
harbor protections for emerging health care arrangements, the optimal
form, design, and efficacy of which remain unknown or unproven. These
arrangements will be driven by the determinations and experiences of a
wide range of providers, suppliers, and others as they innovate in
delivering value-based care. This challenge is further complicated by
the substantial variation in care coordination and value-based
arrangements contemplated by the health care industry and others
(meaning that one-size-fits-all safe harbor designs may not be
optimal), variation among patient populations and provider
characteristics, emerging health technologies and data capabilities,
the still-developing science of quality and performance measurement,
and our desire not to have a chilling effect on beneficial innovations.
As described above, it is difficult to gauge the effects of this
regulatory action in a rapidly evolving and diverse health care
ecosystem of substantial innovation, experimentation, and deployment of
technology and digital data. For example, as explained above, while a
recent article projected potential savings of $29.6 billion to $38.2
billion across the U.S. health care system for
[[Page 77887]]
reducing waste from failure of care coordination,\184\ it is difficult,
if not impossible to gauge reductions in wasteful health care spending
and improved health outcomes as a result of new arrangements made
possible by this final rule. It is also difficult, if not impossible,
to quantify savings or losses that could occur as a result of new
fraudulent or abusive conduct that could increase costs or lead to poor
outcomes as a result of new arrangements. In some cases, innovations
may enhance program integrity and protect against fraud and abuse,
reducing costs and increasing benefits. There is a compelling concern
that uncertainty and regulatory barriers under current regulations
could prevent the best and most efficacious innovations from emerging
and being tested in the marketplace. Our goal in finalizing safe
harbors is to protect arrangements that foster beneficial arrangements
and facilitate value, while also protecting programs and beneficiaries
against harms cause by fraud and abuse.
---------------------------------------------------------------------------
\184\ William H. Shrank et al., Waste in the US Health Care
System, Estimated Costs and Potential for Savings, 322 JAMA 1501
(2019), available at https://jamanetwork.com/journals/jama/article-abstract/2752664.
---------------------------------------------------------------------------
VI. Paperwork Reduction Act
The provisions of this final rule will not impose any new
information collection and recordkeeping requirements. Consequently, it
need not be reviewed by the Office of Management and Budget under the
authority of the Paperwork Reduction Act of 1995.
List of Subjects
42 CFR Part 1001
Administrative practice and procedure, Fraud, Grant programs--
health, Health facilities, Health professions, Maternal and child
health, Medicaid, Medicare, Social Security.
42 CFR Part 1003
Fraud, Grant programs--health, Health facilities, Health
professions, Medicaid, Reporting, and recordkeeping.
For the reasons set forth in the preamble, the Office of Inspector
General, Department of Health and Human Services, amends 42 CFR parts
1001 and 1003 as follows:
PART 1001--PROGRAM INTEGRITY--MEDICARE AND STATE HEATH PROGRAMS
0
1. The authority citation for part 1001 continues to read as follows:
Authority: 42 U.S.C. 1302, 1320a-7, 1320a-7a, 1320a-7b, 1320a-
7d, 1395u(j), 1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e),
1395cc(b)(2)(D), (E) and (F), and 1395hh; and sec. 2455, Pub. L.
103-355, 108 Stat. 3327 (31 U.S.C. 6101 note).
0
2. Section 1001.952 is amended by:
0
a. Revising paragraphs (d), (g) introductory text, (g)(1), (3), and
(4);
0
b. Adding paragraphs (g)(5) and (g)(6) before the undesignated text at
the end of paragraph (g);
0
c. Designating the undesignated text at the end of paragraph (g) as
paragraph (g)(7) and revising newly redesignated (g)(7);
0
d. Revising paragraph (y) introductory text, paragraph (y)(1), the
second sentence of paragraph (y)(2);
0
e. Removing and reserving paragraphs (y)(3) and (7);
0
f. Revising paragraph (y)(11);
0
g. Removing and reserving paragraph (y)(13);
0
h. Redesignating the note to paragraph (y) as paragraph (y)(14) and
revising newly redesignated (y)(14);
0
i. Revising paragraphs (bb)(1)(iv)(B) and (bb)(2)(iii);
0
j. Redesignating the note to paragraph (bb) as paragraph (bb)(3) and
revising newly redesignated (bb)(3);
0
k. Adding and reserving paragraphs (cc) and (dd); and
0
l. Adding paragraphs (ee) through (kk).
The revisions and additions read as follows:
Sec. 1001.952 Exceptions.
* * * * *
(d) Personal services and management contracts and outcomes-based
payment arrangements. (1) As used in section 1128B of the Act,
``remuneration'' does not include any payment made by a principal to an
agent as compensation for the services of the agent, as long as all of
the following standards are met:
(i) The agency agreement is set out in writing and signed by the
parties.
(ii) The agency agreement covers all of the services the agent
provides to the principal for the term of the agreement and specifies
the services to be provided by the agent.
(iii) The term of the agreement is not less than 1 year.
(iv) The methodology for determining the compensation paid to the
agent over the term of the agreement is set in advance, is consistent
with fair market value in arm's-length transactions, and is not
determined in a manner that takes into account the volume or value of
any referrals or business otherwise generated between the parties for
which payment may be made in whole or in part under Medicare, Medicaid,
or other Federal health care programs.
(v) The services performed under the agreement do not involve the
counseling or promotion of a business arrangement or other activity
that violates any State or Federal law.
(vi) The aggregate services contracted for do not exceed those
which are reasonably necessary to accomplish the commercially
reasonable business purpose of the services.
(2) As used in section 1128B of the Act, ``remuneration'' does not
include any outcomes-based payment as long as all of the standards in
paragraphs (d)(2)(i) through (viii) of this section are met:
(i) To receive an outcomes-based payment, the agent achieves one or
more legitimate outcome measures that:
(A) Are selected based on clinical evidence or credible medical
support; and
(B) Have benchmarks that are used to quantify:
(1) Improvements in, or the maintenance of improvements in, the
quality of patient care;
(2) A material reduction in costs to or growth in expenditures of
payors while maintaining or improving quality of care for patients; or
(3) Both.
(ii) The methodology for determining the aggregate compensation
(including any outcomes-based payments) paid between or among the
parties over the term of the agreement is: Set in advance; commercially
reasonable; consistent with fair market value; and not determined in a
manner that directly takes into account the volume or value of any
referrals or business otherwise generated between the parties for which
payment may be made in whole or in part by a Federal health care
program.
(iii) The agreement between the parties is set out in writing and
signed by the parties in advance of, or contemporaneous with, the
commencement of the terms of the outcomes-based payment arrangement.
The writing states at a minimum: A general description of the services
to be performed by the parties for the term of the agreement; the
outcome measure(s) the agent must achieve to receive an outcomes-based
payment; the clinical evidence or credible medical support relied upon
by the parties to select the outcome measure(s); and the schedule for
the parties to regularly monitor and assess the outcome measure(s).
(iv) The agreement neither limits any party's ability to make
decisions in their patients' best interest nor induces any party to
reduce or limit medically necessary items or services.
[[Page 77888]]
(v) The term of the agreement is not less than 1 year.
(vi) The services performed under the agreement do not involve the
counseling or promotion of a business arrangement or other activity
that violates any State or Federal law.
(vii) For each outcome measure under the agreement, the parties:
(A) Regularly monitor and assess the agent's performance, including
the impact of the outcomes-based payment arrangement on patient quality
of care; and
(B) Periodically assess, and as necessary revise, benchmarks and
remuneration under the arrangement to ensure that the remuneration is
consistent with fair market value in an arm's length transaction as
required by paragraph (d)(2)(ii) of this section during the term of the
agreement.
(viii) The principal has policies and procedures to promptly
address and correct identified material performance failures or
material deficiencies in quality of care resulting from the outcomes-
based payment arrangement.
(3) For purposes of this paragraph (d):
(i) An agent of a principal is any person other than a bona fide
employee of the principal who has an agreement to perform services for
or on behalf of the principal.
(ii) Outcomes-based payments are limited to payments between or
among a principal and an agent that:
(A) Reward the agent for successfully achieving an outcome measure
described in paragraph (d)(2)(i) of this section; or
(B) Recoup from or reduce payment to an agent for failure to
achieve an outcome measure described in paragraph (d)(2)(i) of this
section.
(iii) Outcomes-based payments exclude any payments:
(A) Made directly or indirectly by the following entities:
(1) A pharmaceutical manufacturer, distributor, or wholesaler;
(2) A pharmacy benefit manager;
(3) A laboratory company;
(4) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(5) A manufacturer of a device or medical supply as defined in
paragraph (ee)(14)(iv) of this section;
(6) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supply, as defined in
paragraph (ee)(14)(iv) of this section; or
(7) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services); or
(B) Related solely to the achievement of internal cost savings for
the principal; or
(C) Based solely on patient satisfaction or patient convenience
measures.
* * * * *
(g) Warranties. As used in section 1128B of the Act,
``remuneration'' does not include any payment or exchange of anything
of value under a warranty provided by a manufacturer or supplier of one
or more items and services (provided the warranty covers at least one
item) to the buyer (such as a health care provider or beneficiary) of
the items and services, as long as the buyer complies with all of the
following standards in paragraphs (g)(1) and (2) of this section and
the manufacturer or supplier complies with all of the following
standards in paragraphs (g)(3) through (6) of this section:
(1) The buyer (unless the buyer is a Federal health care program
beneficiary) must fully and accurately report any price reduction of an
item or service (including a free item or service) that was obtained as
part of the warranty in the applicable cost reporting mechanism or
claim for payment filed with the Department or a State agency.
* * * * *
(3) The manufacturer or supplier must comply with either of the
following standards:
(i) The manufacturer or supplier must fully and accurately report
any price reduction of an item or service (including free items and
services) that the buyer obtained as part of the warranty on the
invoice or statement submitted to the buyer and inform the buyer of its
obligations under paragraphs (g)(1) and (2) of this section.
(ii) When the amount of any price reduction is not known at the
time of sale, the manufacturer or supplier must fully and accurately
report the existence of a warranty on the invoice or statement, inform
the buyer of its obligations under paragraphs (g)(1) and (g)(2) of this
section, and when any price reduction becomes known, provide the buyer
with documentation of the calculation of the price reduction resulting
from the warranty.
(4) The manufacturer or supplier must not pay any remuneration to
any individual (other than a beneficiary) or entity for any medical,
surgical, or hospital expense incurred by a beneficiary other than for
the cost of the items and services subject to the warranty.
(5) If a manufacturer or supplier offers a warranty for more than
one item or one or more items and related services, the federally
reimbursable items and services subject to the warranty must be
reimbursed by the same Federal health care program and in the same
Federal health care program payment.
(6) The manufacturer or supplier must not condition a warranty on a
buyer's exclusive use of, or a minimum purchase of, any of the
manufacturer's or supplier's items or services.
(7) For purposes of this paragraph (g), the term warranty means:
(i) Any written affirmation of fact or written promise made in
connection with the sale of an item or bundle of items, or services in
combination with one or more related items, by a manufacturer or
supplier to a buyer, which affirmation of fact or written promise
relates to the nature of the quality of workmanship and affirms or
promises that such quality or workmanship is defect free or will meet a
specified level of performance over a specified period of time;
(ii) Any undertaking in writing in connection with the sale by a
manufacturer or supplier of an item or bundle of items, or services in
combination with one or more related items, to refund, repair, replace,
or take other remedial action with respect to such item or bundle of
items in the event that such item or bundle of items, or services in
combination with one or more related items, fails to meet the
specifications set forth in the undertaking which written affirmation,
promise, or undertaking becomes part of the basis of the bargain
between a seller and a buyer for purposes other than resell of such
item or bundle of items; or
(iii) A manufacturer's or supplier's agreement to replace another
manufacturer's or supplier's defective item or bundle of items (which
is covered by an agreement made in accordance with this paragraph (g)),
on terms equal to the agreement that it replaces.
* * * * *
(y) Electronic health records items and services. As used in
section 1128B of the Act, ``remuneration'' does not include nonmonetary
remuneration (consisting of items and services in the form of software
or information technology and training services, including
cybersecurity software and services) necessary and used predominantly
to create, maintain, transmit, receive, or protect electronic health
records, if all of the conditions in paragraphs (y)(1) through (13) of
this section are met:
(1) The items and services are provided to an individual or entity
[[Page 77889]]
engaged in the delivery of health care by:
(i) An individual or entity, other than a laboratory company, that:
(A) Provides services covered by a Federal health care program and
submits claims or requests for payment, either directly or through
reassignment, to the Federal health care program; or
(B) Is comprised of the types of individuals or entities in
paragraph (y)(1)(i)(A) of this section; or
(ii) A health plan.
(2) * * * For purposes of this paragraph (y)(2) of this section,
software is deemed to be interoperable if, on the date it is provided
to the recipient, it is certified by a certifying body authorized by
the National Coordinator for Health Information Technology to
certification criteria identified in the then-applicable version of 45
CFR part 170.
* * * * *
(11) The recipient pays 15 percent of the donor's cost for the
items and services. The following conditions apply to such
contribution:
(i) If the donation is the initial donation of EHR items and
services, or the replacement of part or all of an existing system of
EHR items and services, the recipient must pay 15 percent of the
donor's cost before receiving the items and services. The contribution
for updates to previously donated EHR items and services need not be
paid in advance of receiving the update; and
(ii) The donor (or any affiliated individual or entity) does not
finance the recipient's payment or loan funds to be used by the
recipient to pay for the items and services.
* * * * *
(14) For purposes of this paragraph (y), the following definitions
apply:
(i) Cybersecurity means the process of protecting information by
preventing, detecting, and responding to cyberattacks.
(ii) Health plan shall have the meaning set forth at Sec.
1001.952(l)(2).
(iii) Interoperable shall mean able to:
(A) Securely exchange data with and use data from other health
information technology; and
(B) Allow for complete access, exchange, and use of all
electronically accessible health information for authorized use under
applicable State or Federal law.
(iv) Electronic health record shall mean a repository of consumer
health status information in computer processable form used for
clinical diagnosis and treatment for a broad array of clinical
conditions.
* * * * *
(bb) * * *
(1) * * *
(iv) * * *
(B) Within 25 miles of the health care provider or supplier to or
from which the patient would be transported, or within 75 miles if the
patient resides in a rural area, as defined in this paragraph (bb)
except that, if the patient is discharged from an inpatient facility
following inpatient admission or released from a hospital after being
placed in observation status for at least 24 hours and transported to
the patient's residence, or another residence of the patient's choice,
the mileage limits in this paragraph (bb)(1)(iv)(B) shall not apply;
and
* * * * *
(2) * * *
(iii) The eligible entity makes the shuttle service available only
within the eligible entity's local area, meaning there are no more than
25 miles from any stop on the route to any stop at a location where
health care items or services are provided, except that if a stop on
the route is in a rural area, the distance may be up to 75 miles
between that stop and any providers or suppliers on the route;
* * * * *
(3) For purposes of this paragraph (bb), the following definitions
apply:
(i) An eligible entity is any individual or entity, except for
individuals or entities (or family members or others acting on their
behalf) that primarily supply health care items.
(ii) An established patient is a person who has selected and
initiated contact to schedule an appointment with a provider or
supplier, or who previously has attended an appointment with the
provider or supplier.
(iii) A shuttle service is a vehicle that runs on a set route, on a
set schedule.
(iv) A rural area is an area that is not an urban area, as defined
in paragraph (bb)(3)(v) of this section.
(v) An urban area is:
(A) A Metropolitan Statistical Area (MSA) or New England County
Metropolitan Area (NECMA), as defined by the Executive Office of
Management and Budget; or
(B) The following New England counties, which are deemed to be
parts of urban areas under section 601(g) of the Social Security
Amendments of 1983 (Pub. L. 98-21, 42 U.S.C. 1395ww (note)): Litchfield
County, Connecticut; York County, Maine; Sagadahoc County, Maine;
Merrimack County, New Hampshire; and Newport County, Rhode Island.
(cc)-(dd) [Reserved]
(ee) Care coordination arrangements to improve quality, health
outcomes, and efficiency. As used in section 1128B of the Act,
``remuneration'' does not include the exchange of anything of value
between a VBE and VBE participant or between VBE participants pursuant
to a value-based arrangement if all of the standards in paragraphs
(ee)(1) through (13) of this section are met:
(1) The remuneration exchanged:
(i) Is in-kind;
(ii) Is used predominantly to engage in value-based activities that
are directly connected to the coordination and management of care for
the target patient population and does not result in more than
incidental benefits to persons outside of the target patient
population; and
(iii) Is not exchanged or used:
(A) More than incidentally for the recipient's billing or financial
management services; or
(B) For the purpose of marketing items or services furnished by the
VBE or a VBE participant to patients or for patient recruitment
activities.
(2) The value-based arrangement is commercially reasonable,
considering both the arrangement itself and all value-based
arrangements within the VBE.
(3) The terms of the value-based arrangement are set forth in
writing and signed by the parties in advance of, or contemporaneous
with, the commencement of the value-based arrangement and any material
change to the value-based arrangement. The writing states at a minimum:
(i) The value-based purpose(s) of the value-based activities
provided for in the value-based arrangement;
(ii) The value-based activities to be undertaken by the parties to
the value-based arrangement;
(iii) The term of the value-based arrangement;
(iv) The target patient population;
(v) A description of the remuneration;
(vi) Either the offeror's cost for the remuneration and the
reasonable accounting methodology used by the offeror to determine its
cost, or the fair market value of the remuneration;
(vii) The percentage and amount contributed by the recipient;
(viii) If applicable, the frequency of the recipient's contribution
payments for ongoing costs; and
(ix) The outcome or process measure(s) against which the recipient
will be measured.
(4) The parties to the value-based arrangement establish one or
more legitimate outcome or process measures that:
(i) The parties reasonably anticipate will advance the coordination
and
[[Page 77890]]
management of care for the target patient population based on clinical
evidence or credible medical or health sciences support;
(ii) Include one or more benchmarks that are related to improving
or maintaining improvements in the coordination and management of care
for the target patient population;
(iii) Are monitored, periodically assessed, and prospectively
revised as necessary to ensure that the measure and its benchmark
continue to advance the coordination and management of care of the
target patient population;
(iv) Relate to the remuneration exchanged under the value-based
arrangement; and
(v) Are not based solely on patient satisfaction or patient
convenience.
(5) The offeror of the remuneration does not take into account the
volume or value of, or condition the remuneration on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(6) The recipient pays at least 15 percent of the offeror's cost
for the remuneration, using any reasonable accounting methodology, or
the fair market value of the in-kind remuneration. If it is a one-time
cost, the recipient makes such contribution in advance of receiving the
in-kind remuneration. If it is an ongoing cost, the recipient makes
such contribution at reasonable, regular intervals.
(7) The value-based arrangement does not:
(i) Limit the VBE participant's ability to make decisions in the
best interests of its patients;
(ii) Direct or restrict referrals to a particular provider,
practitioner, or supplier if:
(A) A patient expresses a preference for a different practitioner,
provider, or supplier;
(B) The patient's payor determines the provider, practitioner, or
supplier; or
(C) Such direction or restriction is contrary to applicable law
under titles XVIII and XIX of the Act; or
(iii) Induce parties to furnish medically unnecessary items or
services, or reduce or limit medically necessary items or services
furnished to any patient.
(8) The exchange of remuneration by a limited technology
participant and another VBE participant or the VBE must not be
conditioned on any recipient's exclusive use or minimum purchase of any
item or service manufactured, distributed, or sold by the limited
technology participant.
(9) The VBE, a VBE participant in the value-based arrangement
acting on the VBE's behalf, or the VBE's accountable body or
responsible person reasonably monitors and assesses the following and
reports the monitoring and assessment of the following to the VBE's
accountable body or responsible person, as applicable, no less
frequently than annually or at least once during the term of the value-
based arrangement for arrangements with terms of less than 1 year:
(i) The coordination and management of care for the target patient
population in the value-based arrangement;
(ii) Any deficiencies in the delivery of quality care under the
value-based arrangement; and
(iii) Progress toward achieving the legitimate outcome or process
measure(s) in the value-based arrangement.
(10) If the VBE's accountable body or responsible person
determines, based on the monitoring and assessment conducted pursuant
to paragraph (ee)(9) of this section, that the value-based arrangement
has resulted in material deficiencies in quality of care or is unlikely
to further the coordination and management of care for the target
patient population, the parties must within 60 days either:
(i) Terminate the arrangement; or
(ii) Develop and implement a corrective action plan designed to
remedy the deficiencies within 120 days, and if the corrective action
plan fails to remedy the deficiencies within 120 days, terminate the
value-based arrangement.
(11) The offeror does not and should not know that the remuneration
is likely to be diverted, resold, or used by the recipient for an
unlawful purpose.
(12) For a period of at least 6 years, the VBE or VBE participant
makes available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of this
paragraph (ee).
(13) The remuneration is not exchanged by:
(i) A pharmaceutical manufacturer, distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(v) Except to the extent the entity is a limited technology
participant, a manufacturer of a device or medical supply;
(vi) Except to the extent the entity or individual is a limited
technology participant, an entity or individual that sells or rents
durable medical equipment, prosthetics, orthotics, or supplies covered
by a Federal health care program (other than a pharmacy or a physician,
provider, or other entity that primarily furnishes services); or
(vii) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supplies.
(14) For purposes of this paragraph (ee), the following definitions
apply:
(i) Coordination and management of care (or coordinating and
managing care) means the deliberate organization of patient care
activities and sharing of information between two or more VBE
participants, one or more VBE participants and the VBE, or one or more
VBE participants and patients, that is designed to achieve safer, more
effective, or more efficient care to improve the health outcomes of the
target patient population.
(ii) Digital health technology means hardware, software, or
services that electronically capture, transmit, aggregate, or analyze
data and that are used for the purpose of coordinating and managing
care; such term includes any internet or other connectivity service
that is necessary and used to enable the operation of the item or
service for that purpose.
(iii) Limited technology participant means a VBE participant that
exchanges digital health technology with another VBE participant or a
VBE and that is:
(A) A manufacturer of a device or medical supply, but not including
a manufacturer of a device or medical supply that was obligated under
42 CFR 403.906 to report one or more ownership or investment interests
held by a physician or an immediate family member during the preceding
calendar year, or that reasonably anticipates that it will be obligated
to report one or more ownership or investment interests held by a
physician or an immediate family member during the present calendar
year (for purposes of this paragraph, the terms ``ownership or
investment interest,'' ``physician,'' and ``immediate family member''
have the same meaning as set forth in 42 CFR 403.902); or
(B) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services).
(iv) Manufacturer of a device or medical supply means an entity
that meets the definition of applicable manufacturer in 42 CFR 403.902
because it is engaged in the production, preparation, propagation,
compounding, or conversion of a device or medical supply that meets the
definition of covered drug, device, biological, or
[[Page 77891]]
medical supply in 42 CFR 403.902, but not including entities under
common ownership with such entity.
(v) Target patient population means an identified patient
population selected by the VBE or its VBE participants using legitimate
and verifiable criteria that:
(A) Are set out in writing in advance of the commencement of the
value-based arrangement; and
(B) Further the value-based enterprise's value-based purpose(s).
(vi) Value-based activity. (A) Means any of the following
activities, provided that the activity is reasonably designed to
achieve at least one value-based purpose of the value-based enterprise:
(1) The provision of an item or service;
(2) The taking of an action; or
(3) The refraining from taking an action; and
(B) Does not include the making of a referral.
(vii) Value-based arrangement means an arrangement for the
provision of at least one value-based activity for a target patient
population to which the only parties are:
(A) The value-based enterprise and one or more of its VBE
participants; or
(B) VBE participants in the same value-based enterprise.
(viii) Value-based enterprise or VBE means two or more VBE
participants:
(A) Collaborating to achieve at least one value-based purpose;
(B) Each of which is a party to a value-based arrangement with the
other or at least one other VBE participant in the value-based
enterprise;
(C) That have an accountable body or person responsible for
financial and operational oversight of the value-based enterprise; and
(D) That have a governing document that describes the value-based
enterprise and how the VBE participants intend to achieve its value-
based purpose(s).
(ix) Value-based enterprise participant or VBE participant means an
individual or entity that engages in at least one value-based activity
as part of a value-based enterprise, other than a patient acting in
their capacity as a patient.
(x) Value-based purpose means:
(A) Coordinating and managing the care of a target patient
population;
(B) Improving the quality of care for a target patient population;
(C) Appropriately reducing the costs to or growth in expenditures
of payors without reducing the quality of care for a target patient
population; or
(D) Transitioning from health care delivery and payment mechanisms
based on the volume of items and services provided to mechanisms based
on the quality of care and control of costs of care for a target
patient population.
(ff) Value-based arrangements with substantial downside financial
risk. As used in section 1128B of the Act, ``remuneration'' does not
include the exchange of payments or anything of value between a VBE and
a VBE participant pursuant to a value-based arrangement if all of the
following standards in paragraphs (ff)(1) through (8) of this section
are met:
(1) The remuneration is not exchanged by:
(i) A pharmaceutical manufacturer, distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or medical supply;
(vi) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services); or
(vii) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supplies.
(2) The VBE (directly or through a VBE participant, other than a
payor, acting on the VBE's behalf) has assumed through a written
contract or a value-based arrangement (or has entered into a written
contract or a value-based arrangement to assume in the next 6 months)
substantial downside financial risk from a payor for a period of at
least 1 year.
(3) The VBE participant (unless the VBE participant is the payor
from which the VBE is assuming risk) is at risk for a meaningful share
of the VBE's substantial downside financial risk for providing or
arranging for the provision of items and services for the target
patient population.
(4) The remuneration provided by, or shared among, the VBE and VBE
participant:
(i) Is directly connected to one or more of the VBE's value-based
purposes, at least one of which must be a value-based purpose defined
in Sec. 1001.952(ee)(14)(x)(A), (B), or (C);
(ii) Unless exchanged pursuant to risk methodologies defined in
paragraph (ff)(9)(i) or (ii) of this section, is used predominantly to
engage in value-based activities that are directly connected to the
items and services for which the VBE has assumed (or has entered into a
written contract or value-based arrangement to assume in the next 6
months) substantial downside financial risk;
(iii) Does not include the offer or receipt of an ownership or
investment interest in an entity or any distributions related to such
ownership or investment interest; and
(iv) Is not exchanged or used for the purpose of marketing items or
services furnished by the VBE or a VBE participant to patients or for
patient recruitment activities.
(5) The value-based arrangement is set forth in writing, is signed
by the parties in advance of, or contemporaneous with, the commencement
of the value-based arrangement and any material change to the value-
based arrangement, and specifies all material terms including:
(i) Terms evidencing that the VBE is at substantial downside
financial risk or will assume such risk in the next 6 months for the
target patient population;
(ii) A description of the manner in which the VBE participant
(unless the VBE participant is the payor from which the VBE is assuming
risk) has a meaningful share of the VBE's substantial downside
financial risk; and
(iii) The value-based activities, the target patient population,
and the type of remuneration exchanged.
(6) The VBE or VBE participant offering the remuneration does not
take into account the volume or value of, or condition the remuneration
on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(7) The value-based arrangement does not:
(i) Limit the VBE participant's ability to make decisions in the
best interests of its patients;
(ii) Direct or restrict referrals to a particular provider,
practitioner, or supplier if:
(A) A patient expresses a preference for a different practitioner,
provider, or supplier;
(B) The patient's payor determines the provider, practitioner, or
supplier; or
(C) Such direction or restriction is contrary to applicable law
under titles XVIII and XIX of the Act; or
(iii) Induce parties to reduce or limit medically necessary items
or services furnished to any patient.
(8) For a period of at least 6 years, the VBE or VBE participant
makes available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of this
paragraph (ff).
(9) For purposes of this paragraph (ff), the following definitions
apply:
[[Page 77892]]
(i) Substantial downside financial risk means:
(A) Financial risk equal to at least 30 percent of any loss, where
losses and savings are calculated by comparing current expenditures for
all items and services that are covered by the applicable payor and
furnished to the target patient population to a bona fide benchmark
designed to approximate the expected total cost of such care;
(B) Financial risk equal to at least 20 percent of any loss, where:
(1) Losses and savings are calculated by comparing current
expenditures for all items and services furnished to the target patient
population pursuant to a defined clinical episode of care that are
covered by the applicable payor to a bona fide benchmark designed to
approximate the expected total cost of such care for the defined
clinical episode of care; and
(2) The parties design the clinical episode of care to cover items
and services collectively furnished in more than one care setting; or
(C) The VBE receives from the payor a prospective, per-patient
payment that is:
(1) Designed to produce material savings; and
(2) Paid on a monthly, quarterly, or annual basis for a predefined
set of items and services furnished to the target patient population,
designed to approximate the expected total cost of expenditures for the
predefined set of items and services.
(ii) Meaningful share means the VBE participant:
(A) Assumes two-sided risk for at least 5 percent of the losses and
savings, as applicable, realized by the VBE pursuant to its assumption
of substantial downside financial risk; or
(B) Receives from the VBE a prospective, per-patient payment on a
monthly, quarterly, or annual basis for a predefined set of items and
services furnished to the target patient population, designed to
approximate the expected total cost of expenditures for the predefined
set of items and services, and does not claim payment in any form from
the payor for the predefined items and services.
(iii) Manufacturer of a device or medical supply, target patient
population, value-based activity, value-based arrangement, value-based
enterprise, value-based purpose, and VBE participant shall have the
meaning set forth in paragraph (ee) of this section.
(gg) Value-based arrangements with full financial risk. As used in
section 1128B of the Act, ``remuneration'' does not include the
exchange of payments or anything of value between the VBE and a VBE
participant pursuant to a value-based arrangement if all of the
standards in paragraphs (gg)(1) through (9) of this section are met:
(1) The remuneration is not exchanged by:
(i) A pharmaceutical manufacturer, distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or medical supply;
(vi) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services); or
(vii) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supplies.
(2) The VBE (directly or through a VBE participant, other than a
payor, acting on behalf of the VBE) has assumed through a written
contract or a value-based arrangement (or has entered into a written
contract or a value-based arrangement to assume in the next 1 year)
full financial risk from a payor.
(3) The value-based arrangement is set forth in writing, is signed
by the parties, and specifies all material terms, including the value-
based activities and the term.
(4) The VBE participant (unless the VBE participant is a payor)
does not claim payment in any form from the payor for items or services
covered under the contract or value-based arrangement between the VBE
and the payor described in paragraph (2).
(5) The remuneration provided by, or shared among, the VBE and VBE
participant:
(i) Is directly connected to one or more of the VBE's value-based
purposes;
(ii) Does not include the offer or receipt of an ownership or
investment interest in an entity or any distributions related to such
ownership or investment interest; and
(iii) Is not exchanged or used for the purpose of marketing items
or services furnished by the VBE or a VBE participant to patients or
for patient recruitment activities.
(6) The value-based arrangement does not induce parties to reduce
or limit medically necessary items or services furnished to any
patient.
(7) The VBE or VBE participant offering the remuneration does not
take into account the volume or value of, or condition the remuneration
on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(8) The VBE provides or arranges for a quality assurance program
for services furnished to the target patient population that:
(i) Protects against underutilization; and
(ii) Assesses the quality of care furnished to the target patient
population.
(9) For a period of at least 6 years, the VBE or VBE participant
makes available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of this
paragraph (gg).
(10) For purposes of this paragraph (gg), the following definitions
apply:
(i) Full financial risk means the VBE is financially responsible on
a prospective basis for the cost of all items and services covered by
the applicable payor for each patient in the target patient population
for a term of at least 1 year.
(ii) Prospective basis means that the VBE has assumed financial
responsibility for the cost of all items and services covered by the
applicable payor prior to the provision of items and services to
patients in the target patient population.
(iii) Items and services means health care items, devices,
supplies, and services.
(iv) Manufacturer of a device or medical supply, target patient
population, value-based activity, value-based arrangement, value-based
enterprise, value-based purpose, and VBE participant shall have the
meaning set forth in paragraph (ee) of this section.
(hh) Arrangements for patient engagement and support to improve
quality, health outcomes, and efficiency. As used in section 1128B of
the Act, ``remuneration'' does not include a patient engagement tool or
support furnished by a VBE participant to a patient in the target
patient population of a value-based arrangement to which the VBE
participant is a party if all of the conditions in paragraphs (hh)(1)
through (9) of this section are met:
(1) The VBE participant is not:
(i) A pharmaceutical manufacturer, distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or medical supply, unless the
patient engagement tool or support is digital health technology;
[[Page 77893]]
(vi) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy, a manufacturer of a device
or medical supply, or a physician, provider, or other entity that
primarily furnishes services);
(vii) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supply; or
(viii) A manufacturer of a device or medical supply that was
obligated under 42 CFR 403.906 to report one or more ownership or
investment interests held by a physician or an immediate family member
during the preceding calendar year, or that reasonably anticipates that
it will be obligated to report one or more ownership or investment
interests held by a physician or an immediate family member during the
present calendar year, even if the patient engagement tool or support
is digital health technology (for purposes of this paragraph, the terms
``ownership or investment interest,'' ``physician,'' and ``immediate
family member'' have the same meaning as set forth in 42 CFR 403.902).
(2) The patient engagement tool or support is furnished directly to
the patient (or the patient's caregiver, family member, or other
individual acting on the patient's behalf) by a VBE participant that is
a party to the value-based arrangement or its eligible agent.
(3) The patient engagement tool or support:
(i) Is an in-kind item, good, or service;
(ii) That has a direct connection to the coordination and
management of care of the target patient population;
(iii) Does not include any cash or cash equivalent;
(iv) Does not result in medically unnecessary or inappropriate
items or services reimbursed in whole or in part by a Federal health
care program;
(v) Is recommended by the patient's licensed health care
professional; and
(vi) Advances one or more of the following goals:
(A) Adherence to a treatment regimen determined by the patient's
licensed health care professional.
(B) Adherence to a drug regimen determined by the patient's
licensed health care professional.
(C) Adherence to a followup care plan established by the patient's
licensed health care professional.
(D) Prevention or management of a disease or condition as directed
by the patient's licensed health care professional.
(E) Ensure patient safety.
(4) The patient engagement tool or support is not funded or
contributed by:
(i) A VBE participant that is not a party to the applicable value-
based arrangement; or
(ii) An entity listed in paragraph (hh)(1) of this section.
(5) The aggregate retail value of patient engagement tools and
supports furnished to a patient by a VBE participant on an annual basis
does not exceed $500. The monetary cap set forth in this paragraph
(hh)(5) is adjusted each calendar year to the nearest whole dollar by
the increase in the Consumer Price Index--Urban All Items (CPI-U) for
the 12-month period ending the preceding September 30. OIG will publish
guidance after September 30 of each year reflecting the increase in the
CPI-U for the 12-month period ending September 30 and the new monetary
cap applicable for the following calendar year.
(6) The VBE participant or any eligible agent does not exchange or
use the patient engagement tools or supports to market other
reimbursable items or services or for patient recruitment purposes.
(7) For a period of at least 6 years, the VBE participant makes
available to the Secretary, upon request, all materials and records
sufficient to establish that the patient engagement tool or support was
distributed in a manner that meets the conditions of this paragraph
(hh).
(8) The availability of a tool or support is not determined in a
manner that takes into account the type of insurance coverage of the
patient.
(9) For purposes of this paragraph (hh), the following definitions
apply:
(i) Eligible agent means any person or entity that is not
identified in paragraphs (hh)(1)(i) through (viii) of this section as
ineligible to furnish protected tools and supports under this
paragraph.
(ii) Coordination and management of care, target patient
population, value-based arrangement, VBE, VBE participant, manufacturer
of a device or medical supply, and digital health technology shall have
the meaning set forth in paragraph (ee) of this section.
(ii) CMS-sponsored model arrangements and CMS-sponsored model
patient incentives.
(1) As used in section 1128B of the Act, ``remuneration'' does not
include an exchange of anything of value between or among CMS-sponsored
model parties under a CMS-sponsored model arrangement for which CMS has
determined that this safe harbor is available if all of the following
conditions are met:
(i) The CMS-sponsored model parties reasonably determine that the
CMS-sponsored model arrangement will advance one or more goals of the
CMS-sponsored model;
(ii) The exchange of value does not induce CMS-sponsored model
parties or other providers or suppliers to furnish medically
unnecessary items or services, or reduce or limit medically necessary
items or services furnished to any patient;
(iii) The CMS-sponsored model parties do not offer, pay, solicit,
or receive remuneration in return for, or to induce or reward, any
Federal health care program referrals or other Federal health care
program business generated outside of the CMS-sponsored model;
(iv) The CMS-sponsored model parties in advance of or
contemporaneous with the commencement of the CMS-sponsored model
arrangement set forth the terms of the CMS-sponsored model arrangement
in a signed writing. The writing must specify at a minimum the
activities to be undertaken by the CMS-sponsored model parties and the
nature of the remuneration to be exchanged under the CMS-sponsored
model arrangement;
(v) The parties to the CMS-sponsored model arrangement make
available to the Secretary, upon request, all materials and records
sufficient to establish whether the remuneration was exchanged in a
manner that meets the conditions of this safe harbor; and
(vi) The CMS-sponsored model parties satisfy such programmatic
requirements as may be imposed by CMS in connection with the use of
this safe harbor.
(2) As used in section 1128B of the Act, ``remuneration'' does not
include a CMS-sponsored model patient incentive for which CMS has
determined that this safe harbor is available if all of the following
conditions are met:
(i) The CMS-sponsored model participant reasonably determines that
the CMS-sponsored model patient incentive will advance one or more
goals of the CMS-sponsored model;
(ii) The CMS-sponsored model patient incentive has a direct
connection to the patient's health care unless the participation
documentation expressly specifies a different standard;
(iii) The CMS-sponsored model patient incentive is furnished by a
CMS-sponsored model participant (or by an agent of the CMS-sponsored
model participant under the CMS-sponsored model participant's direction
and control), unless otherwise specified by the participation
documentation;
(iv) The CMS-sponsored model participant makes available to the
[[Page 77894]]
Secretary, upon request, all materials and records sufficient to
establish whether the CMS-sponsored model patient incentive was
distributed in a manner that meets the conditions of this safe harbor;
and
(v) The CMS-sponsored model patient incentive is furnished
consistent with the CMS-sponsored model and satisfies such programmatic
requirements as may be imposed by CMS in connection with the use of
this safe harbor.
(3) For purposes of this paragraph (ii), the following definitions
apply:
(i) CMS-sponsored model means:
(A) A model being tested under section 1115A(b) of the Act or a
model expanded under section 1115A(c) of the Act; or
(B) The Medicare shared savings program under section 1899 of the
Act.
(ii) CMS-sponsored model arrangement means a financial arrangement
between or among CMS-sponsored model parties to engage in activities
under the CMS-sponsored model that is consistent with, and is not a
type of arrangement prohibited by, the participation documentation.
(iii) CMS-sponsored model participant means an individual or entity
that is subject to and is operating under participation documentation
with CMS to participate in a CMS-sponsored model.
(iv) CMS-sponsored model party means:
(A) A CMS-sponsored model participant; or
(B) Another individual or entity whom the participation
documentation specifies may enter into a CMS-sponsored model
arrangement.
(v) CMS-sponsored model patient incentive means remuneration not of
a type prohibited by the participation documentation that is furnished
to a patient under the terms of a CMS-sponsored model.
(vi) Participation documentation means the participation agreement,
legal instrument setting forth the terms and conditions of a grant or
cooperative agreement, regulations, or model-specific addendum to an
existing contract with CMS that specifies the terms of a CMS-sponsored
model.
(4) For purposes of remuneration that satisfies this paragraph
(ii), the safe harbor protects:
(i) For a CMS-sponsored model governed by participation
documentation other than the legal instrument setting forth the terms
and conditions of a grant or a cooperative agreement, the exchange of
remuneration between CMS-sponsored model parties that occurs on or
after the first day on which services under the CMS-sponsored model
begin and no later than 6 months after the final payment determination
made by CMS under the model;
(ii) For a CMS-sponsored model governed by the legal instrument
setting forth the terms and conditions of a grant or cooperative
agreement, the exchange of remuneration between CMS-sponsored model
parties that occurs on or after the first day of the period of
performance (as defined at 45 CFR 75.2) or such other date specified in
the participation documentation and no later than 6 months after
closeout occurs pursuant to 45 CFR 75.381; and
(iii) For a CMS-sponsored model patient incentive, an incentive
given on or after the first day on which patient care services may be
furnished under the CMS-sponsored model as specified by CMS in the
participation documentation and no later than the last day on which
patient care services may be furnished under the CMS-sponsored model,
unless a different timeframe is established in the participation
documentation. A patient may retain any incentives furnished in
compliance with paragraph (ii)(2) of this section.
(jj) Cybersecurity technology and related services. As used in
section 1128B of the Act, ``remuneration'' does not include nonmonetary
remuneration (consisting of cybersecurity technology and services) that
is necessary and used predominantly to implement, maintain, or
reestablish effective cybersecurity if all of the conditions in
paragraphs (jj)(1) through (4) of this section are met.
(1) The donor does not:
(i) Directly take into account the volume or value of referrals or
other business generated between the parties when determining the
eligibility of a potential recipient for the technology or services, or
the amount or nature of the technology or services to be donated; or
(ii) Condition the donation of technology or services, or the
amount or nature of the technology or services to be donated, on future
referrals.
(2) Neither the recipient nor the recipient's practice (or any
affiliated individual or entity) makes the receipt of technology or
services, or the amount or nature of the technology or services, a
condition of doing business with the donor.
(3) A general description of the technology and services being
provided and the amount of the recipient's contribution, if any, are
set forth in writing and signed by the parties.
(4) The donor does not shift the costs of the technology or
services to any Federal health care program.
(5) For purposes of this paragraph (jj) the following definitions
apply:
(i) Cybersecurity means the process of protecting information by
preventing, detecting, and responding to cyberattacks.
(ii) Technology means any software or other types of information
technology.
(kk) ACO Beneficiary Incentive Program. As used in section 1128B of
the Act, ``remuneration'' does not include an incentive payment made by
an ACO to an assigned beneficiary under a beneficiary incentive program
established under section 1899(m) of the Act, as amended by Congress
from time to time, if the incentive payment is made in accordance with
the requirements found in such subsection.
PART 1003--CIVIL MONEY PENALTIES, ASSESSMENTS AND EXCLUSIONS
0
3. The authority citation for part 1003 continues to read as follows:
Authority: 42 U.S.C. 262a, 1302, 1320-7, 1320a-7a, 1320b-10,
1395u(j), 1395u(k), 1395cc(j), 1395w-141(i)(3), 1395dd(d)(1),
1395mm, 1395nn(g), 1395ss(d), 1396b(m), 11131(c), and 11137(b)(2).
0
4. Section 1003.110 is amended--
0
a. In the definition of ``Remuneration'' by adding paragraph (10); and
0
b. By adding in alphabetical order a definition for ``Telehealth
technologies.''
The additions read as follows:
Sec. 1003.110 Definitions.
* * * * *
Remuneration * * *
* * * * *
(10) The provision of telehealth technologies by a provider of
services, physician, or a renal dialysis facility (as such terms are
defined for purposes of title XVIII of the Act) to an individual with
end-stage renal disease who is receiving home dialysis for which
payment is being made under part B of such title, if:
(i) The telehealth technologies are furnished to the individual by
the provider of services, physician, or the renal dialysis facility
that is currently providing the in-home dialysis, telehealth services,
or other end-stage renal disease care to the individual, or has been
selected or contacted by the individual to schedule an appointment or
provide services;
(ii) The telehealth technologies are not offered as part of any
advertisement or solicitation; and
(iii) The telehealth technologies are provided for the purpose of
furnishing telehealth services related to the individual's end-stage
renal disease.
* * * * *
[[Page 77895]]
Telehealth technologies, for purposes of paragraph (10) of the
definition of the term ``remuneration'' as set forth in this section,
means hardware, software, and services that support distant or remote
communication between the patient and provider, physician, or renal
dialysis facility for diagnosis, intervention, or ongoing care
management.
* * * * *
Christi A. Grimm,
Principal Deputy, Inspector General.
Alex M. Azar II,
Secretary.
[FR Doc. 2020-26072 Filed 11-20-20; 4:30 pm]
BILLING CODE 4152-01-P
