42 CFR Proposed Rule 2019-22027
Medicare and State Healthcare Programs: Fraud and Abuse; Revisions To Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary Penalty Rules Regarding Beneficiary Inducements
June 11, 2020
CFR

AGENCY:

Office of Inspector General (OIG), Department of Health and Human Services (HHS).

ACTION:

Proposed rule.

SUMMARY:

This proposed rule is being issued by the Office of Inspector General (OIG) in conjunction with the Department of Health and Human Services' Regulatory Sprint to Coordinated Care. It proposes to add, on a prospective basis only after a final rule is issued, safe harbor protections under the Federal anti-kickback statute for certain coordinated care and associated value-based arrangements between or among clinicians, providers, suppliers, and others that squarely meet all safe harbor conditions. It also would add protections under the anti-kickback statute and civil monetary penalty (CMP) law that prohibits inducements offered to patients for certain patient engagement and support arrangements to improve quality of care, health outcomes, and efficiency of care delivery that squarely meet all safe harbor conditions. The proposed rule would add a new safe harbor for donations of cybersecurity technology and amend the existing safe harbors for electronic health records (EHR) arrangements, warranties, local transportation, and personal services and management contracts. Further, the proposed rule would add a new safe harbor pursuant to a statutory change set forth in the Bipartisan Budget Act of 2018 (Budget Act of 2018) related to beneficiary incentives under the Medicare Shared Savings Program and a new CMP exception for certain telehealth technologies offered to patients receiving in-home dialysis, also pursuant to the Budget Act of 2018.

DATES:

To ensure consideration, comments must be delivered to the address provided below by 5 p.m. on December 31, 2019. The 75-day period for public comments being set forth in this proposed rule will serve to protect the public's interest in this rulemaking process by allowing for an opportunity for additional input and recommendations, without unduly delaying any final rulemaking.

ADDRESSES:

In commenting, please reference file code OIG-0936-AA10-P. Because of staff and resource limitations, we cannot accept comments by facsimile (fax) transmission. However, you may submit comments using one of three ways (no duplicates, please):

1. Electronically. You may submit electronic comments on this regulation to http://www.regulations.gov. Follow the “Submit a comment” instructions.

2. By regular, express, or overnight mail. You may send written comments to the following address: Office of Inspector General, Department of Health and Human Services, Attention: OIG-0936-AA10-P, Room 5521, Cohen Building, 330 Independence Avenue SW, Washington, DC 20201.

Please allow sufficient time for mailed comments to be received before the close of the comment period.

3. By hand or courier. If you prefer, you may deliver your written comments by hand or courier before the close of the comment period to: Office of Inspector General, Department of Health and Human Services, Cohen Building, Room 5521, 330 Independence Avenue SW, Washington, DC 20201.

Because access to the interior of the Cohen Building is not readily available to persons without Federal Government identification, commenters are encouraged to schedule their delivery with one of our staff members at (202) 619-0335.

Inspection of Public Comments: All comments received before the end of the comment period will be posted on http://www.regulations.gov for public viewing. Hard copies will also be available for public inspection at the Office of Inspector General, Department of Health and Human Services, Cohen Building, 330 Independence Avenue SW, Washington, DC 20201, Monday through Friday from 8:30 a.m. to 4 p.m. To schedule an appointment to view public comments, phone (202) 619-0335.

FOR FURTHER INFORMATION CONTACT:

Jillian Sparks or Meredith Williams, (202) 619-0335.

SUPPLEMENTARY INFORMATION:

Open Table
Social Security Act citation United States Code citation
1128B, 1128D, 1102, 1128A 42 U.S.C. 1320a-7b, 42 U.S.C. 1320a-7d, 42 U.S.C. 1302, 42 U.S.C. 1320a.-7a.

I. Executive Summary

A. Purpose and Need for Regulatory Action

The Secretary of Health and Human Services (the Secretary) has identified transforming our healthcare system to one that pays for value as one of the top priorities of the Department of Health and Human Services (the Department or HHS). Unlike the traditional fee-for-service (FFS) payment system, which rewards providers for the volume of care delivered, a value-driven healthcare system is one that pays for health and outcomes. Delivering better value from our healthcare system will require the transformation of established practices and enhanced collaboration among providers and other individuals and entities. The purpose of this proposed rule is to modify existing safe harbors to the anti-kickback statute and add new safe harbors and a new CMP law exception to remove potential barriers to more effective coordination and management of patient care and delivery of value-based care that improves quality of care, health outcomes, and efficiency.

Since the enactment in 1972 of the Federal anti-kickback statute, there have been significant changes in the delivery of, and payment for, healthcare items and services within the Medicare and Medicaid programs and for non-Federal payors and patients. This has included changes to traditional FFS Medicare (i.e., Medicare Parts A and B), Medicare Advantage, and states' Medicaid programs. For some time, the Department has worked to align payment under the Medicare program with the quality of the care provided to Federal health care program beneficiaries. Laws such as the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA),[1] the Deficit Reduction Act of 2005 (DRA),[2] and the Medicare Improvements for Patients and Providers Act of 2008 (MIPPA) [3] are among statutes that guided the Department's efforts to move toward healthcare delivery and payment reform. The Patient Protection and Affordable Care Act (ACA) [4] required or encouraged significant changes to the Medicare program's payment systems and provided the Secretary with broad authority to test and implement models to promote reforms, including through the Center for Medicare and Medicaid Innovation (the Innovation Center) within the Centers for Medicare & Medicaid Services (CMS).[5]

The Department has identified the broad reach of the Federal anti-kickback statute [6] and the CMP law provision prohibiting inducements to beneficiaries, the “beneficiary inducements CMP,” [7] as well as the Federal physician self-referral law (sometimes known as the Stark law),[8] as potentially inhibiting beneficial arrangements that would advance the transition to value-based care and improve the coordination of patient care among providers and across care settings in both the Federal health care programs and commercial sectors. Industry stakeholders have informed the Department that, because the consequences of potential noncompliance with the physician self-referral law and the Federal anti-kickback statute could be dire, providers, suppliers, and others may be discouraged from entering into innovative arrangements that would improve quality and health outcomes, produce health system efficiencies, and lower costs (or slow their rate of growth).

To address these concerns and accelerate the transformation of the healthcare system into one that better pays for value and promotes care coordination, HHS launched a Regulatory Sprint to Coordinated Care (Regulatory Sprint), led by the Deputy Secretary. This Regulatory Sprint aims to remove potential regulatory barriers to care coordination and value-based care created by four key healthcare laws and associated regulations: (i) The physician self-referral law, (ii) the Federal anti-kickback statute, (iii) the Health Insurance Portability and Accountability Act of 1996 (HIPAA),[9] and (iv) rules under 42 CFR part 2 related to substance use disorder treatment.

Through the Regulatory Sprint, HHS aims to encourage and improve:

  • A patient's ability to understand treatment plans and make empowered decisions;
  • providers' alignment on end-to-end treatment (i.e., coordination among providers along the patient's full care journey);
  • incentives for providers to coordinate, collaborate, and provide patients tools to be more involved in their own care; and
  • information sharing among providers, facilities, and other stakeholders in a manner that facilitates efficient care while preserving and protecting patient access to data.

In connection with the Regulatory Sprint, OIG issued a request for information (OIG RFI) regarding the Federal anti-kickback statute and beneficiary inducements CMP on August 27, 2018.[10] CMS published a Request for Information Regarding the Physician Self-Referral Law in June 2018 (CMS RFI).[11] In the OIG RFI, we sought feedback on ways in which we might modify or add new safe harbors to the Federal anti-kickback statute and exceptions to the beneficiary inducements CMP definition of “remuneration” to foster arrangements that would promote care coordination and advance the delivery of value-based care while also protecting patients and taxpayer dollars against harms caused by fraud and abuse. OIG received 359 comments in response to its RFI from a variety of individuals and organizations.

While most commenters strongly asserted the need for regulatory reform to the anti-kickback statute safe harbors and exceptions to the definition of “remuneration” under the beneficiary inducements CMP, a number of commenters acknowledged that increased regulatory flexibility could create program integrity vulnerabilities or increase the risk of harms associated with fraud and abuse and urged OIG to exercise caution and include adequate safeguards in any regulatory proposals. Comments supporting regulatory reform encompassed a number of themes, including requests for:

  • New safe harbors protecting financial arrangements among parties participating in alternative payment models (APMs), value-based arrangements, and care coordination activities;
  • safe harbor protection for financial arrangements with entities not participating in Innovation Center models, including commercial and self-pay APM arrangements;
  • additional protection for patient tools and supports, such as in-kind items and services to support patient compliance with discharge and care plans, services and supports to address unmet social needs affecting health, and expanded protections under the local transportation safe harbor;
  • enhanced safe harbor protection for transfers of information technology, data, and cybersecurity tools;
  • modifications to the current “patchwork” fraud and abuse waiver framework for Innovation Center models and the Medicare Shared Savings Program; and
  • a variety of protections for pharmaceutical and medical device manufacturer arrangements, including broad protections for drug and medical device manufacturer participation in value-based contracts, pricing arrangements, warranty arrangements, and APMs, as well as protection for coupons and other means of direct copayment assistance to Medicare Part D beneficiaries in certain situations.

B. Summary of OIG's Approach and Proposals

These proposed regulations are informed by comments and other internal and external sources of information, as well as our experience interpreting and applying the safe harbors and beneficiary inducements CMP exceptions to a wide variety of arrangements. In developing this proposed rule, OIG has followed several guiding principles. The first guiding principle has been to design proposed safe harbors that allow for beneficial innovations in healthcare delivery. The second guiding principle has been to avoid promulgating safe harbors and exceptions that drive such innovation to limited channels that may not reflect up-to-date understandings in medicine, science, and technology. The third guiding principle has been to design proposed safe harbors useful for a range of individuals and entities engaged in the coordination and management of patient care, including large and small practices and health systems, rural and urban providers and suppliers, primary care physicians and specialists, providers and suppliers contracting with public and private payors, clinically integrated networks, and looser affiliations of providers and suppliers collaborating to coordinate care for patients across the continuum of care.

Designing proposed safe harbors with these principles in mind is not without challenges and potential pitfalls, particularly with respect to ensuring sufficient safeguards against potential abuses and harms by those who might misuse the safe harbors. In this proposed rule, we have tried to strike the right balance between flexibility for beneficial innovation and safeguards to protect patients and Federal health care programs. No final determination has yet been made that the balance is correct with respect to each proposed safe harbor. Thus, no final determination has been made that the arrangements described in the proposals are, or should be, exempt from liability under the anti-kickback statute. To aid us in making that determination in a final rule, we solicit public comments throughout this proposed rule about whether we have achieved the proper balance such that the arrangements described in the proposed safe harbors should be protected from criminal liability under the anti-kickback statute. To this end, we caution that these proposed safe harbors remain subject to change through the rulemaking process, and that the types of arrangements described in this proposed rule remain subject to case-by-case review under the anti-kickback statute, and if applicable, the beneficiary inducements CMP, including with respect to the requisite intent of the parties. The proposed safe harbors, if finalized, specifically would address barriers to coordinated and value-based care posed by the Federal anti-kickback statute and the beneficiary inducements CMP and would have no application to any other law. In addition, any final safe harbors would provide only prospective protection.

OIG's mission is to protect the integrity of the Federal health care programs as well as the health and welfare of the people they serve. OIG prevents and detects fraud, waste, and abuse, and promotes economy, effectiveness, and efficiency in HHS programs. Stakeholders, including patients, depend upon OIG to be thoughtful, cautious, and deliberate in promulgating safe harbors to ensure that the arrangements the safe harbors protect do not inappropriately increase costs to the Federal health care programs or patients, corrupt practitioners' medical judgment, or result in overutilization, inappropriate patient steering, unfair competition, or poor-quality care. These abuses are sometimes characterized as traditional FFS fraud and abuse risks.

Model design characteristics common to properly structured value-based payment models could curb some traditional FFS risks. However, value-based payment models could present other risks, including stinting on care (underutilization), cherry picking lucrative or adherent patients, lemon dropping costly or noncompliant patients, and incentives to manipulate or falsify data used to verify performance and outcomes for payment purposes. In addition, emerging value-based payment models might present risks not yet identified by OIG or others in the healthcare industry. Many new models combine FFS and value-based payment features, subjecting providers to mixed incentives and potentially posing all or some of the risks raised by volume- and value-based payment. We seek comments on how best to address existing and emerging risks with respect to our proposals below, individually and collectively.

Section C of this Executive Summary and sections III and IV of this preamble summarize our specific proposals. Several proposals address particular types of value-based arrangements designed to promote care coordination and allow for outcomes-based payments. We have included a proposed safe harbor for arrangements that engage patients more actively in preventive care and adhering to treatment and care plans developed between them and their healthcare providers. We also are proposing a new safe harbor related to cybersecurity tools, as well as modifications to the existing safe harbors related to personal services arrangements, electronic health records, warranties, and local transportation.

Our proposals in this rulemaking focus on ensuring protected arrangements: (i) Promote coordinated patient care and foster improved quality, better health outcomes, and improved efficiency; and (ii) would not be misused to perpetrate fraud and abuse, including, for example, schemes in which patients receive unnecessary or substandard care or Federal health care programs are billed for medically unnecessary items or services. We have sought to strike an effective balance among the goals of clarity, objectivity, flexibility, safeguards (including accountability and transparency), and ease of implementation.

OIG and CMS coordinated closely to develop our respective proposed rulemakings in connection with the Regulatory Sprint and strove, where appropriate, to propose consistent terminology for value-based arrangements. In many respects, OIG's proposed rules for value-based arrangements are different or more restrictive than CMS's comparable proposals, in recognition of the differences in statutory structures and penalties. For some arrangements, we believe it is appropriate for the anti-kickback statute, which is a criminal, intent-based statute, to serve as “backstop” protection for arrangements that might be protected by a less restrictive exception to the civil, strict liability physician self-referral law. For any final rule, we would examine our rules in combination with any rules CMS may choose to finalize with the goal of creating an overall regulatory landscape that is well-coordinated and serves the intended purpose to allow for beneficial innovation; that is as streamlined as possible, consistent with program integrity considerations; and that provides strong protections for patients and programs, both in terms of promoting value and ensuring that the Government can take action to protect patients and address fraud or abuse. Arrangements that might be protected by a physician self-referral law exception, but might not be explicitly protected by an anti-kickback statute safe harbor, would not necessarily be unlawful under the anti-kickback statute. They would need to be examined on a case-by-case basis, including with respect to the intent of the parties. We note that OIG's proposed new safe harbor for cybersecurity items and services and modifications to the existing safe harbor for electronic health record items and services are closely aligned with CMS' proposals.

C. Summary of the Major Provisions

1. Anti-Kickback Statute and Safe Harbors

As described in more detail below, we propose to amend 42 CFR 1001.952 by modifying certain existing safe harbors to the anti-kickback statute and by adding safe harbors that would provide new protections or codify an existing statutory protection. Subject to definitions and conditions set forth in the proposed regulations, these proposed changes include:

  • Three proposed new safe harbors for certain remuneration exchanged between or among participants in a value-based arrangement (as further defined) that fosters better coordinated and managed patient care: (i) Care coordination arrangements to improve quality, health outcomes, and efficiency (1001.952(ee)); (ii) value-based arrangements with substantial downside financial risk (1001.952(ff)); and (iii) value-based arrangements with full financial risk (1001.952(gg)). These proposed safe harbors vary, among other ways, by the types of remuneration protected (in-kind or in-kind and monetary), the level of financial risk assumed by the parties, and the types of safeguards included as safe harbor conditions;
  • a proposed new safe harbor (1001.952(hh)) for certain tools and supports furnished under patient engagement and support arrangements to improve quality, health outcomes, and efficiency;
  • a proposed new safe harbor (1001.952(ii)) for certain remuneration provided in connection with a CMS-sponsored model, which should reduce the need for OIG to issue separate and distinct fraud and abuse waivers for new CMS-sponsored models;
  • a proposed new safe harbor (1001.952(jj)) for donations of cybersecurity technology and services;
  • proposed modifications to the existing safe harbor for electronic health records items and services (1001.952(y)) to add protections for certain cybersecurity technology included as part of an electronic health records arrangement, to update provisions regarding interoperability, and to remove the sunset date;
  • proposed modifications to the existing safe harbor for personal services and management contracts (1001.952(d)) to add flexibility with respect to outcomes-based payments and part-time arrangements;
  • proposed modifications to the existing safe harbor for warranties (1001.952(g)) to revise the definition of “warranty” and provide protection for warranties for one or more items and related services;
  • proposed modifications to the existing safe harbor for local transportation (1001.952(bb)) to expand and modify mileage limits for rural areas and for transportation for discharged patients; and
  • codification of the statutory exception to the definition of “remuneration” at section 1128B(b)(3)(K) of the Act related to ACO Beneficiary Incentive Programs for the Medicare Shared Savings Program (1001.952(kk)).

2. Civil Monetary Penalty Authorities

We propose to amend the definition of “remuneration” in the CMP rules at 42 CFR 1003.110 by interpreting and incorporating a new statutory exception to the prohibition on beneficiary inducements for “telehealth technologies” furnished to certain in-home dialysis patients, pursuant to section 50302(c) of the Budget Act of 2018.

We further note that, if finalized, the proposed new safe harbor for patient engagement and support arrangements (1001.952(hh)) and the proposed modifications to the local transportation safe harbor (1001.952(bb)) would by operation of law serve as exceptions to the beneficiary inducements CMP prohibition's definition of “remuneration.”

3. Costs and Benefits

There are no significant costs associated with the proposed regulatory revisions that would impose any mandates on State, local, or Tribal Governments or on the private sector.

II. Background

A. Anti-Kickback Statute and Safe Harbors

Section 1128B(b) of the Act, (42 U.S.C. 1320a-7b(b), the anti-kickback statute), provides for criminal penalties for whoever knowingly and willfully offers, pays, solicits, or receives remuneration to induce or reward the referral of business reimbursable under any of the Federal health care programs, as defined in section 1128B(f) of the Act (42 U.S.C. 1320a-7b(f)). The offense is classified as a felony and is punishable by fines of up to $100,000 and imprisonment for up to 10 years. Violations of the anti-kickback statute also may result in the imposition of CMPs under section 1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program exclusion under section 1128(b)(7) of the Act (42 U.S.C. 1320a-7(b)(7)), and liability under the False Claims Act (31 U.S.C. 3729-33).

The types of remuneration covered specifically include, without limitation, kickbacks, bribes, and rebates, whether made directly or indirectly, overtly or covertly, in cash or in kind. In addition, prohibited conduct includes not only the payment of remuneration intended to induce or reward referrals of patients but also the payment of remuneration intended to induce or reward the purchasing, leasing, or ordering of, or arranging for or recommending the purchasing, leasing, or ordering of, any good, facility, service, or item reimbursable by any Federal health care program.

Because of the broad reach of the statute, concern was expressed that some relatively innocuous business arrangements were covered by the statute and, therefore, potentially subject to criminal prosecution. In response, Congress enacted section 14 of the Medicare and Medicaid Patient and Program Protection Act of 1987, Public Law 100-93 (section 1128B(b)(3)(E) of the Act; 42 U.S.C. 1320a-7b(b)(3)(E)), which specifically requires the development and promulgation of regulations, the so-called safe harbor provisions, that would specify various payment and business practices that would not be subject to sanctions under the anti-kickback statute, even though they potentially may be capable of inducing referrals of business for which payment may be made under a Federal health care program.

Section 205 of HIPAA established section 1128D of the Act (42 U.S.C. 1320a-7d), which includes criteria for modifying and establishing safe harbors. Specifically, section 1128D(a)(2) of the Act provides that, in modifying and establishing safe harbors, the Secretary may consider whether a specified payment practice may result in:

  • An increase or decrease in access to healthcare services;
  • an increase or decrease in the quality of healthcare services;
  • an increase or decrease in patient freedom of choice among healthcare providers;
  • an increase or decrease in competition among healthcare providers;
  • an increase or decrease in the ability of healthcare facilities to provide services in medically underserved areas or to medically underserved populations;
  • an increase or decrease in the cost to Federal health care programs;
  • an increase or decrease in the potential overutilization of healthcare services;
  • the existence or nonexistence of any potential financial benefit to a healthcare professional or provider, which benefit may vary depending on whether the healthcare professional or provider decides to order a healthcare item or service or arrange for a referral of healthcare items or services to a particular practitioner or provider; or
  • any other factors the Secretary deems appropriate in the interest of preventing fraud and abuse in Federal health care programs.

We have considered these factors in designing our proposals. We are interested in public comments on these factors as they relate to our proposals. Properly structured and operated, we believe that the arrangements we propose to protect have the potential to increase access to care, increase quality of care, aid in the provision of items and services in underserved areas and to underserved populations, decrease costs to Federal health care programs, and decrease the potential for overutilization of healthcare services. We are concerned about reduced patient freedom of choice among providers, potential decreases in competition among health providers, and potential financial benefits to healthcare professionals or providers that may vary inappropriately based on their ordering decisions. We solicit comments on whether or not our proposals adequately address these or other undesired effects; if commenters believe the proposals would not adequately address these effects, we solicit comments on the degree to which such effects might occur and on additional safeguards to mitigate them.

In giving the Department the authority to protect certain arrangements and payment practices under the anti-kickback statute, Congress intended the safe harbor regulations to be updated periodically to reflect changing business practices and technologies in the healthcare industry.[12] Since July 29, 1991, there have been a series of final regulations published in the Federal Register establishing safe harbors in various areas.[13] These safe harbor provisions have been developed “to limit the reach of the statute somewhat by permitting certain non-abusive arrangements, while encouraging beneficial or innocuous arrangements.” [14]

Healthcare providers and others may voluntarily seek to comply with final safe harbors so that they have the assurance that their business practices would not be subject to any anti-kickback enforcement action. Compliance with an applicable safe harbor insulates an individual or entity from liability under the anti-kickback statute and the beneficiary inducements CMP only; individuals and entities remain responsible for complying with all other laws, regulations, and guidance that apply to their businesses.

In developing our proposals, we have taken into account information gleaned from a variety of sources: Industry stakeholder input, including through comments to the OIG RFI; learnings from OIG's work (e.g., fraud and abuse waivers for the Medicare Shared Savings Program and Innovation Center models, investigative and oversight work applying the fraud and abuse laws, and audits and evaluations of program effectiveness and efficiency); expertise from CMS and other HHS agencies; and other sources, including literature on care coordination and value-based payments.

B. Civil Monetary Penalty Authorities

1. Overview of OIG Civil Monetary Penalty Authorities

In 1981, Congress enacted the CMP law, section 1128A of the Act, 42 U.S.C. 1320a-7a, as one of several administrative remedies to combat fraud and abuse in Medicare and Medicaid. The law authorized the Secretary to impose penalties and assessments on persons who defrauded Medicare or Medicaid or engaged in certain other wrongful conduct. The CMP law also authorized the Secretary to exclude persons from Federal health care programs (as defined in section 1128B(f) of the Act, 42 U.S.C. 1320a-7b(f)) and to direct the appropriate State agency to exclude the person from participating in any State healthcare programs (as defined in section 1128(h) of the Act, 42 U.S.C. 1320a-7(h)). Congress later expanded the CMP law and the scope of exclusion to apply to all Federal health care programs, but the CMP applicable to beneficiary inducements remains limited to Medicare and State healthcare program beneficiaries. Since 1981, Congress has created various other CMP authorities covering numerous types of fraud and abuse.

2. The Beneficiary Inducements CMP and the Definition of “Remuneration”

Section 1128A(a)(5) of the Act, 42 U.S.C. 1320a-7a(a)(5), the “beneficiary inducements CMP,” provides for the imposition of civil monetary penalties against any person who offers or transfers remuneration to a Medicare or State healthcare program (including Medicaid) beneficiary that the benefactor knows or should know is likely to influence the beneficiary's selection of a particular provider, practitioner, or supplier of any item or service for which payment may be made, in whole or in part, by Medicare or a State healthcare program (including Medicaid). Section 1128A(i)(6) of the Act, 42 U.S.C. 1320a-7a(i)(6), defines “remuneration” for purposes of the beneficiary inducements CMP as including “transfers of items or services for free or for other than fair market value.” Section 1128A(i)(6) of the Act also includes a number of exceptions to the definition of “remuneration.”

Pursuant to section 1128A(i)(6)(B) of the Act, any practice permissible under the anti-kickback statute, whether through statutory exception or regulations issued by the Secretary, is also excepted from the definition of “remuneration” for purposes of the beneficiary inducements CMP. However, no parallel exception exists in the anti-kickback statute. Thus, the exceptions in section 1128A(i)(6) of the Act apply only to the definition of “remuneration” applicable to section 1128A.

Relevant to this proposed rulemaking, the Budget Act of 2018 created a new exception to the definition of “remuneration” for purposes of the beneficiary inducements CMP. This exception applies to “telehealth technologies” provided on or after January 1, 2019, by a provider of services or a renal dialysis facility to an individual with end-stage renal disease (ESRD) who is receiving home dialysis for which payment is being made under Medicare Part B.

III. Provisions of the Proposed Rule: Anti-Kickback Statute Safe Harbors

A. Value-Based Framework

This section provides background on, and an overarching summary of, the framework for value-based arrangements set forth in this proposed rulemaking; explains proposed terminology used in certain proposed safe harbors; and explains the specific safe harbor proposals to protect value-based arrangements (as defined in proposed paragraph 1001.952(ee)) designed to foster better care at lower cost through improved care coordination for patients.

Our proposals endeavor to remove real or perceived regulatory barriers to promote flexible, industry-led innovation in the delivery of more efficient and better coordinated healthcare. Further, consistent with emerging understandings of the benefits of better care coordination and the increasing adoption of value-based care and payment models in the healthcare industry, our proposals may support a more rapid transition from volume (e.g., FFS reimbursement for office visits, tests, or procedures) toward value (e.g., paying for patient or population outcomes).

1. Anti-Kickback Statute Implications of Care Coordination and the Value-Based Framework

Better care coordination—including more effective transitions for patients across the care continuum, less duplication of items and services, and open sharing of health data (consistent with privacy and security rules)—is integrally connected to advancing the transition to a value-based healthcare system. Care coordination arrangements, especially when linked to appropriate clinical or other value-driven outcomes, can help improve health and the patient experience of care; enable providers to participate successfully in value-based care and payment models; and advance the goals of value-based care: Delivering better health outcomes and maximizing desirable efficiency in healthcare delivery. For example, OIG's recent report entitled, “ACOs' Strategies for Transitioning to Value-Based Care: Lessons From the Medicare Shared Savings Program,” [15] highlights the tools—including care coordination arrangements—that certain accountable care organizations (ACOs) under the Medicare Shared Savings Program have deployed successfully to reduce costs and improve quality. Many of the strategies discussed in this report involve care coordination, care management, and patient engagement, including: engaging beneficiaries to improve their own health, managing beneficiaries with costly or complex care needs to improve their health outcomes, addressing behavioral health needs and social determinants of health, and using technology to increase information sharing among providers.[16]

Because care coordination often involves arrangements between providers that refer Federal health care program patients to one another and an exchange of remuneration, the anti-kickback statute may be implicated. Moreover, providing patients with remuneration to engage and support them in achieving better health outcomes may implicate both the anti-kickback statute and the beneficiary inducements CMP.

2. Balancing Innovation With Protection Against Fraud and Abuse Risks

To remove regulatory barriers to care coordination and support value-based arrangements, we are faced with the challenge of designing safe harbor protections for emerging healthcare arrangements. The optimal form, design, and efficacy of such emerging arrangements remain unknown or unproven. This is a key challenge of regulating during a period of innovation and experimentation. The challenge of designing appropriate safe harbors is exacerbated by: The substantial variation in care coordination and value-based arrangements contemplated by the healthcare industry (meaning that one-size-fits-all safe harbor designs may be less than optimal), variation among patient populations and provider characteristics, emerging health technologies and data capabilities, the still-developing science of quality and performance measurement, and our desire not to chill beneficial innovation.

It is sometimes difficult to gauge fraud and abuse risk in a rapidly evolving environment of substantial innovation, experimentation, and deployment of technology and digital data. In some cases, innovations and the availability of more actionable, transparent data may enhance program integrity and protect against fraud and abuse. There is a compelling concern that uncertainty and regulatory barriers—real or perceived—could prevent the best and most efficacious innovations from emerging and being tested in the marketplace. Our goal is to craft safe harbors that, if finalized, would protect arrangements that promote value, while also protecting against fraud, abuse and associated harms. Over time, we expect that best practices in care coordination and value-based payment will emerge.

3. Overview of Proposed Safe Harbors

We are proposing safe harbors for value-based arrangements, with greater flexibilities available to parties as they assume more downside financial risk for the cost and quality of care. This “tiered” structure is intended to support the transformation of industry payment systems and takes into account that arrangements involving higher levels of downside risk curb, at least to some degree, FFS incentives to order medically unnecessary or overly costly items and services. We propose these safe harbors, recognizing that the transition from an FFS to a value-based care and payment system will take time. Where parties may have both FFS and value-based payment incentives, we believe assuming downside financial risk from a payor for items and services furnished to patients helps mitigate incentives that often drive fraud and abuse present in traditional FFS.

For the purposes of this rule, the proposed safe harbors that require assumption of risk focus on value-based arrangements with substantial downside financial risk (1001.952(ff)) and value-based arrangements at full financial risk (1001.952(gg)). While these proposed safe harbors largely focus on the assumption of downside financial risk, we understand that participants in value-based arrangements may assume certain types of risk other than downside financial risk for items and services furnished to a target patient population (e.g., upside risk, clinical risk, operational risk, contractual risk, or investment risk).

We believe that our focus on downside financial risk is appropriate because the assumption of downside financial risk may shift the incentives that serve to influence those making the referring and ordering decisions, the conduct at the center of the anti-kickback statute. We solicit comments on whether, for purposes of a final rule, other types of risk would have a comparable effect. We are particularly interested in fact patterns that illustrate how other types of risk would operate to change ordering or referring behaviors of providers and suppliers that might still be paid on an FFS basis or otherwise help ensure that safe-harbored arrangements would serve appropriate value-based purposes.

Remuneration has at least two dimensions relevant to this proposed rulemaking: (i) Payments by payors; and (ii) remuneration exchanged between clinicians, providers, suppliers, and others. Payor payments that drive toward value include capitated payments and global budgets at one end of the “value-based payments” spectrum; shared savings and bundled payment mechanisms in the middle; and bonuses and reductions applied to FFS payments at the other end of the spectrum. Examples of remuneration exchanged among clinicians, providers, suppliers, and others include sharing staff, such as care coordinators, or technology, such as data analytics tools, to improve quality or efficiency or to achieve other performance or outcomes targets, whether set by payors or among themselves. In some cases, these parties also may have value-based payment arrangements among themselves, such as gainsharing or shared savings agreements.

We are proposing a suite of safe harbors that, if finalized, would address a variety of scenarios. Collectively, we believe these proposed safe harbors, in combination with existing safe harbors, would provide pathways for protection for most beneficial care coordination and value-based care and payment arrangements. In crafting these safe harbors, we have endeavored to be agnostic with respect to the composition of the value-based enterprise (VBE), a concept and defined term described further below, and scope of protected value-based arrangements to allow for innovation and experimentation in the healthcare marketplace and to foster a level playing field for those seeking safe harbor protection, whether they are large health systems or individual practitioners. The proposed safe harbors would cover value-based arrangements involving both publicly and privately insured patients.

The first proposed safe harbor, at 1001.952(ee), covers care coordination arrangements to improve quality, health outcomes, and efficiency (“care coordination arrangements” safe harbor). It covers certain in-kind remuneration, including services and infrastructure. The second proposed safe harbor, at 1001.952(ff), with greater flexibility, covers certain in-kind and monetary arrangements where the VBE is at substantial downside financial risk from a payor (as defined). The third proposed safe harbor, at 1001.952(gg), is for in-kind and monetary arrangements where the VBE is at full downside financial risk from a payor and allows for even more flexibility. In addition, we propose to protect certain outcomes-based compensation (regardless of whether it meets the criteria for substantial downside financial risk) under the rubric of “outcomes-based payments” through proposed modifications to the personal services and management contracts safe harbor at 1001.952(d), as discussed in the section III.J. below.

We are mindful of the role patient engagement can play in improved coordination of patient care and health outcomes. Thus, we are proposing a safe harbor at 1001.952(hh) for arrangements for patient engagement and support to improve quality, health outcomes, and efficiency (the “patient engagement and support” safe harbor). We are further proposing a separate safe harbor at 1001.952(ii) for care delivery and payment arrangements as well as beneficiary incentives pursuant to certain CMS-sponsored models, including Innovation Center models. This proposed safe harbor would largely, if not entirely, replace OIG's current model-by-model fraud and abuse waiver process for CMS-sponsored models. The requirements of each proposed safe harbor are discussed in detail below.

As always, all safe harbor conditions would need to be precisely met for safe harbor protections to apply. Many value-based arrangements and activities may qualify for existing safe harbor protections, including under the employees safe harbor (1001.952(i)), the EHR items and services safe harbor (1001.952(y)), the personal services and management contracts safe harbor (1001.952(d)), the local transportation safe harbor (1001.952(bb)), and the several safe harbors pertaining to health plans and managed care organizations set forth at 1001.952(l), (m), (t), and (u). Many others may not raise anti-kickback issues at all if they do not relate to Federal health care program beneficiaries or are not tied in any way to the volume or value of Federal health care program business. (Likewise, with respect to compliance with the beneficiary inducements CMP, patient engagement and support arrangements and activities may fit in existing exceptions to the CMP law, may be within applicable nominal value limits, or may not raise concerns under that statute if they do not relate to Medicare or Medicaid patients or are not likely to influence the selection of providers, practitioners, or suppliers.)

In the next section, we describe the proposed definitions for several key terms used in the proposed safe harbors for value-based arrangements at proposed paragraphs 1001.952(ee), (ff), and (gg) for care coordination arrangements, value-based arrangements with substantial downside financial risk, and value-based arrangements at full financial risk, respectively. We then describe each proposed safe harbor in detail. Related proposed modifications to the personal services and management contracts safe harbor (1001.952(d)) for outcomes-based payments (where there is no substantial downside financial risk) are described at section III.J. The patient engagement and support safe harbor is described at section III.F. The proposed safe harbor for CMS-sponsored models, including Innovation Center models, is described at section III.G.

B. Proposed Value-Based Terminology (1001.952(ee))

We propose definitions for key terms in paragraph 1001.952(ee). These terms are used consistently in several proposed safe harbors. The proposed defined terms are intended to work in conjunction with one another to describe the universe of value-based arrangements potentially eligible for proposed safe harbor protection and of individuals and entities that can engage in protected arrangements, provided all conditions of a specific safe harbor are squarely met.

Generally speaking, when read together, the proposed terminology and safe harbors are intended to protect care coordination and support value-based arrangements where, as a threshold matter, the arrangements are under the auspices of a VBE (of any size, and as further defined in proposed paragraph 1001.952(ee)) that is essentially a network of participants (such as clinicians, providers, or suppliers) that has agreed to collaborate to, for example: (i) Put the patient at the center of care through improved care coordination, (ii) increase efficiencies in the delivery of care, and (iii) improve quality of care and health outcomes for patients or populations. The VBE has value-based purposes and its participants enter into value-based arrangements for value-based activities to further those purposes.

Wherever possible and appropriate, it is our intent to align our proposed value-based terminology with those that CMS proposes in its notice of proposed rulemaking regarding the physician self-referral law, “Modernizing and Clarifying the Physician Self-Referral Regulations.” Because of the close nexus between the value-based terminology in our proposed rule and CMS's proposed terminology, we may also consider for purposes of making determinations for a final rule comments submitted about value-based terminology in response to CMS's proposed rule.

We use the term “value-based” in our proposed terminology in a non-technical way to signal value produced through improved care coordination, improved health outcomes, lower costs or reduced growth of costs for patients and payors, and improved efficiencies in the delivery of care. We recognize that our use of the words “value” and “value-based” here do not necessarily capture all dimensions of value in healthcare. We solicit comments on our approach, as well as comments on whether we should define “value” specifically in the final rule, and if so, how best to define “value” as it pertains to care coordination and value-based payment. For example, we are considering for the final rule whether “value” should be defined with reference to financial arrangements under advanced APMs (whether HHS or other payor models).

1. Value-Based Enterprise (VBE)

We propose to use the term “value-based enterprise” to describe the network of individuals and entities that collaborate together to achieve one or more value-based purposes (as defined in proposed paragraph 1001.952(ee)). As defined in this rulemaking, and as a general matter, the VBE would delineate the universe of individuals and entities participating in arrangements eligible for safe harbor protection, if all safe harbor conditions are fully met. The VBE also would be accountable for ensuring that such protected arrangements are conducted under the auspices of the VBE.

a. Two or More VBE Participants

First, we propose that VBE would mean two or more VBE participants (as defined in proposed paragraph 1001.952(ee)) that are collaborating to achieve at least one value-based purpose. VBEs may take many different forms, and we intend for the definition of “VBE” to be flexible. For example, a VBE could be as small as two individual physician practices collaborating to coordinate care for shared patients. The same term also could cover a formal or informal network of hospital systems, post-acute care providers, and physician practices. An accountable care organization or health system comprised of hospitals and physician practices, for example, could also constitute a VBE.

b. Party to a Value-Based Arrangement

Second, we propose that each VBE participant in the VBE must be a party to a value-based arrangement (as defined below) with at least one other VBE participant from the same VBE. In the case of a VBE comprised of two VBE participants, the two VBE participants would need to be engaged in a value-based arrangement with each other. We intend for this criterion to ensure that parties qualifying as part of a VBE are contributing to a value-based arrangement. Consistent with our intention to provide flexibility for innovation, VBE participants could engage in one or multiple value-based arrangements, so long as all of the value-based arrangements further the value-based purpose(s) of the VBE.

c. Accountable Body

Third, we propose that the VBE must have an accountable body (such as a board of directors or other governing body) or person (which, depending on the size and scope of the VBE, may be an entity, such as a hospital or physician practice that is among the VBE participants, or an individual) responsible for financial and operational oversight of the VBE. As part of its oversight role, we expect that the accountable body or responsible person would serve as the “gatekeeper” to the VBE, with a process and criteria to ensure that those admitted to the VBE after its formation as VBE participants have a legitimate role in the VBE and in VBE arrangements and that VBE participants are not participants in name only. In addition to ensuring operational and financial oversight, we believe the accountable body or responsible person would be positioned to identify program integrity issues and to initiate action to address them, as necessary and appropriate. We are considering for the final rule, and solicit comment on, whether the VBE or its participants should be required to have a compliance program that covers at least those value-based arrangements for which safe harbor protection is sought and whether the accountable body or person should have responsibility for the compliance program.

The arrangements that would be protected by these proposed safe harbors would not have the benefit of programmatic oversight comparable to CMS-sponsored models. Accordingly, we view this accountability criterion as important to ensure that arrangements operate for their designated value-based purpose(s) and as a key safeguard to ensure that value-based arrangements are aligned with at least one value-based purpose and not misused for purposes that raise program integrity concerns (e.g., arrangements that encourage providers to steer patients in ways that are not in the patients' best interests or stint on medically necessary care).

The oversight role may include, depending on the applicable proposed safe harbor at 42 CFR 1001.952(ee), (ff), and (gg) and how the applicable VBE effectuates safe harbor requirements, monitoring whether VBE participants are performing under their value-based arrangements in a manner that furthers the coordination and management of care for the target patient population. We are considering for the final rule a requirement that all VBE participants affirmatively recognize the oversight role of the accountable body or responsible person and explicitly agree to cooperate with its oversight efforts (e.g., by requiring the inclusion of a statement to this effect in the applicable written agreement).

We also are considering for the final rule whether the accountable body or responsible person (or some other party or parties to value-based arrangements addressed by the proposed safe harbors) should have more specific oversight responsibilities, such as oversight related to utilization of items and services, cost, quality of care, patient experience, adoption of technology, and the quality, integrity, privacy, and security of data related to the arrangement (such as outcomes, quality, and payment data). To facilitate effective oversight, we are considering for the final rule whether VBEs should be required to implement reporting requirements for their VBE participants or mechanisms for obtaining access to, and verifying, VBE participant data concerning performance under any value-based arrangement.

We welcome comments on this approach or any different or additional actions that may help ensure effective ongoing oversight.

We intend for VBEs to implement the criterion regarding the accountable body or responsible person in a manner that is tailored to the complexity and sophistication of the VBE. For example, a VBE involving two physician practices with a single value-based arrangement could designate one of the physician practices (or its compliance professional) as the individual responsible for this oversight. Where the VBE is larger and involves numerous sophisticated entities, it might be advisable and a best practice to create a separate governing body to serve as the accountable body, overseeing the VBE.

The proposed definition of “VBE” does not require the VBE's accountable body or responsible person to be independent of the interests of individual VBE participants (which would preclude a VBE participant from acting as the accountable body or responsible person) or to have a distinct duty of loyalty to the VBE. However, to provide further assurances that a VBE's accountable body or responsible person is acting in furtherance of the VBE's value-based purpose(s) and not any one VBE participant's individual interests, we are considering for the final rule imposing a standard requiring either independence or a duty of loyalty as a criterion of this definition or as a safe harbor requirement. We solicit comments on the benefits, burdens, and challenges of this approach.

d. Governing Document

Fourth, we propose that each VBE must have a governing document that describes the VBE and how the VBE participants intend to achieve its value-based purpose(s). The intent of this requirement is to provide transparency regarding the structure of the VBE, the VBE's value-based purpose(s), and the VBE participants' roadmap for achieving such purpose(s). This document may include any other terms the VBE participants deem important. The governing document need not be formal bylaws or in another specific format. Written documentation recording the terms of a value-based arrangement may serve as the required VBE governing document, provided it describes the enterprise and how the parties intend to achieve its value-based purpose(s).

e. VBE's Assumption of Downside Financial Risk

Lastly, we note that two of our proposed safe harbors require that a VBE has assumed downside financial risk from a payor. We anticipate that VBEs could contract with payors and other entities in a variety of ways. For example, a VBE comprised of a large number of VBE participants across a range of healthcare settings might create a standalone legal entity that enters into contracts directly with payors on the VBE participants' behalf. Alternatively, one VBE participant might contract with payors on behalf of other VBE participants within the VBE. In the latter example, the VBE would still be required to be at risk, but it would be through one of its VBE participants rather than through a contract directly with the payor.

2. Value-Based Arrangement

The proposed safe harbors at 42 CFR 1001.952(ee), (ff), and (gg) would protect remuneration paid or exchanged pursuant to a “value-based arrangement” if all conditions are met. We propose to define a value-based arrangement as “an arrangement for the provision of at least one value-based activity for a target patient population between or among: (A) The value-based enterprise and one or more of its VBE participants; or (B) VBE participants in the same value-based enterprise.” We intend for these requirements to ensure that each value-based arrangement is aligned with the VBE's value-based purpose(s) and subject to its financial and operational oversight. Our proposed definition is intended to capture arrangements for care coordination and certain other value-based activities among VBE participants within the same VBE.

Addressing each requirement of the definition in turn, we first propose to require that the value-based arrangement include at least one value-based activity (as defined in proposed paragraph 1001.952(ee)) to be undertaken by the parties. We would expect that many value-based arrangements would be comprised of multiple value-based activities.

Second, we propose that the value-based arrangement's value-based activities must be undertaken with respect to a target patient population (as defined in proposed paragraph 1001.952(ee)). That is, the value-based arrangement, and its value-based activities, must be tailored to meet the needs of a defined patient population. This element further ties the value-based arrangement to care coordination of patients and value-based goals. We note that the definition of “value-based arrangement” is broad enough to cover commercial and private insurer arrangements.

3. Target Patient Population

We propose to define “target patient population” as “an identified patient population selected by the VBE or its VBE participants using legitimate and verifiable criteria that: (A) Are set out in writing in advance of the commencement of the value-based arrangement; and (B) further the value-based enterprise's value-based purpose(s).” Our intent in defining this term is to protect value-based arrangements that serve an identifiable patient population for whom the value-based activities likely would improve health outcomes or lower costs (or both). By using the terms “legitimate and verifiable,” we seek to ensure the target patient population selection process is transparent and that VBE participants select their target patient population in an objective manner based on criteria that further the applicable value-based arrangement's value-based purpose(s). If VBE participants selectively include patients in a target patient population for purposes inconsistent with the objectives of a properly structured value-based arrangement (e.g., cherry picking or lemon dropping patients), we would not consider such a selection process to be based on “legitimate and verifiable criteria that further the value-based enterprise's value-based purpose(s).”

This proposed definition is not limited to Federal health care program beneficiaries. For example, VBE participants seeking to enhance access to, and usage of, primary care services for patients concentrated in a certain geographic region might base the target patient population on ZIP Code or county of residence. If a value-based arrangement is focused on enhancing care coordination for patients with a chronic disease, the target patient population might be patients with that disease (e.g., congestive heart failure). VBE participants might also, for example, use data to identify a target patient population at increased risk of developing a chronic disease for improved care coordination under a value-based arrangement.

We are considering for the final rule and solicit comments on limiting the definition of “target patient population” to patients with a chronic condition, or alternatively, limiting any or all of the proposed safe harbors that use the target patient population definition to value-based arrangements for patients with a chronic condition. We might effectuate this approach through changes to the scope of the target patient population definition or other definitions, including value-based activity, value-based arrangement, and value-based purpose.

This alternative proposal is in recognition that patients with chronic conditions may be more susceptible to comorbidities, requiring care across the health spectrum, and thus most likely to benefit from the care coordination central to this proposed rule. To the extent we include such a limitation in the final rule, either by definition or through a safe harbor requirement, we are considering how to define “chronic condition,” and whether OIG should cross-reference other Medicare or Medicaid program guidelines or rules related to chronic conditions. In particular, we are considering and seek comment on defining “chronic condition” as the list of 15 Special Needs Plans (SNP)-specific chronic conditions developed by the SNP Chronic Condition Panel, as may be modified from time to time.[17] As new chronic conditions are identified, and as existing conditions benefit from life-prolonging technological advances, we are mindful that any definition of “chronic condition” might need flexibility to expand to remain appropriately inclusive and consistent with clinical understandings.

As an additional alternative, we are considering for purposes of the final rule, and solicit comments on, limiting the definition of “target patient population” to patients with a shared disease state that would benefit from care coordination.

We seek comment on how best to address the need for flexibility in any final rule, especially should we limit a final safe harbor to patients with a chronic condition or shared disease state. Moreover, we are interested in feedback on impacts of such limitations on the ability of VBE participants to provide better coordinated care for other categories of patients, including patients discharged from hospitals following acute care, patients requiring maternal care, patients needing preventive care, and patients with mental health conditions.

Additionally, we solicit comments on whether we should replace “legitimate and verifiable” in this proposed definition with language that would require VBE participants to have more parameters and structure with respect to their selection of the target patient population and are considering whether use of the term “evidence-based” would achieve this goal. (Our proposed interpretation of “evidence-based” is addressed below in our discussion of the proposed safe harbor for care coordination arrangements.)

Last, we are considering for the final rule, and seek comments on, whether and if so how, parties other than VBE participants should or could be involved in selecting the target patient population. For example, we are considering for the final rule the role of payors in identifying or selecting the target patient population or establishing outcome measures with respect to a value-based arrangement. While payors might not be parties to a value-based arrangement, we believe many care coordination and other value-based arrangements may be entered into in order to achieve performance or outcome goals set by payors. We seek feedback on the potential benefit, including any reduced program integrity risks, of allowing or requiring payors to select either or both the target patient population and relevant outcome measures and targets (for purposes of the definitions, safe harbors, or both). If there would be benefit in doing so, we seek feedback on how best to implement such a permission or requirement. We also seek feedback on whether, for purposes of the final rule, we should treat as a favorable factor that a value-based arrangement (or outcomes-based payment arrangement) aligns its target patient population or its outcome measures and targets with payor-driven incentives.

4. Value-Based Activity

For purposes of these safe harbors, we propose that the term “value-based activity” would mean “any of the following activities, provided that the activity is reasonably designed to achieve at least one value-based purpose of the value-based enterprise: (A) the provision of an item or service; (B) the taking of an action; or (C) the refraining from taking an action.” “Value-based activity” does not include the making of a referral.

We are considering for the final rule whether to interpret “reasonably designed” to mean that the value-based activities set forth in the value-based arrangement are expected to further the value-based purpose of the arrangement. While this standard would not require that the value-based purpose actually be achieved, we are considering whether to require in the final rule that the VBE participants entering into the value-based arrangement engage in an evidence-based process to design value-based activities that they believe will reach such a goal. Our proposed interpretation of “evidence-based” for purposes of this proposed rule is addressed below in our discussion of the proposed care coordination arrangements safe harbor.

With this definition, we acknowledge that a “value-based activity” may encompass not only affirmative actions taken by VBE participants (e.g., providing care coordinators to help patients with complex needs navigate the transition from a hospital to their homes) but also instances of inaction (e.g., refraining from ordering certain items or services in accordance with a medically appropriate care protocol that reduces the number of required steps in a given procedure). Under no circumstances would simply making a referral constitute a “value-based activity.”

Lastly, we are considering for the final rule expressly excluding from the definition of “value-based activity” any activity that results in information blocking. Similar to the concerns articulated in the section detailing our proposed modifications to the electronic health records safe harbor, we seek to preclude from protection under our proposed safe harbors at 42 CFR 1001.952(ee), (ff), and (gg) any arrangement that may, on its face, meet our definition of “value-based activity” but that ultimately is used to engage in practices of information blocking (e.g., the donation of health information technology that may facilitate care coordination across providers participating in the VBE, but also prevents or unreasonably interferes with the exchange of electronic health information with other providers in order to lock-in referrals between such providers). Information blocking practices that may affect value-based activities include, but are not limited to, (i) locking electronic health information into the VBE or keeping it only between VBE participants, or (ii) preventing referrals or other electronic health information from leaving the VBE or being transmitted from a VBE participant to another healthcare provider. This exclusion would be based on the definition and exceptions for “information blocking” in the 21st Century Cures Act and the Office of the National Coordinator for Health Information Technology (ONC), HHS Notice of Proposed Rulemaking “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program,” to the extent such definition and exceptions are finalized.

5. VBE Participant

We propose to define “VBE participant” as “an individual or entity that engages in at least one value-based activity as part of a value-based enterprise.” Depending upon the terms and requirements of the value-based arrangement (and the conditions of the relevant safe harbor), “engaging in” a value-based activity may be, for example, (i) performing an action to achieve certain quality or outcome metrics and the providing or receiving of payment for such achievement, or (ii) coordinating care to achieve better outcomes or efficiencies (e.g., sharing staff or infrastructure to improve the discharge planning and care follow-up process between two VBE participants). Subject to the limitations proposed below, such term would broadly include clinicians, providers, and suppliers, as well as other individuals and entities. Potential VBE participants could be, by way of example only, physician practices, hospitals, payors, post-acute providers, pharmacies, chronic care and disease management companies, and social services organizations. Given that our proposed definition may encompass non-traditional healthcare entities, and our experience with respect to financial arrangements between such entities and providers and suppliers is limited, we are considering for the final rule, and solicit comments on, any fraud and abuse risks that financial arrangements with these entities may present and what, if any, additional safeguards we may need to place around these entities' participation in value-based arrangements under the proposed safe harbors.

a. Entities Not Included as VBE Participants

The “VBE participant” definition expressly excludes pharmaceutical manufacturers; manufacturers, distributors, or suppliers of durable medical equipment, prosthetics, orthotics or supplies (DMEPOS); and laboratories. On the basis of our historical enforcement and oversight experience, we are concerned that some companies within these types of entities, which are heavily dependent upon practitioner prescriptions and referrals, might misuse the proposed safe harbors primarily as a means of offering remuneration to practitioners and patients to market their products, rather than as a means to create value for patients and payors by improving the coordination and management of patient care, reducing inefficiencies, or lowering health care costs. For example, we are concerned that these entities might create arrangements styled as value-based arrangements that serve to tether clinicians or patients to the use of a particular product (e.g., a drug or implantable device, such as a device with a mechanical or physical effect on the body) when a different product could be more clinically effective for the patient. Moreover, pharmaceutical manufacturers, and manufacturers, distributors, and suppliers of DMEPOS, and laboratories are less likely to be on the front line of care coordination and treatment decisions in the same way as other types of proposed VBE entities, such as hospitals, physicians, and remote monitoring companies that provide care coordination and management tools and services directly to patients. We solicit comments on whether this assumption is correct, along with examples of the specific roles played by these entities in coordinating and managing care for patients.

We note that we received comments in response to the OIG RFI from pharmaceutical manufacturers seeking safe harbor protection for a variety of emerging outcomes-based and value-based contracting practices for their pharmaceutical products, as well as related patient medication adherence and similar programs. We also acknowledge that some pharmaceutical manufacturers may help facilitate care coordination and management of care through, for example, data analytics associated with their pharmaceutical products furnished to purchasers of their products. These kinds of manufacturer arrangements raise different program integrity issues from those addressed in this rulemaking and would likely require different safeguards. We are considering pharmaceutical manufacturers' role in coordination and management of care and may address it in future rulemaking. We may also consider specifically tailored safe harbor protection for value-based contracting and outcomes-based contracting for the purchase of pharmaceutical products (and potentially other types of products) in future rulemaking.

We are considering for the final rule whether some or all of the entities we propose to exclude from the definition of a “VBE participant” and from the proposed safe harbor for outcomes-based compensation under the personal services and management contracts safe harbor should be included in the definition of “VBE participant” and potentially protected by the applicable safe harbors. We are interested in comments with examples of how and the extent to which the entities we propose to exclude participate in the coordination and management of care for patients and whether and how they may be involved in providing beneficial health technology, including digital technology, used to coordinate and manage care and improve health outcomes. We also are considering and are interested in comments on additional safeguards we could include in the safe harbors to: (i) Prevent abusive marketing practices with respect to the items and services these entities (or other entities, not excluded from the proposed definition of “VBE participant”) sell to patients, payors, and providers (e.g., practices that include payments to physicians, hospitals, or patients to reward them for ordering the entity's products); (ii) protect clinical decision-making about products that are in the patient's best medical interests and patient freedom of choice; and (iii) reduce the risk of inappropriate cost-shifting to Federal health care programs and inappropriate increased costs to Federal health care programs. We are considering whether to include a safeguard, in the applicable proposed safe harbors, that would preclude protection for value-based arrangements and outcomes-based payments that include exclusivity requirements, such as a requirement that the VBE participant is the exclusive provider of care coordination items or services or the exclusive provider of a reimbursable item or service. We are further considering whether to impose certain heightened standards and conditions on certain entities that would receive safe harbor protection, such as enhanced monitoring, reporting, or data submission requirements or some or all of the conditions presented in the discussion of proposed 1001.952(ee) below.

While pharmaceutical manufacturers and other listed entities would not be eligible for protection under the proposed safe harbors for value-based arrangements, patient engagement and support, and revisions related to outcomes-based payments included in the personal services and management contracts safe harbor, other elements of this proposed rule would be available to them. As explained below, we propose certain other modifications to the personal services and management contracts safe harbor that would be available, including greater flexibility for part-time arrangements and arrangements in which the aggregate compensation is not known in advance. These entities also would be eligible under the proposed safe harbors for cybersecurity items and services and for CMS-sponsored models, as well as for the proposed modifications to the warranties safe harbor. Further, we solicit comments on potential revisions to the reporting requirements in the warranties safe harbor that could accommodate outcomes-based warranty arrangements that excluded manufacturers and suppliers may want to undertake. Lastly, we note that pharmaceutical manufacturers or other entities we propose to exclude from the definition of “VBE participant” may use the OIG's advisory opinion process for value-based or other arrangements they may want to undertake.

We are considering for the final rule, and seek comments on, whether we should exclude other entities from the definition of “VBE participant.” For example, we are considering excluding pharmacies (including compounding pharmacies) from the definition of “VBE participant.” We acknowledge that some pharmacies (and pharmacists) have the potential to contribute to the type of beneficial value-based arrangements this rulemaking is designed to foster (e.g., through medication adherence programs or educational services for patients with diabetes). However, pharmacies, like the entities we propose to exclude from the definition of “VBE participant,” primarily provide items, and we are concerned that their participation in value-based arrangements may not further the care coordination purposes of this rulemaking. We seek comments on beneficial arrangements pharmacies may want to undertake under the new value-based framework and any safeguards we could implement in the final rule if we were to allow such entities to participate in value-based arrangements eligible for safe harbor protection. We are further considering for the final rule whether specific types of pharmacies, such as compounding pharmacies, should be excluded as VBE participants even if others, such as retail and community pharmacies, are included. In particular, we are concerned that pharmacies that specialize in compounding pharmaceuticals may pose a heightened risk of fraud and abuse, as evidenced by our enforcement experience, and would not play a direct role in patient care coordination.

We also are considering for the final rule excluding pharmacy benefits managers (PBMs), wholesalers, and distributors from the definition of “VBE participant” for reasons comparable to those for excluding pharmaceutical manufacturers.[18] We may further consider the role of these entities in care coordination and management in future rulemaking. We are aware that PBMs are increasingly providing services related to the coordination of care for patients. We are interested in comments with examples demonstrating how PBMs engage in care coordination and management with healthcare providers and suppliers, as well as insights into the risks and benefits of including PBMs as VBE participants eligible to enter into value-based arrangements that could qualify for safe harbor protection if all conditions are satisfied.

b. Health Technology Companies

We are mindful that a growing number of companies are providing mobile health and digital technologies to physicians, hospitals, patients, and others for the coordination and management of patients and their healthcare, and such companies are eligible to be VBE participants under the proposed definition. These companies provide a range of services such as remote monitoring, predictive analytics, data analytics, care consultations, patient portals, and telehealth and other communications that may be used by providers, clinicians, payors, patients, and others to coordinate and manage care, improve the quality and safety of care, and increase efficiency. These companies also furnish a variety of devices, technologies, software, and applications that support their services, are used by customers to coordinate and monitor patient care and health outcomes (for individuals and populations), or are used directly by patients and their caregivers to monitor their health, manage treatment, and communicate and access patient medical information. For example, we are aware of companies that provide diabetes management services, leveraging devices that can be worn or attached to the body to monitor blood sugar levels and transmit that data, through an application to a cloud storage service, for review by patients and the clinicians managing the patients' diabetes care.

We are further aware that mobile health and digital health technology companies may be newer entrants to the healthcare marketplace or they may be existing companies. In some cases, they are existing healthcare companies that have developed new lines of business in digital health technology. For example, in some cases, they are companies that have historically manufactured medical devices reimbursed by Federal health care programs and have developed digital technologies that are used in conjunction with medical devices, such as pacemakers. It is our understanding that, depending on the company's business model, what is included as part of the Food and Drug Administration (FDA)-approved device, and payor coverage determinations, the digital technologies and associated functionalities may be included as part of the customer's cost of the medical device, or they may be part of a separate services arrangement.

These technologies hold promise for improving care coordination and health outcomes through monitoring of real-time patient data and detection and prevention of health problems. We are concerned, however, and solicit public comments, about the risk that some companies that manufacture medical devices covered by Federal health care programs, particularly implantable devices used in a hospital or ambulatory surgical center setting, might misuse value-based arrangements to disguise improper payments for care coordination intended as kickbacks to purchase the medical devices they manufacture. This concern arises from historical law enforcement experience, including large False Claims Act settlements involving kickbacks paid to physicians, hospitals, and ambulatory surgery centers to market various medical devices, such as devices used for invasive procedures; in some cases, these schemes resulted in patients getting medically unnecessary surgeries. OIG also has longstanding anti-kickback concerns about physician-owned distributorships because the financial incentives physician-owned distributorships offer to their physician-owners may induce the physicians both to perform more procedures (or more extensive procedures) than are medically necessary and to use the devices the physician-owned distributorships sell in lieu of other, potentially more clinically appropriate, devices.[19]

To address these concerns, we are considering for the final rule the exclusion of some or all device manufacturers under the definition of “VBE participant” and from protection under the various proposed safe harbors, including the exclusion from participation in outcomes-based payment arrangements under proposed 1001.952(d)(2) and (3). As with pharmaceutical manufacturers, it is not clear that all device manufacturers play a comparable role in the coordination and management of patient care as those entities proposed to come within the definition of a VBE participant. We solicit comments about this assumption and the roles that traditional device manufacturers play in care coordination and management. Also, as with issues raised by arrangements involving pharmaceutical manufacturers, we are considering future safe harbor rulemaking to address specifically tailored protection for value-based and outcomes-based contracting for device manufacturers. This proposed rule focuses primarily on arrangements to coordinate and manage the care of patients, and does not, for example, address purchase and sale arrangements for covered items and services. We may take up the issue of purchase and sale arrangements, including consideration of modifications to the discount safe harbor or additional modifications to the warranties safe harbor, in future rulemaking.

We recognize that defining a universe of device manufacturers that would be excluded would present difficulties, and we are interested in public feedback on the following issues. First, there is no specific definition of a device manufacturer or medical device manufacturer in the Medicare program. As explained below, in the absence of a Medicare definition, we are considering several other approaches. Second, any definition of the term “device manufacturer” may be so broad as to sweep in virtually any kind of device or health technology, including the kinds of digital and remote monitoring technology that may support and improve care coordination. Relatedly, given that many companies pursue multiple lines of business and that digital technologies are being integrated into traditional medical devices, it may not be possible to distinguish clearly a traditional medical device manufacturer from a health technology company.

OIG is considering for the final rule, and seeks comments regarding, whether to define medical device manufacturers using CMS's definition of “applicable manufacturer” in 42 CFR 403.902, which relates to the “Sunshine” provisions of the ACA (section 6002 of the ACA, which added section 1128G to the Act). We also are considering, and seek comment on, whether any definition of “device manufacturer” should include an entity that manufacturers any item that requires premarket approval by, or premarket notification to, the FDA or that is classified by the FDA as a medical device. We are further considering whether we could define a device manufacturer, in whole or in part, with respect to whether the item it manufactures is eligible for separate or bundled payment from a Federal health care program or other payor or is used in a test that is eligible for separate or bundled payment from a Federal health care program or other payor. We are considering whether the definition of a device manufacturer should include distributors or wholesalers when they are distributing or selling devices manufactured by a device manufacturer. With respect to these proposed definitional approaches, we solicit public comments on whether the proposals would be too broad or too narrow, including whether they would have the effect of excluding from the safe harbors companies that develop and provide digital or other health technologies for care coordination and patient engagement. We are interested in other recommended definitions that would exclude medical device manufacturers without limiting beneficial digital technologies, or recommended factors that we should consider if we were to craft a definition of “device manufacturer” or “medical device manufacturer.”

Finally, apart from excluding device manufacturers, we are considering, and solicit comments on, whether to include additional safeguards in the final safe harbors to mitigate risks of abuse. These safeguards might apply specifically to arrangements involving VBE participants that are health technology companies or device manufacturers or more broadly to all VBE participants. Specifically, as stated above, we are considering and are interested in comments on safeguards that (i) prevent abusive marketing practices with respect to the items and services these the companies sell to patients, payors, and providers (e.g., practices that include payments to physicians, hospitals, or patients to reward them for ordering the company's products); (ii) protect independent clinical decision making about products that are in the patient's best medical interests and patient freedom of choice; and (iii) reduce the risk of inappropriate cost-shifting or inappropriately increasing costs to Federal health care programs. We are considering whether to include a safeguard in the final rule that would preclude protection for value-based arrangements that include exclusivity requirements, such as a requirement that the VBE participant is the exclusive provider of care coordination items or services or the exclusive provider of a reimbursable item or service. We are furthering considering whether heightened standards and conditions could include enhanced monitoring, reporting, or data submission requirements or some or all of the conditions presented in the proposed rule's discussion of proposed 1001.952(ee).

c. Alternatives to “VBE Participant” Exclusion List

We are interested in comments on whether, instead of excluding broad categories of entities from the definition of “VBE participant,” we should distinguish among entities that would be included or excluded from the definition on the basis of factors such as product type, company structure, heightened fraud risk, or other features. We solicit similar input with respect to exclusions from the proposed revisions to the personal services and management contracts safe harbor related to outcomes-based payments.

Making distinctions by product or arrangement type might alleviate some of the difficulty presented by the increasing integration of healthcare company business lines and the movement of traditional healthcare companies into digital health technology. In this regard, we are considering for the final rule whether to address program integrity concerns regarding potentially abusive drug, device, DMEPOS, and laboratory arrangements by regulating the type of items, goods, or services that can be included in an arrangement eligible for safe harbor protection (under any of the proposed safe harbors) rather than regulating the types of entities included and excluded. For example, we might include arrangements involving the use of mobile or digital technology to coordinate care or achieve outcomes-based payments but exclude arrangements for the sale or distribution of implantable medical devices (e.g., devices with a mechanical or physical effect on the body) or durable medical equipment. In determining for a final rule which products or arrangements would be included and excluded from safe harbor protection, we would take into account any heightened fraud risk based on enforcement experience, CMS's experience administering provider enrollment, claims analysis, and other data sources. We are interested in feedback on which kinds of products or arrangements, if any, should be excluded from safe harbor protection based on heightened fraud risk and examples of such arrangements.

As another alternative to finalizing specific exclusions in the definition of “VBE participant,” we are considering excluding entities under the proposed paragraphs (ee), (ff), (gg), and (hh). These paragraphs could each include a condition excluding certain specified entities from protection under the safe harbor. Specifically, we would consider excluding from each of these safe harbors one or more of the following entities: Pharmaceutical manufacturers; manufacturers, distributors, or suppliers of DMEPOS; laboratories; pharmacies (including compounding pharmacies or only compounding pharmacies); device manufacturers; PBMs; pharmaceutical wholesalers; and pharmaceutical distributors. If we include safe harbor-specific conditions excluding certain specified entities from protection under each of (ee), (ff), (gg), and (hh), the entities excluded from each safe harbor could differ.

We also solicit public comment on how best to treat hospitals, health systems, and other types of entities that we have not proposed to exclude under the definition of “VBE participant” when they own or operate an entity that we propose to exclude, such as a DMEPOS supplier or laboratory. For example, we are considering for the final rule whether the exclusion should apply only to independent or free-standing DMEPOS suppliers and laboratories and to DMEPOS suppliers and laboratories owned or operated in whole or part by another entity excluded as a VBE participant. For the final rule, we are considering, and solicit comments on, how best to treat health systems and others that may be entering into the device or technology development arenas.

6. Value-Based Purpose

We propose to define a “value-based purpose” as: (i) Coordinating and managing the care of a target patient population; (ii) improving the quality of care for a target patient population; (iii) appropriately reducing the costs to, or growth in expenditures of, payors without reducing the quality of care for a target patient population; or (iv) transitioning from healthcare delivery and payment mechanisms based on the volume of items and services provided to mechanisms based on the quality of care and control of costs of care for a target patient population. With respect to purpose (iii), we are considering whether appropriately reducing the costs to, or growth in expenditures of, payors should be a value-based purpose only when there is improvement in patient quality of care or the parties are maintaining an improved level of care.

We intend for this definition to include infrastructure investment and operations necessary to redesign care delivery to better coordinate care for patients across settings, including technology, data analytics, and training. For example, this could include investing in application programming interface (API) technology that facilitates the exchange of data between VBE participants regarding the target patient population.

Each of our proposed safe harbors at 1001.952(ee), (ff), and (gg) requires that the protected arrangement include value-based activities that directly further the first of the four value-based purposes: The coordination and management of care for the target patient population. We are considering for the final rule, and seek comments on, whether we should include other objectives in the definition of “value-based purpose” to reflect our goal of promoting care coordination and the shift toward value-based care and whether any other or different objectives should be prerequisites to protection under our proposed safe harbors. We also are considering for the final rule, and solicit comments on, whether, instead of requiring that some value-based activities directly further the coordination and management of care, we require only that value-based activities be directly connected to, or be reasonably designed to achieve, any of the value-based purposes.

We propose that the first value-based purpose in the definition is the coordination and management of care for a target patient population. This purpose may include taking significant steps to prepare or position oneself to coordinate and manage the care of patients effectively. We propose to define “coordination and management of care” and “coordinating and managing care” synonymously to mean, for purposes of the anti-kickback statute safe harbors, the deliberate organization of patient care activities and sharing of information between two or more VBE participants or VBE participants and patients, tailored to improving the health outcomes of the target patient population, in order to achieve safer and more effective care for the target patient population.” [20] For example, such coordination might occur between hospitals and post-acute care providers, between specialists and primary care physicians, or between hospitals or physician practices and patients. Coordinating and managing care could include using care managers, providing care or medication management, creating a patient-centered medical home, helping with transitions of care, sharing and using health data to improve outcomes, or sharing accountability for the care of a patient across a continuum of care.[21] Importantly, our proposed definition of “coordination and management of care” relates only to the application of the proposed safe harbor regulations. Although other laws and regulations, including the physician self-referral law and associated regulations, may utilize the same or similar terminology, the definition and interpretations proposed here would not affect CMS's (or any other governmental agency's) interpretation or ability to interpret such term.

Through the proposed definition of “coordination and management of care,” we seek to distinguish between referral arrangements, which would not be protected, and legitimate care coordination arrangements, which naturally involve referrals across provider settings but include beneficial activities beyond the mere referral of a patient or ordering of an item or service. We are particularly concerned about distinguishing between coordinating and managing patient care transitions for the purpose of improving the quality of patient care or appropriately reducing costs, on one hand, and churning patients through care settings to capitalize on a reimbursement scheme or otherwise generate revenue, on the other. For example, the coordination and management of care of a target patient population would not include cycling patients through skilled nursing facilities (SNFs) and assisted living facilities for the purpose of maximizing revenue under any applicable Federal health care program reimbursement payment systems.

We are considering for the final rule, and solicit comments on, ways in which we could revise the definition of the “coordination and management of care” or additional elements we could include in the definition to protect against fraudulent and abusive practices that parties attempt to characterize as the coordination and management of patient care.

One approach we are considering for the final rule to address these concerns would be to preclude some or all protection under the proposed safe harbors for arrangements between entities that have common ownership. We might do this through refinements to the definition of “value-based arrangement” or by adding restrictions to one or more of the proposed safe harbors at paragraphs (ee), (ff), (gg), or (hh). We recognize that while this approach might protect against abusive cycling of patients for financial gain among entities with common ownership, it might also preclude protection for care coordination arrangements among entities in integrated health systems that could otherwise qualify for proposed safe harbor protection. We solicit comments on this potential exclusion, and specifically, how best to (i) define “common ownership”; and (ii) appropriately demarcate beneficial versus problematic financial arrangements between commonly owned entities. We are interested in feedback on the extent to which integrated health systems believe they need new safe harbor protection for care coordination arrangements in light of currently available protections.

We would not consider the provision of billing or administrative services to be the management of patient care for purposes of this proposed rulemaking; we would consider the sharing or use of health information technology and data to identify a target patient population, coordinate care, or measure outcomes to fit our definition.

We solicit comments on the unique intersection between cybersecurity and the coordination and management of care, and specifically, whether remuneration in the form of cybersecurity items or services could ever meet definition of the “coordination and management of care” for a target patient population. For example, we solicit feedback on whether we should consider cybersecurity items or services to only meet this defined term when such remuneration is donated and used in conjunction with health information technology that meets this definition of “coordination and management of care.” As entities engage in care coordination, increased connectivity and information exchanges may further the need for donating or sharing cybersecurity technology or services to ensure that appropriate cybersecurity safeguards are used to address the cybersecurity risks arising from connections among the entities engaged in care coordination. We recognize the patient safety risks and risk of harm attributed to cybersecurity vulnerabilities and threats.[22] We also solicit comments on whether parties should simply seek protection for cybersecurity items or services under the proposed cybersecurity safe harbor at 1001.952(jj) explained below.

In addition to undertaking value-based activities that are directly connected to the coordination and management of care for the target patient population, our proposed definition of “value-based purpose” recognizes that a VBE could have additional value-based purposes and qualify under the value-based framework, namely to: (i) Improve the quality of care for a target patient population; (ii) appropriately reduce the costs to, or growth in expenditures of, payors without reducing the quality of care for a target patient population; and (iii) transition from healthcare delivery and payment mechanisms based on the volume of items and services provided to mechanisms based on the quality of care and control of costs.

C. Care Coordination Arrangements to Improve Quality, Health Outcomes, and Efficiency Safe Harbor (42 CFR 1001.952(ee))

The first proposed safe harbor for value-based arrangements would protect certain care coordination arrangements. Numerous commenters to the OIG RFI noted that individuals and entities may promote value-based care and facilitate care coordination even when assuming no financial risk. We agree. This proposed safe harbor would protect in-kind remuneration exchanged between qualifying VBE participants with value-based arrangements that squarely satisfy all of the proposed safe harbor's requirements. (Certain monetary remuneration associated with care coordination or other value-based activities may be protected under other proposed safe harbors, including those at proposed 42 CFR 1001.952(ff), (gg), (ii), as well as the proposed modifications to the personal services and management safe harbor at 1001.952(d) for outcomes-based payment arrangements.)

Under this proposal, each offer of remuneration must be analyzed separately for compliance with the safe harbor. For example, in a value-based arrangement between a hospital and a SNF, the hospital might provide a behavioral health nurse to follow designated inpatients with mental health disorders in the event of discharge to the SNF. In turn, the SNF might provide certain staff to assist the hospital in coordinating designated patients' care through the discharge planning process or might provide office space for the behavioral health nurse. The hospital's offer of the behavioral health nurse to the SNF must be analyzed separately from the SNF's offer of certain staff members or office space to the hospital.

This proposed safe harbor does not require parties to bear or assume downside financial risk. We are concerned that the offer or provision of remuneration under value-based arrangements could present opportunities for the types of fraud and abuse traditionally seen in the FFS system, particularly where the parties offering or receiving the remuneration have not assumed downside financial risk for the care of the target patient population. For this reason and to ensure that the safe harbored arrangements operate to achieve their value-based purposes, we propose the conditions and safeguards described below.

1. Outcome Measures

We propose to require that parties to a value-based arrangement establish one or more specific evidence-based, valid outcome measures against which the recipient of remuneration will be measured, and which the parties reasonably anticipate will advance the coordination and management of care of the target patient population. We intend for the outcome measures to serve as benchmarks for assessing the recipient's performance under the value-based arrangement and advancement toward achieving the coordination and management of care for the target patient population. Accordingly, we expect such outcome measures to have a close nexus to the value-based activities undertaken by the parties to the value-based arrangement and to the needs of the target patient population.

For purposes of this proposed rule, we would consider “evidence-based” to mean the selected outcome measures must be grounded in legitimate, verifiable data or other information, whether the information is internal to one or more of the VBE participants or from a credible external source, such as a medical journal, social sciences journal, scientific study, an established industry quality standards organization, or results of a payor- or a CMS-sponsored model or quality program. For example, a specific evidence-based, valid outcome measure in the context of a hospital's provision of a care coordinator to a SNF could be an increase in the target patient population's average mobility functional score by a certain percentage over the course of a year, contributing to earlier, medically appropriate discharges of patients to their homes and fewer readmissions to acute care. We do not consider measures related to patient satisfaction or convenience (e.g., timeliness of appointments) to be valid outcome measures for purposes of this proposed requirement because we are concerned that such measures may not reflect actual improvement in the quality of patient care, health outcomes, or efficiency in the delivery of care. We solicit comments on whether there are categories of evidence-based outcomes measures in the areas of patient satisfaction or convenience that we should permit in the final rule because they reflect quality or efficiency of care.

Any identified evidence-based, valid outcome measures against which the recipient of remuneration will be measured should not simply reflect the status quo. Consequently, we are considering for the final rule an express requirement that outcome measures be designed to drive meaningful improvements in quality, health outcomes, or efficiencies in care delivery. We intend to provide flexibility given the range of arrangements that may be covered by the proposed safe harbor. For example, an outcome measure may drive meaningful improvements if it drives improvements that are measurable or that are more than nominal in nature. Additionally, we are considering for the final rule, and solicit comment on, whether the outcome measures requirement should be broader or narrower than the standard we are proposing.

We also are considering for the final rule, and solicit comments on, whether to require parties to rebase the outcome measures (i.e., reset the benchmark used to determine whether the outcome measure was achieved) where rebasing is feasible. We are considering whether parties should rebase measures (or determine whether rebasing is feasible) periodically or pursuant to a specified timeframe, such as at least every 1 year, 3 years, or other time period. We are interested in comments addressing whether and, if so, why the appropriate time frame for rebasing should depend on the type of outcome measure or nature of the arrangement, and what rebasing time periods would be best for different types of measures or arrangements. We are interested in feedback on whether rebasing should be tied to any relevant requirements set by payors. We further solicit comments on whether we should specify a particular party that should be responsible for implementing the rebasing and which party would be best positioned to do so (e.g., the VBE or the offeror of the remuneration). We would anticipate any rebasing requirement would align with the rebasing proposal set forth in our proposed modifications to the personal services and management contracts safe harbor related to outcomes-based payments.

If parties to a value-based arrangement revise the evidence-based, valid outcome measure(s) through an amendment during the term of the arrangement, the revised outcome measure(s) would need to continue to incentivize the recipient of the remuneration to make meaningful improvements. Were parties retrospectively to revise their outcome measures (e.g., modify the outcome measures and make such modifications effective 6 months prior), such revisions would raise questions regarding whether the modified measures were designed to obscure a lack of meaningful improvement by the recipient of the remuneration. For purposes of the final rule, we are considering whether to incorporate the CMS Quality Payment Program measures into the requirement to establish outcome measures.

As described below, the parties to the arrangement also must include a description of the outcome measure(s) in a signed writing, and the VBE, the VBE's accountable body or responsible person, or a VBE participant in the value-based arrangement acting on the VBE's behalf must monitor and assess the recipient's progress toward achieving the outcome measure(s). In addition, as described below, should the VBE's accountable body or responsible person determine through monitoring or otherwise that the value-based arrangement is (i) unlikely to achieve the evidence-based, valid outcome measure(s) or further the coordination and management of care for the target patient population or (ii) has resulted in material deficiencies in quality of care, the parties must terminate the arrangement within 60 days of such a determination or lose safe harbor protection thereafter.

We recognize that it may be difficult for parties giving information technology pursuant to a value-based arrangement to establish an outcome measure upon which to assess the recipient's performance that is “evidence-based” as we propose to interpret the term. For this reason, we are considering for the final rule imposing a requirement that information technology meet a different standard than the proposed specific evidence-based, valid outcome measures standard. Specifically, we may require an adoption and use standard (i.e., has the technology been adopted and used in a meaningful way for the intended purposes, such that it advances the coordination and management of care for the target patient population), a performance standard (i.e., has the technology been used to achieve a certain result, such as efficiencies), or a similar standard that serves as a benchmark for assessing a recipient's use of remuneration without requiring the parties to establish evidence-based outcome measures to measure performance. As part of this adoption and use, performance, or similar standard, we are considering requiring parties to a value-based arrangement for the provision of information technology to set forth, in a signed writing, the specific reasons for which the technology is being provided, which would be required to directly relate to health outcomes, patient care quality improvements, or the appropriate reduction in costs to, or growth in expenditures of, payors or patients. For example, parties giving information technology, such as accessibility to a patient portal or data analytics platform, would be required to have health-outcome, quality-related, or efficiency-related reasons, such as improving efficiencies by increasing patient access to health information.

In addition, under an adoption and use, performance, or similar standard, we may require that the parties set forth specific, meaningful measures that relate to the remuneration's intended purpose against which the recipient will be measured. For example, under an adoption and use standard, parties to a value-based arrangement may set a percentage adoption and use measure for a patient portal platform, pursuant to which the recipient would be measured by its adoption and use of the patient portal for a specified percentage of the target patient population.

Lastly, we are considering for the final rule adding the following safeguards for the exchange of information technology: (i) The requirements set forth in paragraph (4) of the current electronic health records items and services safe harbor (1001.952(y)), prohibiting making the receipt of items or services a condition of doing business with the offeror); (ii) a requirement limiting the time frame during which a recipient can receive information technology to, for example, 1, 3, or 5 years, after which time the recipient would be required to pay fair market value for the continued use of the information technology; and (iii) a remedy for the failure to achieve the applicable standard, such as discontinued use of the information technology.

2. Commercial Reasonableness

We propose to require that the value-based arrangement is commercially reasonable, considering both the arrangement itself and all value-based arrangements within the VBE. By way of example with respect to the first prong of the commercial reasonableness requirement, if VBE participants enter into a value-based arrangement to facilitate the sharing of patient-outcome data, it may be commercially reasonable for a hospital VBE participant to donate technology to a group practice VBE participant to facilitate this process. However, it may not be commercially reasonable for that same hospital VBE participant to donate technology substantially more sophisticated, or with enhanced functionality, beyond that necessary for communicating data on shared patients between the two parties. (We note that nothing would prevent the donation of technology with enhanced functionality when a value-based arrangement requires that capability or when technology without that functionality is not practicable.) With respect to the second prong of the commercial reasonableness assessment, again by way of example, a single value-based arrangement in which a hospital VBE participant provides a necessary number of care coordinators for the target patient population to a SNF VBE participant may be commercially reasonable. However, if a VBE includes multiple similar value-based arrangements, each of which involves the same hospital VBE participant furnishing care coordinators to the same SNF VBE participant for the same or a similar target patient population, the commercial reasonableness of the remuneration exchanged within the value-based arrangements in the aggregate may be suspect if it lacks a legitimate business purpose.

We are considering for the final rule whether to define “commercially reasonable arrangement” as an arrangement that would make commercial sense if entered into by reasonable entities of a similar type and size, even without the potential for referrals. We solicit comments on the need for a definition of “commercially reasonable arrangement,” and if we incorporate a definition, whether we should select this particular definition or an alternative definition.

3. Writing

To promote transparency and accountability, we propose a requirement that the value-based arrangement be set forth in a writing. We propose that the writing be signed by the parties and established in advance of, or contemporaneous with, the commencement of the value-based arrangement or any material change to the value-based arrangement. We propose that the writing state, at a minimum: (i) The value-based activities to be undertaken by the parties to the value-based arrangement; (ii) the term of the value-based arrangement; (iii) the target patient population; (iv) a description of the remuneration; (v) the offeror's cost for the remuneration; (vi) the percentage of the offeror's costs contributed by the recipient; (vii) if applicable, the frequency with which the recipient will make payments for ongoing costs; and (viii) the specific evidence-based, valid outcome measures against which the recipient would be measured. In the final rule, we would align the writing requirements in (v) and (vi) with the requirements for the contribution requirement described below; in other words, if we were to change the contribution requirements, we would correspondingly change the writing requirement.

We believe that a writing, setting forth the above terms in advance of, or contemporaneous with the commencement of or any material change to the value-based arrangement, constitutes a key safeguard to ensure that VBE participants are not using the value-based arrangement merely to incentivize and reward referrals of business. We are interested in comments regarding whether a requirement to have a single writing signed by all parties may be burdensome, especially for large-scale arrangements, and whether we should instead permit a collection of writings provided that every party to the arrangement has signed a writing acknowledging consent to the arrangement.

4. Limitations on Remuneration

a. In-Kind Remuneration

We propose to protect only in-kind, non-monetary remuneration, provided all other conditions of the safe harbor are met. (While monetary remuneration is not protected by this proposed safe harbor, certain outcomes-based payment arrangements may be protected by proposed modifications to the personal services and management contracts safe harbor, as subsequently addressed.) We further propose that this safe harbor would exclude protection for gift cards, regardless of whether they may be considered cash equivalents. By way of example, we intend for this safe harbor to allow a VBE participant to share a care coordinator with another VBE participant if the conditions of this safe harbor are met (including the proposed contribution requirement). However, this safe harbor would not protect cash provided from one VBE participant to another to hire a care coordinator. Lastly, we note that by virtue of our exclusion of monetary remuneration, the proposed safe harbor would not protect an ownership or investment interest in the VBE or any distributions related to an ownership or investment interest. In addition to our long-standing view that the exchange of monetary remuneration poses heightened and different fraud and abuse risks and thus should be subject to safeguards such as a fair market value requirement, we do not view the offer or receipt of ownership or investment interests as integral to the coordination and management of care for a target patient population.

b. Primarily Engaged in Value-Based Activities

We propose to require that the remuneration provided by, or shared among, VBE participants be used primarily to engage in value-based activities that are directly connected to the coordination and management of care of the target patient population. As set forth in proposed paragraph 1001.952(ee), we propose to define a “value-based activity” as “any of the following activities, provided that the activity is reasonably designed to achieve at least one value-based purpose of the value-based enterprise: (i) the provision of an item or service; (ii) the taking of an action; or (iii) the refraining from taking an action.” In the definition of “value-based activity”, we specify that it does not include the making of a referral. We also propose to require that the value-based arrangement be set forth in a signed writing stating the value-based activities to be undertaken by the parties in the value-based arrangement.

We recognize that in-kind remuneration exchanged for value-based activities may indirectly benefit patients outside of the scope of the value-based arrangement, and furthermore, that parties may find it difficult to anticipate or project the scope or extent of such “spillover” benefits. This, in and of itself, would not result in the loss of safe harbor protection, provided the parties primarily use the remuneration for its intended purposes (i.e., the specific value-based activities for which the remuneration is being provided, as set forth in the parties' signed writing). We are mindful of the need to provide parties with sufficient flexibility, while also minimizing the risks of potentially abusive arrangements that disguise remuneration unrelated to the coordination and management of care for the target patient population.

For purposes of the final rule, as an alternative to the requirement that remuneration exchanged between VBE participants be used primarily to engage in value-based activities, we are considering requiring that the remuneration exchanged be limited to value-based activities that only benefit the target patient population. Under this approach, arrangements with “spillover” benefits would not be protected by the safe harbor. We solicit comments on this alternative approach.

c. No Furnishing of Medically Unnecessary Items or Services or Reduction in Medically Necessary Items or Services

We propose to require that the remuneration exchanged not induce the parties to furnish medically unnecessary items or services or reduce or limit medically necessary items or services furnished to any patient. Remuneration that induces a provider to order or furnish unnecessary care is inherently suspect. In addition, a reduction in medically necessary services would be contrary to the goals of this rulemaking and, in some instances involving hospitals and physicians, could be a violation of the CMP law provision relating to gainsharing arrangements at sections 1128A(b)(1) and (2) of the Act (42 U.S.C. 1320a-7a(b)(1) and (2)).

d. No Remuneration From Individuals or Entities Outside the Applicable VBE

We propose that this safe harbor would not protect any remuneration funded by, or otherwise resulting from the contributions of, an individual or entity outside of the applicable VBE. This proposal is intended to ensure that protected arrangements are closely related to the VBE, that VBE participants are committed to the VBE and striving to achieve the coordination and management of care of the target patient population, and that non-VBE participants cannot indirectly use the safe harbor to protect arrangements that are designed to influence the referrals or decision making of VBE participants. For example, a pharmaceutical manufacturer could not circumvent the proposed exclusion of pharmaceutical manufacturers from the definition of “VBE participant” by providing funds to a third-party entity and then directing or otherwise controlling any aspect of the third-party entity's participation as a VBE or a VBE participant. We solicit comments on this approach and whether there may be defined, limited circumstances in which non-VBE participants should be able to contribute to a value-based arrangement eligible for safe harbor protection.

As a corollary to this requirement, we are considering for the final rule whether to require that remuneration be provided directly from the offeror to the recipient. This requirement would prohibit the involvement of individuals or entities other than the VBE or a VBE participant in the exchange of remuneration under a value-based arrangement, including, potentially, third-party vendors and contractors. We solicit comments on any practical impediments such as restriction would create.

5. The Offeror Does Not Take Into Account the Volume or Value of, or Condition Remuneration on, Business or Patients Not Covered Under the Value-Based Arrangement

We propose a requirement that prohibits the offeror of the remuneration from taking into account the volume or value of, or conditioning an offer of remuneration on: (i) Referrals of patients that are not part of the value-based arrangement's target patient population, or (ii) business not covered under the value-based arrangement. This proposal is modeled on a similar safeguard contained in the existing safe harbor at paragraph 1001.952(t)(1)(ii)(B), which provides that “neither party gives or receives remuneration in return for or to induce the provision or acceptance of business (other than business covered by the agreement) for which payment may be made in whole or in part by a Federal health care program on a fee-for-service or cost basis.” Our purpose in proposing this requirement is to prohibit protection for remuneration offered under the guise of a value-based arrangement when that remuneration actually is intended to induce referrals of patients or business not covered under the value-based arrangement (sometimes called “swapping” arrangements).

This requirement would exclude safe harbor protection for any remuneration that is explicitly or implicitly offered, paid, solicited, or received in return for, or to induce or reward, any referrals or other business generated outside of the value-based arrangement. Under our proposal, VBE participants could encourage referrals of the target patient population as part of value-based activities (e.g., a hospital could develop a “preferred network” of post-acute care providers that meet certain quality criteria). However, VBE participants could not offer remuneration in connection with the preferred network to induce business or the referral of patients that fall outside the scope of the value-based arrangement.

In lieu of the proposed requirement that prohibits the offeror of the remuneration from taking into account the volume or value of, or conditioning an offer of remuneration on: (i) Referrals of patients that are not part of the value-based arrangement's target patient population, or (ii) business not covered under the value-based arrangement, we are considering for the final rule, and solicit comments on, an alternative requirement that would require that the aggregate compensation paid by the offeror is not determined in a manner that takes into account the volume or value of referrals or business generated between the parties for which payment may be made by a Federal health program. While we believe that this condition could potentially better protect against bad actors who may seek to use the care coordination arrangements safe harbor as an affirmative defense for an unlawful referral arrangement or to disguise arrangements that result in unnecessary increases in utilization and expenditures, we seek comments on whether and to what extent this requirement might impede to goal of this rulemaking, namely to remove barriers for beneficial care coordination and value-based arrangements. We are interested in specific examples of arrangements that would be unable to use this safe harbor were we to adopt this requirement.

6. Contribution Requirement

The goal of this proposed rulemaking is to remove barriers to improved care coordination and to promote efficient, value-driven care. To this end, it is important that protected remuneration be used to facilitate the coordination and management of care for the target patient population. We are proposing a recipient contribution requirement as a safeguard to help ensure that the use of any remuneration exchanged pursuant to this safe harbor would be for the coordination and management of the target patient population's care.

Specifically, the proposed rule would condition safe harbor protection on the recipient's payment of at least 15 percent of the offeror's cost for the in-kind remuneration. This requirement is intended to mirror that set forth in the current electronic health records items and services safe harbor, 1001.952(y). We are considering for the final rule, and solicit comments on, whether we should require a more specific methodology for determining value, such as either the fair market value of the remuneration to the recipient or the reasonable value of the remuneration to the recipient. If we were to require that parties assess the fair market value of the remuneration to the recipient in order to determine the required contribution amount(s), we would not require parties to obtain an independent fair market valuation. We are interested in feedback on whether the method for determining the contribution requirement should be different for services than for goods.

We believe that requiring financial participation by a recipient should: Increase the likelihood that the recipient actually would use the care coordination items and services, ensure that the remuneration is well-tailored to the recipient, and promote the recipient's vested interest in achieving the intended purpose of the value-based arrangement, namely, furthering the coordination and management of care of the target patient population.

In proposing this contribution requirement, we solicit feedback on the proposed contribution amount, whether certain recipients, such as rural providers, small providers, Tribal providers, providers who serve underserved populations, or critical access hospitals should be exempted from the contribution requirement or pay a lower contribution percentage and if so, why. We are considering for the final rule alternative contribution amounts ranging from 5 percent to 35 percent and solicit comments on an appropriate amount (or amounts) that would invest recipients in using the remuneration they receive to advance the coordination and management of care of the target patient population, while still allowing flexibility for parties with fewer financial resources to engage in value-based arrangements. We are considering whether we should require different contribution amounts for different types of remuneration (e.g., a higher or lower contribution amount for technology and a higher or lower contribution amount for care coordinators or other services arrangements).

We also are considering whether in the final rule we should impose different contribution requirements for different recipients. Because a contribution requirement may impose a significant financial burden on certain recipients, we are considering for the final rule, and solicit comments on, whether a lower contribution amount, or no contribution amount, would be appropriate for arrangements involving certain providers with financial constraints, such as providers in rural or underserved areas, providers serving underserved populations, small providers, Tribal providers, and critical access hospitals.

For consideration of this potential contribution requirement condition, and whether a lower contribution amount, or no contribution amount, is appropriate for arrangements involving such providers, we cross-reference the proposals discussed more fully in relation to the electronic health records arrangements safe harbor's 15 percent contribution requirement. We will review and consider comments received about those proposals in relation to our consideration of this potential condition. Based on feedback on the contribution requirement in our existing electronic health records safe harbor, we are mindful of the potential administrative burdens of a contribution requirement and seek comments on this issue.

We also solicit comments on how to apply the contribution requirement for ongoing costs and unexpected “add-ons” (e.g., updates or upgrades to software that trigger additional costs). Under the proposed contribution requirement, if the remuneration represents a one-time cost, the recipient would be required to make a contribution in advance of receiving the remuneration. However, for any ongoing costs, the proposed rule would require that the recipient make any contributions on reasonable, regular intervals, with the frequency of such payments documented in writing. We are considering for the final rule, and seek comment on, an alternative requirement for the recipient to make a contribution with respect to the initial provision of remuneration but not with respect to any update, upgrade, or patch of the remuneration already provided. This is similar to an option being considering for the electronic health records arrangements safe harbor, 1001.952(y). We recognize that this alternative option may affect contribution requirements only for technology-based remuneration that is most likely to need upgrades, updates, and patches to continue operating as intended.

7. Requirements of a Value-Based Arrangement

a. Direct Connection to the Coordination and Management of Care

We propose that the value-based arrangement has a direct connection to the coordination and management of care for the target patient population. We interpret this requirement to mean that any remuneration offered pursuant to a value-based arrangement has a close nexus to the coordination and management of care for the target patient population, as opposed to the VBE participants' referral patterns and business generated. By way of example only, arrangements where VBE participants offer, or are required to provide, remuneration to receive referrals or to be included in a “preferred provider network” (i.e., “pay-to-play” arrangements) would not have a direct connection to the coordination and management of care. We are considering for purposes of the final rule, and solicit comments on, whether we should use alternative language to “direct connection” (e.g., “reasonably related and directly tied”) in order to better convey the close nexus that this safe harbor requires between each value-based arrangement and the coordination and management of care of a target patient population.

b. No Limitation on Decision Making; Restrictions on Directing or Restricting Referrals

We propose that the value-based arrangement must not limit parties' ability to make decisions in the best interests of their patients. That is, VBEs and VBE participants to a value-based arrangement must maintain their independent, medical, or other professional judgment. Additionally, we are aware that some payors and others, such as employers, direct or restrict where their networks or employees refer patients; moreover, we are aware that under some value-based arrangements, referrals would be directed within a network or continuum of preferred providers (based on quality and other legitimate considerations). We propose that, in addition to not limiting parties' ability to make referral decisions in the patients' best medical interests, value-based arrangements cannot direct or restrict referrals if: (i) A patient expresses a preference for a different practitioner, provider, or supplier; (ii) the patient's payor determines the provider, practitioner, or supplier; or (iii) such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act. This provision is intended, in part, to preserve patient freedom of choice among healthcare providers and ensure the VBE's and VBE participants' independent medical or professional judgment is not unduly restricted. That being said, we do not intend for this criterion to bar VBEs or VBE participants from communicating the benefits of receiving care from other VBE participants in the VBE.

c. No Marketing of Items or Services or Patient Recruitment Activities

We propose to exclude safe harbor protection for value-based arrangements that include marketing items or services to patients or patient recruitment activities. Our enforcement experience demonstrates that fraud schemes often involve the purchase of beneficiaries' medical identity or other inducements to lure beneficiaries to obtain unnecessary care. This proposed safe harbor condition would protect beneficiaries and make clear that such coercive arrangements are not value-based arrangements protected by the proposed safe harbor. Accordingly, the proposed safe harbor would offer flexibility to improve quality of care, health outcomes, and efficiency while limiting the risk of the value-based arrangement being used as a marketing or recruiting tool to generate federally payable business for a VBE participant. Specifically, this requirement would restrict any party to a value-based arrangement, or such party's agent, from marketing, or engaging in patient recruitment activities related to, any items or services offered or provided to patients in the target patient population under a value-based arrangement.

We do not intend for this limitation to prohibit a VBE participant that is a party to a value-based arrangement from educating patients in the target patient population regarding permissible value-based activities. For example, if a SNF or home health agency placed a staff member at a hospital to assist patients in the discharge planning process, and in doing so, the staff member educated patients regarding care management processes used by the SNF or home health agency, this would not constitute marketing of items and services (provided the staff member only worked with patients that had already selected the SNF or home health agency and SNF or home-health agency care was medically appropriate for such patient). However, if the SNF or home health agency placed a staff member at a hospital to market its services to hospital patients, the arrangement would not comply with this proposed requirement. We solicit comments on this approach.

8. Monitoring and Assessment

We propose a requirement that the VBE, a VBE participant in the value-based arrangement acting on the VBE's behalf, or the VBE's accountable body or responsible person monitors and assesses, no less frequently than annually, or once during the term of the value-based arrangement for arrangements with terms of less than 1 year: (i) The coordination and management of care for the target population in the value-based arrangement, (ii) any deficiencies in the delivery of quality care under the value-based arrangement, and (iii) progress toward achieving the evidence-based, valid outcome measure(s) in the value-based arrangement. We further propose to require that the party conducting such monitoring and assessment reports such monitoring and assessment to the VBE's accountable body or responsible person (if the VBE's accountable body or responsible person is not itself conducting the monitoring and assessment). Through this proposal, we seek to ensure that the VBE's accountable body or responsible person periodically assesses the parties' performance of certain key metrics under each value-based arrangement. We note that this proposal does not mandate how this monitoring should be performed. We intend for the monitoring to be tailored based on the complexity and sophistication of the VBE participants, the VBE, and the value-based arrangement and available resources. We are considering for the final rule, and solicit comments on, whether to require that both the party offering the remuneration and its recipient jointly conduct monitoring and assessment responsibilities. We further solicit comments on the role monitoring of utilization, referral patterns, and expenditure data could play in ensuring that the potential for abuses or gaming is reduced.

The proposed rule would further require that if the VBE's accountable body or responsible person determines, through reports of monitoring and assessment, that the value-based arrangement (i) is unlikely to further the coordination and management of care for the target patient population, (ii) has resulted in material deficiencies in quality of care, or (iii) is unlikely to achieve the evidence-based, valid outcome measure(s), the parties terminate the arrangement within 60 days of such a determination. To the extent the parties do not terminate an arrangement within 60 days of such determination, the parties would lose safe harbor protection under this proposal. We solicit comments on whether to adopt a longer or shorter timeframe for termination; our goal is a reasonable but also prompt termination of arrangements that are no longer serving the goals for which safe harbor protection is offered. In addition, we are considering for the final rule and seek comment regarding whether, in lieu of the proposed termination requirement for the above subsections (i) through (iii), the safe harbor should instead allow for remediation—within a reasonable timeframe—before any required termination.

We are not proposing to define “material deficiency in quality of care.” We believe that such “material deficiency” may vary depending on the nature of the VBE and the value-based arrangements of its VBE participants. Examples of a “material deficiency in quality of care” may include, but are not limited to, identified instances of potential patient harm or a pattern of diminished quality of care.

Our proposals with respect to monitoring and assessment stem from a recognition that most arrangements protected by this proposed care coordination arrangements safe harbor would not be subject to governmental programmatic requirements, oversight, or monitoring comparable to CMS-sponsored models. Accordingly, to aid in protecting against abusive arrangements, to further facilitate the government's understanding and awareness of value-based arrangements and their impacts on Federal health care program beneficiaries and expenditures, and to create incentives for VBEs to exercise due diligence when establishing them, we are considering for the final rule requiring VBEs to submit certain data to the Department that would identify the VBE, VBE participants, and value-based arrangements, as a requirement for safe harbor protection. We solicit comments on whether such a requirement would present compliance or operational burdens for VBEs seeking the protection of this safe harbor.

Were such a proposal finalized, required data might include the National Provider Identifier (NPI) number or other identifying information of each VBE participant in the VBE, each party participating in the value-based arrangement, as well as information regarding the arrangement, such as its duration. This data could be used, for example, by the government for data analysis to understand whether value-based arrangements are associated with increased or decreased utilization or outlier levels of utilization (taking into account that in some value-based arrangements one would expect to see increased utilization of some types of items and services and decreases in others). Should we adopt this approach, information would be submitted in a form and manner and at times specified by the Secretary in guidance. We solicit comments on the types of data that the parties availing themselves of safe harbor protection should be required to submit to the Department, potential reporting and compliance burdens for small and large value-based enterprises, and any different or additional actions that may help ensure appropriate oversight.

9. No Diversion, Resell, or Use for Unlawful Purposes

We propose that the exchange of remuneration under this safe harbor would not be protected if the offeror knows or should know that the remuneration is likely to be diverted, resold, or used by the recipient for an unlawful purpose. Here, we state expressly what is otherwise implicit in the design of a value-based arrangement under this proposed safe harbor: The exchange of remuneration that the offeror knows or should know is likely to be diverted, resold, or used by the recipient for purposes other than the coordination and management of care of a target patient population would not be protected.

10. Materials and Records

To ensure transparency, we propose a requirement that VBE participants or the VBE make available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this safe harbor. We are not proposing parameters regarding the creation or maintenance of documentation to allow VBE participants the flexibility to determine what constitutes best documentation practices, but welcome comments on whether such parameters may be needed. In particular, we seek comment regarding whether we should require, in the final rule, a requirement that parties maintain materials and records sufficient to establish compliance with the conditions of this safe harbor for a set period of time (e.g., at least 6 years or 10 years).

11. Possible Additional Safeguards

a. Bona Fide Determination

We are considering for the final rule a condition that would require that, in advance of, or contemporaneous with, the commencement of the applicable value-based arrangement, the VBE's accountable body or responsible person make two bona fide determinations with respect to the value-based arrangement. First, we are considering a condition requiring that the accountable body or responsible person make a bona fide determination that the value-based arrangement is directly connected to the coordination and management of care for the target patient population. Second, we are considering a condition requiring that the accountable body or responsible person make a bona fide determination that the value-based arrangement is commercially reasonable, considering both the arrangement and all value-based arrangements within the VBE.

b. Cost-Shifting Prohibition

We are considering for the final rule, and seek comment on, a condition prohibiting VBEs or VBE participants from billing Federal health care programs, other payors, or individuals for the remuneration; claiming the value of the remuneration as a bad debt for payment purposes under a Federal health care program; or otherwise shifting costs to a Federal health care program, other payors, or individuals.

This proposal would not exclude arrangements from safe harbor protection that involve legitimate shifting of some costs that result from achieving care coordination goals or other value-based purposes. For example, depending on the arrangement, one might expect to see increases in primary care costs or costs for care furnished in home and community settings paired with reductions in unnecessary hospitalizations, duplicative testing, and emergency room visits; one also might see increases in remote monitoring or care management services.

c. Fair Market Value Requirement and Restriction on Remuneration Tied to the Volume or Value of Referrals

Commenters to the OIG RFI pointed to fair market value requirements and restrictions on remuneration based on the volume or value of business in existing safe harbors as barriers to arrangements that facilitate coordinated and value-based care, so we have crafted this proposed safe harbor without them, relying instead upon other program integrity safeguards. However, fair market value requirements and restrictions that prohibit paying remuneration based on the volume or value of referrals help ensure that protected payments are for legitimate purposes and are not kickbacks. We have endeavored to draft this safe harbor to distinguish between beneficial care coordination arrangements and payment-for-referral schemes that do not serve, and may be contrary to, the goals of coordinated care and the shift to value. We solicit comments from stakeholders for safeguards that may help distinguish payments to reward or induce referrals from remuneration provided to promote or support legitimate care coordination activities.

To this end, we are considering as an alternate proposal for the final rule's care coordination arrangements safe harbor: (i) Whether we should include a fair market value requirement on any remuneration exchanged pursuant to a value-based arrangement, and (ii) whether we should include a further or alternate requirement prohibiting VBE participants from determining the amount or nature of the remuneration they offer, or the VBE participants to whom they offer such remuneration, in a manner that takes into account the volume or value of referrals or other business generated, including both business or patients that are part of the value-based arrangement and those that are not. To the extent these requirements would impede value-based and care coordination arrangements, we are interested in feedback on potential, alternative safe harbor conditions that might mitigate such effects.

We are further considering for the final rule whether we could best achieve the goals of this rulemaking through a safe harbor design that requires value-based arrangements to be fair market value but that does not prohibit determining the amount or nature of the remuneration on the volume or value of referrals or other business generated. This approach would recognize the anti-kickback statute compliance challenge that the restriction on the volume or value of referrals or other business generated poses for arrangements that inherently reflect the volume of patients for whom care is coordinated or the value of services offered under a value-based arrangement. In addition, or as an alternative, we are considering a restriction that would prohibit remuneration based directly on the volume or value of business generated between the parties (thus permitting remuneration based indirectly on the volume or value of referrals or other business generated between the parties).

d. Additional Requirements for Dialysis Providers

Dialysis providers furnish vital services to patients with critical and extensive care needs. Patients with end stage renal disease (ESRD) stand to benefit substantially from better coordinated, more efficient care as envisioned by this proposed rule. Dialysis providers play a central role in coordinating the care of individuals with ESRD. However, the dialysis industry has unique attributes—in particular, market dominance by a limited number of dialysis providers—that may increase fraud and abuse risks attendant to financial relationships between dialysis providers and others. We are concerned that present levels of market consolidation could impact access to dialysis care, quality of care, and associated health outcomes.[23] In addition, we are concerned that, because of the aforementioned market dominance of a limited number of providers, the conduct that would be protected by this proposed safe harbor could lead to a decrease in competition among dialysis providers. We seek comment on whether and how the potential protection of financial arrangements between dialysis providers and others under this proposed safe harbor could affect the concentration of the dialysis market, access to care, quality of care, and associated health outcomes. We are considering whether to include in the final rule certain conditions specific to dialysis providers to further ensure that their care coordination arrangements operate to improve the management and care of patients and are not pay-for-referral schemes. These conditions could include enhanced monitoring, reporting, or data submission requirements or some of the conditions discussed in sections a., b., and c. directly above, including fair market value requirements and restrictions that prohibit paying remuneration based on the volume or value of referrals.

12. Example of a Value-Based Arrangement Analyzed Under the Proposed Care Coordination Arrangements Safe Harbor

The following example demonstrates how parties might analyze the proposed care coordination arrangements safe harbor's various requirements with respect to the following fact pattern: To coordinate care between an acute care hospital and a SNF for mental health patients, the hospital and SNF enter into a care coordination arrangement under which the hospital engages in the value-based activity of providing a behavioral health nurse for to the SNF to follow designated inpatients with certain mental health disorders for a 1-year time period, who comprise the target patient population, following discharge from the hospital and during admission to and while receiving care at the SNF. In this example, both the hospital and the SNF stand to benefit from this arrangement because they participate in a value-based payment arrangement that offers them shared savings payments for improved quality and patient outcomes and reduced emergency room visits. The hospital and SNF are the only VBE participants in a VBE that is designed to accomplish the value-based purpose of coordinating and managing the care of patients with mental health disorders (namely, by improving the quality of care they receive during the care transition process from acute care to skilled nursing care and during their SNF stay).

This proposed arrangement would implicate the anti-kickback statute, because the hospital would be providing the SNF with remuneration (the behavioral health nurse services) and the SNF could refer Medicare, Medicaid, or other Federal health care program patients to the hospital. Safe harbor protection is afforded only to those arrangements that precisely meet all of a safe harbor's conditions. Consequently, the hospital and SNF might engage in the following analysis to determine whether their proposed arrangement satisfies the proposed care coordination arrangements safe harbor's requirements.

First, the hospital and SNF must establish specific evidence-based, valid outcome measures against which the SNF will be measured throughout the arrangement, and which the parties reasonably anticipate will advance the coordination and management of care for the target patient population.

Second, the parties must ensure that devoting one full-time nurse to oversee these patients would be commercially reasonable, considering both the arrangement itself and all value-based arrangements in the VBE.

Third, the hospital and SNF must execute a signed writing documenting the terms of the value-based arrangement prior to, or contemporaneous with, its commencement or any material changes to the arrangement. The writing must include: (i) The term of the value-based arrangement; (ii) the value-based activities to be undertaken; (iii) the target patient population; (iv) a description of the remuneration (e.g., the assignment of a full-time nurse to the SNF and the cost of the nurse's services to the offeror); (v) the offeror's cost of the remuneration; (vi) the percentage of the offeror's cost contributed by the recipient; (vii) if applicable, the frequency of the recipient's contribution payments for ongoing costs; and (viii) set forth the specific, evidence-based valid outcome measure(s) against which the SNF would be measured.

Fourth, the remuneration must: (i) Be in-kind; (ii) be used primarily to engage in one or more value-based activities that have a direct connection to the coordination and management of care for the target patient population; and (iii) not induce VBE participants to furnish medically unnecessary items or services or reduce or limit medically necessary items and services furnished to any patient. In addition, the hospital could not provide the nurse to the SNF if any part of the cost of the nurse would be funded by, or otherwise result from the contributions of, an individual or entity outside of the VBE, such as a pharmaceutical or medical device manufacturer.

Fifth, the hospital's provision of the nurse to the SNF must not take into account the volume or value of, or condition the remuneration on, referrals of patients who are not part of the target patient population and business not covered under the value-based arrangement.

Sixth, the SNF must pay for at least 15 percent of the hospital's cost of the care coordination services provided by the nurse over the arrangement's one-year term. Assuming the nurse provides periodic services throughout the year, the SNF must pay its required contribution amount at reasonable, regular intervals, such as on a monthly basis.

Seventh, the value-based arrangement must be directly connected to the coordination and management of care of the target patient population. In addition, the value-based arrangement must not place any limitation on the VBE participants' ability to make decisions in the best interest of their patients. Further, if the value-based arrangement restricts or directs referrals, the value-based arrangement may not require referrals to a particular provider, practitioner, or supplier: (i) If a patient expresses a preference for a different practitioner, provider, or supplier; (ii) if the patient's payor determines the provider, practitioner, or supplier; or (iii) such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act. For example, the hospital could not require physicians on its medical staff to refer patients in the target patient population to the SNF if a patient expresses a preference for a different facility or if the patient's payor does not cover services at the SNF.

Eighth, the arrangement must not include marketing to patients of items or services or engaging in patient recruitment activities.

Ninth, the VBE (or alternatively, the SNF or hospital acting on the VBE's behalf), or the VBE's accountable body or responsible person must monitor and assess at least annually (or once during the agreement's term if the agreement is for less than a year): (i) The coordination and management of care of the target patient population; (ii) any deficiencies in the delivery of quality care under the value-based arrangement; and (iii) progress toward achieving the evidence-based, valid outcome measure(s) in the value-based arrangement. If, through monitoring and assessment, the VBE's accountable body or responsible person determines that the value-based arrangement is: (i) Is unlikely to further the coordination and management of care for the target patient population, (ii) has resulted in material deficiencies in quality of care, or (iii) is unlikely to achieve the evidence-based, valid outcome measure(s), the parties terminate the arrangement within 60 days of such a determination.

Tenth, the hospital does not, and should not, know that the behavioral nurse's services are likely to be “diverted” by the SNF (e.g., used by the SNF to perform tasks unrelated to the care coordination and management of the target patient population) or used for an unlawful purpose (e.g., the provision of medically unnecessary services).

Finally, the VBE participants must provide documentation, such as the signed writing, to the Secretary, upon request, showing that the parties complied with the safe harbor provisions.

13. Alternative Regulatory Structure

This proposed rule provides protections for certain care coordination and value-based arrangements through a combination of proposed revisions to the personal services and management contracts safe harbor at 1001.952(d), the proposed care coordination arrangements safe harbor at 1001.952(ee), the proposed substantial downside financial risk safe harbor at 1001.952(ff), and the full downside financial risk safe harbor at 1001.952(gg). As an alternative to this suite of protections, we are considering for the final rule a different regulatory structure and approach to protect care coordination and other value-based arrangements that are not at full financial risk (as defined at proposed 1001.952(gg)) and are not part of a CMS-sponsored model (as defined at proposed 1001.952(ii)). For this alternate approach, we would rely solely on the personal services and management contracts safe harbor at paragraph 1001.952(d) as a platform to create tiered protection for value-based arrangements, each step of which would remove additional conditions of paragraph 1001.952(d) to allow greater flexibility for innovation as the arrangements become more closely aligned with value-based purposes (as defined in proposed paragraph 1001.952(ee)) and the parties take on more downside financial risk.

First, as proposed and described in our proposed modifications to the personal services and management contracts safe harbor, we would remove the requirement that aggregate compensation under service arrangements be set forth in advance, substituting a requirement that the methodology for determining the compensation be set in advance. This would offer broader protection for certain outcomes-based payment arrangements that are fair market value and do not take into account the volume or value of referrals or other business. Protected arrangements would not be required to meet the proposed definition of “value-based arrangement.”

Second, for value-based arrangements that meet applicable requirements of the VBE framework previously outlined (e.g., the parties to the arrangement are VBE participants in a VBE), we would provide additional flexibility under the personal services and management contracts safe harbor by removing the requirements that the aggregate compensation: (i) Be set in advance (but requiring that the compensation methodology be set in advance); and (ii) not be determined in a manner that takes into account the volume or value of referrals. We may also incorporate safeguards from our proposed care coordination arrangements safe harbor (e.g., the monitoring requirement). To ensure that protected arrangements meet their value-based purposes, we might incorporate additional accountability and transparency requirements, such as those proposed for new safe harbor 1001.952(ee). We envision this framework would be similar to our current proposal to add new protections for outcomes-based payments at proposed new paragraph 1001.952(d)(2).

Third, for parties that meet the requirements of the value-based framework and also assume substantial downside financial risk (as defined in proposed 1001.952(ff)), we would provide increased flexibility under the personal services and management contracts safe harbor for their arrangements by removing the requirements that the aggregate compensation: (i) Be set in advance (but requiring that the compensation methodology be set in advance); (ii) not be determined in a manner that takes into account the volume or value of any referrals; and (iii) be consistent with fair market value in arm's-length transactions. This additional flexibility would be afforded in recognition of the parties' assumption of downside financial risk.

With respect to the volume or value requirement, we are considering for the final rule several alternative ways we might remove it in the second and third steps of this approach. We might remove it entirely or remove it in part by retaining a requirement that the compensation not relate directly to the volume or value of referrals or other business generated between the parties (allowing for indirect correlations). With respect to a fair market value requirement, we might remove it entirely; remove it only for monetary remuneration or only for in-kind remuneration; or remove it where the non-fair market value arrangement primarily benefits the offeror of the remuneration, with such benefit independent of any increase in the volume or value of referrals (e.g., a hospital offering care managers to a post-acute care facility to better coordinate care and prevent avoidable readmissions for which the hospital might be penalized). We might also permit a broader set of free or below fair market value arrangements for providers coordinating care in rural or underserved areas or providers serving underserved populations.

We are cognizant that this alternative approach may present operational challenges for parties, particularly with respect to determining fair market value for value-based arrangements. Moreover, we solicit comments on this approach as a whole and, in particular, on the following: (i) How to include in any safe harbor finalized consistent with this approach protection for the exchange of information technology and infrastructure that might not be part of a personal services or management contract, with a scope of protection equivalent to the protection collectively proposed under paragraphs 1001.952(ee) and (ff); and (ii) how parties would determine that a payment for quality outcomes is consistent with fair market value. As with the second tier described above, to ensure that protected arrangements meet their value-based purposes, we might incorporate additional accountability and transparency requirements, such as those proposed for new safe harbor 1001.952(ee).

We are also interested in comments regarding any special problems a fair market value requirement would pose for providers in rural or underserved areas, providers serving underserved populations, or others. With respect to other proposed safe harbors where we have indicated that we are considering including in the final rule a restriction related to the volume or value of referrals and other business generated or a requirement for fair market value, we will consider comments to this alternative regulatory structure addressing how these criteria would operate in connection with value-based arrangements.

D. Value-Based Arrangements With Substantial Downside Financial Risk (1001.952(ff))

We are proposing a new safe harbor for certain value-based arrangements involving VBEs that assume substantial downside financial risk (as defined in the proposed regulation) from a payor. We propose to incorporate the definitions of “coordination and management of care,” “target patient population,” “value-based activity,” “value-based arrangement,” “value-based enterprise,” “value-based purpose,” and “VBE participant” found in proposed paragraph 1001.952(ee).

This safe harbor, which would protect both monetary and in-kind remuneration, would offer greater flexibility than the safe harbor for care coordination arrangements in recognition of the VBE's assumption of substantial downside financial risk. It could apply, for example, to an arrangement between an accountable care organization that is a VBE and a network provider to share savings and losses earned or owed by the accountable care organization, or between a VBE that has contracted with a payor for an episodic payment and a hospital and post-acute care provider that would be coordinating care for patients under the episodic payment. However, as proposed, this safe harbor would apply only to the exchange of remuneration between VBEs that have assumed substantial downside financial risk and VBE participants that meaningfully share in the VBE's downside financial risk (as further described below).

In other words, where a VBE participant agrees to spread the VBE's financial risk and coordinate care, additional safe harbor flexibility would be available. For the same reasons articulated in our discussion of the care coordination arrangements safe harbor, we propose that this safe harbor would not protect an ownership or investment interest in the VBE or any distributions related to an ownership or investment interest. We solicit comments on this approach and, in particular, whether this proposal presents any operational challenges with respect to the creation of a VBE as a separate legal entity. We are considering for the final rule whether this safe harbor should protect ownership or investment interests with respect to VBEs that must contract with a payor on behalf of VBE participants for purposes of value-based arrangements with substantial downside financial risk.

Additionally, for the same reasons articulated in our discussion of the care coordination arrangements safe harbor, we propose that this safe harbor would not protect any remuneration funded by, or otherwise resulting from contributions by, an individual or entity outside of the applicable VBE.

We are considering for the final rule whether, and if so, how, to extend this safe harbor to remuneration that passes from one VBE participant to another (without the risk-bearing VBE being party to the arrangement) when the VBE has assumed substantial downside financial risk from a payor. We are concerned that under many such downstream arrangements, the VBE participant receiving the remuneration may have assumed little or no financial risk and may be billing for his or her services on an FFS basis, thus retaining FFS incentives with respect to ordering or arranging for items and services for patients. We note the proposed care coordination arrangements safe harbor, with its additional safeguards, may be available for such arrangements, where they involve only in-kind remuneration, and the personal services and management safe harbor's proposed modifications for outcomes-based payments may be available for monetary remuneration.

This proposed safe harbor would protect remuneration exchanged between a VBE and a VBE participant pursuant to a value-based arrangement if several standards are met. First, the VBE must have assumed, or be contractually obligated to assume, substantial downside financial risk from a payor for providing or arranging for the provision of items and services for a target patient population. The VBE can assume this risk directly if the VBE is an entity or through a VBE participant acting as an agent of, and accountable to, the VBE. (We note, to the extent a VBE participant wholly assumes risk on behalf of the VBE, it may act in both its capacity as a VBE participant and an agent of the VBE.)

To balance the need to protect start-up arrangements while also limiting potential program integrity risks, this safe harbor would protect arrangements between the VBE and the VBE participant during the 6 months prior to the date by which the VBE must assume substantial downside financial risk (as defined below). We solicit comments on whether 6 months is a sufficient timeframe, and if not, what longer or shorter timeframe would be appropriate.

For purposes of this safe harbor, we are proposing specific methodologies that would qualify as substantial downside financial risk. Under any of our proposed methodologies, the VBE would assume risk from a payor for the provision of items and services to a target patient population for the entire term of the value-based arrangement. Our intent is for such risk to be of a degree likely to ensure that the value-based arrangements of the VBE are designed to appropriately reduce (or slow the growth of) costs, improve efficiencies, or improve health outcomes for the target patient population (and are not likely to increase over- or under-utilization or costs to payors or patients). We propose that a VBE would be at substantial downside financial risk if it is subject to risk pursuant to one of the following methods, drawn from the Department's experience: [24]

(i) Shared savings with a repayment obligation to the payor of at least 40 percent of any shared losses, where loss is determined based upon a comparison of costs to historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures;

(ii) A repayment obligation to the payor under an episodic or bundled payment arrangement of at least 20 percent of any total loss, where loss is determined based upon a comparison of costs to historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures;

(iii) A prospectively paid population-based payment for a defined subset of the total cost of care of a target patient population, where such payment is determined based upon a review of historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures; or

(iv) A partial capitated payment from the payor for a set of items and services for the target patient population where such capitated payment reflects a discount equal to at least 60 percent of the total expected FFS payments based on historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures of the VBE participants to the value-based arrangements.[25]

We are soliciting comments on this proposed definition of “substantial downside financial risk,” including whether: (i) These benchmarks should be higher or lower to ensure appropriate incentives; (ii) there are other methodologies not captured by this list that should qualify as substantial downside financial risk, such as those listed under 42 CFR 1001.952(u)(1)(i)(C); and (iii) some or all of these benchmarks should be omitted from this rule or modified to better capture true assumption of substantial downside financial risk for items and services furnished to patients. With respect to (i) through (iii), we are considering and solicit comments on whether the requirement to compare losses to, or determine payments based on, historical expenditures or evidence-based, comparable expenditures and whether additional means to establish a baseline against which to measure losses or payments is feasible for new or small VBEs or whether new or small VBEs should be allowed additional means to establish a baseline, such as allowing new or small VBEs to establish such baselines after a reasonable period of operation, such as 1 year. We also solicit comments on whether the assumption of substantial downside financial risk by the VBE as contemplated here, in combination with the safeguards proposed for this safe harbor, results in meaningful protections that will ensure that the benefits of the arrangements that would be protected by this safe harbor outweigh any risk of misuse of the safe harbor to protect fraudulent or abusive arrangements.

Lastly, we are considering for the final rule, and seek comment regarding, whether we should include advanced APMs and other payor advanced APMs, as both terms are defined at 42 CFR 414.1305, in the definition of “substantial downside financial risk.” Specifically, we seek comment on the following: (i) If advanced APM participants would likely rely on this safe harbor versus the CMS-sponsored model arrangements safe harbor; and if so, what barriers, if any, our proposed definition of “substantial financial risk” and “meaningfully share” (as outlined in further detail below) may pose; and (ii) whether our current definition of “substantial financial risk” is too narrow, such that we have excluded advanced APMs or other payor advanced APMs that encourage participants to meaningfully assume downside financial risk.

This safe harbor proposes to protect remuneration from a VBE to a VBE participant pursuant to a value-based arrangement. As a condition of this safe harbor, the terms of the value-based arrangement require the VBE participant to meaningfully share in the VBE's substantial downside financial risk for providing or arranging for items and services for the target patient population. This condition is intended to ensure that VBE participants ordering or arranging for items and services for patients (in other words, those making care decisions) closely share the VBE's goals and share in accountability if those goals are not achieved.

For purposes of this condition, we propose that a VBE participant “meaningfully shares” in the VBE's substantial downside financial risk if the value-based arrangement contains one of the following: (i) A risk-sharing payment pursuant to which the VBE participant is at risk for 8 percent of the amount for which the VBE is at risk under its agreement with the applicable payor (e.g., an 8-percent withhold, recoupment payment, or shared losses payment); (ii) a partial or full capitated payment or similar payment methodology (excluding the prospective payment systems for acute inpatient hospitals, home health agencies, hospice, outpatient hospitals, inpatient psychiatric facilities, inpatient rehabilitation facilities, long-term care hospitals, and SNFs or other like payment methodologies); or (iii) in the case of a VBE participant that is a physician, a payment that meets the requirements of the physician self-referral law's regulatory exception for value-based arrangements with meaningful downside financial risk at section 411.357(aa)(2).

Under (i), the proposed percentage of the VBE's substantial downside financial risk in which the VBE participant must share is based on the 8-percent nominal risk standard under the CMS regulation governing advanced APM and other payor advanced APM criteria at 42 CFR 414.1415 and 414.1420, respectively. We solicit comments on additional or alternative, specific thresholds we could include in the final rule to help ensure that the VBE participant is meaningfully engaged with the VBE in delivering value through its ordering and referring decisions, as well as data to support suggestions.

To protect against risks of stinting on care, we further propose that the remuneration must not induce limitations on, or reductions of, medically necessary items or services furnished to any patient. We are considering for the final rule additional conditions to safeguard against risks of cherry picking or lemon dropping of patients, which could affect the quality of care patients receive. In addition, we are considering and solicit comments on whether to include a length-of-time requirement (e.g., 1 year) for the VBE to be at substantial downside financial risk to avoid gaming (as highlighted in our subsequent discussion of this issue in the full financial risk safe harbor).

We are proposing to include the following conditions similar to certain conditions we are proposing for the care coordination arrangements safe harbor and would interpret these conditions, where applicable, as described previously in the discussion of the care coordination arrangements safe harbor:

(i) The value-based arrangement must be set forth in a writing that contains, among other information, a description of the nature and extent of the VBE's substantial downside financial risk for the target patient population and a description of the manner in which the recipient meaningfully shares in the VBE's substantial downside financial risk;

(ii) the VBE or VBE participant offering the remuneration does not take into account the volume or value of, or condition the remuneration on, referrals of patients outside of the target patient population or business not covered under the value-based arrangement;

(iii) the value-based arrangement does not: (1) Place any limitation on VBE participants' ability to make decisions in the best interest of their patients, or (2) direct or restrict referrals to a particular provider, practitioner, or supplier if:

(A) A patient expresses a preference for a different practitioner, provider, or supplier;

(B) the patient's payor determines the provider, practitioner, or supplier; or

(C) such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act;

(iv) the value-based arrangement does not include marketing to patients of items or services or engaging in patient recruitment activities; and

(v) the VBE or its VBE participants maintain documentation sufficient to demonstrate compliance with the safe harbor's conditions and make such records available to the Secretary upon request.

Note that we are considering, and seek comment regarding whether we should include in the final rule, a condition regarding the maintenance of materials and records sufficient to establish compliance with the conditions of this safe harbor for a set period of time (e.g., at least 6 years or 10 years).

In addition to the foregoing standard, under this proposed safe harbor, the remuneration must be used primarily to engage in value-based activities that are directly connected to the items and services for which the VBE is at substantial downside financial risk. For example, a VBE is at substantial downside financial risk through an agreement with a payor to assume a percentage of shared losses for items and services provided in connection with hip replacements to the target patient population. Remuneration provided by the VBE to a VBE participant would be protected under this proposed safe harbor only if the VBE participant primarily uses the remuneration to engage in value-based activities that have a direct connection to the items and services provided to patients in the target patient population undergoing hip replacement surgery (i.e., the items and services for which the VBE is at substantial downside financial risk). Thus, while the VBE could give the VBE participant money that it uses to hire a staff member who primarily coordinates patients' transitions between care settings after undergoing hip replacement surgery, the VBE could not give the VBE participant money that it uses to hire a staff member who coordinates transitions between care settings for patient undergoing an array of surgical procedures. In addition, we propose that the remuneration exchanged must be directly connected to one or more of the VBE's value-based purposes, at least one of which must be the coordination and management of care for the target patient population.

We believe these safeguards are necessary to ensure transparency and accountability, as well as to reduce the potential for protected arrangements to be used to pay for referrals unrelated to coordinating care and improving health outcomes and value for programs and patients. For example, as with other safe harbors proposed in this rulemaking, we do not intend to protect arrangements nominally characterized as a care coordination or value-based arrangement but that in reality are schemes intended merely to buy or sell referrals. To further protect against such arrangements, we are considering including in the final rule a commercial reasonableness requirement and a monitoring standard, each of which would be similar to those included in our proposed care coordination arrangements safe harbor at 1001.952(ee). In addition, to heighten transparency of any value-based arrangements and to ensure that the value-based arrangement is known by and closely related to the VBE itself, we are considering for the final rule whether to require that, in advance of, or contemporaneous with, the commencement of the applicable value-based arrangement, the VBE's accountable body or responsible person make a bona fide determination that the value-based arrangement is directly connected to a value-based purpose, at least one of which must be the coordination and management of care for the target patient population.

As discussed previously, we remain aware that the arrangements protected by the proposed substantial downside financial risk safe harbor would not be subject to programmatic requirements, oversight, or monitoring comparable to CMS-sponsored models. Accordingly, we are considering for the final rule including a requirement to submit information to the Department about the VBE, VBE participants, and the value-based arrangement similar to the requirement we are considering for the care coordination safe harbor at 1001.952(ee). As discussed in the care coordination arrangements safe harbor section, we also are considering for the final rule a condition prohibiting VBEs or VBE participants from billing Federal health care programs, other payors, or individuals for remuneration exchanged pursuant to the safe harbor; claiming the value of the remuneration as a bad debt for payment purposes under a Federal health care program; or otherwise shifting costs to a Federal health care program, other payors, or individuals.

Through the substantial downside financial risk safe harbor, we seek to provide more flexibility for entities that assume a substantial amount of financial risk such that the risk incentivizes a shift from volume-based decision making to value-based decision making. By allowing parties this enhanced flexibility in exchange for assuming risk with respect to only a subset of items and services furnished to a target patient population, we are mindful of the potential for parties to assume financial risk for such a narrow subset of items and services that the offeror's risk does not equate to substantial downside financial risk. We solicit comments on safeguards against this risk and the overall approach we have taken with respect to the substantial downside financial risk safe harbor.

E. Value-Based Arrangements With Full Financial Risk (1001.952(gg))

We propose to protect certain arrangements (including in-kind and monetary remuneration) involving VBEs that have assumed “full financial risk,” as that term is defined in the proposed regulation, for a target patient population. Because we recognize that VBEs that have assumed full financial risk present fewer traditional FFS fraud and abuse risks, this proposed safe harbor would include more flexible conditions than the proposed care coordination arrangements and substantial downside financial risk safe harbors, which we believe would reduce burden for the VBE and its VBE participants. We intend for the safe harbor to offer this category of VBEs the greatest ability to innovate with respect to coordinated care arrangements in light of their assumption of the highest level of risk contemplated in this proposed rulemaking. We propose to incorporate the definitions of “coordination and management of care,” “target patient population,” “value-based activity,” “value-based arrangement,” “value-based enterprise,” “value-based purpose,” and “VBE participant” found in proposed paragraph 1001.952(ee). For the same reasons discussed previously with respect to the care coordination arrangements safe harbor, we propose that this safe harbor would not protect an ownership or investment interest in the VBE or any distributions related to an ownership or investment interest. We solicit comments on this approach and, in particular, whether this proposal presents any operational challenges with respect to the creation of a VBE as a separate legal entity. We are considering for the final rule whether we should protect ownership or investment interests with respect to VBEs that must contract with a payor on behalf of VBE participants for purposes of value-based arrangements with full financial risk.

We also propose, for the same reasons discussed previously with respect to the care coordination arrangements safe harbor, that this safe harbor would not protect any remuneration funded by, or otherwise resulting from contributions by, an individual or entity outside of the applicable VBE.

We propose that a VBE would be at “full financial risk” for the cost of care of a target patient population if the VBE is financially responsible for the cost of all items and services covered by the applicable payor for each patient in the target patient population and is prospectively paid by the applicable payor. By “prospective,” we mean the anticipated cost of all items and services covered by the applicable payor for the target patient population, has been determined and paid in advance (as opposed to billing under the otherwise applicable payment systems and undergoing a retrospective reconciliation after items and services have been furnished).

By way of example, a VBE would be at “full financial risk” if it received a prospective, capitated payment for all items and services covered by Medicare Parts A and B for a target patient population. Similarly, we would consider a VBE that contracts with a Medicaid managed care organization and receives a fixed per-patient per-month amount to be at full financial risk if the fixed amount covered the cost of all Medicaid-covered items and services furnished to the target patient population.

In contrast, our proposal would not protect an entity that receives a partial capitated payment, be it either: (i) A capitated payment that covers a limited set of items or services or (ii) a payment arrangement where an entity receives a combination of reduced FFS and capitation payments for a defined set of items or services. For example, a hospital that participates in a bundled payment program for patients who receive knee replacements, and that receives an episodic payment to cover all costs associated with the knee replacement surgeries and follow-up care for 90 days, would not be eligible for protection under this safe harbor. The hospital is at full financial risk for the knee surgeries and related services but not for the patients' total cost of care. We note that other proposals in this rulemaking may be available for such arrangements.

We note that our proposed definition of “full financial risk” would not prohibit a VBE from entering into arrangements—like global risk adjustments, risk corridors, reinsurance, or stop loss agreements—to protect against catastrophic losses. We emphasize that it is our intent for such arrangements to be limited to catastrophic losses; a VBE may not use risk corridors or other like arrangements as a mechanism to shift an amount of financial risk that does not meet the spirit of this safe harbor. Similarly, we note that our proposed definition of “full financial risk” would not prohibit a VBE from conducting a “back-end” reconciliation, with resulting payment adjustments due to quality or financial performance metrics, provided again, that the reconciliation is not used as a mechanism to shift material financial risk back to the contracting payor.

We also are considering other ways to define “full financial risk” in the final rule. For example, we are considering for purposes of the final rule including an actuarial equivalence standard similar to that used in the Medicare Part D context, and we request comments on the use of this potential standard. In addition, we seek comments about other situations that stakeholders believe should qualify as a VBE assuming “full financial risk.” We request that commenters provide specific examples of arrangements that they believe constitute “full financial risk” but that would not be covered by the definition proposed above.

We propose to require that the VBE assume full financial risk either directly, or through a VBE participant with the legal authority to obligate the VBE. We note, to the extent a VBE participant wholly assumes risk on behalf of the VBE, it may act in both its capacity as a VBE participant and an agent of the VBE.

In addition, we propose that this safe harbor would cover both value-based arrangements between a VBE and a VBE participant where the VBE has assumed full financial risk as of the date the VBE and VBE participant enter into the value-based arrangement, as well as value-based arrangements between a VBE and a VBE participant where the VBE is contractually obligated to assume such risk but has not yet done so. We are mindful that a VBE that is contractually obligated to take on full financial risk may need lead time to develop and implement arrangements in anticipation of taking on full financial risk. However, we also are concerned about providing safe harbor protection for arrangements involving parties that have not yet assumed the risk that operates as a prerequisite and key safeguard for this safe harbor. To balance the need to protect start-up arrangements with our program integrity concerns, the safe harbor would protect arrangements between the VBE and the VBE participant only during the 6 months prior to the date by which the VBE must assume full financial risk. We solicit comments on whether 6 months is a sufficient timeframe, and if not, what an appropriate timeframe might be. We could include a longer or shorter timeframe in the final rule.

We propose writing requirements in this safe harbor that are designed to promote transparency and accountability. First, we propose that the VBE have a signed writing with a payor that specifies the target patient population and contains terms sufficient to demonstrate that the VBE is at full financial risk for the target patient population for at least 1 year. Our intent in proposing a length-of-time requirement is to minimize gaming opportunities that could arise if the VBE assumes full financial risk for a short time period in order to take advantage of the proposed safe harbor's flexibility but without meaningfully committing to the transition to full financial risk. Second, we propose that the parties set forth the material terms of the value-based arrangement in a signed writing, including the value-based activities to be undertaken by the parties, and that the arrangement must be for a period of at least 1 year.

We propose that the term of the value-based arrangement must be for a period of at least 1 year to ensure that the VBE participant is committed to coordinating care for the target patient population of the VBE that has taken on full financial risk.

We propose that the VBE participant cannot claim additional or separate payment in any form directly or indirectly from a payor for items or services covered under the value-based arrangement. For purposes of this safe harbor, we propose that the phrase “items or services” would have the meaning set forth in paragraph 1001.952(t)(2)(iv), which defines “items and services” as: “Health care items, devices, supplies or services or those services reasonably related to the provision of health care items, devices, supplies or services including, but not limited to, non-emergency transportation, patient education, attendant services, social services (e.g., case management), utilization review and quality assurance. Marketing and other pre-enrollment activities are not `items or services' for purposes of this section.”

If the VBE participant is permitted to seek additional payment for items or services furnished to the target patient population from a payor, the safe harbor would not protect the value-based arrangement. For example, protection under the safe harbor would not extend to payment made by a VBE to a VBE participant for telehealth services furnished to the target patient population if the VBE participant could also claim separate payment for such services from a payor. Value-based arrangements that permit VBE participants to claim separate payment from a payor are not “full risk.” Such arrangements potentially involve mixed financial incentives for providers, and parties would need to seek protection for such arrangements under one of the other proposed safe harbors. This requirement would permit VBE participants to bill a payor but not claim payment (e.g., through a “no-pay claim”) if required by a payor, including Medicare.

We also propose requirements related to the remuneration. First, we propose that remuneration exchanged must: (i) Be used primarily to engage in the value-based activities set forth in the parties' signed writing; (ii) is directly connected to one or more of the VBE's value-based purpose(s), at least one of which must be the coordination and management of care for the target patient population; and (iii) not induce the VBE or VBE participants to reduce or limit medically necessary items or services furnished to any patient. We propose to interpret these conditions consistent with the similar conditions in the proposed care coordination arrangements safe harbor at 1001.952(ee).

Second, we propose to require that the VBE and VBE participant must not take into account the volume or value of, or condition the remuneration exchanged on: (i) Referrals of patients who are not part of the target patient population or (ii) business not covered under the value-based arrangement. This requirement would preclude protection under the safe harbor for remuneration that is part of a broader “swapping” arrangement to steer patients outside of the target patient population to the party offering the remuneration. We solicit comments on this condition and any additional safeguards that we should include in this safe harbor to mitigate the risk of problematic swapping arrangements in order to prevent the safe harbor from being used to protect payments for referrals that are not part of the value-based arrangement. We would have significant concerns with a VBE participant entering into a purported value-based arrangement in which it offers the VBE a reduced rate for patients in the target patient population in exchange for gaining access to that VBE's other patients.

We propose to require that the VBE provide or arrange for: (i) An operational utilization review program and (ii) a quality assurance program that protect against underutilization and specify patient goals, including measurable outcomes, where appropriate. These conditions mirror those found in the existing safe harbor at paragraph 1001.952(u), which were derived from the then-current regulatory requirements for plans operating under section 1876 of the Act. We are considering for the final rule whether there may be other ways to frame this requirement that meet the spirit of the conditions in paragraph 1001.952(u) but are updated to reflect the utilization review and quality assurance mechanisms in place today.

Like the proposed care coordination arrangements and substantial downside financial risk safe harbors and for the reasons explained in connection with those proposals, we are considering for the final rule requiring the submission to the Department of information about VBEs, VBE participants, and value-based arrangements for safe harbor protection. We welcome comments on this. As discussed in the care coordination arrangements safe harbor section, we also are considering for the final rule a condition prohibiting VBEs or VBE participants from billing Federal health care programs, other payors, or individuals for remuneration exchanged pursuant to the safe harbor; claiming the value of the remuneration as a bad debt for payment purposes under a Federal health care program; or otherwise shifting costs to a Federal health care program, other payors, or individuals.

We also propose requirements that (i) the value-based arrangement does not include marketing to patients of items or services or engaging in patient recruitment activities; and (ii) the VBE or its VBE participants maintain documentation sufficient to demonstrate compliance with the safe harbor's conditions and make such records available to the Secretary upon request. We are considering for the final rule and seek comment regarding whether we should include, in the final rule, a condition regarding the maintenance of materials and records sufficient to establish compliance with the conditions of this safe harbor for a set period of time (e.g., at least 6 years or 10 years). We would interpret these requirements as described with respect to the care coordination arrangements safe harbor and would include them in this safe harbor for the reasons articulated there.

In addition, we note that, as proposed, this safe harbor would apply only to remuneration exchanged between a VBE and a VBE participant pursuant to a value-based arrangement. The proposed full financial risk safe harbor would not protect remuneration exchanged between or among VBE participants that are part of the same VBE, remuneration exchanged between a VBE participant and a downstream contractor, or remuneration between two downstream contractors. However, nothing prevents these parties from turning to other available safe harbors for protection.

We are considering for the final rule and solicit comments on whether to extend this safe harbor to remuneration that passes from a VBE participant to a downstream contractor (which also could be, but may not be required to be, a VBE participant). While we recognize that increased flexibility at the VBE participant level may foster innovation, we are concerned that these downstream arrangements present higher risks of fraud and abuse because the VBE participants and downstream contractors exchanging the remuneration may have assumed little or no financial risk. As such, they may continue to be subject to the potential risks inherent in any FFS financial arrangements, namely, incentives to order medically unnecessary or overly costly items and services. For these reasons, we are considering for the final rule, and solicit comments on, the following:

  • In addition to the safeguards proposed in paragraph 1001.952(gg), whether additional safeguards could be implemented under the full financial risk safe harbor (or a different proposed safe harbor) to ensure that legitimate arrangements between VBE participants and downstream contractors that advance the value-based purpose(s) of the VBE are protected.
  • For purposes of protecting downstream arrangements, whether we should incorporate some of the safeguards proposed in the safe harbor for care coordination arrangements or the safe harbor for parties at substantial downside financial risk. If so, whether certain safeguards would best capture our need to protect against fraud and abuse risks with the recognition that we do not want to impose undue burden on parties to these arrangements.
  • If we were to protect certain downstream arrangements, whether we should limit protection to arrangements between VBE participants that are part of the same VBE, or we should extend protection to arrangements between: (i) A VBE participant and a downstream contractor, (ii) arrangements between two downstream contractors, or (iii) both. We request that any comments include specific examples of downstream arrangements that may not be protected under existing safe harbors or any of the safe harbors proposed under this rulemaking but warrant protection under this proposed safe harbor because of the level of risk assumed by the VBE.

F. Arrangements for Patient Engagement and Support To Improve Quality, Health Outcomes, and Efficiency (1001.952(hh))

We propose to establish a new safe harbor at proposed paragraph 1001.952(hh) to protect certain arrangements for patient engagement tools and supports to improve quality, health outcomes, and efficiency furnished by VBE participants, as defined in proposed paragraph 1001.952(ee), to specified patients. This safe harbor, hereinafter the “patient engagement and support safe harbor,” is intended to remove barriers presented by the anti-kickback statute and the beneficiary inducements CMP [26] to providers offering patients beneficial tools and supports to improve quality, health outcomes, and efficiency, by promoting patient engagement with their care and adherence to care protocols. Commenters to the OIG RFI overwhelmingly supported such a safe harbor, with appropriate safeguards.

Achieving well-coordinated care and improving value require patients to actively participate and engage in their preventive care, treatment, and general health. To prevent illness or disease or to manage a disease or condition effectively, patients must be involved in their healthcare and be empowered to make informed healthcare-related decisions. Appropriate patient engagement tools and supports can foster successful behavior modifications that improve health, ensure that patients receive the medically necessary care and other nonclinical, but health-related, items and services they need, and improve adherence to an appropriate treatment regimen.

In some cases, improved care coordination may be facilitated through various supports, including, for example, providing supports that aim to improve patients' safety at home or during care transitions (including discharge from facility care to the community) or that allow providers to communicate more efficiently and effectively with patients and their families and to monitor their patients' care. However, we also are cognizant of the potential for improper patient engagement tools and supports to result in inappropriate utilization, the steering of patients to particular providers, suppliers, or products that might not be in their best interests, increased costs to payors and patients, and anti-competitive effects.

Depending on the facts and circumstances, providing patient engagement tools and supports may implicate the Federal anti-kickback statute and the beneficiary inducements CMP. Some tools and supports may be protected under existing safe harbors or exceptions to the definition of “remuneration” under the beneficiary inducements CMP (e.g., the local transportation safe harbor, 42 CFR 1001.952(bb); the exception for remuneration that promotes access to care and poses a low risk of harm to patients and Federal health care programs, 42 CFR 1003.110; and the exception for incentives given to individuals to promote the delivery of preventive care, 42 CFR 1003.110). In addition, for CMS-sponsored models, some patient engagement tools and supports may qualify for protection under the Medicare Shared Savings Program's waiver for patient incentives [27] or a waiver available for beneficiary incentives offered under an applicable Innovation Center model.[28] However, under certain facts and circumstances, no safe harbor, exception, or waiver may be available to protect beneficial patient engagement tools and supports that implicate the anti-kickback statute, beneficiary inducements CMP, or both. These arrangements must be evaluated on a case-by-case basis for compliance with the statutes.

Under the proposed patient engagement and support safe harbor at paragraph 1001.952(hh), “remuneration” under the Federal anti-kickback statute would not include in-kind patient engagement tools or supports (as specified in proposed paragraph 1001.952(hh)) furnished directly by a VBE participant (as defined in proposed paragraph 1001.952(ee)) to a patient in a target patient population (as defined in proposed paragraph 1001.952(ee)), that are directly connected to the coordination and management of care (as defined in proposed paragraph 1001.952(ee)), provided that all of the conditions of proposed paragraph 1001.952(hh) are satisfied.

1. Limitations on Offerors

Under this proposal, only patient engagement tools and supports furnished by a VBE participant, as defined in proposed paragraph 1001.952(ee), would receive protection. Our intent in proposing to limit safe harbor protection to VBE participants is to align the safe harbor with the value-based framework set forth in this proposed rulemaking. We are mindful that this approach would require the offeror of the remuneration to be part of a VBE (of any size) as defined at proposed paragraph 1001.952(ee). We are soliciting comments, including illustrative fact patterns, about potential patient engagement tools and supports that would improve care coordination and health outcomes where the offeror does not meet the proposed definition of a VBE participant because the offeror is not part of a VBE.

For example, we are considering for the final rule safe harbor protection for, and seek comments regarding, a hospital's or physician group practice's provision of patient engagement tools and supports that would advance coordination and management of care for a patient and otherwise satisfy conditions similar to those set forth in the proposed safe harbor, but where such hospital or physician group practice is not part of a VBE. We seek comments on the fraud and abuse risks associated with removing the requirement that the offeror is a VBE participant and what additional safeguards would be appropriate to offset those risks.

Pharmaceutical manufacturers, distributors, and suppliers of DMEPOS, and laboratories are not included in the proposed definition of “VBE participant” in paragraph 1001.952(ee) for the reasons described earlier in this preamble. In addition to the reasons for exclusion of pharmaceutical manufacturers in the definition of “VBE participant” previously articulated, we believe that offers of remuneration by such manufacturers to patients could improperly influence the patient, as well the patient's clinician's decision to prescribe one drug over another. Such remuneration could influence a patient to request a particular drug that is more expensive or less clinically efficacious than other clinically equivalent drugs. This could both improperly influence patient choice and increase costs to Federal health care programs—two factors cited by Congress to consider when developing safe harbors—without necessarily increasing quality.

As noted above, we also are excluding manufacturers, distributors, and suppliers of DMEPOS and laboratories from the definition of a VBE participant. Based on long-standing enforcement and oversight experience, we are concerned that manufacturers, distributors, and suppliers of DMEPOS and laboratories may inappropriately use patient engagement tools and supports to market their products or divert patients from a more clinically appropriate item or service, provider, or supplier without regard to the best interests of the patient or to induce medically unnecessary demand for items and services.

We are interested in comments on the impact of any such exclusions, if included in the final rule, for the patient engagement and support safe harbor in particular and any negative impact on the provision of potentially beneficial tools and supports. We seek comments regarding whether the proposed exclusion of these entities from the definition of “VBE participant,” and the proposed condition at (hh)(2), limiting funding by and other contributions from non-VBE participants, might negatively impact patients' ability to receive beneficial items and services, including new technologies that may foster better access to care and improve health outcomes.

As noted above, we also are considering whether to exclude other categories of suppliers and other entities, including pharmacies, PBMs, wholesalers, and distributors from the definition of “VBE participant.” [29] We solicit comments on the potential impact of our considered exclusion of pharmacies, PBMs, wholesalers, and distributors, if included in the final rule, for the patient engagement and support safe harbor in particular.

We also are considering, and seek comment on, whether this proposed safe harbor should protect only in-kind tools and supports furnished by VBE participants that assume at least some financial risk, so as to better align protected remuneration with value-based purposes. In particular, if we were to limit safe harbor protection to only VBE participants that assume financial risk, we are considering, and seek comments regarding, the appropriate level of financial risk to require of such VBE participants (e.g., VBE participants that assume at least some downside financial risk or VBE participants that assume substantial downside financial risk).

2. Limitations on Recipients

This proposed safe harbor would protect patient engagement tools and supports furnished to patients in a target patient population (as defined in proposed paragraph 1001.952(ee)). We note that the scope of this proposed safe harbor would not be limited to Federal health care program beneficiaries in recognition that the VBE or VBE participants may define the target patient population without regard to payor type. We solicit comments on whether we should instead provide safe harbor protection for tools and supports VBE participants furnish to a broader universe of patients by, for example, protecting patient engagement tools and supports furnished by VBE participants to any patient, so long as the tools and supports predominantly address needs of the target patient population and the tools and supports have a direct connection to the coordination and management of care for the patient.

We recognize that some VBEs may not be able to prospectively identify the individual patients in the target patient population. For example, in some accountable care organization (ACO) arrangements under CMS-sponsored models, beneficiaries are assigned to the ACO, which could be a VBE, retrospectively or on a preliminary prospective basis (e.g., for agreement periods beginning on July 1, 2019, ACOs participating in the Medicare Shared Savings Program may select preliminary prospective assignment with retrospective reconciliation).[30] We are interested in stakeholder comments on the challenges, if any, presented by the safe harbor's protection of only patient engagement tools and supports furnished to patients in the target patient population when the VBE's assigned beneficiaries are identified retrospectively or on a preliminary prospective basis.

3. Limitations on Type of Remuneration

The proposed safe harbor would protect only tools or supports, as specified in proposed 1001.952(hh), furnished by a VBE participant to a patient in the target patient population. As proposed in 1001.952(hh)(3)(i), (ii) and (iii), we would limit a patient engagement “tool or support” to in-kind, preventive items, goods, or services, or items, goods, or services such as health-related technology, patient health-related monitoring tools and services, or supports and services designed to identify and address a patient's social determinants of health, that have a direct connection to the coordination and management of care of the target patient population. This limitation on tools or supports would exclude gift cards, cash, and any cash equivalent (e.g., a check or pre-paid debit card).

We do not propose a specific definition of “preventive care item or service” to provide flexibility for VBE participants that seek to furnish preventive care items and services as a means to improve patient outcomes and better overall patient health.[31] OIG is mindful of the evolving nature of clinical practice guidelines and recommendations for practices that are categorized as “preventive care,” and we intend to allow this proposed safe harbor to protect the provision of tools and supports that a VBE participant reasonably determines, within the medical judgment of the applicable practitioner treating the patient, to be preventive care. VBE participants would need to exercise caution in ensuring that tools and supports for which they desire safe harbor protection are reasonably considered preventive care.

We solicit comments on whether the categories of patient engagement tools and supports listed above that would receive protection (i.e., health-related technology, patient health-related monitoring tools and services, or supports and services designed to identify and address a patient's social determinants of health) are sufficiently flexible but also sufficiently targeted to protect against the risks of fraud and abuse associated with providing inappropriate remuneration to patients. For instance, we believe “health-related technology” and “patient health-related monitoring tools and services” might include wearable monitoring devices, such as a smart watch or tracker designed to collect information and transmit data to a patient's physician for treatment or disease monitoring. We are considering for purposes of the final rule requiring that the VBE participant confirm that the tools and services provided to a patient are not duplicative of, or substantially the same as, tools and services the patient already has. For example, we are considering whether the safe harbor should protect the provision of a new cell phone or wireless service to a patient who needs an application for remote patient monitoring if the patient already has these products and only needs the application.

With respect to the provision of supports and services designed to identify and address social determinants of health, many commenters to the OIG RFI urged us to consider “social determinants of health,” also described as “health-related nonmedical” items, goods, and services, that address basic needs essential to patients' health, such as food, shelter, safety, clothing, income, and transportation, in designing any proposed safe harbors. There is substantial evidence that unmet social needs related to these determinants of health, such as transportation, nutrition, and safe housing, play a critical role in health outcomes and expenditures.[32] These needs must be considered when thinking about maximizing health outcomes and lowering healthcare costs.

Evidence indicates that efforts that target home and neighborhood-level factors, such as healthcare accessibility for low-income individuals, physical and environmental obstructions to healthy living, and housing and case management, can lead to improved health outcomes for people of all ages.[33] These improved health outcomes include decreased mortality, delay or prevention of preventable and chronic diseases, and lowered healthcare utilization, indicating a higher quality of life.[34]

By addressing health disparities that emerge from the social determinants of health, some research suggests that the United States could save over $230 billion in medical care costs.[35] Moreover, there is research suggesting that policy interventions that focus on the social determinants of health can produce an estimated economic return of $1.02 trillion.[36]

Based on the connection of social determinants to healthcare outcomes and costs, we are considering for purposes of the final rule whether explicitly to include protection for tools and supports that address some social determinants of health that meet all other safe harbor conditions. While all social determinants have the potential to improve health outcomes, some social determinants may be more specifically aligned with preventive care and the coordination and management of care for patients (e.g., transportation to medical appointments, nutrition to address clinical conditions, safe housing for patients discharged to their homes) than others (e.g., a more general need for income through employment). We seek public input on which social determinants are most crucial to improving care coordination and transitioning to value-based care and payment, with respect both to needed arrangements between providers or others in a position to generate Federal health care program referrals between them, and needed arrangements between beneficiaries and providers or others in a position to influence the selection of providers, practitioners, and suppliers.

We are considering, and solicit comments on, how the final safe harbor should make distinctions among the categories of social determinants, such as protecting some types of tools and supports but not others. We are considering for the final rule whether we should specify specific tools and supports that would be permissible, including whether to base such a list on the types of tools and supports described in CMS guidance for the Medicare and Medicaid programs. We are interested in illustrative examples and data supporting commenters' views on this topic, including data supporting (or not supporting) the efficacy from a quality, effectiveness, and cost perspective of particular types of tools and supports related to addressing social determinants of health. Regardless, whether a particular tool or support would, in fact, be protected under the safe harbor when offered by a VBE participant to a patient in a target patient population would depend on the facts and circumstances and whether all safe harbor conditions were satisfied.

We solicit comments on whether, instead of using the proposed categories, the final rule should list specific tools and supports that could be protected under the safe harbor. We are interested in feedback on which tools and supports should be listed and how the rule could account for emerging tools and supports that improve patient engagement, care coordination, and health outcomes.

We do not intend for tools and supports protected by this proposed safe harbor, which includes only in-kind items, goods, and services, to be limited to items or services covered by a Federal health care program (as the term of art, “items or services,” when used in the context of the Medicare program, could suggest).[37] In general, the provision of covered items and services to patients does not require safe harbor protection provided that all normal billing rules are followed. That said, the proposed description of a permissible tool or support would include federally reimbursable items and services, and provided that the other requirements of the safe harbor are satisfied, the provision of federally reimbursable items and services could receive safe harbor protection.

We seek comment on potential fraud and abuse risks presented by including items and services that could be reimbursable by a Federal health care program as permitted tools or supports. We are aware of, and deeply concerned about, fraud schemes that involve the provision of items and services, including prescription opioids or other drugs, that are not needed by patients or that are harmful to them. We do not propose to protect such arrangements in this rulemaking, and such arrangements would not be protected in any final rule. Further, as OIG has previously stated, we are concerned that the provision of potentially reimbursable items and services, for free, could result in steering or unfair competition or could create a seeding arrangement, where, for example, a physician could be influenced to prescribe an item or service, which may be free at some point, but would be covered by a third-party payor (including Federal health care programs) in the future.[38] Because of the risks presented by allowing safe harbor protection for the provision of potentially reimbursable items and services, including inappropriate seeding arrangements or the provision of medically unnecessary or harmful items or services, we are considering, and seek comment on, excluding in the final rule federally reimbursable items and services as a protected tool or support. As discussed further below, the proposed patient engagement and support safe harbor would not protect cost-sharing waivers, and thus would not protect billing a Federal program while waiving the beneficiary's share of payment.

The in-kind requirement means that the patient must receive the actual tool or support and not funds to purchase the tool or support. For example, patients may not be given cash reimbursements for items or goods they purchase directly. While cash reimbursements for tools and supports would not satisfy the in-kind requirement, we would consider a voucher for a particular tool or support (e.g., a meal voucher or a voucher for a taxi) to satisfy the in-kind requirement.

a. Cash and Cash Equivalent Incentives

A number of commenters responding to the OIG RFI urged OIG to protect the distribution of cash incentives to patients as a reward for engaging in certain healthcare-related activities. For example, providers responding to the OIG RFI stated that they would like protection to provide cash rewards to patients both for attending appointments (e.g., $10 for patients who attend an initial primary care visit) and for engaging in activities designed to promote the adoption and maintenance of healthy behaviors (e.g., a $25 check offered to patients who complete milestones in a behavioral modification program related to substance use disorders). Commenters cited a number of studies in support of this recommendation.[39]

Commenters to the OIG RFI noted that incentives and supports in the form of cash could help improve patients' adherence to treatment plans, encourage participation in medically necessary care, and motivate patients to lead healthier lifestyles. In addition, commenters to the OIG RFI posited, and some research suggests, that patients prefer cash to in-kind items, goods, or services and that cash may be more effective at maintaining patient engagement and encouraging and reinforcing positive behavioral change. We also have observed congressional interest in allowing providers to offer beneficiaries cash through, by way of example, the recent enactment of the ACO Beneficiary Incentive Program, section 1899(m) of the Act. However, OIG historically has had significant concerns with allowing providers to offer cash or cash equivalents to patients, and our oversight and enforcement experience suggests that cash incentives can: (i) Result in medical identity theft and misuse of patients' Medicare numbers, (ii) lead to inappropriate utilization (in the form of medically unnecessary items and services), and (iii) cause improper steering (including patients selecting a provider because the provider offers the most valuable incentives and not because of the quality of care the provider furnishes).

Notwithstanding, we are considering for the final rule, and seek comment on, whether to protect patient incentives and supports in the form of cash and cash equivalents in certain circumstances.[40] If we do so, we might set a monetary limit on the aggregate amount of remuneration provided annually (such as up to $75 per year, or higher or lower amounts) [41] or include other safeguards to prevent the misuse of cash incentives to steer patients to items or services to influence them to allow others to use their personal information to order unnecessary or inappropriate items and services. Further, we likely would limit the use of cash remuneration to reward patients for attending medically necessary primary care or other clinically prescribed treatment visits, or for successful participation in a clinically appropriate behavioral modification or substance use disorder treatment program. If we were to adopt this approach, we would consider requiring offerors to have an evidence-based reason for using cash to influence patients' adherence to a treatment regimen or clinical program. (This might be the case, depending on the evidence, with respect to a substance use disorder treatment or smoking cessation program.) We solicit comment on potential criteria a party may apply to ensure that the arrangement is evidence-based, such as ensuring the arrangement is supported by the Joint Commission, the Agency for Healthcare Research and Quality, or other independent organization that develops national quality standards or quality measures.

b. Waiver or Reduction of Cost-Sharing Obligations

A number of the comments we received in response to the OIG RFI advocated broad protection from potential anti-kickback statute and beneficiary inducements CMP liability for routinely waived or reduced cost-sharing obligations. As an initial matter, we note that the requirement for cost-sharing in Medicare and Medicaid is a programmatic matter; cost-sharing is required pursuant to statute and regulations set forth by CMS and State Medicaid programs. We do not believe safe harbors to the anti-kickback statute are the right tool to obviate these programmatic requirements. Our concerns regarding routine waivers of cost-sharing amounts are longstanding; [42] such routine waivers may constitute prohibited remuneration to induce referrals. Therefore, as proposed, the patient engagement and support safe harbor would not protect the routine waiver or reduction of cost-sharing obligations (including coupons leading to such waivers or reductions).

We are interested in comments that identify potential benefits of permitting in the final rule the waiver or offset of cost-sharing obligations where the cost-sharing waiver or offset of obligations is part of a value-based arrangement under our value-based framework. In addition, we solicit comments on any safeguards that would mitigate concerns that routine waivers of cost-sharing amounts might undermine prudent consumer incentives of cost-sharing or might allow for abusive “insurance-only billing” marketing schemes targeting patients for unnecessary or poor-quality items or services.

Long-standing OIG guidance allows for non-routine, good-faith financial need cost-sharing waivers,[43] and several safe harbors and beneficiary inducements CMP exceptions already offer protection for certain reductions, waivers, and differentials in cost-sharing, such as the exception for the waiver of cost-sharing amounts found at section 1128A(i)(6)(A) of the Act and 42 CFR 1003.110. Those safe harbors and exceptions remain available and unchanged by this proposal. We also are proposing protection for certain cost-sharing waivers or reductions under the CMS-sponsored model patient incentives safe harbor, proposed at 1001.952(ii). As noted above, many VBE participants that would avail themselves of the patient engagement and support safe harbor would not be subject to programmatic requirements, oversight, or monitoring comparable to CMS-sponsored models. Therefore, cost-sharing waivers or reductions offered and provided under the CMS-sponsored models may present fewer risks.

We are aware of concerns expressed by some stakeholders about the collection of small beneficiary cost-sharing amounts associated with certain care coordination services, such as care management and remote monitoring, where the costs of collection exceed the amount to be collected. Stakeholders would like safe harbor protection for waivers of such cost-sharing amounts. We are considering for the final rule whether limited safe harbor protection for such waivers might be appropriate, including whether such safe harbor protection would be consistent with the program rules establishing such beneficiary cost-sharing amounts. We are considering for the final rule, and seek comment regarding, what conditions we should include in any safe harbor for limited cost-sharing waivers that would protect only cost-sharing waivers associated with certain specified services, such as care management and remote monitoring. If we were to finalize such a safe harbor, we likely would include conditions similar to those set forth in proposed 1001.952(hh).

Finally, we are aware of interest among some stakeholders in offering patients a share of savings the patients help generate for a payor. For example, a patient who selects a clinically appropriate but less costly setting to obtain services (e.g., home-based services instead of a treatment in a facility) might share in the savings realized from the lower cost care setting. We believe that in many cases, this type of program would be part of a plan's benefit design. The need for new safe harbor protection for this type of arrangement is unclear, and we solicit comments on this issue.

c. Gift Cards

OIG has never considered gift cards to be in-kind items, goods, or services. The limitation of “tool or support” proposed in paragraph 1001.952(hh) would be consistent with OIG's position that gift cards are not in-kind items, goods, and services. OIG recognizes certain risks attendant to providing gift cards as patient engagement tools and supports, some of which may make gift cards indistinguishable from cash (e.g., we recognize that consumers can sell or trade gift cards through gift card redemption sites, which could result in a gift card morphing into cash). Similar to cash and cash equivalents, OIG is concerned that tools and supports in the form of gift cards could induce patients to seek medically unnecessary items and services—leading to inappropriate utilization—and could result in providers improperly steering patients through offering valuable incentives in the form of gift cards.

Nevertheless, because gift cards may be effective at promoting behavioral change, OIG is considering whether to include protection for gift cards in limited circumstances, for example, where they are provided to patients with certain conditions, such as substance use disorders and behavioral health conditions, as part of an evidence-based treatment program, for the purpose of effecting behavioral change. OIG seeks comments on the potential inclusion of gift cards in limited circumstances such as these and requests citations to any recent studies assessing the positive or negative effects of gift card incentives on promoting behavioral change. OIG also solicits comments on whether and how including gift cards as allowable “tools or supports” in the circumstances described above would raise the risk of fraud and abuse and specifically whether it would present any anti-competitive effects, particularly for smaller providers and suppliers. OIG also is considering and seeks comment on what additional safeguards, such as limiting protection for gift cards to those that are not pre-paid debit cards,[44] we should include to the extent the safe harbor protects the provision of gift cards.

4. Additional Proposed Conditions

The patient engagement and support safe harbor would impose a number of conditions on the provision of protected patient engagement tools and supports. The intent of these safeguards is to balance the potential benefits of tools and supports with safeguards that minimize the risk of harm to patients, payors, or both.

a. Furnished Directly to the Patient

Under the proposed condition at 1001.952(hh)(1), the tool or support must be furnished directly to the patient by a VBE participant. The reasons for this proposed condition are two-fold. First, the condition would prevent entities that are excluded from participating in a VBE from directly or indirectly furnishing tools and supports to patients. Second, we believe that this condition would help patients understand which entity or individual is furnishing the tool or support, which could aid patients in deciding whether to participate in the program or treatment regimen offered. We are considering for the final rule and seek comment on whether we should include a condition in the final safe harbor that would require the VBE participant to provide any patient receiving a patient engagement tool or support a written notice describing: (i) The VBE participant that is giving the patient the tool or support; (ii) what the remuneration is; and (iii) the purpose of, or reason for, the remuneration. We solicit comments on whether we should expressly permit the VBE participant to furnish the tool or support through someone acting on the VBE participant's behalf and under the VBE participant's direction (e.g., a physician practice that provides the tool or support through an individual member of the practice or nurse employed by the practice). We also seek comments on the applicability of the proposed safe harbor to potential arrangements by which a VBE participant orders or arranges for the delivery of a tool or support from an independent third party.

b. Funding Limitations

Under the proposed condition at 1001.952(hh)(2), we limit who can fund or otherwise contribute to patient engagement tools and supports furnished by a VBE participant. We propose to interpret the requirement at 1001.952(hh)(2) to prohibit the VBE participant from accepting or using funds or free in-kind items or services furnished by any individual or entity outside of the VBE to finance or otherwise facilitate its patient engagement tools, supports, or both, including both the cost of the tool or support and any associated operating costs incurred through the provision of such tool or support (e.g., staff time dedicated to ordering or distributing blood pressure cuffs or technology expenses or help desk services associated with a patient support). We believe this requirement is necessary to reduce the likelihood of undue influence that could result in inappropriate patient steering to specific products, providers, or suppliers.

In addition, this proposed condition would ensure that the entities we propose to exclude as VBE participants would not indirectly furnish patient engagement tools and supports under the safe harbor. For example, a pharmaceutical manufacturer, manufacturer, distributor, or supplier of DMEPOS, or laboratory could not circumvent the proposed exclusion from the definition of “VBE participant” by providing funds to a third-party entity and then directing or otherwise controlling any aspect of the third-party entity's provision of patient engagement tools and supports as a VBE participant. Further, this proposed condition would prohibit a non-VBE participant's contribution of in-kind items and services for a VBE participant to provide to patients as tools or supports. By way of example, a pharmaceutical manufacturer's provision of free product to a VBE participant (e.g., a physician) for the VBE participant's distribution to patients as free product samples would not be protected by this proposed safe harbor.[45] We solicit comments on this approach and whether there may be defined, limited circumstances in which non-VBE participants should be able to contribute or otherwise participate in the provision of tools and supports eligible for safe harbor protection.

We note that this proposed safe harbor does not address, or otherwise prohibit, arrangements between VBE participants and others (including vendors and manufacturers) for the purchase and sale of tools and supports that the VBE participant would furnish under the safe harbor. Such arrangements must be assessed on a case-by-case basis for compliance with the Federal anti-kickback statute and any other applicable law.

c. Prohibition on Marketing and Patient Recruitment

Under the proposed condition at 1001.952(hh)(3)(iii), the remuneration must not include any in-kind item, good, or service used for patient recruitment or marketing of items or services to patients. We do not intend to protect tools or supports that serve solely as patient recruitment incentives. Similarly, we do not intend to protect tools or supports offered to patients where the party knows or should know that the patient would not use the item as intended under the arrangement and would instead resell the item.

We seek comments on this proposed condition, and in particular, any benefits of permitting in the final rule some targeted marketing or similar outreach to the target patient population for the purposes of engaging them in evidence-based prevention or wellness activities, or in improving population health outcomes, particularly for VBEs or VBE participants at financial risk for the health outcomes of the target patient population. As with our proposal at paragraph 1001.952(ee), we also are interested in comments on how best to preclude marketing of reimbursable items and services and patient recruitment while still permitting beneficial educational efforts and activities that promote patient awareness of care coordination activities and available tools and supports.

d. Direct Connection

Under the proposed condition at 1001.952(hh)(3)(i), the tool or support furnished to the patient must have a “direct connection” to the coordination and management of care for the patient. We interpret “direct connection” to mean that the VBE has a good faith expectation that the tool or support will further the VBE's coordination and management of care for the patient, as that concept is described in the proposed conditions at 1001.952(ee). Where a direct connection exists, it should not be difficult for the VBE and the VBE participant providing the patient engagement tool or support to clearly articulate the nexus between the tool or support and a care coordination and management purpose of the VBE. We believe that this requirement effectively balances the goals of patient engagement tools and supports, such as patient compliance with a plan of care and adherence to behavior modifications to improve overall health, with the risk that VBE participants could use extravagant tools or supports to steer beneficiaries or incentivize unnecessary or inappropriate care. Consistent with our goals of fostering flexibility, adaptability, and innovation, we are not further describing specific patient engagement tools and supports that would be considered to have a direct connection to the coordination and management of care for the patient. We are considering for the final rule and solicit comments on whether we should require a “reasonable connection” rather than a “direct connection.”

As an alternative or in addition to this approach, we are considering whether, to heighten transparency of patient engagement tools and supports and to ensure that qualifying patient engagement tools and supports are known by and closely related to the VBE itself, we should require the VBE to make a bona fide determination that the VBE participant's arrangement to provide tools and supports to patients is directly connected to the coordination and management of care for the patient, as that term is used in the proposed 1001.952(ee). We solicit comments on this approach.

Lastly, we are considering for the final rule, and solicit comment on, whether we should require that patient engagement tools and supports be directly connected to any of the four value-based purposes, as opposed to requiring a direct connection specifically to the coordination and management of the patient's care.

e. Medical Necessity

Under the proposed condition at 1001.052(hh)(3)(iv), the tool or support furnished to the patient must not result in medically unnecessary or inappropriate items or services reimbursed in whole or in party by a Federal health care program. We believe that this is an important protection for patient safety and quality of care.

f. Nature of the Remuneration

Under the proposed conditions at 1001.952(hh)(3)(vi), the tool or support must be recommended by the patient's licensed healthcare provider. This condition seeks not only to ensure that the remuneration is focused specifically on patient care, but also underscore the importance of quality of care, the healthcare provider's medical judgment, and the patient's relationship with his or her chosen healthcare providers in developing plans for treatment and care.

We are considering and solicit comment on, whether we should include as a safeguard a requirement that the patient's licensed healthcare provider certify in writing, under 18 U.S.C. 1001 and 1519, that the particular item or service is recommended solely to treat a documented chronic condition of a patient in a target patient population. We solicit comments on how providers would most efficiently meet such a requirement and whether and how providers should be required to make the certification available.

For all types of remuneration contemplated under this proposed safe harbor, we are considering for the final rule and seek comment on whether we should impose further limitations on the nature of remuneration furnished or other conditions to safeguard against the risks associated with fraud and abuse. For example, we are considering for the final rule and seek comment on some or all of the following additional safeguards:

  • A requirement that VBE participants furnishing patient engagement tools and supports demonstrate and document the desired adherence to a treatment regimen, adherence to a drug regimen, adherence to a follow-up care plan, management of a disease or condition, improvement in measurable health outcomes, or patient safety; and
  • a monitoring requirement to ensure that the patient engagement tools and supports do not result in diminished quality of care or patient harm.

In addition, we seek specific examples of any other types of remuneration that stakeholders believe should be covered (or should not be covered) by this proposed safe harbor and why, as well as input on whether we can better define categories of remuneration, and any limitations or safeguards necessary to protect against fraud and abuse risks specific to such examples or categories.

g. Advancement of Specified Goals

Under the proposed condition at 1001.952(hh)(3)(vii), the incentives and supports must advance specifically enumerated goals, namely: Adherence to a treatment regimen as determined by the patient's licensed healthcare provider; adherence to a drug regimen as determined by the patient's licensed healthcare provider; adherence to a follow-up care plan established by the patient's licensed healthcare provider; management of a disease or condition as directed by the patient's licensed healthcare provider; improvement in evidence-based measurable health outcomes for a patient or the target patient population; ensuring patient safety; or some combination of the above.[46] We are not proposing to specify which tools and supports would advance the named goals to provide flexibility for VBE participants and promote innovation. We intend for this proposed condition to protect a range of tools and supports. For example, an item, such as a smart pill bottle, that dispenses medications at preset times for a patient could meet this condition because it is a tool that enables the patient to access the right medication at the appropriate dosage and time. Offering a parking voucher or providing free childcare during medical appointments also could satisfy this condition because these supports would allow a patient to comply with his or her treatment regimen. Conversely, offering a patient movie tickets to reward compliance with a treatment regimen would not satisfy this condition.

While we are concerned about the potential for abuse when patients are offered rewards to induce them to receive items or services, we also are aware that, in some circumstances, patients, or persons at risk of becoming patients with more serious conditions, might be offered tools or supports that result in lower healthcare costs (without compromising quality) or that promote patient wellness and healthcare.

h. No Diversion or Resell

Under the proposed condition at 1001.952(hh)(4), this safe harbor would not protect the provision of a tool or support if the offeror of the remuneration knows or should know that the tool or support is likely to be diverted, sold, or utilized by the patient other than for the express purpose for which the patient engagement tool or support is provided. This proposed condition is designed to prevent VBE participants from providing tools and supports to patients if they likely would divert or sell or otherwise use for purposes other than the coordination and management of care and the goals outlined in (hh)(3)(vi). We seek comments on this approach.

Notwithstanding the foregoing, for the purposes of this safe harbor, we would not consider a tool or support to be diverted if it is furnished to patients indirectly through their caregivers or family members or others acting on patients' behalf if the remuneration otherwise satisfies the conditions of the safe harbor. Specifically, if a patient is unable to care for herself or himself and another person (e.g., a family member or other caregiver) has legal authority or the patient's consent to act on the patient's behalf, then remuneration furnished to that person, on the patient's behalf and for the patient's benefit, would be protected if all conditions of the safe harbor are met. For example, if the patient is a child suffering from asthma, the child's parent or guardian may accept in-kind remuneration, such as a new air purifier for the child's bedroom, on the child's behalf without violating this requirement.

i. Monetary Cap

Under the proposed condition at 1001.952(hh)(5), the aggregate retail value of patient engagement tools and supports furnished by a VBE participant to a patient could not exceed $500 on an annual basis, with certain limited exceptions. With this condition, we have attempted to strike the right balance between flexibility for beneficial patient tools and supports and a bright-line limit on the amount of protected remuneration to protect patients from being improperly influenced by valuable gifts; to protect the Federal health care programs from potential abuse through overutilization and inappropriate utilization due to such gifts; and to allow for innovation and beneficial arrangements that benefit patients and payors. As noted elsewhere in this preamble, our enforcement experience shows that incentives offered to beneficiaries can be used to coerce them into obtaining unnecessary services or harmful care, and this risk may be heightened when the value of remuneration is high or unlimited. However, we are unsure whether a monetary cap would present a barrier to achieving the intended benefits for patients envisioned by this proposed safe harbor. In lieu of a monetary cap, we are considering for the final rule, and seek comments on, whether other combinations of safeguards proposed in this rule would offer meaningful protection against fraud and abuse involving patients and programs, while still achieving the policy goal of promoting value-based care.

We solicit comments on whether this proposed monetary limit of $500 is appropriate, whether $500 per year is too low or too high, and if so, what other figures are more appropriate and the reasons for such other figures (e.g., $100, $200, $1,000, $1,500, or another amount that would be of sufficient magnitude to protect the most beneficial arrangements while also preventing the most abusive ones). For purposes of measuring retail value, we propose that such value be measured at the time the patient engagement tool or support is provided, and we are considering for the final rule whether to interpret “retail value” to mean the fair market value to the recipient or commercial value to the recipient. We also solicit comments on the proposed requirement applying the cap to individual VBE participants and whether the requirement should instead apply the annual cap to the VBE as a whole. Under this alternative, we are considering whether only one VBE participant within a VBE could offer remuneration to a patient during the year. If we limited the cap to the VBE instead of a VBE participant, we are interested in comments regarding how this might negatively impact opportunities for patients and providers or create burdensome tracking and recordkeeping obligations for a VBE or VBE participants. We also solicit comments on whether we should apply the annual cap on a value-based arrangement basis; in other words, under each value-based arrangement, a patient could receive aggregate remuneration up to the cap (whether from one or more VBE participants in the arrangement). We are interested in comments about any negative impacts or burdens from this approach.

We propose that the cap could be exceeded for certain patients who lack financial resources. Specifically, the proposed condition at 1001.952(hh)(5) provides that the aggregate retail value of patient engagement tools or supports furnished to a patient by a VBE participant may exceed $500 per year if the patient engagement tools and supports are furnished to a patient based on a good faith, individualized determination of the patient's financial need. OIG has existing guidance related to individualized, good faith determinations of financial need in the context of cost-sharing waivers, and accounting for financial need generally aligns with an existing exception under the CMP. We are not specifying any particular method of determining financial need because we believe what constitutes “financial need” varies depending on the circumstances. However, it would be important for VBE participants to make determinations of financial need on a good faith, individualized, case-by-case basis in accordance with a reasonable set of income and resource guidelines uniformly applied in all cases. The guidelines would need to be based on objective criteria and appropriate for the applicable locality. A patient's medical costs and liabilities could be taken into account, among other factors, as part of the determination. We seek comments on this approach as applied to the proposed safe harbor as well as whether we should include a cap but not allow for the cap to be exceeded.

We seek comments regarding whether the monetary limit imposed at 1001.952(hh)(5) is necessary and appropriate, or if alternatives that better protect patients and payors exist, such as a limitation on the frequency of such remuneration (e.g., a one-time provision of remuneration, once per year, or once per month), or a per-occurrence limitation, in place of, or in addition to, an aggregate limit. If a per occurrence limitation is desirable, we seek feedback on its amount standing alone and in relation to an aggregate cap (e.g., if the aggregate cap were to be $500 per year, should the per occurrence cap be $100, $200, or some higher or lower figure). We seek comments about, and supporting data for selecting, cap amounts. Finally, we seek comments regarding how we should treat ongoing costs associated with tools and supports (such as batteries, maintenance costs, or upgrades).

j. Materials and Records

Under the proposed condition at 1001.952(hh)(6), the VBE or a VBE participant would be required to make available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this safe harbor. We are not proposing particular parameters regarding the creation or maintenance of documentation to allow individuals and entities the flexibility to determine what constitutes best documentation practices but welcome comments on whether particular parameters are needed. In particular, we are considering for the final rule and seek comment regarding whether we should include, in the final rule, a requirement that VBE participants retain materials and records sufficient to establish compliance with the conditions of this safe harbor for a set period of time (e.g., at least 6 years or 10 years). Were an entity to be under investigation and assert this safe harbor as a defense, it would need to be able to demonstrate compliance with each condition of the safe harbor.

5. Potential Safeguards

In addition to the proposed conditions set forth above, for the purposes of the proposed patient engagement and support safe harbor, we are considering and seek comment on additional potential safeguards for the final rule. We are considering and seek comment on the possible safeguards outlined below for this proposed safe harbor because many VBE participants that would avail themselves of the proposed patient engagement and support safe harbor would not be subject to governmental programmatic requirements, oversight, or monitoring comparable to CMS-sponsored models (addressed in the proposed safe harbor at 1001.952(ii)).

a. Prohibition on Cost-Shifting

We are considering for the final rule, and seek comment on, a condition prohibiting VBE participants from billing Federal health care programs, other payors, or individuals for the tool or support; claiming the value of the tool or support as a bad debt for payment purposes under a Federal health care program; or otherwise shifting the burden of the value of the tool or support onto a Federal health care program, other payors, or individuals. This requirement, if included in any final rule, would be designed to protect against tools and supports resulting in inappropriately increased costs to Federal health care programs, other payors, and patients. We are considering, and seek comments on, prohibiting both: (1) Directly billing any third party, including patients, for the patient engagement tool or support or any operational costs attendant to the provision of the patient engagement tools and supports; and (2) claiming the cost of the patient engagement tool or support and any operational costs attendant to the provision of patient engagement tools and supports as bad debt for payment purposes under Medicare or a State healthcare program.

b. Consistent Provision of Patient Incentives

We are considering for the final rule, and seek comment on, whether to require VBE participants to provide the same patient engagement tools or supports to an entire target patient population or otherwise consistently offer tools and supports to all patients satisfying specified, uniform criteria. We believe that including such a condition in the safe harbor would protect against a VBE participant targeting certain patients to receive tools and supports based on, for example, the patient's insurance status. We solicit comments on this issue. In particular, we are interested in understanding whether this proposed safeguard would limit certain VBE participants' ability to offer tools and supports due to the potential cost of furnishing the tool or support to an entire target patient population rather than a smaller subset of the target patient population. Similarly, we are interested in comments explaining why offering remuneration to a smaller subset of a target patient population instead of to the entire target population would be appropriate and not increase the risk of fraud and abuse, such as the targeting of particularly lucrative patients to receive tools and supports (cherry picking) or failure to provide tools and supports to high-cost patients (lemon dropping).

c. Monitoring Effectiveness

We are considering adding a condition to the final rule that would require VBE participants to use “reasonable efforts” to monitor the effectiveness of the tool or support in achieving the intended coordination and management of care for the patient and would require the VBE or the VBE participant to have policies and procedures in place to address any identified material deficiencies. We believe that including such a condition in the safe harbor would help ensure that the tools and supports VBE participants furnish to patients achieve the stated purpose(s), and in turn, could help prevent VBE participants from offering patients engagement tools and supports that induce them to seek more, potentially unnecessary, care. We solicit comments on whether we should include such a monitoring provision and, if so, any anticipated burdens and ways OIG could minimize any burden. We would apply a facts and circumstances analysis to the “reasonable efforts” employed by parties under this condition, using an objective standard of reasonableness. We solicit comments on this approach.

d. Retrieval of Items and Goods

We are considering for the final rule and seek comment on a condition that would require offerors to engage in reasonable efforts to retrieve an item or good furnished as a tool or support in certain circumstances. For example, we are considering requiring that the offeror make reasonable efforts to retrieve the patient engagement tool or support (if it is an item or good) when the patient is no longer in the target patient population, the VBE no longer exists, or the offeror is no longer a VBE participant. This would prevent the safe harbor from being misused to protect inducements to beneficiaries that do not promote value. If we were to include such a requirement, we are considering setting a minimum value for the item or good above which offerors would be required to make reasonable retrieval efforts (e.g., $100, $200, $500 or a higher or lower amount). We believe such a provision would reduce the burden associated with retrieval efforts. We also are interested in comments regarding whether any retrieval requirement should be limited to tools and supports that are practicable to recover, such as those which are not fixtures or were for short-term use or an otherwise temporary benefit, and where harm to the patient or disproportionate expense to the VBE participant would not result.

e. Advertising

We are considering for the final rule and seek comment on a condition that would require that the VBE participant does not publicly advertise the patient engagement tool or support (to patients or others who are potential referral sources). This would prohibit advertising in the media or posting information for public display or on websites about the availability of free items or services, similar to the local transportation safe harbor, 42 CFR 1001.952(bb). Such prohibition on public advertising would inhibit the use of patient engagement tools and supports as a marketing tool, thus keeping the focus of the safe harbor on improving care coordination and management of patients' care. We solicit comments on this potential safeguard. In particular, we are interested in comments on whether this condition would impose a barrier to the success of care coordination and value-based arrangements by restricting information available to patients about options for receiving better coordinated care.

G. CMS-Sponsored Model Arrangements and CMS-Sponsored Model Patient Incentives (1001.952(ii))

OIG and CMS have jointly issued fraud and abuse waivers of certain provisions of the Federal anti-kickback statute, the physician self-referral law and, for OIG only, certain CMP law authorities for numerous payment models established and tested by CMS under section 1115A(d)(1) of the Act (pertaining to models tested by the Innovation Center) [47] and section 1899 of the Act (pertaining to the Medicare Shared Savings Program).[48] Waivers apply only to: (i) Arrangements described by the models and (ii) model participants and other specified individuals and entities. Further, any protection furnished by the waivers is limited in duration.

Commenters to the OIG RFI generally asked us to simplify and standardize our approach to protecting CMS-sponsored model arrangements under the anti-kickback statute and beneficiary inducements CMP. Waivers issued to date are tailored to the particular CMS model and CMS's design for the model, pursuant to the waiver authorities. Commenters requested that OIG promulgate regulatory protections that would provide uniformity and predictability for parties participating in CMS models.

We propose to create a new anti-kickback statute safe harbor at 42 CFR 1001.952(ii) to: (i) Permit remuneration between and among parties to arrangements (e.g., distribution of capitated payments, shared savings or losses distributions) under a model or other initiative being tested or expanded by the Innovation Center under section 1115A of the Act and the Medicare Shared Savings Program under section 1899 of the Act (collectively, “CMS-sponsored models”) and (ii) permit remuneration in the form of incentives and supports provided by CMS model participants and their agents under a CMS-sponsored model to patients covered by the CMS-sponsored model. The objective of the proposed safe harbor is to standardize and simplify anti-kickback statute compliance for CMS-sponsored model participants in models for which CMS has determined participants should have the protection that would be afforded by this safe harbor [49] (rather than requiring participants to comply with the law as it would exist without this safe harbor) by applying uniform conditions across all models or initiatives sponsored by CMS.

This proposal focuses on models under sections 1115A and 1899 of the Act; we are considering for the final rule, and solicit comments on, broadening the scope of this safe harbor to protect remuneration between and among parties to arrangements under CMS initiatives that are authorized under other sections of the Act with statutory authority to waive the fraud and abuse laws.

By proposing this safe harbor, we aim to simplify application of the anti-kickback statute and CMP authorities for individuals and entities that participate in CMS-sponsored models in a manner that is consistent with CMS's authorities to operate and test new models and to reduce the need to issue model-by-model waivers of fraud and abuse laws. As with fraud and abuse waivers, our goal is to accommodate CMS's testing and operation of innovative, value-based care delivery and payment models that CMS has determined could improve quality of care, reduce growth in costs, or both, while also including program integrity protections against fraud and abuse. To the extent that an arrangement under a CMS-sponsored model implicates the anti-kickback statute or beneficiary inducements CMP, parties within CMS-sponsored models for which we have issued fraud and abuse waivers may continue to use applicable CMS-sponsored model waivers to protect their arrangements or may choose to structure arrangements to comply with this new safe harbor or any other applicable anti-kickback statute safe harbor or CMP exception.

The degree of flexibility offered by this proposed safe harbor recognizes CMS's ability to oversee and monitor CMS-sponsored models and initiatives and to embed program integrity protections in such models and initiatives in ways that do not necessarily apply to arrangements outside the models. For this reason, this proposal does not extend to commercial and private insurance arrangements that may operate alongside, but outside, a CMS-sponsored model. However, nothing in this proposed safe harbor would prevent commercial and private insurers from implementing arrangements that cover both public and private patients; such arrangements could be structured to satisfy other proposed safe harbor protections that do not distinguish between public and private patient populations.

We are proposing a number of definitions for purposes of this safe harbor. We propose to define a “CMS-sponsored model party” as a CMS-sponsored model participant or another individual or entity that the CMS-sponsored model's participation documentation specifies may enter into a CMS-sponsored model arrangement. We propose to define “participation documentation” for purposes of this safe harbor as the participation agreement, cooperative agreement, regulations, or model-specific addendum to an existing contract with CMS that: (i) Is currently in effect, and (ii) specifies the terms of a CMS-sponsored model.

We propose to define a “CMS-sponsored model participant” as an individual or entity that is subject to, and is operating under, participation documentation with CMS to participate in a CMS-sponsored model. We propose to define a “CMS-sponsored model arrangement” as a financial arrangement between or among CMS-sponsored model parties to engage in activities under the CMS-sponsored model and that is consistent with, and is not a type of arrangement prohibited by, the participation documentation. Finally, we propose to define a “CMS-sponsored model patient incentive” as remuneration that is not of a type prohibited by the participation documentation and is furnished consistent with the CMS-sponsored model by a CMS-sponsored model participant (or by an agent of the CMS-sponsored model participant under the CMS-sponsored model participant's direction and control) directly to a patient under the CMS-sponsored model.

We would expect CMS to notify CMS-sponsored model participants, through participation documentation, or other public means as determined by CMS, when CMS-sponsored model participants may use this safe harbor under a CMS-sponsored model. For example, CMS may specify the types of CMS-sponsored model patient incentives that a CMS-sponsored model participant may provide under the CMS-sponsored model within a CMS-sponsored model participation agreement. The CMS-sponsored model participant also must satisfy certain programmatic requirements imposed by CMS in connection with the use of this safe harbor. CMS also may require CMS-sponsored model participants to disclose to CMS when they use this safe harbor under a CMS-sponsored model as a condition of participation in the CMS-sponsored model. If this safe harbor is finalized and CMS determines that it be made available for a CMS-sponsored model, the safe harbor would not be available to protect any remuneration that does not satisfy program requirements as may be imposed by CMS on CMS-sponsored model participants.

We solicit comments on these definitions. In particular, we solicit comments regarding the scope of the definition of “CMS-sponsored model patient incentive,” recognizing that a CMS-sponsored model participant may not always know whether a particular patient is in a CMS-sponsored model at any given point in time. We are considering for the final rule and solicit comments on extending the definition of “CMS-sponsored model incentive” to include patients beyond those under a CMS-sponsored model or, in the alternative, defining “CMS-sponsored model patient” such that a CMS-sponsored model participant could provide incentives to any patient (or any beneficiary) that meets the other conditions of the safe harbor.

As proposed, this safe harbor would provide CMS-sponsored model parties an additional pathway to protection from sanctions under the anti-kickback statute and the beneficiary inducements CMP. An arrangement needs to meet the requirements of only one safe harbor to ensure immunity from criminal and civil prosecution under the statute. For example, CMS-sponsored model parties would be able to choose to structure an arrangement to comply with the conditions of this proposed safe harbor, the proposed value-based arrangements safe harbors (paragraphs (ee), (ff), and (gg)), the patient engagement and support safe harbor (paragraph (hh)), any other applicable existing safe harbors or exceptions, or fraud and abuse waivers issued for the CMS-sponsored model. However, to ensure protection, an arrangement must meet all conditions of a particular safe harbor or waiver. We note that depending on the facts and circumstances, an arrangement may comply with fraud and abuse laws absent specific safe harbor or waiver protection.

1. Proposed Conditions for CMS-Sponsored Model Arrangements and CMS-Sponsored Model Patient Incentives

We are proposing below important safeguards to ensure that arrangements protected by this proposed safe harbor operate as intended by the CMS-sponsored models, and the CMS-sponsored models are not undermined by arrangements that might lead to stinting on medically necessary care or induce inappropriate utilization. These safeguards are necessary to ensure that a CMS-sponsored model party's financial arrangements and patient incentives are consistent with the quality, care coordination, and cost-reduction goals of a CMS-sponsored model and can be readily overseen by CMS and OIG.

As a threshold matter, CMS would determine whether the safe harbor protection would be available for arrangements or patient incentives under the particular CMS-sponsored model. CMS may limit participation in a CMS-sponsored model to certain providers or entities (e.g., certain CMS-sponsored models may exclude pharmaceutical manufacturers from participating in a CMS-sponsored model or participating in arrangements under the CMS-sponsored model). CMS has discretion to determine the scope of entities, arrangements, or incentives that may be protected under this safe harbor on a model-by-model basis. Unlike the proposed safe harbors at 42 CFR 1001.952(ee), (ff), (gg) and (hh), which propose to exclude pharmaceutical manufacturers; manufacturers, distributors, and suppliers of DMEPOS; and laboratories from arrangements and tools and supports that would receive protection under the safe harbors, this proposed safe harbor would not exclude any entities from potential protection under the safe harbor. We do not propose any such exclusions to allow: (i) The Innovation Center the discretion to determine the scope of the models it wishes to test and expand and (ii) CMS the discretion to determine how to implement the Medicare Shared Savings Program. In addition, OIG notes that CMS-sponsored models include programmatic rules, monitoring, and oversight not present in value-based arrangements and the provision of patient tools and supports outside of such models, which may mitigate some of the fraud and abuse risks presented by the inclusion of pharmaceutical manufacturers; manufacturers, distributors, and suppliers of DMEPOS; and laboratories in such models.

a. Conditions for CMS-Sponsored Model Arrangements

Proposed paragraph (ii)(1) sets forth the terms for protection of certain remuneration between or among CMS-sponsored model parties under a CMS-sponsored model arrangement in a model for which CMS has determined that the safe harbor is available.

We propose six conditions parties would need to meet to receive safe harbor protection. The first condition would require that CMS-sponsored model participants reasonably determine that the CMS-sponsored model arrangement will advance one or more goals of the CMS-sponsored model. We intend to interpret “reasonably determine” to mean that the activities set forth in the written agreement are fairly and verifiably anticipated to achieve at least one or more goals of the CMS-sponsored model. For example, CMS-sponsored model parties may wish to create an implementation protocol explaining the activities and evidence-based processes or guidance relied upon to develop and implement an arrangement that would advance a goal of a CMS-sponsored model through the CMS-sponsored model arrangement.

The safe harbor would be flexible to permit parties to pursue a wide array of activities under the CMS-sponsored model; however, the arrangement must be consistent with the purposes of the CMS-sponsored model. As stated above, CMS determines the scope of its models and what is being tested. As we propose to reflect in the definition of “CMS-sponsored model arrangement,” if an arrangement is a type of arrangement prohibited by the participation documentation, then it does not qualify as a CMS-sponsored model arrangement. If an arrangement does not qualify as a CMS-sponsored model arrangement, then it would not be protected by this safe harbor even if the CMS-sponsored model parties determined that it would advance a purpose of the CMS-sponsored model.

In the second proposed condition, we specify that the exchange of value must not induce CMS-sponsored model parties or other providers or suppliers to furnish medically unnecessary items or reduce or limit medically necessary items or services furnished to CMS-sponsored model patients. We believe that this is an important protection for patient safety and quality of care, and it would be consistent with every CMS-sponsored model.

In the third proposed condition, we are incorporating a key safeguard that we have consistently utilized in our fraud and abuse waivers to prohibit remuneration that is explicitly or implicitly offered, paid, solicited, or received in return for, or to induce or reward, any referrals or other business generated outside of the CMS-sponsored model.

The fourth condition would require CMS-sponsored model parties, in advance of, or contemporaneously with the commencement of, the CMS-sponsored model arrangement, to set forth the terms of the CMS-sponsored model arrangement in a signed writing.

The fifth condition would require parties to the CMS-sponsored model arrangement to make available to the Secretary materials and records sufficient to establish whether the remuneration was exchanged between the parties in a manner that meets the conditions of this safe harbor. We are not proposing particular parameters regarding documentation, but rather specifying only that the writing must describe the activities to be undertaken by the CMS-sponsored model parties and the nature of the remuneration to be exchanged. Therefore, parties under a CMS-sponsored model would have flexibility to determine what type of documentation would best memorialize the arrangement such that they could demonstrate safe harbor compliance to the Secretary or OIG upon request. Nothing in this proposed condition would change or alter any requirements related to documentation (or any other model feature) imposed by CMS as part of its model.

Finally, we propose to include a condition requiring CMS-sponsored model participants to satisfy such other programmatic requirements as may be imposed by CMS in connection with the use of this safe harbor. Because CMS has authority to test and design models, it can also create programmatic requirements integral to testing and monitoring its model design for CMS-sponsored model participants. We are proposing this condition to ensure that parties comply with any additional programmatic requirements as may be imposed by CMS related to the arrangements for which they might seek safe harbor protection. We would expect CMS to set forth these requirements within the CMS-sponsored model's participation documentation or otherwise make such requirements publicly available.

b. Conditions for CMS-Sponsored Model Patient Incentives

With respect to patient incentives, the proposed safe harbor would apply to certain incentives offered by a CMS-sponsored model participant or by an agent of the CMS-sponsored model participant under the CMS-sponsored model participant's direction and control directly to a patient receiving healthcare items and services under the CMS-sponsored model that will advance one or more goals of the CMS-sponsored model.

CMS would determine whether the safe harbor protection would be available for the particular CMS-sponsored model. As stated above, CMS has discretion to determine which entities may avail themselves of this safe harbor or to determine the types of patient incentives CMS-sponsored model parties may provide on a model-by-model basis. We would expect CMS to notify CMS-sponsored model participants of the scope of permissible patient incentives within its participation documentation or to make such determination publicly available.

If CMS determines a type of incentive is prohibited, then it would not qualify as a CMS-sponsored model patient incentive for purposes of this proposed safe harbor.[50] Similarly, some CMS-sponsored models might have their own requirements for giving patient incentives, and this proposed safe harbor would not obviate those programmatic requirements. For example, in making incentive payments to an assigned Medicare beneficiary under the ACO Beneficiary Incentive Program, ACOs are expected to satisfy the programmatic requirements governing such incentive payments at section 1899(m) of the Act and 42 CFR 425.304(c); if this safe harbor is finalized and CMS determines that it be made available for the ACO Beneficiary Incentive Program, the safe harbor would not be available for any incentive payment that does not satisfy such programmatic requirements.

Depending on the goals set forth by CMS for the CMS-sponsored model, we would expect a CMS-sponsored model participant would use this safe harbor to provide its patients with free or below-fair-market-value incentives that advance the goals of the CMS-sponsored model, such as preventive care, adherence to a treatment regimen, or management of a disease or condition. The proposed protection would cover a broad range of incentives, such as, transportation, nutrition support, home monitoring technology, and gift cards, as determined by CMS through the CMS-sponsored model's design. Certain CMS-sponsored models or future models might permit waivers of cost-sharing amounts (for example, copayments and deductibles) or cash incentives to certain patients to promote certain clinical goals of a CMS-sponsored model. All of these patient incentives, when determined by CMS to be appropriate for the CMS-sponsored model design and not prohibited by the participation documentation, could fit within the proposed safe harbor, provided that the arrangement otherwise complies with all safe harbor conditions. We are proposing safeguards specific to the protected patient incentives.

Under the proposed condition at paragraph (ii)(2)(i), the CMS-sponsored model participant must reasonably determine that the patient incentive the CMS-sponsored model participant furnishes to its patients under the CMS-sponsored model will advance one or more goals of the CMS-sponsored model. As stated above, we would expect CMS to notify CMS-sponsored model participants, through participation documentation, or other means as determined by CMS, when CMS-sponsored model participants may use this safe harbor under a CMS-sponsored model and the types of patient incentives they may offer. CMS-sponsored model participants may look to their participation documentation for potential descriptions or guidance on patient incentives that would be consistent with the goals of the CMS-sponsored model. For example, the participation documentation might specify that any incentives furnished must be preventive care items or services or must advance one or more clinical goals for patients under the CMS-sponsored model by engaging him or her in better managing his or her own health.

Under the second proposed condition, we propose to require that the patient incentive have a direct connection to the patient's healthcare. We believe this condition to be consistent with the design of all CMS models and initiatives contemplated as part of this safe harbor. This condition is consistent with requirements we have imposed previously within our fraud and abuse waivers for a number of CMS-sponsored models. For the same reasons described further in our discussion of the proposed patient engagement and support safe harbor at proposed paragraph 1001.952(hh), we propose that this requirement would warrant a dual consideration: Whether a direct connection exists from a healthcare perspective and whether a direct connection exists from a financial perspective.

We are not proposing specific documentation under the third condition for patient incentives offered by CMS-sponsored model participants; however, CMS-sponsored model participants must maintain documentation sufficient to establish whether the patient incentive was distributed in a manner that meets the conditions of the safe harbor. Under this proposed condition, CMS-sponsored model participants would have flexibility to determine what type of documentation would best establish whether the CMS-sponsored model patient incentive was distributed appropriately.

Finally, as described above, if this safe harbor is finalized and CMS determines that it would be available for a particular CMS-sponsored model, the safe harbor would not protect remuneration that does not satisfy such programmatic requirements as may be imposed by CMS under the CMS-sponsored model in connection with the use of this safe harbor.

c. Duration of Protection

Under our proposal, as reflected in the defined terms, the duration of safe harbor protection aligns with the duration of the participation documentation under a CMS-sponsored model. For example, the proposed definition of “CMS-sponsored model arrangement” specifies that the protected arrangement is to “engage in activities under the CMS-sponsored model.” Similarly, the proposed definition of “participation documentation” specifies that it is “currently in effect.” The CMS-sponsored models, and arrangements between parties operating under CMS-sponsored models, have various terms, some of which are described in a CMS-sponsored model's participation documentation. In order to meet the conditions set forth in the proposed safe harbor, the CMS-sponsored model arrangement or a CMS-sponsored model patient incentive must begin and end while the parties are operating under an existing CMS-sponsored model.

The safe harbor would protect arrangements during the period under which a CMS-sponsored model participant participates in the CMS-sponsored model but would not extend to protect remuneration exchanged after participation in the CMS-sponsored model ends. In some cases, certain activities associated with a CMS-sponsored model may extend beyond the last performance period during which a CMS-sponsored model participant provides services under the CMS-sponsored model. For example, the participation documentation might provide for a certain period of time after a termination date or after the end of the performance period to conduct reconciliation or make final payment to providers (e.g., a shared savings distribution). This safe harbor would protect the last payment or exchange of value made by or received by a CMS-sponsored model party following the final performance period that the CMS-sponsored model participant that is a party to the arrangement participates in the CMS-sponsored model. We are considering each of the following options for 1001.952(ii) and may finalize one or a combination of these options: (i) Terminating protection after the end of the performance period or within a certain time period after the end of a performance period; (ii) terminating protection upon termination of the CMS-sponsored model participation documentation or within a certain period of time after that; and (iii) until the last payment or exchange of anything of value made by a CMS-sponsored model party under a CMS-sponsored model occurs, even if the model has otherwise terminated. We solicit comments on whether the final rule should allow safe harbor protection for one or a combination of the above options.

Similarly, we solicit comments on whether under the final rule a CMS-sponsored model participant should be able to continue to provide the outstanding portion of any service to a patient if the service was initiated before its participation documentation terminated or expired. If we provide additional time under the final rule, we are interested in including conditions to prevent gaming of the length of time remuneration is provided after a CMS-sponsored model participant has been terminated from a model (or the model has terminated) to protect beneficiaries from improper inducements unrelated to a CMS-sponsored model. We note that, under our proposal, patients would be able to retain any incentives received prior to the termination or expiration of the participation documentation.

H. Cybersecurity Technology and Related Services (1001.952(jj))

We propose a safe harbor to protect donations of certain cybersecurity technology and related services with appropriate safeguards. We believe this proposed safe harbor could help improve the cybersecurity posture of the healthcare industry by removing a real or perceived barrier that would allow parties to address the growing threat of cyberattacks that infiltrate data systems and corrupt or prevent access to health records and other information essential to the delivery of healthcare.

In recent years we have received numerous comments and suggestions urging the creation of a safe harbor to protect donations of cybersecurity technology and services.[51] The digitization of the healthcare delivery system and related rules designed to increase interoperability and data sharing in the delivery of healthcare create numerous targets for cyberattacks. The healthcare industry and the technology used to deliver healthcare have been described as an interconnected “ecosystem” where the “weakest link” in the system can compromise the entire system.[52] Given the prevalence of protected electronic health information and other personally identifiable information stored within these systems, as well as the processing and transmission of this information and other critical information within a given provider's systems as well as across the healthcare industry, the risks associated with cyberattacks may be most immediate for the “weak links” but have implications for the entire healthcare system.

In response to the OIG RFI, we received overwhelming support for a cybersecurity technology donation safe harbor. Many commenters highlighted the increasing prevalence of cyberattacks and other threats. Commenters noted that cyberattacks pose a fundamental risk to the healthcare ecosystem and that data breaches can result in patient harm as well as high costs to the healthcare industry. Moreover, disclosures of PHI through a data breach can result in identity fraud.

Relatedly, protecting Department data, systems, and beneficiaries from cybersecurity threats, and otherwise securing the exchange and use of health information technology and data, are challenges that OIG has identified in the Department's annual Top Management and Performance Challenges for the last decade.[53]

The Health Care Industry Cybersecurity (HCIC) Task Force, created by the Cybersecurity Information Sharing Act of 2015 (CISA),[54] was established in March 2016 and is comprised of government and private sector experts. The HCIC Task Force produced its HCIC Task Force Report in June 2017.[55] The HCIC Task Force recommended, among other things, that Congress “evaluate an amendment to [the physician self-referral law and the anti-kickback statute] specifically for cybersecurity software that would allow healthcare organizations the ability to assist physicians in the acquisition of this technology, through either donation or subsidy” and noted that the regulatory exception to the physician self-referral law and the safe harbor for electronic health records technology could serve as a template for a new statutory exception.[56]

However, in general, any donation of valuable technology or services to physicians or other sources of Federal health care program referrals can pose risks of fraud or abuse that may increase as the value of the donated technology or services increases. In some respects, the fraud and abuse risks posed by the donation of cybersecurity technology or services to physicians or other healthcare providers or suppliers are similar to the risks associated with the provision of electronic health records technology because, like electronic health records technology, cybersecurity technology is inherently valuable to recipients in terms of actual cost, avoided overhead, and administrative expenses. Additionally, the types of cybersecurity technology and services are highly variable; their costs and value also vary greatly. For example, cybersecurity technology or services may consist only of anti-virus software for a single workstation in a physician's office or it may include incident response services for several primary and specialty group practices. Further, adding robust cybersecurity technology and services may provide recipients a valuable shield from liability for fines, ransom, and litigation risk given the prevalence of cybersecurity threats to healthcare providers and breaches involving protected health information and electronic health records. Finally, responses to the OIG RFI indicate that the cost, or value, of cybersecurity technology and services has increased dramatically, to the point where some providers and suppliers are unable to adequately invest in cybersecurity measures.

We believe that this proposed safe harbor would (i) minimize the risks inherent in any type of valuable remuneration between referral sources and (ii) remove an actual or perceived barrier that will allow the healthcare industry to take additional action to mitigate the risks posed by cybersecurity threats. Specifically, we believe this proposed safe harbor would promote increased security for interconnected and interoperable healthcare information technology systems without protecting arrangements that either serve as marketing platforms or inappropriately influence clinical decision-making.

This proposed safe harbor would protect certain cybersecurity donations. CMS is proposing a similar exception to the physician self-referral law. We coordinated closely with CMS to ensure as much consistency as possible between our proposed safe harbor and CMS's proposed exception, despite the differences in the respective underlying statutes. Because of the close nexus between this proposed rule and CMS's proposed rule, we may consider and take additional actions based on comments submitted in response to CMS's proposed rule in addition to those submitted in response to this rulemaking, if warranted.

We propose to protect nonmonetary remuneration in the form of certain types of cybersecurity technology and services. Specifically, as explained below, we propose to define “cybersecurity” to mean “the process of protecting information by preventing, detecting, and responding to cyberattacks.” We propose to include within the scope of covered technology, “any software or other types of information technology, other than hardware.” In an effort to foster beneficial cybersecurity donation arrangements without permitting arrangements that negatively impact beneficiaries of Federal health care programs, this safe harbor would impose a number of conditions on cybersecurity donations, as set forth below. Most notably, the first proposed condition of the safe harbor requires the donation to be necessary and used predominantly to implement and maintain effective cybersecurity.

We also have included an alternative proposal for an additional, optional condition to this proposed safe harbor. The optional condition imposes an additional safeguard that parties can satisfy in exchange for protecting certain cybersecurity hardware.

1. Definitions

We propose two definitions at 1001.952(jj)(6): “cybersecurity” and “technology.” These definitions are integral to understanding the conditions of the safe harbor, so we first elaborate on the definitions. For purposes of this safe harbor, we propose to define the terms “cybersecurity” and “technology” as follows:

  • “Cybersecurity” means the process of protecting information by preventing, detecting, and responding to cyberattacks.
  • “Technology” means any software or other types of information technology, other than hardware.

This proposed definition of “cybersecurity” is derived from the National Institute for Standards and Technology (NIST) “Framework for Improving Critical Infrastructure.” [57] We intend for the definition to be broad and propose to rely on a definition in a NIST framework that does not apply directly to the healthcare industry but applies generally to any United States critical infrastructure. Our goal is to broadly define cybersecurity and avoid unintentionally limiting donations by relying on a narrow definition or a definition that might become obsolete over time. We solicit comment on this approach and whether a definition tailored to the healthcare industry would be more appropriate.

Similarly, the proposed definition of “technology” is broad, but for the exclusion of hardware. The intent of the safe harbor is to be agnostic to specific types of non-hardware cybersecurity technology. We intend for this safe harbor to be broad enough to include cybersecurity software and other information technology (e.g., an Application Programming Interface (API), which is neither software nor a service as those terms are generally used) that is available now and technology that may become available as the industry continues to develop.

The proposed definition of “technology” excludes hardware under this new safe harbor. While we recognize that effective cybersecurity may require hardware that meets certain standards (e.g., encrypted endpoints, updated servers), we remain concerned that donations of valuable, multifunctional hardware pose a higher risk of constituting a disguised payment for referrals. Consistent with the proposed condition at 1001.952(jj)(1), we believe that donations with multiple uses outside of cybersecurity present a greater risk that the donation is being made to influence referrals. Hardware is most likely to be multifunctional and, as a result, would not be necessary and used predominantly to implement and maintain effective cybersecurity. For example, the safe harbor would not protect a laptop computer or tablet used in the general course by a physician to enter patient visit information into an electronic health record and respond to emails. However, it would protect encryption software for a laptop. This also is consistent with a similar exclusion of hardware in the electronic health record donation safe harbor at 1001.952(y), which identifies a similar rationale for excluding hardware from protection.[58] We solicit comments on this approach.

As we describe below, however, we are not proposing a requirement for recipients to contribute a portion of the donor's costs. Consistent with the HCIC Task Force Report, we recognize that many providers do not have adequate resources to significantly invest in the cybersecurity items and services protected by this proposed safe harbor. Consequently, we believe that omitting a contribution requirement may allow providers with limited resources to receive protected cybersecurity donations while also using their own resources to invest in other technology not protected by the safe harbor, such as updating legacy hardware that may pose a cybersecurity risk, or simply investing in their own computers, phones, and other hardware that are core to their businesses, notwithstanding their relationship with a donor who contributes cybersecurity technology. We solicit comments on excluding donations of hardware from this safe harbor and the omission of a contribution requirement, and in particular, any specific cybersecurity risks or limitations that would result from such exclusion and omission.

We are considering for the final rule adding limited protection for specific hardware that is necessary for cybersecurity, is stand-alone (i.e., is not integrated within multifunctional equipment), and serves only cybersecurity purposes (e.g., a two-factor authentication dongle), and solicit comments on what types of hardware might qualify and whether we should protect them under this safe harbor.

Finally, we note that this proposed safe harbor only protects cybersecurity technology and services as defined. It does not extend to other types of cybersecurity measures outside of technology or services. For example, this safe harbor would not protect donations of installation, improvement, or repair of infrastructure related to physical safeguards, even if they could improve cybersecurity (e.g., upgraded wiring or installing high security doors). Donations of infrastructure upgrades are extremely valuable and have multiple benefits in addition to cybersecurity, together which pose an increased risk that one purpose of the donation is to pay for or influence referrals.

2. Conditions on Donation and Protected Donors

To be protected non-monetary remuneration, donations of cybersecurity technology and services must meet five conditions in 1001.952(jj)(1)-(5). The first two conditions relate to the purpose of the donation and prohibit donors taking into account the volume or value of referrals or other business generated.

First, at 1001.952(jj)(1), we propose to limit safe harbor protection to donated technology and services that are necessary and used predominantly to implement and maintain effective cybersecurity. The goal of this condition is to ensure that donations are being made for the purposes of addressing legitimate cybersecurity needs of donors and recipients. Explained differently, the core function of the donated technology or service must be to protect information by preventing, detecting, and responding to cyberattacks. Our intent is to protect a wide range of technology and services that are specifically donated for the purpose of, and are necessary for, ensuring that donors and recipients have effective cybersecurity.

As stated previously, our intent is to be technology agnostic, including as to the types and versions of software that can receive protection. By way of example, the types of technology protected by this safe harbor may include, but are not limited to, software that provides malware prevention, software security measures to protect endpoints that allow for network access control, business continuity software that mitigates the effect of cyberattacks, data protection and encryption, and email traffic filtering. We believe these examples are indicative of the types of technology that are necessary and used predominantly for effective cybersecurity. We also do not distinguish between cloud-based software or software that must be installed locally. We solicit comments on the proposed breadth of protected technology as well as whether we should expressly include other technology or categories of technology in this safe harbor.

Similarly, we propose to protect a broad range of services. Such services could include, for example:

  • Any services associated with developing, installing, and updating cybersecurity software;
  • any kind of cybersecurity training services, such as training recipients on how to use the cybersecurity technology, how to prevent, detect, and respond to cyber threats, and how to troubleshoot problems with the cybersecurity technology (e.g., “help desk” services specific to cybersecurity);
  • any kind of cybersecurity services for business continuity and data recovery services to ensure the recipient's operations can continue during and after a cyberattack;
  • any kind of “cybersecurity as a service” model that relies on a third-party service provider to manage, monitor, or operate cybersecurity of a recipient;
  • any services associated with performing a cybersecurity risk assessment or analysis, vulnerability analysis, or penetration test; or
  • any services associated with sharing information about known cyber threats, and assisting recipients responding to threats or attacks on their systems.

We believe these types of services are indicative of the types of services that are necessary and used predominantly for effective cybersecurity. We solicit comments on the proposed breadth of protected services as well as whether we should expressly include other services or categories of services in this safe harbor. We note, in addition, that the donation of services must be non-monetary. For example, donating the time of a consultant to implement a cybersecurity program could be protected, but if an entity were to experience a cyberattack that involved ransomware, payment of the ransom amount on behalf of a recipient or paying the recipient the ransom amount would not be protected.

We do not intend to protect donations of technology or services that have multiple, general uses outside of cybersecurity. As explained in our discussion of the definition of “hardware” above, we remain concerned that donations of valuable multi-use technology or services pose a higher risk of constituting a disguised payment for, or otherwise influencing, referrals. Similarly, we do not intend to protect donations of technology or services that are otherwise used in the normal course of the recipient's business (e.g., general help desk services related to use of a practice's information technology). We solicit comment on this approach and whether this proposed condition unintentionally limits the donation of cybersecurity technology and services that are vital to improving the cybersecurity posture of the healthcare industry.

For the purposes of meeting the proposed condition at 1001.952(jj)(1), we are considering for the final rule, and seek comment on, whether to add a deeming provision that would allow donors or recipients to demonstrate that donations are necessary and predominantly used to implement and maintain effective cybersecurity. This deeming provision would allow donors and recipients to demonstrate that the donation furthers a recipient's ability to comply with a written cybersecurity program that reasonably conforms to a widely recognized cybersecurity framework or set of standards, such as one developed or endorsed by NIST, another American National Standards Institute-accredited standards body, or an international voluntary standards body such as the International Organization for Standardization. Any such provision would not require compliance with a particular framework or set of standards, but rather would provide an option for donors to demonstrate that the donation is necessary and predominantly used to implement and maintain effective cybersecurity. We believe such a provision may provide some assurance to donors and recipients about how to demonstrate that donations are necessary and predominantly used to implement and maintain effective cybersecurity. If we were to finalize this deeming provision, we would add a sentence to 1001.952(jj)(1) that would deem a donation to meet this condition if the parties demonstrate that the donation furthers a recipient's ability to comply with a written cybersecurity program that reasonably conforms to a widely recognized cybersecurity framework or set of standards. We solicit comments on incorporating this proposed deeming provision in 1001.952(jj)(1).

Regarding this proposed deeming provision, we also solicit comments on how donors and recipients could practically demonstrate that a donation furthers a recipient's ability to comply with a written cybersecurity program that reasonably conforms to a widely recognized cybersecurity framework or set of standards. We are not proposing to condition protection on demonstrating compliance with a specific framework or set of standards, but we seek to provide a practical method that allows parties to demonstrate that a donation meets the potential deeming provision we are considering for 1001.952(jj)(1).

Understanding that our intent is not to incorporate a specific framework or set of standards, we seek comments on whether there are other ways that parties could reliably demonstrate that a donation meets the potential cybersecurity deeming provision in 1001.952(jj)(1). For instance, we are interested in comments regarding whether parties could demonstrate that a donation meets the cybersecurity deeming provision through documentation, certifications, or other methods not prescribed by regulation.

Second, at 1001.952(jj)(2), we propose to require that donors do not directly take into account the volume or value of referrals or other business between the parties when determining the eligibility of a potential recipient for the technology or services, or the amount or nature of the technology or services to be donated. In addition, we propose that donors do not condition the donation of technology or services, or the amount or nature of the technology or services to be donated, on future referrals. In other words, we propose that a donor cannot require, explicitly or implicitly, that a recipient either refer to the donor or recommend the donor's business as a condition of receiving a cybersecurity donation. We understand that the purpose of donating cybersecurity technology and services is to guard against threats that come from interconnected systems, and we understand and expect that a donor would provide the cybersecurity technology and services only to individuals and entities that connect to its systems, which includes those that refer to it (or that receive referrals from it). However, this condition would restrict a donor from conditioning the donation on referrals or other business generated.[59]

This proposed condition would not require a donor to donate cybersecurity technology and services to every individual or entity that connects to its system. Donors would be able to use selective criteria for choosing recipients, provided that neither a recipient's eligibility, nor the amount or nature of the cybersecurity technology or services donated, is determined in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. For example, a donor could perform a risk assessment of a potential recipient (or require a potential recipient to provide the donor with a risk assessment) before determining whether to make a donation, or the scope of a donation. Similarly, for example, if a donor is a hospital, the hospital might choose to limit donations to physicians who are on the hospital's medical staff. Additionally, selective criteria might be based on the type of connection between a donor and recipient, such as a simple read-only connection to a properly implemented, standards-based API that enables only the secure transmission of a copy of the patient's record at the patient's request to the recipient. That type of connection poses less risk to a donor's systems than a connection that allows for information to be written directly into the donor's systems. Thus, a donor contemplating allowing a higher-risk connection (such as a bi-directional read-write connection) to a potential recipient's systems could develop selective criteria based on that difference in risk of the connection. We solicit comments on this condition.

We have declined to propose a list of selection criteria which, if met, would be deemed not to directly take into account the volume or value of referrals or other business generated between the parties, as we did in the electronic health records safe harbor at 1001.952(y)(5). We do not believe donations of cybersecurity technology and services present the same types of risks as donations of electronic health records software and information technology. Primarily, cybersecurity donations are further removed from the volume and value of referrals than electronic health record donations. Cybersecurity donations, if legitimate, are more likely to be based on considerations such as security risks and are less likely to be based on considerations that are closely related to the volume and value of referrals or other business generated (e.g., the total number of prescriptions written by the recipient). Therefore, we do not believe that cybersecurity donations need a similar list of selection criteria to ensure that parties can meet the volume or value condition at 1001.952(jj)(2).

Nonetheless, we are considering whether to add such a list in the final rule and whether the list should be based on the permitted conduct at 1001.952(y)(5)(i)-(vii). We solicit comments on this approach and any other conditions or permitted conduct we should enumerate in this safe harbor, with respect to determinations related to cybersecurity donations.

Related to these two conditions, we do not propose to restrict the types of individuals and entities that may donate cybersecurity donations under this safe harbor. Although donating cybersecurity technology and services would relieve a recipient of a cost that it otherwise would incur, the fraud and abuse risks associated with cybersecurity are different than donations of other valuable technology, such as electronic health records items and services. We generally view donating cybersecurity technology and services to be a self-protective measure because a cybersecurity breach in the donor's system can have a devastating impact on the donor and anyone who maintains a connection to the donor's systems. Meanwhile, electronic health record donations facilitate the exchange of clinical information between the recipient referral source and the donor and, thus, present a greater risk that one purpose of the donation is for the donor to secure additional referrals from the recipient or otherwise influence referrals or other business generated.

We are concerned that technology donations risk referral sources becoming beholden to the donors, and therefore we are considering narrowing the scope of protected donors as we have done in other safe harbors. We solicit comments on whether particular types of individuals and entities should be excluded from donating cybersecurity technology and services, and if so, why. Specifically, in past rulemakings we have distinguished between individuals and entities with direct and primary patient care relationships that have a central role in the healthcare delivery infrastructure such as hospitals and physician practices, and providers and suppliers of ancillary services such as pharmaceutical, device, and DMEPOS manufacturers, and other manufacturers or vendors that indirectly furnish items and services used in the care of patients.[60] We seek comments as to whether our historical enforcement concerns and other considerations regarding direct and indirect patient care are present for purposes of cybersecurity donations.

3. Conditions for Recipients

In proposed 1001.952(jj)(3), similar to the condition at (jj)(2) on donors discussed previously, this proposed condition would require that neither a potential recipient, nor a potential recipient's practice (or any affiliated individual or entity), can demand, explicitly or implicitly, a donation of cybersecurity technology and services as a condition of doing business or continuing to do business with the donor.

We do not propose a recipient contribution requirement as part of this safe harbor. As we explain above, with this proposed safe harbor we seek to remove a barrier to donations that improve cybersecurity throughout the healthcare industry in response to the critical cybersecurity issues identified in the HCIC Task Force Report and elsewhere. We propose to include only those conditions for safe harbor protection that we believe are critical to guarding against fraud and abuse. In the case of cybersecurity, we do not believe a specified recipient contribution to the cost is necessary or practical. We recognize that the level of services for each recipient might vary, and might be higher or lower each year, each month, or even each week. Similarly, donors may aggregate the cost of certain services across all recipients, such as cybersecurity patches and updates, on a regular basis, which may result in a contribution requirement becoming a barrier to widespread, low-cost improvements in cybersecurity because of the practical challenges in collecting a contribution from recipients. For instance, attempting to quantify the value of a frequent cybersecurity scans included in a vendor's suite of services as part of a cybersecurity donation, across dozens of recipient practices, and determining the pro rata share each practice must contribute based on the size of the practice as well as the relative size of the donation made to each practice, might become unworkable for many donors.

Importantly, we note that our proposal to omit a contribution requirement as a condition of the safe harbor does not prohibit donors from requiring a contribution. Donors are free to require recipients to contribute to the cost, so long as the determination of a contribution requirement does not take into account the volume or value of referrals between the parties. For example, if a donor gave a full suite of cybersecurity technology and services for free to a high-referring practice but required a low-referring practice to contribute 20 percent of the cost, then the donor could violate the conditions at proposed paragraphs (jj)(2)(i) and (ii). In addition, we do not intend for this safe harbor to require that donations be solely between two parties. For example, two hospitals and a large multi-specialty physician practice might agree to jointly subsidize cybersecurity technology and services for smaller physician practices in their area.

We do not propose to impose restrictions on the type of individual or entity that can receive donations of cybersecurity technology or related services. We note that, because we do not propose to restrict the scope of protected recipients under this safe harbor, we believe patients would be included as protected recipients. Donations to patients, just like other recipients, would only be protected if they precisely met all conditions of the safe harbor. As discussed previously, donations of multifunctional technology or services would not be protected because all cybersecurity donations must be necessary and used predominately to implement and maintain effective cybersecurity.

We anticipate that donations to patients would be more limited than donations to healthcare providers and suppliers (e.g., anti-malware tools). However, we solicit comments on what types of cybersecurity technology or services a donor might anticipate giving to a patient, whether we would need additional or different safeguards when a patient is the recipient, and whether patients should be protected recipients at all under the safe harbor. More specifically, we solicit comments on whether we should include additional conditions for donations of cybersecurity technology services to patient recipients that are similar to the beneficiary inducements CMP's exceptions under 42 CFR 1003.110. For example, we are considering whether cybersecurity technology or service donations to patients should not be offered as part of any advertisement or solicitation or not be tied to the provision of other items or services reimbursed in whole or in part by the Medicare program under Title VIII or a State health care program (as defined in section 1128(h) of the Act).

4. Written Agreement

At 1001.952(jj)(4), we propose to require that the donor and recipient enter into a signed, written agreement. While we do not interpret this condition to require every item of cybersecurity technology and every potential service to be specified in the agreement, we propose that the written agreement must include a general description of the cybersecurity technology and services to be provided over the term of the agreement and a reasonable estimate of the value of the donation. In addition, to the extent the parties share any financial responsibility for the cost of the cybersecurity technology and services, those financial terms, including the amount of the contribution, must be memorialized in the written agreement. We solicit comments on the conditions proposed here, as well as whether additional or different terms should be required in a written agreement.

5. Prohibition on Cost Shifting

At 1001.952(jj)(5), we propose to prohibit donors from shifting the costs of any cybersecurity donations to Federal health care programs. For example, under this proposed condition, while a hospital's own cybersecurity costs could be an administrative expense on its cost report, donations of cybersecurity technology or services to other individuals or entities could not be included as an administrative expense on the hospital's cost report.

6. Alternative Proposed Condition for Protection of Cybersecurity Hardware

We also propose and solicit comments on an alternative approach that would add an additional, optional safeguard to the proposed cybersecurity safe harbor. This alternative approach would protect cybersecurity hardware donations if the parties choose to meet an additional condition, along with the other five conditions proposed at 1001.952(jj)(1)-(5). Under this alternative proposal, a protected donation could also include cybersecurity hardware that a donor has determined is reasonably necessary based on a risk assessment of its own organization and that of the potential recipient.

The goal of this alternate proposal is to provide donors and recipients more flexibility regarding the types of cybersecurity donations that are protected, while also adding an additional safeguard to further ensure that the donation is necessary and used predominantly to implement and maintain effective cybersecurity.

We believe this alternative proposal builds on existing legal requirements and best practices related to information security generally and the healthcare industry more specifically. For example, the HHS Office for Civil Rights explained that conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the HIPAA Security Rule.[61] More generally, NIST Special Publication 800-30, which does not directly apply to the healthcare industry, but represents industry standards for information security practices, explains that the purpose of a risk assessment is to inform decision makers and support risk responses by identifying: (i) Relevant threats to organizations or threats directed through organizations against other organizations; (ii) vulnerabilities both internal and external to organizations; (iii) impact (i.e., harm) to organizations that may occur given the potential for threats exploiting vulnerabilities; and (iv) likelihood that harm will occur. The end result is a determination of risk, which is typically a function of the degree of harm and likelihood of harm occurring.[62]

Risk assessments are a key component to developing effective organization-wide risk management for information security. We believe that risk assessments conducted consistent with industry standards would provide a reasonable basis for donors to identify risks and threats to their organizational information security that need to be mitigated by donating cybersecurity hardware to other entities. Additionally, donations that are made in response to risk assessments are likely to meet the purpose of this safe harbor that donations are necessary and used predominantly to implement and maintain effective cybersecurity. Under this proposal, a donor would perform or have an existing risk assessment for its own organization, and would require a potential recipient to have, perform, or obtain a risk assessment, that would provide a reasonable basis to determine that the donated cybersecurity hardware is needed to address a risk or threat identified by a risk assessment.

Consistent with the HCIC Task Force Report and comments we received in response to the OIG RFI, we recognize that “[m]any organizations cannot afford to retain in-house information security personnel, or designate an information technology (IT) staff member with cybersecurity as a collateral duty.” Understanding that resource constraint, one goal of this safe harbor is to increase the avenues available for all healthcare organizations to improve their cybersecurity practices. We believe protecting a cybersecurity hardware donation based on the risk assessment of a recipient would further the goal of increasing the avenues available to improve cybersecurity for all healthcare entities, regardless of their available resources.

We recognize that a potential recipient with limited resources and cybersecurity experience may not be able to conduct or pay for its own risk assessment. As noted above, one cybersecurity service that would be a protected donation under the proposed safe harbor is a risk assessment. Under the alternative proposal, donors could then make additional cybersecurity hardware donations that are reasonably based on the risk assessments of the donor and recipients.

We recognize that risk assessment practices vary across the healthcare industry and may be depend on the size and sophistication of any provider or entity. We solicit comments on this alternative proposal to understand whether entities that are potential donors or recipients already conduct risk assessments that would provide a reasonable basis to determine that a cybersecurity hardware donation is reasonable and necessary. We would propose to define “risk assessment” based on NIST Special Publication 800-30 and solicit comment on whether that definition is sufficient for this cybersecurity donation safe harbor. Additionally, we solicit comments on whether this proposal should incorporate specific standards or requirements, such as NIST Special Publication 800-30.

We are considering for the final rule, and seek comment on, adding safeguards to this alternate proposal. For instance, we are considering limiting the additional cybersecurity hardware permitted under the alternative proposal to certain kinds of hardware. We are interested in comments, particularly from providers, that explain what types of hardware would be necessary for effective cybersecurity under this alternate proposal. We note that because this alternate proposal builds upon the proposed conditions at proposed 1001.952(jj)(1)-(5), multifunctional hardware still would be prohibited because it would not be necessary and predominantly used to implement and maintain effective cybersecurity, as required under proposed 1001.952(jj)(1). If the donation includes hardware, we are also considering requiring a contribution from the recipient, similar to the electronic health records safe harbor at 1001.952(y)(11), and we are considering requiring the contribution amount to be 15 percent. We are interested in comments on this approach, and whether we should consider other contribution amounts instead, such as 5 percent, or 20 or 30 percent.

If we add this contribution requirement, we are considering excepting small and rural practices, and we are interested in comments on this approach. Relatedly, we solicit comments on how “small or rural practices” should be defined. For example, we solicit comments on whether “rural practices” should be defined as those located in rural areas, as defined in the safe harbor for local transportation at 42 CFR 1001.952(bb). We also solicit comments on whether “small practices” should be defined as those in medically underserved areas, as designated by the Secretary under section 330(b)(3) of the Public Health Service Act, or defined similarly to a “small provider of services or small supplier” as set forth in the requirements related to the electronic submission of Medicare claims at 42 CFR 424.32. We also are considering for the final rule and solicit comments on whether other subsets of potential recipients, for example critical access hospitals, should be exempted from the 15-percent contribution requirement because it would impose a significant financial burden on the recipient. Additionally, if a contribution requirement is included in the final rule, we are considering exempting contributions for the upgrades, updates, or patches of remuneration that was previously donated. Based on our experience with the electronic health records arrangements safe harbor, we recognize the practical challenges in collecting contributions from recipients for minor upgrades, updates, and patches that are necessary to keep the donated technology compliant with new security policies.

If we were to finalize this alternate proposal, we would modify the proposed safe harbor by adding new conditions and a definition in the safe harbor. Primarily, we would add a new condition that would require a donor to perform or have an existing risk assessment for its own organization, and require a potential recipient to have, perform, or obtain a risk assessment, that provides a reasonable basis to determine that the donated cybersecurity hardware is needed to address a risk or threat identified by the donor's and recipient's risk assessments. We also would add definitions of hardware and risk assessment in proposed 1001.952(jj)(6).

7. Solicitation of Comments

The goal of the proposed safe harbor is to help improve the cybersecurity posture of the healthcare industry by removing a real or perceived barrier. To achieve this goal, we must appropriately balance the risk of cybersecurity threats against risks associated with permitting parties to donate valuable technology and services. In doing so, we recognize that cyberattacks are ubiquitous, dynamic, potentially funded by nation-states or well-funded criminal enterprises, and can have consequences to beneficiary health, safety, and privacy that are difficult to mitigate. To help improve the cybersecurity hygiene of the healthcare industry without comprising program integrity, it is important that we strike the right balance.

We drafted the proposed safe harbor with this aim in mind, but we recognize that appropriately balancing these risks is a difficult task. We solicit comment on whether the proposed safe harbor establishes the right balance and if not, request comments that recommend specific changes to do so. Commenters should consider the safe harbor in its entirety, including the proposed conditions, optional deeming provision, alternate condition, and definitions when commenting on this issue. We are especially interested in comments from healthcare providers because they both bear the cybersecurity risks and likely have relevant compliance experience with other safe harbors.

To facilitate specific comments on this issue, we ask the following questions: Does the proposed condition at 1001.952(jj)(1) permit the donation of the right types of cybersecurity technology and services that could meaningfully improve the cybersecurity posture of the healthcare industry while also ensuring that the donated technology and services do not pose undue risk of improperly influencing referrals? If not, what other standard or limitation would be appropriate to strike the right balance between cybersecurity risks and program integrity risks? Does excluding hardware from the definition of “technology” further our aim of balancing cybersecurity risks with the program integrity risks? If not, what other conditions should we impose to limit the value of remuneration protected by the proposed safe harbor, so it does not improperly influence referrals? For example, should the safe harbor impose a monetary value limit on the total amount of donations that a donor can make to a recipient or should the safe harbor require the recipient to contribute to the costs of a donation once the value has exceeded certain monetary thresholds?

I. Electronic Health Records (1001.952(y))

On August 8, 2006, we published a final rule (the 2006 Final EHR Safe Harbor Rule) that, among other things, finalized a safe harbor (the EHR safe harbor) at 42 CFR 1001.952(y) protecting certain arrangements involving the donation of interoperable electronic health records software or information technology and training services. The EHR safe harbor was initially scheduled to sunset on December 31, 2013.

On December 27, 2013, we published a final rule (the 2013 Final EHR Safe Harbor Rule) modifying the EHR safe harbor by, among other things, extending the expiration date of the safe harbor to December 31, 2021; excluding laboratory companies from the types of entities that may donate electronic health records items and services under the safe harbor; and updating the provision under which electronic health records software is deemed interoperable.

The present proposed rule sets forth certain proposed changes to the EHR safe harbor. CMS is proposing almost identical changes to the physician self-referral law electronic health records exception elsewhere in this issue of the Federal Register. We attempted to ensure as much consistency as possible between our proposed safe harbor changes and CMS's proposed exception changes, despite the differences in the respective underlying statutes. Because of the close nexus between this proposed rule and CMS's proposed rule, we may consider comments submitted in response to CMS's proposed rule and take additional actions when crafting our final rule.

1. Interoperability

The conditions at 1001.952(y)(2) and (y)(3) require donated items and services to be interoperable and prohibit the donor (or someone acting on the donor's behalf) from taking action to limit the interoperability of the donated item or service. We are proposing changes that impact 42 CFR 1001.952(y)(2) and (3) based on the 21st Century Cures Act (Cures Act) and the Office of the National Coordinator for Health Information Technology (ONC), HHS Notice of Proposed Rulemaking “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program” (ONC NPRM) that proposes to implement key provisions in Title IV of the Cures Act.[63] Among other things, the ONC NPRM proposes conditions and maintenance of certification requirements for health information technology (health IT) developers under the ONC Health IT Certification Program (certification program) and reasonable and necessary activities that do not constitute information blocking for purposes of section 3022(a)(1) of the Public Health Service Act (PHSA). These proposed changes, if finalized, affect the EHR safe harbor conditions at 1001.952(y)(2), which is known as the “deeming provision,” and 1001.952(y)(3) related to interoperability and “data lock-in.”

2. Deeming

The deeming provision provides certainty to parties seeking protection of the EHR safe harbor by providing an optional method of ensuring that donated items or services meet the interoperable condition in 1001.952(y)(2) by deeming software to be interoperable if it is certified under the certification program. In the 2013 Final EHR Safe Harbor Rule we modified the deeming provision to reflect developments in the certification program and track ONC's anticipated regulatory cycle. By relying on the certification program and related updates of criteria and standards, we stated that the deeming provision would meet “our objective of ensuring that software is certified to the current required standard of interoperability when it is donated.” [64] We propose to retain this general construct for the updated safe harbor. However, we propose two textual clarifications to this provision. Current language specifies that the software is “deemed to be interoperable if, on the date it is provided to the recipient, it has been certified by a certifying body . . . .” We propose to modify this language to clarify that, on the date the software is provided, it “is” certified. In other words, the certification must be current as of the date of the donation, as opposed to the software having been certified at some point in the past but no longer maintaining certification on the date of the donation. We also propose to remove reference to “editions” of certification criteria to align with proposed changes to the certification program. We solicit comments on these clarifications.

As we describe in more detail below, however, we are updating the definition of “interoperable.” Although this revised definition would not require a textual change to this paragraph (y)(2), the revision would impact the deeming provision, and we solicit comments regarding this update.

3. Information Blocking

The current condition at 1001.952(y)(3) prohibits the donor (or any person on the donor's behalf) from taking any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems (including, but not limited to, health information technology applications, products, or services). As explained in the 2006 Final EHR Safe Harbor Rule and reaffirmed in the 2013 Final EHR Safe Harbor Rule, 1001.952(y)(3) has been designed to: (i) Prevent the misuse of the safe harbor that results in data and referral lock-in and (ii) encourage the free exchange of data (in accordance with protections for privacy).[65] Since that time, significant legislative, regulatory, policy, and other Federal Government action defined this problem further (now commonly referred to as “information blocking”) and established penalties for certain types of individuals and entities that engage in information blocking. Most notably, the 21st Century Cures Act added section 3022 of the PHSA, known as “the information blocking provision,” which defines conduct by healthcare providers, health IT developers of certified health IT, exchanges, and networks that constitutes information blocking. Section 3022(a)(1) of the PHSA defines “information blocking” in broad terms, while section 3022(a)(3) authorizes and charges the Secretary to identify reasonable and necessary activities that do not constitute information blocking. The ONC NPRM would implement the statutory definition of “information blocking,” define certain terms related to the statutory definition of “information blocking,” and proposes seven exceptions to the information blocking definition.[66]

We propose modifications to 1001.952(y)(3) to recognize these significant updates since the 2013 Final EHR Safe Harbor Rule. Specifically, we propose aligning the condition at 1001.952(y)(3) with the proposed information blocking definition and related exceptions in 45 CFR part 171. We note that the EHR safe harbor conditions, while not using the term “information blocking,” already include concepts similar to those found in the 21st Century Cures Act's prohibition on information blocking. For example, we were concerned about donors (or those on the donor's behalf) taking steps to limit the interoperability of donated software to lock in or steer referrals, which is prohibited by the anti-kickback statute.[67] These proposed modifications are not intended to change the purpose of this condition, but instead further our longstanding goal of preventing abusive arrangements that lead to information blocking and referral lock-in through updated understandings of those concepts established in the 21st Century Cures Act.[68]

We note that health plans, which are protected donors under the EHR safe harbor, may not be subject to the information blocking provisions of the 21st Century Cures Act or the ONC NPRM. Nevertheless, health plans that seek the protection of this safe harbor do so voluntarily. We note that the definition of “information blocking” at PHSA section 3022(a)(1) applies a different knowledge standard to health IT developers of certified health IT, health information networks, and health information exchanges than it does to healthcare providers. A healthcare provider engages in a practice of information blocking if such a provider “knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” [69] The EHR safe harbor primarily applies to healthcare providers due to the limitations on the types of donors permitted under 1001.952(y)(1). Therefore, most donors under the EHR safe harbor would be subject to the information blocking knowledge standard at section 3022(a)(1)(B)(ii) of the PHSA. Rather than have different conditions for healthcare providers and health plans, we believe it is reasonable to have one condition that applies the same information blocking knowledge standard to all parties who voluntarily use the safe harbor to protect donations of EHR items and services. For purposes of donations under this safe harbor, we propose to apply the knowledge standard articulated in the PHSA at section 3022(a)(1)(B)(ii) as applicable to both providers and health plans, and we seek comments on this approach.

Additionally, the current condition at 1001.952(y)(3), as adopted in the 2006 Final EHR Safe Harbor Rule [70] was intended to prevent donors, including health plans, from donating EHR software and then engaging in practices of information blocking that would limit the interoperability of the donated items, notwithstanding that we did not use that exact terminology. As a result, we do not believe this proposed modification places any additional burden on health plans that voluntarily seek to protect donations. We solicit comments on aligning the condition at 1001.952(y)(3) with the proposed information blocking definition in 45 CFR part 171.

4. Cybersecurity

We propose to amend the safe harbor to clarify that certain cybersecurity software and services have always been protected under this safe harbor,[71] and to more broadly protect the donation of software and services related to cybersecurity. Currently, the safe harbor protects electronic health records software or information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records. We propose to modify this language to include certain cybersecurity software and services that “protect” electronic health records.

In the 2006 Final EHR Safe Harbor Rule, we emphasized the requirement that software, information technology, and training services donated must be “closely related to electronic health records” and that the “electronic health records functions must be predominant.” We stated that “[t]he core functionality of the technology must be the creation, maintenance, transmission, or receipt of individual patients' electronic health records,” but, recognizing that the electronic health records software is commonly integrated with other features, we also stated that arrangements in which the software package included other functionality related to the care and treatment of individual patients would be protected. Under our proposal, the same criteria would apply to cybersecurity software and services: The predominant purpose of the software or service must be cybersecurity associated with the electronic health records.

We note that we also are proposing a new safe harbor specifically to protect donations of cybersecurity technology and related services. As proposed, the cybersecurity safe harbor is broader and includes fewer conditions than the EHR safe harbor. However, we are proposing to expand the EHR safe harbor to expressly include cybersecurity software and services so that it is clear that an entity donating electronic health records software and providing training and other related services may also donate related cybersecurity software and services to protect the electronic health records. For clarity, we also propose to incorporate a definition of “cybersecurity” in this safe harbor that mirrors the definition we propose in the stand-alone cybersecurity safe harbor. A party seeking safe harbor protection needs to comply with the requirements of only one safe harbor. We solicit comments on this approach. In particular, with the addition of a stand-alone cybersecurity safe harbor, we solicit comments on whether it necessary to modify the EHR safe harbor to expressly include cybersecurity.

5. The Sunset Provision

The EHR safe harbor originally was scheduled to sunset on December 31, 2013. In adopting this condition of the EHR safe harbor, we acknowledged in the 2006 Final EHR Safe Harbor Rule “that the need for a safe harbor for donations of electronic health records technology should diminish substantially over time as the use of such technology becomes a standard and expected part of medical practice.”

In the 2013 notice of proposed rulemaking for an amendment to the EHR safe harbor (2013 Proposed Rule), we acknowledged that while electronic health record technology adoption had risen dramatically, use of such technology had not yet been universally adopted nation-wide. Because continued electronic health record technology adoption remained an important Departmental goal, we solicited comments regarding an extension of the safe harbor. In response to those comments, in the 2013 Final EHR Safe Harbor Rule we extended the sunset date of the safe harbor to December 31, 2021, a date that corresponds to the end of the electronic health record Medicaid incentives. We stated our continued belief that as progress on this goal is achieved, the need for a safe harbor for donations should continue to diminish over time. Since publication of the 2013 Final EHR Safe Harbor Rule, however, numerous commenters have urged us to extend or make permanent the safe harbor at 42 CFR 1001.952(y). Specifically, commenters have suggested this modification in response to OIG's annual Solicitation of New Safe Harbors and Special Fraud Alerts, and also in response to the OIG RFI and the CMS RFI.

While we acknowledge that widespread adoption of electronic health record technology, though not universal, largely has been achieved, we no longer believe that once this goal is achieved the need for a safe harbor for donations of such technology will diminish over time or completely disappear. New entrants into medical practice, coupled with aging EHR technology at existing practices and the emergence of new and better technology, necessitate the availability of this safe harbor to achieve the Department's policy objectives. Our experience indicates that the continued availability of the safe harbor plays a part in achieving the Department's goal of promoting electronic health records technology adoption by providing certainty with respect to the cost of electronic health records items and services for recipients, and by encouraging adoption by physicians who are new entrants into medical practice or have postponed adoption based on financial concerns regarding the ongoing costs of maintaining and supporting an electronic health records system. Ongoing protection of electronic health record items and services donations would further new Department priorities and policies by allowing donors and recipients to ensure new technology is adopted that, for example, may improve the interoperability of electronic health information.

We are proposing to eliminate the sunset provision at 42 CFR 1001.952(y)(13). As an alternative to this proposed elimination of the sunset provision, we are considering an extension of the sunset date for the final rule. We seek comment on whether we should select a later sunset date instead of making the safe harbor permanent, and if so, what that date should be.

6. Definitions

We are proposing to modify the definitions of “interoperable” and “electronic health record.” In the 2006 Final EHR Safe Harbor Rule, we finalized these definitions based on then-current terminology, the emerging standards for electronic health records, and other resources cited by commenters. The following proposed modifications to these definitions are largely based on terms and provisions in the Cures Act that update or supersede terminology we used in the 2006 Final EHR Safe Harbor Rule.

In the current note to paragraph (y) under 1001.952, “electronic health record” is defined as “a repository of consumer health status information in computer processable form used for clinical diagnosis and treatment for a broad array of clinical conditions.” We propose to modify the definition of “electronic health record” to mean: “a repository of electronic health information that: (A) is transmitted by or maintained in electronic media; and (B) relates to the past, present, or future health or condition of an individual or the provision of healthcare to an individual.”

The proposed revision to the definition of “electronic health record” is not intended to substantively change the scope of protection. We are proposing these modifications to this definition to reflect the term “electronic health information” that is used throughout the Cures Act and that is central to the definition of “interoperability” at PHSA § 3000(9) and the information blocking provision at PHSA § 3022. Additionally, the ONC NPRM proposes a definition of “electronic health information.” [72] We have based the proposed modifications, in part, on ONC's proposed definition of “electronic health information” to reflect more modern terminology used to describe the type of information that is part of an electronic health record. We solicit comments on this updated definition.

In the note to paragraph (y) under 1001.952, the existing definition of “interoperable” means “able to communicate and exchange data accurately, effectively, securely, and consistently with different information technology systems, software applications, and networks, in various settings, and exchange data such that the clinical or operational purpose and meaning of the data are preserved and unaltered.” As explained in the 2006 Final EHR Safe Harbor Rule, this definition was based on 44 U.S.C. 3601(6) (pertaining to the management and promotion of electronic Government services) and several comments we received in response to the proposed rule that referenced emerging industry definitions and standards related to interoperability.[73]

We propose to update the definition of the term “interoperable” to align with the statutory definition of “interoperability” added by the Cures Act to Section 3000(9) of the PHSA and as proposed in the ONC NPRM. We propose modifications to match the statutory definition and the ONC NPRM definition of “interoperability.” Consistent with PHSA § 3000(9), we propose to define “interoperable” to mean able to: “(i) securely exchange data with, and use data from other health information technology without special effort on the part of the user; (ii) allow for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and (iii) does not constitute information blocking as defined in 45 CFR part 171.” The only difference between the statutory definition of “interoperability” and the definition in the ONC NPRM is the reference to the regulatory definition of “information blocking” in 45 CFR part 171, which we propose to adopt. We will work closely with ONC as they finalize the information blocking rule to ensure definitions align across the EHR safe harbor and the final information blocking regulations.

We believe the statutory definition of “interoperability” includes similar concepts to the existing definition of “interoperable” in the note to paragraph (y) (e.g., the ability to securely exchange data across different systems or technology). Two new concepts in the statutory definition are included in the proposed modification: (i) Interoperable means the ability to exchange electronic health information “without special effort on the part of the user” and (ii) interoperable expressly does not mean information blocking.[74] As a practical matter, we believe these two concepts are not substantively different from the existing definition and only reflect an updated understanding of interoperability and related terminology. We solicit comments on the proposed definition that would align the definition of “interoperable” with the statutory definition of “interoperability.”

We also are considering linking the definition of “interoperable” with the proposed definition of “interoperability” at 45 CFR 170.102 in the ONC NPRM [75] if that proposed definition is finalized. We note that ONC's proposed regulatory definition of “interoperability” matches the statutory definition. However, linking the ONC regulatory definition of “interoperability” may allow for additional, future updates to be adopted by reference in the EHR safe harbor. We solicit comments on this proposal.

In the alternative, we are considering revising our regulations to eliminate the term “interoperable” and instead incorporate the term “interoperability” and define this term by reference to section 3000(9) of the PHSA and proposed in 45 CFR part 170. Under this alternative proposal, we would revise § 1001.952(y)(2) to require donations of software to meet interoperability standards established under Title XXX of the PHSA and its implementing regulations. Software would be deemed to meet interoperability standards if, on the date it is provided to the recipient, it is certified by a certifying body authorized by ONC to health information technology certification criteria identified in 45 CFR part 170. We seek comment regarding whether using terminology identical to the PHSA and proposed ONC regulations would facilitate compliance with the requirements of the EHR safe harbor and reduce any regulatory burden resulting from the differences in the agencies' different terminology related to the singular concept of interoperability.

Finally, for ease of reference, we propose to amend the safe harbor by moving the undesignated definitions set forth in the note to paragraph (y) to a new paragraph (y)(14).

7. Additional Proposals and Considerations

a. 15-Percent Recipient Contribution

In the 2006 Final EHR Safe Harbor Rule, we agreed with a number of commenters who suggested that cost sharing is an appropriate method to address some of the fraud and abuse risks inherent in unlimited donations of technology. Accordingly, we incorporated a requirement into 42 CFR 1001.952(y) that the recipient pays 15 percent of the donor's cost of the technology. We noted in the 2006 Final EHR Safe Harbor Rule that “the 15 percent cost sharing requirement is high enough to encourage prudent and robust electronic health records arrangements, without imposing a prohibitive financial burden on recipients.” Moreover, we stated, “this approach requires recipients to contribute toward the benefits they may experience from the adoption of interoperable electronic health records (for example, a decrease in practice expenses or access to incentive payments related to the adoption of health information technology).”

We are aware that the 15-percent contribution requirement has proven burdensome to some recipients and may act as a barrier to adoption of electronic health records technology. We understand that this burden may be particularly acute for small and rural practices that cannot afford the contribution. We also recognize that applying the 15-percent contribution requirement to upgrades and updates to electronic health record technology is restrictive and cumbersome and similarly may act as a barrier.

We are not proposing specific amendments to the 15-percent contribution requirement at this time, and we are considering retaining this requirement without change in the final rule. However, we also are considering and solicit comments on the three alternatives to the existing requirement as outlined below. We solicit comment on each of the alternatives as separate proposed modifications to the contribution requirement.

First, for purposes of the final rule, we are considering eliminating or reducing the percentage contribution required for small or rural practices. We specifically seek comment on whether and how we should eliminate or reduce the 15-percent contribution requirement as applied to a specific subset of recipients such as small or rural practices. In particular, we solicit comments on how “small or rural practices” should be defined. For example, we solicit comments on whether “rural practices” should be defined as those located in rural areas, as defined in the safe harbor for local transportation at 42 CFR 1001.952(bb). We also solicit comments on whether “small practices” should be defined as those in medically underserved areas, as designated by the Secretary under section 330(b)(3) of the Public Health Service Act, or defined similarly to a “small provider of services or small supplier” as set forth in the requirements related to the electronic submission of Medicare claims at 42 CFR 424.32. We also are considering for the final rule and solicit comments on whether other subsets of potential recipients, for example critical access hospitals, should be exempted from the 15-percent contribution because it would impose a significant financial burden on the recipient.

Second, and in the alternative, we are considering reducing or eliminating the 15-percent contribution requirement in this safe harbor for all recipients. We solicit comments regarding the impact this might have on the use and adoption of electronic health records technology, and any attendant risks of fraud and abuse. We are interested in specific examples of the prohibitive costs associated with the 15-percent contribution requirement, both for the initial donation of electronic health records technology, and subsequent upgrades and updates to the technology.

Finally, if we retain a 15-percent contribution requirement or reduce that contribution requirement for some or all recipients, we are considering modifying or eliminating the contribution requirement for updates to previously donated EHR software or technology. We solicit comments on this approach as well as what such a modification should entail. For example, we are considering requiring a contribution for the initial investment only, as well as any “new” modules, but not requiring a contribution for any update of the software already purchased. We solicit comments on these alternatives, or another similar alternative that would still involve some contribution but could reduce the uncertainty and administrative burden associated with assessing a contribution for each update.

b. Replacement Technology

In the 2013 Final EHR Safe Harbor Rule, we highlighted one commenter's assertion that “the prohibition on donating equivalent technology currently included in the safe harbor locks physician practices into a vendor, even if they are dissatisfied with the technology, because the recipient must choose between paying the full amount for a new system and continuing to pay 15 percent of the cost of the substandard system.” The same commenter asserted that “the cost difference between these two options is too high and effectively locks physician practices into electronic health record technology vendors.” In the 2013 Final EHR Safe Harbor Rule, we responded that “we continue to believe that items and services are not “necessary” if the recipient already possesses the equivalent items or services. We noted that providing equivalent items and services confers independent value on the recipient and noted our expectation that “physicians would not select or continue to use a substandard system if it posed a threat to patient safety.”

We appreciate that advancements in electronic health records technology are continuous, rapid, and sometimes prohibitively expensive for the purchaser of such technology, and that in some situations, replacement technology is appropriate. We are proposing to delete the condition that prohibits the donation of equivalent items or services at current 1001.952(y)(7) to allow donations of replacement electronic health records technology. We specifically seek comment as to whether deleting this condition is necessary, and in what situations replacement technology would be appropriate. We further solicit comment as to how we might safeguard against situations where donors inappropriately offer, or recipients inappropriately solicit, unnecessary technology instead of upgrading their existing technology for appropriate reasons.

c. Protected Donors

We are considering expanding the group of entities that may be protected donors under the EHR safe harbor, for purposes of the final rule. As background, in the preamble to the 2006 Final EHR Safe Harbor Rule for the EHR safe harbor, we were mindful that broad safe harbor protection would significantly further the important public policy goal of promoting electronic health records, and thus concluded that the safe harbor should protect any donor that is an individual or entity that provides patients with healthcare items or services covered by a Federal health care program and submits claims or requests for payment for those items or services (directly or pursuant to reassignment) to Medicare, Medicaid, or other Federal health care programs (and otherwise meets the safe harbor conditions).[76] Notwithstanding this conclusion, we indicated that “[w]e remain concerned about the potential for abuse by laboratories, durable medical equipment suppliers, and others” and noted that “[w]e intend to monitor the situation. If abuses occur, we may revisit our determination.” [77]

In the 2013 Final EHR Safe Harbor Rule, we finalized a proposal to remove laboratory companies from the scope of protected donors under the safe harbor to address, among other things, potential abuse identified by some of the commenters involving potential recipients conditioning referrals for laboratory services on the receipt of, or redirecting referrals for laboratory services following, donations from laboratory companies, and general misuse of donations by donors to secure referrals.

We remain concerned about the potential for fraud and abuse by certain donors that we articulated in the 2006 Final EHR Safe Harbor Rule and the 2013 Final EHR Safe Harbor Rule. However, in light of the Department's continued objective to advance the adoption of electronic health records technology, particularly as related to the Regulatory Sprint, and in response to certain comments received to the OIG RFI, we are considering expanding the scope of protected donors by eliminating or revising the requirement in 42 CFR 1001.952(y)(1)(i) that protected donors be limited to those who “submit[ ] claims or requests for payment, either directly or through reassignment, to the Federal health care program.” If we were to revise rather than eliminate the restriction, we are considering broadening it in the final rule to entities with indirect responsibility for patient care. This expansion would protect as donors, for example, entities like health systems or accountable care organizations that neither are health plans nor submit claims for payment. Certain commenters to the OIG RFI also recommended permitting any risk-bearing entity that participates in an Advanced APM entity under the Medicare Quality Payment Program (QPP) to be a donor. We are interested in understanding other types of entities and potential donors who would avail themselves of a broadening of the protected donors. In addition, we specifically solicit comments regarding the removal of this restriction and whether and how removal would impact the widespread adoption of electronic health records technology as well as comments regarding any attendant risks of fraud and abuse.

J. Personal Services and Management Contracts and Outcomes-Based Payment Arrangements (1001.952(d))

We propose to modify the existing safe harbor for personal services and management contracts at 42 CFR 1001.952(d) to: (i) Substitute, for the requirement that aggregate compensation under these agreements be set in advance, a requirement that the methodology for determining compensation be set in advance; (ii) eliminate the requirement that, if an agreement provides for the services of an agent on a periodic, sporadic or part-time basis, the contract must specify the schedule, length, and the exact charge for such intervals; (iii) create a new paragraph (d)(2) to protect certain outcomes-based payments, as defined below; and (iv) to make certain technical changes. These proposals seek to modernize the safe harbor and respond to comments in response to the RFI that existing safe harbor requirements present barriers to certain care coordination and value-based arrangements.

1. Elimination of Requirement To Set Aggregate Compensation in Advance

The existing safe harbor for personal services and management contracts requires that such agreements be for a term of at least 1 year, and that the aggregate compensation be set in advance. In addition, the compensation must be consistent with fair market value in arm's-length transactions. Consistent with our existing safe harbor, compensation under personal services and management contracts may not be determined in a manner that takes into account the volume or value of any referrals or business otherwise generated between the parties for which payment may be made in whole or in part under Medicare, Medicaid or other Federal health care programs. Also, the aggregate services performed under the agreement must not exceed those which are reasonably necessary to accomplish the commercially reasonable business purpose of the services.[78] The purpose of these requirements is to limit the opportunity to provide financial incentives in exchange for referrals.

To provide the healthcare industry enhanced flexibility to undertake innovative arrangements, we are proposing to revise the safe harbor to remove the requirement at 42 CFR 1001.952(d)(5) that the “aggregate” amount of compensation paid over the term of the agreement must be set forth in advance. To mitigate the risk of parties to the agreement periodically adjusting the compensation to reward referrals or unnecessary utilization, the proposed modification to the safe harbor would require the parties to an arrangement to determine the arrangement's compensation methodology in advance of the initial payment under the arrangement. In addition, under (d)(1) of our proposal, the safe harbor would continue to require that the compensation reflect fair market value, be commercially reasonable, and not take into account the volume or value of referrals or business otherwise generated between the parties.

We anticipate this proposal would more closely align this safe harbor with the personal service arrangements exception to the physician self-referral law, 42 CFR 411.357(d).

2. Elimination of Requirement To Specify Schedule of Part-Time Arrangements

We propose to eliminate the requirements set forth at 42 CFR 1001.952(d)(3) relating to agreements for services provided on a periodic, sporadic, or part-time basis. This paragraph of the safe harbor requires contracts that provide for services on such a basis to specify “exactly the schedule of such intervals, their precise length, and the exact charge for such intervals.” Removing this requirement would afford parties additional flexibility in designing bona fide business arrangements, including care coordination and quality-based arrangements, where parties provide legitimate services as needed.

The existing safe harbor requires part-time contractual arrangements between healthcare providers to specify their timing or duration because of our concern that such arrangements are especially vulnerable to abuse. Specifically, part-time arrangements could be readily modified based on changing referral patterns between the parties. However, we believe that existing safeguards under (d)(1) of our proposal would provide sufficient safeguards against the manipulation of these arrangements to reward referrals, namely: The term of the arrangement must be not less than 1 year; the compensation terms must reflect fair market value, be commercially reasonable, and not take into account the volume or value of any referrals or business otherwise generated between the parties; and the methodology for determining compensation must be set in advance.

As with our first proposal, we anticipate this proposal would more closely align this safe harbor with the personal service arrangements exception to the physician self-referral law, 42 CFR 411.357(d).

3. Proposal To Protect Outcomes-Based Payments

We propose to protect outcomes-based payment arrangements in certain circumstances under proposed new paragraph (d)(2) and (d)(3). Our proposal is in response to the evolution of new payment models, such as shared savings, shared losses, episodic payments, gainsharing, and pay-for-performance, and recognizes that such arrangements may facilitate care coordination, encourage provider engagement across care settings, and promote the shift to value.

a. Outcomes-Based Payments

We propose to define “outcomes-based payment” as payments from a principal to an agent that: (i) Reward the agent for improving (or maintaining improvement in) patient or population health by achieving one or more outcome measures that effectively and efficiently coordinate care across care settings; or (ii) achieve one or more outcome measures that appropriately reduce payor costs while improving, or maintaining the improved, quality of care for patients.

We further propose that such payments would exclude any payments made, directly or indirectly, by a pharmaceutical manufacturer; a manufacturer, distributor, or supplier of DMEPOS; or a laboratory. Such payments would also exclude any payment that relates solely to the achievement of internal cost savings for the principal. We solicit comments on potential alternative definitions of the term “outcomes-based payment” that would be consistent with the goals described in the preceding paragraphs of this preamble section. For example, we are considering for the final rule defining the term by reference to specific types of payments, such as those described as examples of outcomes-based payments below.

Examples of outcomes-based payment arrangements could include shared savings payments, shared losses payments, gainsharing payments, pay-for-performance payments, or episodic or bundled payments. We are considering and solicit comments on whether, if we take this approach, we should further define specific types of payment arrangements that would qualify for this safe harbor in the final rule. To the extent we further define such arrangements, we are considering basing potential definitions on arrangements defined in various Innovation Center models and the Medicare Shared Savings Program. Such terms might include:

  • “Shared savings payment” could be defined to mean a payment from a payor to a principal or the downstream payment by the principal to the agent of a share of payor savings realized from the agent's activities for a specified patient population. Shared savings payments encourage the use of the lowest cost service for the patient population to achieve certain desired health outcomes.
  • “Shared losses payment” could be defined to mean a payment from a principal to a payor or from a downstream agent to a principal to repay the payor for a portion of the payor's losses incurred with respect to a specific patient population under a shared savings arrangement when a principal's expenditures for the patient population for the applicable performance period exceed specific performance benchmarks.
  • “Gainsharing payment” could be defined to mean a payment from a principal to an agent to incentivize the agent to appropriately reduce healthcare costs (other than solely the principal's internal costs) for a specified patient population while achieving certain outcome measures in accordance with a principal's arrangement with a payor.
  • “Episodic or bundled payment” could be defined to mean a payment from a payor to a principal or from a principal to a downstream agent for an episode of care across care settings for a specified patient population. This could include a retrospective bundled payment arrangement where actual healthcare expenditures of the payor and principal for the patient population are reconciled against a target price for an episode of care and a portion of such payment to the principal may be made to the agent or a prospectively determined bundled payment from the payor to the principal or a portion of such payment to the principal made to the agent that encompasses all healthcare services furnished by the principal and agent for the patient population during the episode of care.
  • “Pay-for-performance arrangement” could be defined to mean a payment from a principal to an agent (or a payor to a principal) for the achievement of a legitimate cost, quality, or operational performance metric (e.g., bonus payment) on behalf of the principal for a specified patient population.

We anticipate such outcomes-based payment arrangements would largely mirror, in concept, similar arrangements used in various Innovation Center models and the Medicare Shared Savings Program and would, more specifically, encompass examples like the following: (i) An ACO makes a “shared savings” payment to its member physicians, with such payments representing a percentage of payor savings generated by the ACO as a result of its members' efforts to reduce total patient care costs and improve quality; (ii) where an ACO incurs financial loss and is obligated to pay money to its payor, a hospital makes “shared losses” payments to the ACO, representing an agreed upon percentage of the ACO's loss; and (iii) a hospital and group of physicians and post-acute care providers agree collectively to be paid by a payor for an episode of care (e.g., inpatient stay and 90 days post-discharge) and share among themselves the savings or losses generated against a benchmark. In some cases involving reconciliation, the hospital might be responsible for sharing any savings among its partners; in others, the hospital might be responsible for paying its partners for the services they furnish the patients under the episode.

As noted previously, our proposed definition of “outcomes-based payment” excludes arrangements that relate solely to achievement of internal cost savings for the principal. For example, outcomes-based payment arrangements would not include arrangements that involve sharing in financial risk or gain only as it relates to the prospective payment systems for acute inpatient hospitals, home health agencies, hospice, outpatient hospitals, inpatient psychiatric facilities, inpatient rehabilitation facilities, long-term care hospitals, or SNFs. Although arrangements reimbursed by Federal health care programs under the prospective payment systems may create internal cost savings for a provider, the savings under the arrangement would not accrue to the payor.

Thus, and for example, this safe harbor would not protect an outcomes-based payment arrangement between a hospital and physician group, where the parties share financial risk or gain only with respect to items or services reimbursed to the hospital under the Medicare prospective payment system for acute inpatient hospitals. However, an outcomes-based payment arrangement that involves a hospital and physician group sharing financial risk or gain realized across care settings would be protected (e.g., for a patient's inpatient stay and the 60-day post-discharge period), provided all safe harbor requirements were met.

b. Entities Not Included

Based on our enforcement and oversight experience and as explained with respect to a similar exclusion in the definition of VBE participant in this proposed rule, we are proposing to exclude pharmaceutical manufacturers; manufacturers, distributors, and suppliers of DMEPOS; and laboratories from the proposed safe harbor for outcomes-based payments. As stated previously, we are concerned that these types of entities, which are heavily dependent upon practitioner prescriptions and referrals, might use outcomes-based payments primarily to market their products to providers and patients.

As with the proposed definition of a VBE participant, we are also considering for the final safe harbor at 1001.952(d)(2) excluding pharmacies (including compounding pharmacies), PBMs, wholesalers, and distributors. We solicit comments about these proposed exclusions, as well as illustrative examples of beneficial or problematic outcomes-based payment arrangements that might be excluded or included if we finalize some or all of these exclusions.

We also are considering whether to more specifically target the final safe harbor on outcomes-based payment arrangements that further value-based care or care coordination by limiting protection for outcomes-based payment arrangements to VBE participants, as that term is defined in (ee)(12)(vi) of this proposed rule.

c. Collaboration and Outcomes-Based Payments

As proposed, under the safe harbor conditions, all outcomes-based payments must be made between or among parties that are collaborating to measurably improve quality of patient care appropriately and materially reduce costs while maintaining quality, or both. Moreover, if specific services are to be performed, the agreement must specify all of the services the parties perform (or refrain from performing) to qualify for the outcomes-based payments. We are mindful that with some value-based payment arrangements, there may not be a direct correlation between the level or value of services provided by a particular recipient of payments and that party's share of savings or outcomes-based payments (e.g., shared savings payments may be distributed on a basis unrelated to actual services provided). While the two requirements described do not expressly require that the outcomes-based payment arrangement include the provision of services (merely that the parties collaborate, and to the extent the parties' arrangement includes services, that they be documented), we anticipate that many arrangements would include a service component.

d. Safe Harbor Conditions

Our proposal for outcomes-based payment arrangements includes safe harbor conditions, some of which mirror program integrity safeguards set forth in the existing personal services and management contracts safe harbor and some of which are new safeguards specific to outcomes-based payment arrangements. As detailed below, our proposed safe harbor conditions are based on our experience with these types of arrangements through the advisory opinion process and the development of waivers for CMS models.

e. Goal of the Outcomes-Based Payment Arrangement

As stated above, all outcomes-based payments must be made between or among parties that are collaborating to measurably improve quality of patient care (or maintain improvement); appropriately and materially reduce costs to, or growth in expenditures of, payors while improving or maintaining the improved quality of care; or both. We propose to limit safe harbor protection to outcomes-based payment arrangements that foster these two goals because we believe that such arrangements may best facilitate care coordination, encourage provider engagement across care settings, and promote the shift to value.

f. Outcome Measures

We propose to require the parties to an arrangement to establish one or more specific evidence-based, valid outcome measures that the agent must satisfy to receive the outcomes-based monetary remuneration. This requirement largely mirrors the outcome-measure requirement in the proposed care coordination arrangements safe harbor at paragraph (ee), and we refer readers to the discussion of this requirement in the preamble above. That being said, we note certain key differences, such as: This proposed safe harbor requires satisfaction of an outcome measure to receive an outcomes-based payment, whereas the care coordination arrangements safe harbor requires monitoring and assessment related to such outcome measures; and the achievement of outcomes measures is not a prerequisite to the provision or use of in-kind remuneration under the proposed safe harbor at paragraph (ee). Such differences are deliberate and due to the variations in type and scope of potential remuneration that could be exchanged under the respective safe harbors.

For the proposed outcomes-based payment arrangements amendments to the safe harbor, outcome measures must relate to improving quality of patient care; appropriately and materially reducing costs to, or growth in expenditures of, payors while improving, or maintaining the improved quality of care for patients; or both. As an additional safeguard, parties must select outcome measures based upon clinical evidence or credible medical support.

Any outcome measures established pursuant to the parties' arrangement must be measurable and valid, and such measures must promote improved quality or efficiencies in the delivery of care, or appropriate cost reduction. Measures that simply seek to reward the status quo would not meet this requirement. In some circumstances, we acknowledge that payment for the maintenance of high quality may be low risk (e.g., where an established ACO that has made demonstrable quality improvements over the course of several years seeks to reward its members to maintain such improvements). We solicit comments on whether, and if so how, we should protect such arrangements in the final rule without protecting arrangements that may be disguised payments for referrals. We are concerned that arrangements that reward the status quo are more likely to be mere payments for referrals.

Because we believe the provision of monetary remuneration presents a higher risk of fraud and abuse than the provision of in-kind remuneration, we are considering for the final rule, and solicit comments on, whether to impose a different, potentially stricter standard for outcome measures in this proposed safe harbor than in the proposed care coordination arrangements safe harbor at paragraph (ee). To mitigate this risk, we propose to require the parties to regularly monitor and assess the agent's performance on each outcome measure under the agreement. This condition is similar to the assessment and monitoring requirements in the care coordination arrangements safe harbor at paragraph (ee). For example, regularly monitoring and assessing the agent's performance could include: (i) Determining whether the arrangement has measurably improved quality of patient care, (ii) evaluating any deficiencies in the delivery of quality care, and (iii) measuring the agent's satisfaction of the specific, evidence-based, valid outcome measure(s) in the outcomes-based arrangement.

We recognize that outcomes-based payment arrangements may vary in structure and strive to provide flexibility for parties to design arrangements to achieve appropriate quality of patient care as well as appropriate efficiency and cost savings goals. However, we are proposing to include an express requirement that parties rebase the benchmark or outcome measure for outcomes-based payments periodically in outcomes-based payment arrangements where rebasing is feasible under paragraph (d)(2)(vii)(B). By “rebasing” we mean resetting the benchmark used to determine whether payments will be made to take into account improvements already achieved. We anticipate periodic “rebasing” will prevent parties from inappropriately carrying over savings from previous performance periods or from receiving payments that do not reflect legitimate achievement of outcomes.

This proposed requirement is intended to address a concern that “evergreen” outcomes-based payment arrangements, in which outcome measures are not properly monitored or assessed, could be used as a vehicle to reward referrals well after the desired provider behavior change or savings benchmark has been met. Such perpetual arrangements might also fail to meet the proposed requirement that the measures be evidence-based. We are considering for the final rule, and solicit comments on, whether a specific timeframe within a specified performance period under the arrangement (e.g., 3 years) or a shorter (e.g., 1-year) or longer (e.g., 5-year) timeframe is appropriate and realistic for requiring parties to rebase the benchmarks for outcomes-based payments. We solicit comments on the definition of “rebase” and when and how frequently rebasing would be necessary and appropriate to ensure that outcomes-based payments are based on valid, measurable outcomes, reducing the risk that the payments would be mere payments for referrals.

g. Methodology

To increase transparency of outcomes-based payment arrangements, we propose that the methodology for determining the aggregate compensation (including any outcomes-based payments) paid between or among the parties over the term of the agreement is: Set in advance; commercially reasonable; consistent with fair market value; and not determined in a manner that directly takes into account the volume or value of any referrals or business otherwise generated between the parties for which payment may be made in whole or in part by a Federal health care program. We view these conditions as essential safeguards to ensuring any outcomes-based payment arrangement is not a vehicle to reward referrals and generate revenue but rather reflects a deliberate, collaborative effort by the parties to the arrangement to realize improved outcomes, cost savings to payors, or both.

Because our proposed set-in-advance and commercially reasonable requirements are consistent with our existing personal services arrangement and management contracts safe harbor (as proposed to be amended with respect to the set-in-advance requirement), we do not address these requirements here in further detail. We discuss our proposed fair market value and volume or value conditions below.

i. Fair Market Value

We propose that the methodology for determining the aggregate compensation (including any outcomes-based payments) paid between or among the parties over the term of the agreement be consistent with fair market value. We acknowledge our proposed aggregate fair market value requirement may pose challenges to the extent there are not industry standards yet developed to determine fair market value for some outcomes-based payment arrangements in the value-based care arena and because we understand that some of the outcomes-based payment arrangements we propose to protect do not necessarily correlate payments with actual services performed (and in some cases, reward not performing services).

Nonetheless, we anticipate the industry will evolve and adapt to assess fair market value for value-driven outcomes-based payment arrangements, even where the provision of traditional services may be a less prominent component. We solicit comments on this approach. We are considering for the final rule whether we should take a different approach (including whether to value outcomes-based payments separately from other compensation or whether to substitute the fair market value requirement with a different safeguard that would help ensure that payments are for legitimate participation in arrangements that drive value-based care and are not merely disguised payments for referrals).

ii. Volume or Value of Referrals

We propose to require that the compensation methodology for determining the outcomes-based payment not be determined in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. We recognize that to incentivize care coordination and appropriate behavioral changes through outcomes-based payments, parties may need to establish payment methodologies that at least indirectly take into account the volume or value of referrals or other business generated between the parties. We believe it should be possible to structure payments so that they do not directly take into account the volume or value of referrals of other business.

h. Writing and Monitoring

We propose that the outcomes-based payment be made between or among parties that are collaborating, pursuant to a written agreement signed by the parties in advance of, or contemporaneous with, the commencement of the terms of the outcomes-based payment arrangement. We further propose that the written agreement specify all of the services the parties would perform for the term of the agreement. As detailed in the above section, while this does not mandate that parties to an outcomes-based payment arrangement include services, if services are furnished pursuant to the parties' arrangement, such services must be documented in writing.

We further propose to require that the written agreement include the outcome measure(s), the evidence-based data or information upon which the parties relied to select the outcome measure(s), and the schedule for the parties to regularly monitor and assess the outcome measure(s). In addition to the writing requirements set forth in (d)(2)(viii), parties may consider documenting and retaining such documentation necessary to demonstrate compliance with each prong of this safe harbor. For example, the parties may document payments made pursuant to the outcomes-based payment arrangement and data showing the agent's achievement of the outcome measure(s).

i. Impact on Patient Quality of Care

Properly structured and operated, outcomes-based payments hold the potential to improve the delivery of care; however, when improperly structured and operated, they hold the potential to incentivize behavior harmful to patients, such as stinting on care (underutilization), cherry picking lucrative or adherent patients, or lemon dropping costly or noncompliant patients.[79] Accordingly, we are proposing to require that the agreement neither limits any party's ability to make medically appropriate decisions for patients, nor induces the reduction of medically necessary services.

j. Additional Safeguards

We propose that the term of the agreement is not less than 1 year and that the services performed under the agreement do not involve the counseling or promotion of a business arrangement or other activity that violates any State or Federal law. These conditions are identical to those included in the personal services and management contracts safe harbor.

k. Technical Modifications

Due to the proposed additions of paragraphs (d)(2) and (d)(3), setting forth provisions on outcomes-based payments and definitions, we propose to move the existing personal services and management contracts provisions, as proposed to be amended in this rulemaking, to a new paragraph (d)(1).

K. Warranties (1001.952(g))

In an effort to update the existing safe harbor for warranties at 42 CFR 1001.952(g) and to promote higher value items covered by warranties, we propose to modify the safe harbor to: (i) Protect warranties for one or more items and related services upon certain conditions; (ii) exclude beneficiaries from the reporting requirements applicable to buyers; and (iii) define “warranty” directly and not by reference to 15 U.S.C. 2301(6). We also propose to make a technical correction to paragraph (3)(i) to change the text from “paragraphs (a)(1) and (a)(2) of this section” to “paragraphs (g)(1) and (g)(2) of this section.” For ease of reference, we propose to amend the safe harbor by moving the undesignated definition at the end of the safe harbor to a new paragraph (g)(7).

1. Bundled Warranties

The warranties safe harbor protects remuneration consisting of “any payment or exchange of anything of value under a warranty provided by a manufacturer or supplier of an item to the buyer (such as a health care provider or beneficiary) of the item,” as long as the buyer and seller comply with the safe harbor's requirements.[80] We confirmed in Advisory Opinion No. 18-10 that this safe harbor applies only to warranties for a single item and not to bundled items.[81] We received comments in response to the OIG RFI requesting revisions to the warranties safe harbor to protect warranty arrangements that pertain to bundled items and services. Commenters suggested that such revisions would promote beneficial and innovative arrangements. Based on these comments, other input OIG has received, and our own consideration of the potential benefits of expanding the warranties safe harbor to foster value, we propose to revise the safe harbor to protect bundled warranties for one or more items and related services, when certain conditions are met. This modification would allow manufacturers and suppliers to warrant that a bundle of items or one or more items in combination with related services, such as product support services, will meet a specified level of performance under a warranty agreement.

We believe this proposed modification could promote beneficial arrangements between sellers and buyers by allowing them to enter into warranty arrangements conditioned on the collective value of the warranted items and related services. We also believe this proposed modification could enhance the use and utility of warranted items by protecting warranties that encompass services, such as support and educational services. For example, this proposed modification would protect arrangements such as the one at issue in Advisory Opinion No. 01-08, where the requestor operated a warranty program covering wound care products and certain related support services, such as access to a wound specialist and an online wound documentation system, that the requestor made available to buyers of its products.[82]

a. Inclusion of Services in Bundled Warranties

We are proposing to protect warranty arrangements that apply to one or more items and services (provided the warranty covers at least one item). This modification would allow manufacturers and suppliers to warrant that certain services, in combination with one or more items, will result in a specified level of performance.[83] We are mindful that the provision of certain warranted services, such as medication adherence services by manufacturers and suppliers, could increase the risk of patient harm and inappropriate utilization because manufacturers and many suppliers do not necessarily have direct patient care responsibilities and thus may not have the same patient safety considerations that physicians and providers with direct patient care responsibilities have. Using medication adherence services offered by drug manufacturers as an example, we are concerned that manufacturers may promote patients' adherence to prescribed medications, even when a patient is experiencing harmful side effects, or the medication is not achieving the purpose for which it was prescribed. Because manufacturers have financial incentives for patients to use and reorder their medications but do not have the medical expertise the prescribing physicians have to determine whether continued use of medications is clinically appropriate for a specific patient, medication adherence services offered by manufacturers, such as phone or message communications directing patients to take their medications, could result in patient harm or inappropriate utilization of drugs.

We are considering safeguards we could include in the final rule to protect against these risks, such as a safeguard that would prohibit direct patient outreach by a seller offering a warranty but that would allow the seller to pay an independent intermediary to perform services that require direct patient outreach, as long as compensation for the patient outreach services is not tied to the volume or value of any warranted item used by the patient.

Our proposed expansion of this safe harbor does not protect warranties covering only services. We believe warranties for services that are not tied to one or more related items could present heightened fraud and abuse risks. Manufacturers and suppliers could warrant that services will achieve certain clinical goals and offer remuneration to induce referrals from referral sources under the guise of warranty remedies. The services manufacturers and suppliers may offer could take many different forms, and it may be difficult to verify whether services, which can more subjective in nature than items, failed to achieve the clinical goals established by a warranty arrangement. Additionally, because the services subject to a warranty may not be federally reimbursable, it may be difficult to determine whether the services being warranted are bona fide services or sham services offered as part of a warranty agreement and designed to transfer remuneration to referral sources upon the failure of such services to achieve the warranted result. If physicians, for example, could warrant that their services will achieve certain clinical results, the potential to receive money as a warranty remedy may induce patients to select physicians offering warranties over other physicians, particularly where the clinical results being warranted are not easily achievable, regardless of which physician a patient selects. We are considering for the final rule extending safe harbor protection for warranties applying only to services if sufficient safeguards exist to mitigate these risks, and we are soliciting comments on the potential fraud and abuse risks that may arise if we expand the safe harbor to include services-only warranties and potential safeguards to mitigate these risks.

b. Conditions on Bundled Warranties

We propose to impose the following conditions on bundled warranty arrangements: (i) All federally reimbursable items and services subject to bundled warranty arrangements must be reimbursed by the same Federal health care program and in the same payment; (ii) a manufacturer or supplier must not pay any individual (other than a beneficiary) or entity for any medical, surgical, or hospital expense incurred by a beneficiary other than for the cost of the items and services subject to the warranty; and (iii) manufacturers and suppliers cannot condition bundled warranties on the exclusive use of one or more items or services or impose minimum-purchase requirements of any items or services. We believe these requirements would promote beneficial arrangements while protecting beneficiaries and the Federal health care programs from harmful practices, such as inappropriate utilization and product steering, as explained below.

c. Requirement for Federally Reimbursable Items and Services Subject to Bundled Warranty Arrangements To Be Reimbursed by the Same Federal Health Care Program and in the Same Payment

Under a new paragraph (5), we propose to require that all federally reimbursable items and services subject to the bundled warranty be reimbursed by the same Federal health care program and in the same payment. This requirement would be satisfied when federally reimbursable items and services subject to a bundled warranty are reimbursed by, for example, the same Part A Medicare Severity-Diagnosis Related Group (MS-DRG) payment, the same Medicare Part B ambulatory payment classification payment, or the same Medicaid managed care payment. Allowing sellers to bundle items and services reimbursed by different Federal health care program payments could create incentives for overutilization or inappropriate utilization of items and services included in the bundle. Unlike bundled payments, such as MS-DRG payments, payments that reimburse providers separately for each item and service they order do not incentivize providers to contain their costs because the providers would receive reimbursement for each discrete item and service they order, regardless of whether those items and services present the best value. Without cost-containment incentives, providers may order devices or drugs subject to a bundled warranty, regardless of whether lower-cost, equally effective devices or drugs are available, because providers would be reimbursed separately for each item and reimbursable service and could be eligible to receive the full cost of the separately billed items and reimbursable services in the bundle if even one item or reimbursable service fails to perform as expected.

We believe these risks are mitigated when bundled warranties apply only to federally reimbursable items and services that are reimbursed by the same Federal health care program payment, such as under an MS-DRG payment. However, we are aware that bundled warranties could result in barriers to entry for certain manufacturers and suppliers that cannot offer bundled warranties, and we are considering for the final rule, and solicit comments on, additional safeguards we should include to limit the potential anti-competitive effects that bundled warranties may have in the drug and device markets. Additionally, we solicit specific examples where the protections we propose would not be sufficient to protect against anti-competitive conduct.

We recognize that the proposed requirement above might inhibit warranties conditioned on the collective performance of warranted items across a patient population (population-based warranties) because these items would not be reimbursed in the same payment. We are considering whether, and if so, how, we might craft the safe harbor to allow for population-based warranties without creating risks of increased costs to the Federal health care programs, as described above. For example, we are considering for the final rule whether we could require that all items and services be reimbursed according to the same payment methodology, but not necessarily the same payment, to allow for population-based warranties. We solicit comments on this approach and the potential benefits and fraud and abuse risks it may present. We note that retrospective reconciliation payments, such as those often used under the Innovation Center payment models, would not constitute one payment, as required under our proposal, when the reconciliation payments are paid to one entity but are not direct payment for items and services provided only by that entity.

In addition, we are considering for the final rule, and seek comments on, whether we should include any exceptions to the requirement that all federally reimbursable items and services subject to a bundled warranty be paid by the same payment, such as when bundled items are reimbursed according to the same payment under the Medicare program but are reimbursed separately under Medicaid. For example, in Advisory Opinion No. 18-10, we noted that the items subject to the requestor's warranty program were reimbursable under the same MS-DRG payment but potentially were separately reimbursable under certain states' Medicaid programs. We encourage commenters to provide specific examples where an exception may be needed.

2. Capped Amount of Warranty Remedies; Prohibition on Exclusivity and Minimum-Purchase Requirements

We propose to modify paragraph (4) of the safe harbor by limiting the remuneration a manufacturer or supplier may pay to any individual (other than a beneficiary) or entity for any medical, surgical, or hospital expense incurred by a beneficiary to the cost of the items and services subject to the warranty. We view this limitation as an important protection against manufacturers and suppliers providing excessive remuneration to induce further business. In a new paragraph (6), we also propose to prohibit manufacturers and suppliers from conditioning warranties on the exclusive use of one or more items or services and from imposing minimum-purchase requirements of any items or services. We view such steering practices as highly problematic and solicit comments on the prevalence of these practices in warranty arrangements. We also solicit comments on the effectiveness of the proposed safeguards in preventing or mitigating fraud and abuse risks, as well as additional safeguards we could impose.

3. Reporting Requirements

Stakeholders have expressed concern that the reporting requirements under the safe harbor may not allow for outcomes-based warranty arrangements in which buyers could receive return payments from manufacturers over several years if a therapy does not meet clinical outcomes at designated points in time. We solicit comments on any burden the current reporting requirements impose and the need for more flexible reporting requirements under the safe harbor to better facilitate warranties tied to clinical outcomes. We understand that delayed reporting may be necessary when, for example, the efficacy of a drug therapy may not be known for several years after the initial purchase. We are considering ways in which we could modify the reporting requirements under the safe harbor to accommodate outcomes-based warranty arrangements while protecting the Government's interest in having an accurate and timely report of any price reductions a seller offers a buyer under a warranty arrangement protected by the safe harbor. We also propose to expressly exclude beneficiaries from the reporting requirement applicable to other buyers since beneficiaries do not report costs to the Government.

4. Definition of “Warranty”

We propose to define “warranty” directly and not by reference to 15 U.S.C. 2301(6). The Magnuson-Moss Act enacted 15 U.S.C. 2301, which in paragraph (6) defines “written warranty” in connection with the sale of a “consumer product.” However, courts have held that an item regulated under the Federal Food, Drug, and Cosmetic Act is not a “consumer product” for purposes of the Magnuson-Moss Act.[84] The reference to 15 U.S.C. 2301(6) in the definition of “warranty” therefore creates unintentional ambiguity as to whether the safe harbor covers warranties for drugs and devices regulated under the Federal Food, Drug, and Cosmetic Act. We propose revisions to the definition of “warranty” to clarify that the warranties safe harbor applies to FDA-regulated drugs and devices.

We propose a definition for “warranty” that largely models the definition in 15 U.S.C. 2301(6) but replaces references to a “product,” where applicable, with “item or bundle of items, or services in combination with one or more related items,” to allow for single-item and bundled warranties. Additionally, the proposed definition substitutes references to the “material” of a product with “quality” to reflect the inclusion of warranted services in addition to items. The proposed definition of “warranty” continues to include a “written affirmation of fact or written promise [that] affirms or promises that [items and services] . . . will meet a specified level of performance over a specified period of time.” We interpret this provision to provide protection for warranty arrangements conditioned on clinical outcome guarantees, provided the warranty arrangements meet all the safe harbor's requirements.

L. Local Transportation (1001.952(bb))

Increasingly, experts are recognizing the important role transportation plays in patient access to care, quality of care, healthcare outcomes, and effective coordination of care for patients, particularly for patients who lack their own transportation or who live in “transportation deserts.” As part of this rulemaking, we are revisiting certain provisions of the existing safe harbor for local transportation at 42 CFR 1001.952(bb) and, as described above, proposing new safe harbor protection for certain patient engagement tools and supports. The proposed patient engagement and support safe harbor would include transportation services for patients that meet the proposed safe harbor requirements.

We propose to modify the existing safe harbor for local transportation at 42 CFR 1001.952(bb) to: (i) Expand the distance which residents of rural areas may be transported; and (ii) remove any mileage limit on transportation of a patient from a healthcare facility from which the patient has been discharged to the patient's residence.

For purposes of clarification, we also provide guidance on the application of the safe harbor to transportation through ride-sharing services. We are not proposing to amend the safe harbor to explicitly include such services, because we believe that nothing in the existing language excludes them from protection.

Finally, for ease of reference, we propose to amend the safe harbor by moving the undesignated definitions set forth in the note to paragraph (bb) to a new paragraph (bb)(3).

1. Expansion of Mileage Limit for Patients Residing in Rural Areas

The safe harbor provides that transportation is protected if provided “[w]ithin 25 miles of the health care provider or supplier to or from which the patient would be transported, or within 50 miles if the patient resides in a rural area, as defined in this paragraph (bb).” [85] In response to the OIG RFI, some commenters stated that the 50-mile limit for residents of rural areas is insufficient, as many rural residents need to travel more than 50 miles to obtain medically necessary services. Accordingly, we are proposing to increase the limit on transportation of residents of rural communities to 75 miles, but we solicit comments on whether an increase to 75 miles is sufficient. We urge commenters to provide data or other evidence to support the most appropriate distance for the purposes of this rulemaking. We request that commenters provide specific information, if available, about the patients within the commenters' communities or service areas who cannot obtain care within the existing distance limits. We also seek comments on how an entity would provide transportation over distances in excess of 50 miles (e.g., by shuttle, as defined in the existing safe harbor), ride-sharing programs, reimbursement of mileage, reimbursement of bus or taxi fare, or other means. Such information will assist us in determining whether an increased distance limit is necessary and practical and whether it is likely to be subject to abuse. While the current safe harbor does not require any showing of need on the part of patients, we solicit comments on whether the final rule should protect transportation in excess of the current limits only where there is a demonstration of financial, medical, or transportation need. We also solicit comments on what safeguards would be necessary to prevent abuse of an expansion of these limits for rural or other patients.

2. Elimination of Distance Limit on Transportation of Discharged Patients

Comments on the OIG RFI and other information raise concerns about patients discharged from healthcare facilities who do not have a ride home. In some cases, these patients have been brought to the facility from a great distance. Some patients in behavioral health facilities are brought to the facility over long distances by law enforcement personnel. Commenters urged that the local transportation safe harbor be expanded to protect facilities that want to provide safe transportation home.

We agree that transportation home after discharge from an inpatient facility does not pose the same level of risk of inducing patient referrals as transportation to the facility. Accordingly, we are proposing to eliminate any distance limit on transportation of a patient who has been discharged from a facility after admission as an inpatient, regardless of whether the patient resides in an urban or rural area, if the transportation is to the patient's residence, another residence of the patient's choice (such as the residence of a friend or relative who is caring for the patient post-discharge). We are also considering protecting transportation to any location of the patient's choice, including to another healthcare facility. We are soliciting comment on the fraud and abuse risks that may arise from permitting transportation to another healthcare facility. In addition, we are considering for the final rule whether, and under what circumstances, transportation home or to another facility should be protected when a patient has not been admitted to an inpatient facility. For example, we are soliciting comments on whether transportation should be protected after a patient has been seen in the emergency room, under observation status at a hospital for an extended period, but not admitted, or after a procedure at an ambulatory surgery center (ASC). If transportation is protected under these circumstances, we welcome comments on what limitations should be imposed (e.g., observation status at a hospital for at least 24 hours, or a procedure at an ASC or medical condition evaluated or treated at an emergency department that results in a patient being unable to travel home safely unaccompanied).

The safe harbor does not require an entity to offer transportation to patients, and an entity may impose its own mileage limits on any transportation offer, as long as it imposes such limits consistently and makes the transportation available without regard to the volume or value of Federal health care program business. For example, the entity sponsoring the transportation cannot offer the transportation only to facilities affiliated with it.

As with our proposal to increase the mileage limit for transportation of rural patients, we solicit comments on whether transportation of discharged patients, if in excess of otherwise applicable safe harbor mileage limits, should be limited to patients with demonstrated need (either financial need or transportation need), and if so, what standards should apply to such demonstration of need. Finally, we solicit comments on whether, if this proposal to eliminate any mileage limit for discharged patients is adopted, there remains a need to increase the distance limit for transportation of patients who reside in rural areas.

3. Local Transportation for Health-Related, Non-Medical Purposes

In the preamble to the final rule establishing the local transportation safe harbor, we declined to extend safe harbor protection to transportation for purposes other than to obtain medically necessary items or services, although we noted that a shuttle service protected by the safe harbor could make stops at locations that do not relate to a particular patient's medical care. We also stated that we would consider in a future rulemaking whether permitting transportation to non-medical services that are part of care coordination arrangements or are related to improving healthcare would be appropriate.[86]

In response to the OIG RFI, we received comments suggesting that the local transportation safe harbor should protect transportation for non-medical purposes that may nevertheless improve or maintain health. Such transportation might be to food stores or food banks, social services facilities (such as to apply for food stamps or housing assistance), exercise facilities, or chronic disease support groups, for example. In many cases, such transportation might help address both patients' health outcomes as well as social determinants of health, such as transportation, nutrition, and housing. We are considering including non-medical purposes in the final safe harbor, and we seek comments on whether and how the safe harbor could be expanded in this manner to foster innovative arrangements that are likely to improve health outcomes and address non-medical needs that significantly influence those outcomes, without creating an unacceptable risk of fraud and abuse, such as inducing beneficiaries to receive unnecessary healthcare items and services. We are considering whether such expansion of the safe harbor should be limited to certain beneficiary populations, such as chronically ill patients, or to patients who are being discharged from a hospital or other facility. Responses to this solicitation of comments will inform our consideration of potentially extending this safe harbor in the final rule to include these arrangements or potentially protecting arrangements in the patient engagement and support safe harbor, if finalized.

Elsewhere in this rulemaking, we are proposing a new safe harbor for patient engagement tools and supports provided by VBE participants, which could include transportation for health-related, non-medical purposes. The protection of this safe harbor would not be available outside the context of a VBE, however, since the proposed safe harbor limits protection to patient engagement tools and supports furnished by VBE participants. We refer commenters to the standards and safeguards proposed for the separate safe harbor for patient engagement tools and supports (proposed at 1001.952(hh)), and we solicit comments on whether these standards and safeguards are also appropriate for the local transportation safe harbor, to the extent that were to apply to transportation for non-medical purposes. In addition, we seek comments on whether an extension of the local transportation safe harbor in this manner is needed or appropriate, if the proposed separate safe harbor for patient engagement and support offered by VBE participants is adopted (proposed 1001.952(hh)).

4. Use of Ride-Sharing Services

We are aware that some entities are providing transportation for medical items and services through the use of ride-sharing services. As we understand the use of these services, a hospital, for example, could arrange with a ride-sharing service to provide rides for its patients, for which the hospital would be billed. We are aware that some members of the public may be uncertain about the application of the safe harbor in these circumstances.

In the preamble to the final rule establishing the local transportation safe harbor, we noted the possibility that patient transportation would be provided via taxi.[87] Although we did not explicitly refer to ride-sharing services, we see no difference between these services and taxis, for purposes of the safe harbor. We believe that nothing in the language of the safe harbor precludes their use. (By the same logic, the safe harbor does not preclude transportation via self-driving cars or other similar technology that serve as a taxi service, should they become available.) We invite any commenters who disagree to provide comments explaining the possible basis for the exclusion of ride-sharing programs from protection from the existing safe harbor. If we find such comments persuasive, we will consider an amendment to the safe harbor to explicitly protect transportation through ride-sharing programs.

We note, however, that the same safe harbor requirements that apply to other forms of transportation also apply to transportation provided by ride-sharing services. These include the requirement that the availability of free or discounted transportation not be advertised. A taxi company, ride-sharing service, or other provider of transportation could advertise that it provides transportation to medical appointments and suggest contacting medical providers to determine if free or discounted transportation is available to their facilities. It cannot, however, advertise that it provides free or discounted transportation to a particular healthcare provider or group of providers. Such customer-specific advertising is within the control of the customer to prohibit, and therefore would be imputed to the customer (i.e., the entity paying for the transportation, regardless of whether that entity pays for the advertising), thus disqualifying the arrangement from safe harbor protection.

To the extent that the ride-sharing service provides services other than transportation for the purpose of obtaining medical care, such services would not be protected by the safe harbor. Like a taxi driver, a ride-share driver could assist a patient in getting from a residence into a vehicle and from a vehicle into a medical provider's facility, and this could include assisting the patient with a wheelchair, oxygen equipment, or the like. This would be considered part of the transportation service. In addition, a ride-sharing driver, taxi driver, or shuttle could, for example, provide the patient with transportation from a physician's office or hospital to a pharmacy, for the purpose of obtaining a prescription (a medically necessary item) before taking the patient home. As noted in the preamble to the 2016 final rule establishing this safe harbor, a shuttle could also include a food store among its stops.[88] However, transportation to a food store or any other location not for the purpose of obtaining medically necessary items or services, when provided on a patient-specific basis (i.e., not by a shuttle), is not protected by this safe harbor. Such transportation may be protected by the proposed safe harbor for value-based arrangements, as discussed elsewhere in this proposed rule.

Finally, we note that, as with all safe harbors, the local transportation safe harbor applies only to the Federal anti-kickback statute (and the beneficiary inducements CMP). Providers of transportation remain subject to all other federal, state and local laws and regulations that may be applicable to their activities and arrangements.

M. ACO Beneficiary Incentive Program

1. Overview of Medicare Shared Savings Program and Provisions of the Budget Act of 2018 for ACO Beneficiary Incentive Programs

Section 1899 of the Act established the Medicare Shared Savings Program, which promotes accountability for a patient population, fosters coordination of items and services under Medicare Parts A and B, encourages investment in infrastructure and redesigned care processes for high-quality and efficient healthcare service delivery, and promotes higher value care. The Medicare Shared Savings Program is a voluntary program that encourages groups of doctors, hospitals, and other healthcare providers to come together as an ACO to lower growth in expenditures and improve quality. An ACO agrees to be held accountable for the quality, cost, and experience of care of an assigned Medicare FFS beneficiary population. ACOs that successfully meet quality and savings requirements share a percentage of the achieved savings with Medicare.

Section 1899(m)(1)(A) of the Act, as added by section 50341 of the Budget Act of 2018,[89] permits ACOs under certain two-sided models to operate CMS-approved beneficiary incentive programs to provide incentive payments to assigned beneficiaries who receive qualifying primary care services. According to CMS, and as intended by section 1899(m)(1)(A) of the Act, the beneficiary incentive programs will encourage beneficiaries assigned to certain ACOs to obtain medically necessary primary care services while requiring such ACOs to comply with program integrity and other requirements.[90] CMS, in a final rule establishing regulations governing ACO Beneficiary Incentive Programs states that the agency “believe[s] that such amendments will empower individuals and caregivers in care delivery.” [91]

Specifically, the Budget Act of 2018 added section 1899(m)(1)(A) of the Act, which allows ACOs to apply to operate an ACO Beneficiary Incentive Program. The Budget Act of 2018 also added a new subsection (m)(2) to section 1899 of the Act, which provides clarification regarding the general features, implementation, duration, and scope of approved ACO Beneficiary Incentive Programs. In addition, the Budget Act of 2018 added section 1899(b)(2)(I) of the Act, which requires ACOs that seek to operate a beneficiary incentive program to apply to operate the program at such time, in such manner, and with such information as the Secretary may require.[92]

In order to implement the changes set forth in section 1899(b)(2) and (m) of the Act, CMS added regulation text at 42 CFR 425.304(c) that allows ACOs participating under certain two-sided models to establish CMS-approved beneficiary incentive programs to provide incentive payments to assigned beneficiaries who receive qualifying services.

2. ACO Beneficiary Incentives Program Statutory Exception and Proposed Safe Harbor (1001.952(kk))

Section 50341(b) of the Budget Act of 2018, which added section 1128B(b)(3)(K) of the Act, states that “illegal remuneration” under the anti-kickback statute does not include “. . . an incentive payment made to a Medicare fee-for-service beneficiary by an ACO under an ACO Beneficiary Incentive Program established under subsection (m) of section 1899, if the payment is made in accordance with the requirements of such subsection and meets such other conditions as the Secretary may establish.”

We propose to codify the statutory exception to the definition of “remuneration” at section 1128B(b)(3)(K) of the Act in our regulations at proposed paragraph 1001.952(kk). We propose to adopt regulatory language nearly identical to the statutory language, with two exceptions. First, the text of the proposed safe harbor would make it clear that an ACO may furnish incentive payments only to assigned beneficiaries. Second, the safe harbor would modify the statutory language stating, “if the payment is made in accordance with the requirements of such subsection,” to “if the incentive payment is made in accordance with the requirements found in such subsection.” Note that we do not propose the establishment of any additional safe harbor conditions that incentive payments made by an ACO to an assigned beneficiary under an ACO Beneficiary Incentive Program established under section 1899(m) of the Act must satisfy.

The ACO Beneficiary Incentive Program statutory exception, found at section 1128B(b)(3)(K) of the Act, requires that “the payment is made in accordance with the requirements of [section 1899(m)].” We read this provision to broadly incorporate all of the requirements found in section 1899(m) as requirements of the ACO Beneficiary Incentive Program statutory exception to the definition of “remuneration” under the Federal anti-kickback statute. In other words, we believe that for an incentive payment to satisfy the ACO Beneficiary Incentive Program statutory exception, and the corresponding safe harbor proposed at paragraph 1001.952(kk), all of the requirements enumerated at section 1899(m)—related both to ACO Beneficiary Incentive Programs and incentive payments made pursuant to such programs—must, and would be required to, be satisfied.

While section 1899(m) of the Act also includes a provision that states, “[t]he Secretary shall permit such an ACO to establish such a program at the Secretary's discretion and subject to such requirements, including program integrity requirements, as the Secretary determines necessary,” [93] we do not interpret the statutory exception found at section 1128B(b)(3)(K) of the Act to require satisfaction of any requirements found outside of section 1899(m) (e.g., the regulatory requirements established by CMS implementing the ACO Beneficiary Incentive Program, found at 42 CFR 425.304(c)).[94] In other words, OIG interprets the statutory exception found at section 1128B(b)(3)(K) of the Act and would interpret the corresponding safe harbor proposed at paragraph 1001.952(kk), to require that the incentive payment is made in accordance with the requirements found in section 1899(m) of the Act.

Given the requirements imposed on ACO Beneficiary Incentive Programs and incentive payments made pursuant to an ACO Beneficiary Incentive Program, found in section 1899(m), at this time, we do not believe it is necessary to create additional conditions under the proposed ACO Beneficiary Incentives Program safe harbor, paragraph 1001.952(kk). However, we are considering and seek comment on whether OIG should include additional conditions in this safe harbor.

IV. Provisions of the Proposed Rule: Beneficiary Inducements CMP Exception

This proposed rule would amend 42 CFR 1003.110 by codifying amendments that were enacted in the Budget Act of 2018. This proposed rule would add an exception for the provision of certain telehealth technologies related to in-home dialysis services to the definition of “remuneration” applicable to the beneficiary inducements CMP, which prohibits offering inducements to Medicare or Medicaid beneficiaries that the offeror knows or should know are likely to influence the selection of particular providers, practitioners or suppliers.

A. Statutory Exception for Telehealth Technologies for In-Home Dialysis

As part of the Creating High-Quality Results and Outcomes Necessary to Improve Chronic Care Act of 2018, section 50302 of the Budget Act of 2018 amends section 1881(b)(3) of the Act to permit an individual with ESRD receiving home dialysis to elect to receive their monthly ESRD-related clinical assessments via telehealth, if certain other conditions are met.[95] Section 50302(c) of the Budget Act of 2018 creates a new exception to the definition of “remuneration” in the beneficiary inducements CMP. Specifically, section 50302(c) of the Budget Act of 2018 adds the following exception as new section 1128A(i)(6)(J) of the Act:

The provision of telehealth technologies (as defined by the Secretary) on or after January 1, 2019, by a provider of services or a renal dialysis facility (as such terms are defined for purposes of title XVIII) to an individual with end stage renal disease who is receiving home dialysis for which payment is being made under part B of such title, if:

(i) The telehealth technologies are not offered as part of any advertisement or solicitation;

(ii) the telehealth technologies are provided for the purpose of furnishing telehealth services related to the individual's end stage renal disease; and

(iii) the provision of the telehealth technologies meets any other requirements set forth in regulations promulgated by the Secretary.

This exception would be available only for telehealth technologies, as defined below, furnished by a provider of services or a renal dialysis facility to patients with ESRD who receive in-home dialysis that is payable by Medicare Part B. We propose to interpret this exception, in our proposed condition (i), to require that the telehealth technologies be furnished to the individual by the provider of services or the renal dialysis facility (as those terms are defined in title XVIII of the Act) that is currently providing the in-home dialysis, telehealth visits, or other ESRD care to the patient. The underlying intent of this proposed condition (i) is to prevent arrangements where providers and suppliers offer telehealth technologies to patients with whom they do not have a prior clinical relationship in an attempt to steer patients to a particular provider or supplier. We seek comment on this proposed condition (i), and in particular, any challenges this condition would create. In addition, while we are aware of the increasing proliferation of telehealth services, and the likely desire of other healthcare industry stakeholders to furnish telehealth technologies to patients receiving telehealth services, the statutory exception, and therefore, this proposal, is limited to a subset of patients receiving in-home dialysis and certain, enumerated providers in the statutory exception. We further note that the provision of telehealth technologies might qualify for protection under other existing or proposed exceptions or safe harbors, including the proposed safe harbor for patient engagement and support, paragraph 1001.952(hh). That being said, we seek comment on whether we should, for purposes of the final rule, interpret the statutory exception to apply not only to the “provider of services or the renal dialysis facility (as those terms are defined in tile XVIII of the Act),” but also suppliers, as defined in title XVIII of the Act. We solicit comments on this issue, in recognition of the underlying congressional intent and policy goals set forth in Section 50302(b) of the Budget Act of 2018: Expanding patient access to in-home dialysis care, furnished by their physician.

The first criterion included in the statutory exception provides that protected items or services may not be offered as part of any advertisement or solicitation. We are including this requirement in our proposed regulation at proposed condition (ii). As we have said in other rulemakings, we propose that stakeholders interpret the terms “advertisement” and “solicitation” consistent with their common usage in the healthcare industry.[96]

The second criterion included in the statutory exception requires the telehealth technologies to be provided for the purpose of furnishing telehealth services related to the individual's ESRD. At proposed condition (iii), we propose to interpret “for the purpose of furnishing telehealth services related to the individual's end stage renal disease” to mean that the technology contributes substantially to the provision of telehealth services related to the individual's ESRD, is not of excessive value, and is not duplicative of technology that the beneficiary already owns if that technology is adequate for the telehealth purposes. We would consider technology to be of excessive value if the retail value of the technology is substantially more than is required for the telehealth purpose. For example, if a readily available $300 smartphone would adequately run the telehealth technology, the safe harbor would not protect a donation of a $600 smartphone. To ensure that this proposed safe harbor protects the provision of telehealth technologies “for the purpose of furnishing telehealth services related to the individual's end stage renal disease” and not to induce referrals, we are also considering for the final rule, and seek comment on, a condition that would require the provider or facility to retain ownership of any hardware and make reasonable efforts to retrieve the hardware once the beneficiary no longer needs it for the permitted telehealth purposes (such that the hardware is loaned to the beneficiary).

We remain concerned that the provision of telehealth technology with substantial independent value to the beneficiary might serve to induce the beneficiary to choose a particular provider or facility. We are considering, and solicit comments about, whether the final rule should interpret “for the purpose of furnishing telehealth services related to the individual's end stage renal disease” in a more restrictive manner. For example, we are considering for the final rule and seek comments on whether the exception should protect telehealth technologies that provide the beneficiary with no more than a de minimis benefit for any purpose other than furnishing telehealth services related to the individual's ESRD. We also are considering for the final rule and seek comments on another standard that would protect telehealth technologies only when furnished predominantly for the purpose of furnishing telehealth services related to the individual's ESRD.

We propose to interpret “telehealth services related to the individual's end stage renal disease” to mean only those telehealth services paid for by Medicare Part B. CMS maintains a list of services payable under the Medicare Physician Fee Schedule when furnished via telehealth. We solicit comments on this interpretation.

The statutory exception's third criterion allows the Secretary to develop additional requirements not specified in the statutory exception and requires the Secretary to define “telehealth technologies.” Below we propose a definition of “telehealth technologies” and further enumerate requirements under the new exception to the definition of “remuneration” for the beneficiary inducements CMP.

B. Additional Proposed Conditions for the Telehealth Technologies Exception

Under proposed condition (iv), a person must not bill Federal health care programs, other payors, or individuals for the telehealth technologies, claim the value of the item or service as a bad debt for payment purposes under a Federal health care program, or otherwise shift the burden of the value of the telehealth technologies onto a Federal health care program, other payors, or individuals. This proposed requirement is designed to protect against the telehealth technologies resulting in inappropriately increased costs to Federal health care programs, other payors, and patients. In this requirement, we propose to prohibit claiming the cost of the telehealth technologies and any operational costs attendant to providing telehealth technologies as bad debt for payment purposes under Medicare or a State healthcare program or otherwise shifting the burden of the cost of the telehealth technologies and any operational costs attendant to the provision of patient incentives to Medicare, a State healthcare program, other payors, or individuals. We seek comments on this proposed condition.

C. Defining Telehealth Technologies

We propose to define “telehealth technologies” for the purposes of the definition of the term “remuneration” as set forth in 42 CFR 1003.110 and the telehealth technologies exception to section 50302(c) of the Budget Act of 2018. In proposing such definition, we consulted with CMS and solicited comments in the OIG RFI regarding how OIG should define “telehealth technologies” and if the definition should include “services.” Based on the collective input we received, we propose to adopt, as part of our definition of “telehealth technologies,” the definition of “interactive telecommunications system” found at 42 CFR 410.78. Under 42 CFR 410.78, Medicare Part B pays for covered telehealth services included on the telehealth list when furnished using an “interactive telecommunications system” if certain conditions are met. 42 CFR 410.78(a)(3) defines an “interactive telecommunications system” to mean “multimedia communications equipment that includes, at a minimum, audio and video equipment permitting two-way, real-time interactive communication between the patient and distant site physician or practitioner. Telephones, facsimile machines, and electronic mail systems do not meet the definition of an interactive telecommunications system.”

For the purposes of this exception, we propose to define “telehealth technologies” as the following: “multimedia communications equipment that includes, at a minimum, audio and video equipment permitting two-way, real-time interactive communication between the patient and distant site physician or practitioner used in the diagnosis, intervention or ongoing care management—paid for by Medicare Part B—between a patient and the remote healthcare provider. Telephones, facsimile machines, and electronic mail systems do not meet the definition of `telehealth technologies.' ” For the purposes of our definition of “telehealth technologies,” smart phones that allow for two-way, real-time interactive communication through secure, video conferencing applications would not be considered “telephones.” We solicit comments this definition, and are interested in comments that explain whether, and why, this definition would be too narrow, or too broad, and elaborate upon any attendant risks of fraud and abuse associated with the adoption of this definition. We also solicit comments on whether “[t]elephones, facsimile machines, and electronic mail systems,” as used in in 42 CFR 410.78(a)(3), should be excluded from our definition of “telehealth technologies.” We are also considering for the final rule, and seek comment on, whether to define “telehealth technologies” to include technologies such as software, a webcam, data plan, or broadband internet access that facilitates the telehealth encounter. This might include, for example, software that allows a patient to use his or her existing smartphone, tablet, or computer to receive telehealth consultations. We are interested in comments on whether and how broadening the exception to include these kinds of technologies might impact access to medically necessary care for beneficiaries. We are further interested in comments on whether such broadening would create an undue risk of remuneration that would inappropriately steer beneficiaries to particular providers or suppliers to obtain federally reimbursable items and services, and whether there would be limitations or conditions on the provision of telehealth technologies that we could include in an exception to curb potential abuses, such as a limitation on the value of the remuneration (e.g., a cap on the retail value of the telehealth technologies furnished, such as $100, $200, $500, or another amount that would be of sufficient magnitude to protect the most beneficial arrangements while also preventing the most abusive ones).

D. Other Potential Safeguards

1. Consistent Provision of Telehealth Technologies

In addition to the proposed conditions set forth above, we are considering for the final rule and seek comment on whether, as a condition of safe harbor protection, parties should be prohibited from discriminating in the offering of telehealth technologies. Such a safe harbor condition would require providers and renal dialysis facilities to provide the same telehealth technologies to any Medicare Part B eligible patient receiving in-home dialysis, or to otherwise consistently offer telehealth technologies to all patients satisfying specified, uniform criteria. This potential condition could reduce the likelihood that telehealth technologies would be offered selectively based on whether the patient generates other billable business for the provider or facility. We solicit comments on this issue. In particular, we are interested in understanding whether this proposed safeguard would limit providers of services' or renal dialysis facilities' ability to offer incentives due to the potential cost of furnishing the incentive to all qualifying patients rather than a smaller subset. Similarly, we are interested in why offering remuneration to a smaller subset of qualifying patients might be appropriate and not increase the risk of fraud and abuse.

2. Necessary Technology

For purposes of the final rule, we are considering allowing a person to furnish telehealth technologies under the safe harbor only after making a good faith determination that the individual to whom the technology is furnished does not already have the necessary telehealth technology, and that such technology is necessary for the telehealth services provided. For instance, if an application on a patient's existing phone would be sufficient, but the patient is furnished a new tablet, this would be considered duplicative or unnecessary. Should the recipient already possess technology that allows the telehealth visit to occur, we are concerned that a person may furnish additional valuable or duplicative technology for inappropriate purposes (e.g., to induce a patient to select a particular provider for in-home dialysis, or to seek other items and services from that provider). We seek comment on this potential safeguard. We also are considering, and seek comment regarding, a condition in the final rule that would require the person who furnishes the telehealth technologies to take reasonable steps to limit the use of the telehealth technologies by the individual to the telehealth services described on the Medicare telehealth list.

3. Notice to Patients

One commenter to the OIG RFI noted that patients may be confused by the technology, or the reason they are receiving a piece of technology, and unaware of costs associated with telehealth visits. We are considering adding in the final rule a condition that requires providers or facilities to provide a written explanation of the reason for the technology and any potential “hidden” costs associated with the telehealth services to any patient who elects to receive telehealth technology. We solicit comments on these perceived risks to patients, and whether to include a written notice requirement in the final rule, and if so, what that notice should state.

4. Patient Freedom of Choice

We also are considering finalizing a condition that is designed to preserve patient freedom of choice among healthcare providers and the manner in which he or she receives dialysis services under arrangements that would use the proposed exception. In particular, we are considering a condition in the exception that would require offerors of telehealth technologies to advise patients when they receive such technology that they retain the freedom to choose any provider or supplier of dialysis services and to receive dialysis in any appropriate setting. We are also concerned that some patients may be persuaded to opt for telehealth visits due to the generous telehealth technologies and services being offered, rather than clinical appropriateness. We solicit comments on including this potential safeguard, and whether adding freedom of choice language to a patient notification would reduce this concern.

5. Materials and Records Requirement

The proposed exception would not include a materials and records or other documentation requirement given the somewhat narrow scope of the remuneration that would be excepted from the definition of “remuneration” and consistent with other exceptions to the definition of “remuneration” set forth in 42 CFR 1003.110. We solicit comments on this approach and any fraud and abuse risks presented by not including a condition related to materials and records.

V. Regulatory Impact Statement

As set forth below, we have examined the impact of this proposed rule as required by Executive Order 12866, the Regulatory Flexibility Act (RFA) of 1980, the Unfunded Mandates Reform Act of 1995, Executive Order 13132, and Executive Order 13771. We provide additional supporting analyses in sections F, G, and H.

A. Executive Order 12866

Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and if regulations are necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects; distributive impacts; and equity). A regulatory impact analysis must be prepared for major rules with economically significant effects (i.e., $100 million or more in any given year). This proposed rule would codify a new CMP exception and implement new or revised anti-kickback statute safe harbors. The vast majority of providers and Federal health care programs would be minimally impacted from an economic perspective, if at all, by these proposed revisions. The changes to the safe harbors and CMP exceptions would allow providers to enter into certain beneficial arrangements. In doing so, this regulation would impose no requirements on any party. Providers would be allowed to voluntarily seek to comply with these provisions so that they would have assurance that participating in certain arrangements would not subject them to liability under the anti-kickback statute and the beneficiary inducements CMP. These safe harbors and exceptions facilitate providers' ability to provide important healthcare and related services to communities in need. We believe that the aggregate economic impact of the changes to these regulations would be minimal and would have no effect on the economy or on Federal or State expenditures. Accordingly, we believe that the likely aggregate economic effect of these regulations would be significantly less than $100 million. However, this rule is considered significant under Executive Order 12866. Notwithstanding our determination that the aggregate economic impact of the changes to these regulations would be minimal and would have no effect on the economy or on Federal or State expenditures, we solicit comments on whether stakeholders believe there would be increases or decreases in utilization or costs savings or expenses to the Government as a result of this proposed rule. We are interested in potential behavioral changes as well.

B. Regulatory Flexibility Act

The RFA and the Small Business Regulatory Enforcement and Fairness Act of 1996, which amended the RFA, require agencies to analyze options for regulatory relief of small businesses. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and Government agencies. Most providers are considered small entities by having revenues of $7 million to $35.5 million or less in any one year. For purposes of the RFA, most physicians and suppliers are considered small entities. We estimate the changes to the CMP exceptions and the anti-kickback statute safe harbors would not significantly affect small providers, as these changes would not impose any requirement on any party. As a result, we have concluded that this proposed rule likely will not have a significant impact on a substantial number of small providers and that a regulatory flexibility analysis is not required for this rulemaking. In addition, section 1102(b) of the Act requires us to prepare a regulatory impact analysis if a rule under Titles XVIII or XIX or section B of Title XI of the Act may have a significant impact on the operations of a substantial number of small rural hospitals. For the reasons stated above, we do not believe that any provisions or changes finalized here would have a significant impact on the operations of rural hospitals. Thus, an analysis under section 1102(b) of the Act is not required for this rulemaking.

C. Unfunded Mandates Reform Act

Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104-4, also requires that agencies assess anticipated costs and benefits before issuing any rule that may result in expenditures in any one year by State, local, or Tribal Governments, in the aggregate, or by the private sector, of $100 million, adjusted for inflation. We believe that no significant costs would be associated with these proposed revisions that would impose any mandates on State, local, or Tribal Governments or the private sector that would result in an expenditure of $154 million (after adjustment for inflation) in any given year.

D. Executive Order 13132

Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a rule that imposes substantial direct requirements or costs on State and local Governments, preempts State law, or otherwise has Federalism implications. In reviewing this rule under the threshold criteria of Executive Order 13132, we have determined that this proposed rule would not significantly affect the rights, roles, and responsibilities of State or local Governments.

E. Executive Order 13771

Executive Order 13771 (January 30, 2017) requires that the costs associated with significant new regulations “to the extent permitted by law, be offset by the elimination of existing costs associated with at least two prior regulations.” This proposed rule has been designated a significant regulatory action as defined by Executive Order 12866 but imposes no more than de minimis costs. The designation of this rule, if finalized, will be informed by public comments received; however, this proposed rule, if finalized as proposed, would be neither a regulatory nor a deregulatory action under Executive Order 13771.

F. Statement of Need

The Department has identified the broad reach of the Federal anti-kickback statute and beneficiary inducements CMP as potentially inhibiting beneficial arrangements that would advance the ability of providers, suppliers, and others to transition more effectively and efficiently to value-based care and to better coordinate care among providers, suppliers, and others in both the Federal health care programs and commercial sectors. Industry stakeholders have informed us that, because the consequences of potential noncompliance with the Federal anti-kickback statute and beneficiary inducements CMP could be significant, providers, suppliers, and others may be discouraged from entering into innovative arrangements that could improve quality outcomes, produce health system efficiencies, and lower healthcare costs (or slow their rate of growth). To the extent providers are discouraged from entering into these innovative arrangements, patient care may not be provided as efficiently as possible. In addition, the potential consequences of noncompliance with these statutes may impede the ability of providers, suppliers, and others, including small providers and suppliers or those serving rural or medically underserved populations, to raise capital to invest in the transition to value-based care or to obtain infrastructure necessary to coordinate patient care, including technology. This unnecessarily slows the transition toward more efficient patient care. This proposed rule attempts to address these concerns by removing unnecessary impediments to the transformation of the healthcare system into one that better pays for and delivers value.

To remove regulatory barriers to care coordination and support value-based arrangements, we faced the challenge of designing safe harbor protections for emerging healthcare arrangements, the optimal form, design, and efficacy of which remain unknown or unproven. These arrangements will be driven by the determinations and experiences of a wide range of providers, suppliers, and others as they innovate in delivering value-based care. This challenge is further complicated by the substantial variation in care coordination and value-based arrangements contemplated by the healthcare industry and others (meaning that one-size-fits-all safe harbor designs may not be optimal), variation among patient populations and provider characteristics, emerging health technologies and data capabilities, the still-developing science of quality and performance measurement, and our desire not to chill beneficial innovations.

It is difficult to gauge the effects of this regulatory action in a rapidly evolving and diverse healthcare ecosystem of substantial innovation, experimentation, and deployment of technology and digital data. For example, it is difficult to gauge reductions in wasteful healthcare spending and improved health outcomes as a result of new arrangements made possible by this proposed rule. It is also difficult to quantify savings or losses that could occur as a result of new fraudulent or abusive conduct that could increase costs or lead to poor outcomes as a result of new arrangements. In some cases, innovations and the availability of more actionable, transparent data may enhance program integrity and protect against fraud and abuse, reducing costs and increasing benefits. There is a compelling concern that uncertainty and regulatory barriers under current regulations could prevent the best and most efficacious innovations from emerging and being tested in the marketplace. Our goal is to finalize safe harbors that protect arrangements that foster beneficial arrangements and promote value, while also protecting programs and beneficiaries against harms cause by fraud and abuse.

G. Anticipated Effects

This proposed rule would add a new CMP exception and anti-kickback statute safe harbors and modify existing anti-kickback statute safe harbors. Specifically, we propose to add several new safe harbor protections for certain value-based arrangements, including care coordination arrangements, arrangements with varying levels of downside financial risk, as well as outcomes-based payment arrangements, and protection for certain remuneration provided to Federal health care program beneficiaries in the form of incentives and supports.

We anticipate that the proposed rule would have potential relevance to the majority of the types of providers and suppliers participating in Federal health care programs and others in commercial sectors, as well as the Federal health care programs and Federal health care program beneficiaries. We note that certain categories of providers, suppliers, and others are not eligible to use the proposed rule: Pharmaceutical manufacturers; manufacturers, distributors, and suppliers of DMEPOS; and laboratories. To estimate the number of providers and suppliers affected by this rule, we use US Census data. According to the US Census, there were 7,370 medical, dental, and hospital equipment and supplies merchant wholesaler firms; 482,522 ambulatory healthcare service firms; 3,293 hospital firms; and 9,153 nursing care facility firms operating in the US in 2015.[97] We request public comment on the entities affected by the rule.

We anticipate that a growing proportion of such providers and suppliers would be interested in reviewing and using these voluntary rules over time. Because compliance with safe harbors and CMP exceptions is voluntary and an arrangement need not fit in a safe harbor or exception to be legal, we anticipate that not all providers and suppliers would review the new regulations and use them. We estimate that 5 percent of affected entities that would be eligible to use the proposed rules may be interested in exploring value-based arrangements made possible by the rule in each of the first 10 years following publication of the final rule, leading those entities to review the rule. We estimate that reviewing the final rule will require an average of one hour of time each from a compliance officer and a lawyer. To estimate the costs associated with this review, we use a 2018 wage rate of $34.86 for compliance officers and $69.34 for lawyers from the Bureau of Labor Statistics,[98] and we double those wages to account for overhead and benefits. As a result, we estimate total regulatory review costs of $5.2 million in each of the first 10 years following finalization of the rule. We note that these costs are divided among approximately 25,000 entities each year, and therefore should be considered de minimis from the perspective of affected entities. We seek public comment on these assumptions.

The Department does not collect data regarding the number of providers, suppliers, and other individuals and entities that have entered into an arrangement that meets an existing safe harbor. Compliance with safe harbors is voluntary, and generally the question whether an arrangement complies with a safe harbor arises in the context of a defense raised by a defendant in an enforcement matter. Therefore, we cannot quantify with certainty the number of arrangements or number of healthcare providers, suppliers, and others who may avail themselves of these protections. For this reason, it is difficult, if not impossible, to assess the costs and benefits of these proposals, and to estimate changes in the number of arrangements that meet new or existing safe harbors. We seek public comment on the effect of this rule on changes in the number of agreements or arrangements that meet new or existing safe harbors.

Many affected providers and suppliers currently incur costs related to structuring arrangements to comply with existing fraud and abuse laws. While these proposals may not result in a reduction in compliance-related costs, we do not expect this rulemaking to increase total incremental costs. Rather, we expect that providers and suppliers interested in taking advantage of these new arrangements in order to more efficiently deliver care will shift resources currently devoted to complying with existing requirements to create and analyze new arrangements under these proposals. By way of example only, should a hospital expend resources to review—from a Federal anti-kickback statute perspective—a financial arrangement with a skilled nursing facility, any newly promulgated or revised safe harbors would be unlikely to change the amount of resources necessary to conduct such a review. As another example, should a hospital already document—by a written agreement—any financial arrangement with a skilled nursing facility, any newly promulgated or revised safe harbors would be unlikely to change the amount of resources necessary to enter into that written agreement. We seek public comment on these assumptions.

We also propose to add or revise safe harbor protections under the Federal anti-kickback statute for donations of cybersecurity technology, EHR arrangements, warranties, and local transportation. The new proposed safe harbor for cybersecurity technology and related services would be available to any provider, supplier, or other individual or entity. We expect broad use of this proposed safe harbor, with reduced costs for smaller and less well-equipped providers and overall savings for the national health system in reduced costs from cyberattacks, ransomware, and similar threats. Proposed modifications to the EHR safe harbor are modest and would clarify that protection for certain cybersecurity technology is included as part of an electronic health records arrangement, update provisions regarding interoperability to align with newer CMS and ONC standards in a manner that is not expected to increase costs as a result of this rulemaking and remove the sunset date. The EHR safe harbor would continue to be available to health plans and any individuals or entities, other than laboratories, that provide services covered by, and submit claims or requests for payment to, a Federal health care program. We would expect the same entities that are currently using the EHR safe harbor to continue to use the safe harbor with minimal, if any, additional regulatory review or compliance costs above current levels. We seek public comment on these assumptions.

We propose to modify the existing local transportation safe harbor slightly to expand mileage limits for rural areas and for transportation for discharged patients. This would primarily expand protection under the AKS for hospitals and physician practices in rural areas voluntarily to transport patients to necessary medical appointments or to their homes following a hospital stay. We anticipate no incremental regulatory costs to hospitals or others from the proposed rule, which changes only the distance traveled and no other regulatory requirements. This safe harbor would continue to be available only to established patients and eligible entities, which do not include individuals or entities (or family members or others acting on their behalf) that primarily supply healthcare items.

Further, the proposed rule would add a new safe harbor to protect certain arrangements and patient incentives provided by and among parties participating in CMS-sponsored models. CMS and OIG collectively, and OIG individually, have issued fraud and abuse waivers for 14 of these models. This proposed safe harbor would reduce the need for issuance of waivers, saving OIG 1,040 employee hours per year.

We expect that CMS, including the Innovation Center, will continue to test these models and others in the future. The purpose of this safe harbor is to streamline participation in existing and future CMS-sponsored models to reduce complexity and the administrative burden on participants that seek protection under the fraud and abuse laws while participating in a CMS-sponsored model. Although we cannot calculate the number of arrangements that CMS-sponsored model participants and CMS-sponsored model parties would undertake in the future, we expect this proposal would reduce the burden of documentation and the time, effort, and financial resources necessary to implement CMS-sponsored model arrangements and to provide CMS-sponsored model patient incentives. The proposal also would result in uniform requirements under the anti-kickback statute and beneficiary inducements CMP for those models that qualify, further reducing burden on entities, such as hospitals and physician practices, that participate in multiple models that currently have different conditions for each waiver. We seek public comment on the extent to which these provisions will affect these models.

Finally, the proposed rule would add a new safe harbor related to beneficiary incentives under the Medicare Shared Savings Program and a new CMP exception for certain telehealth technologies offered to patients receiving in-home dialysis, pursuant to the Budget Act of 2018. Although we cannot calculate the number of ACOs and their participants who would enter into arrangements that may qualify for protection under this safe harbor, we believe that this regulatory action would not create incremental costs for ACOs because it would reduce the amount of compliance resources ACOs currently use to provide beneficiary incentives. For example, we believe this action would reduce time, effort, and financial resources ACOs typically would incur to provide these beneficiary incentives under the applicable fraud and abuse waivers. We believe that the proposed telehealth technologies exception would reduce barriers to the use of in-home dialysis and could encourage increased use of home dialysis for beneficiaries. This could result in increased use of in-home dialysis for patients who would benefit relative to other treatment options. Ultimately, this could result in improved quality of care for beneficiaries with end-stage renal disease and overall cost savings to Federal health care programs because dialysis providers will have certainty that their arrangements will not result in CMP liability. This will also reduce burden by eliminating unnecessary travel costs for patients where in-home dialysis is more appropriate. We do not anticipate that this proposed rule will add any incremental costs to the regulatory costs dialysis providers already incur to comply with the new program rules under the Budget Act of 2018 because our requirements closely track CMS program rules. We seek public comment on the proposed rule's effects on in-home dialysis.

Given the information we have, including comments we received from the OIG RFI, we believe these proposals present the best approach to removing potential barriers to designing care coordination and other value-based arrangements that result in greater efficiency and improved care outcomes, while minimizing the potential for the costs associated with fraud, waste, and abuse. We believe that the proposed rule would, on average, result in a net benefit to the healthcare industry, beneficiaries, and Federal health care programs and could alleviate the concerns expressed above. We believe there would be no incremental costs to providers and suppliers that already spend resources reviewing arrangements for compliance with fraud and abuse laws. Moreover, by adding flexibility to engage in certain innovative business arrangements without risk of liability under the statutes, we believe that these proposed regulations reduce the stringency of the existing regulatory scheme as it would otherwise apply to certain value-based arrangements; in addition, by offering new pathways to protect value-based arrangements, the proposed regulations would reduce inefficient behaviors, particularly industry behaviors that drive volume-based healthcare.

We would benefit from public input and information during the comment period regarding whether these proposals likely would have a net benefit on the industry and whether different or modified proposals would better facilitate the goals outlined in this proposed rule.

H. Alternatives Considered

We carefully considered the option of not pursuing regulatory action. However, based on comments to the OIG RFI, responses to OIG's annual Solicitation of New Safe Harbors and Special Fraud Alerts, and other industry feedback, we believe a need for regulatory reform exists in order to provide stakeholders with the flexibility necessary for innovative care delivery and payment redesign.

We also considered several other alternative approaches to the proposed safe harbors, revisions to safe harbors, and proposed exception as explained in great detail in the preceding preamble. For example, our proposals endeavor to distinguish between beneficial care coordination arrangements and payment-for-referral schemes that do not serve, and may be contrary to, the goals of coordinated care and the shift to value. We considered, and would benefit from public comment on, the benefits of our proposals and efficient ways we may distinguish payments to reward or induce referrals from remuneration provided to promote or support legitimate care coordination activities.

We also considered not using the value-based terms, definitions, and framework for proposed safe harbors (ee), (ff), (gg), and (hh), but we concluded that the fraud and abuse risks of protecting arrangements without the guardrails created by the value-based framework were too high. We believe these risks are significant because our proposed safe harbors in (ee) and (hh) could potentially protect arrangements under which providers and suppliers are paid on a fee-for-service basis by Medicare, which rewards the volume of services performed and items furnished.

VI. Paperwork Reduction Act

This document does not impose information collection and recordkeeping requirements. Consequently, it need not be reviewed by the Office of Management and Budget under the authority of the Paperwork Reduction Act of 1995.

List of Subjects

42 CFR Part 1001

  • Administrative practice and procedure
  • Fraud
  • Grant programs—health
  • Health facilities
  • Health professions
  • Maternal and child health
  • Medicaid
  • Medicare
  • Social Security

42 CFR Part 1003

  • Fraud
  • Grant programs—health
  • Health facilities
  • Health professions
  • Medicaid
  • Reporting and recordkeeping

For the reasons set forth in the preamble, the Office of Inspector General, Department of Health and Human Services, proposes to amend 42 CFR parts 1001 and 1003 as follows:

PART 1001—PROGRAM INTEGRITY—MEDICARE AND STATE HEALTH CARE PROGRAMS

1. The authority citation for part 1001 continues to read as follows:

Authority: 42 U.S.C. 1302, 1320a-7, 1320a-7a, 1320a-7b, 1320a-7d, 1395u(j), 1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e), 1395cc(b)(2)(D), (E) and (F), and 1395hh; and sec. 2455, Pub. L. 103-355, 108 Stat. 3327 (31 U.S.C. 6101 note).

2. Section 1001.952 is amended by:

a. Revising paragraphs (d), (g) introductory text, (g)(1), (g)(3)(i), and (g)(4);

b. Adding paragraphs (g)(5) and (6) before the undesignated text at the end of paragraph (g);

c. Designating the undesignated text at the end of paragraph (g) as paragraph (g)(7) and revising it;

d. Revising paragraph (y) introductory text, the second sentence of paragraph (y)(2), and paragraph (y)(3);

e. Removing and reserving paragraphs (y)(7) and (13);

f. Designating the note to paragraph (y) as paragraph (y)(14) and revising it;

g. Revising paragraphs (bb)(1)(iv)(B) and (bb)(2)(iii);

h. Designating the note to paragraph (bb) as paragraph (bb)(3) and revising it;

i. Adding reserved paragraphs (cc) and (dd); and

j. Adding paragraphs (ee), (ff), (gg), (hh), (ii), (jj), and (kk).

The revisions and additions read as follows:

Exceptions.
* * * * *

(d) Personal services and management contracts and outcomes-based payment arrangements.

(1) As used in section 1128B of the Act, “remuneration” does not include any payment made by a principal to an agent as compensation for the services of the agent, as long as all of the following standards are met:

(i) The agency agreement is set out in writing and signed by the parties.

(ii) The agency agreement covers all of the services the agent provides to the principal for the term of the agreement and specifies the services to be provided by the agent.

(iii) The term of the agreement is not less than 1 year.

(iv) The methodology for determining the compensation paid to the agent over the term of the agreement is set in advance, is consistent with fair market value in arm's-length transactions and is not determined in a manner that takes into account the volume or value of any referrals or business otherwise generated between the parties for which payment may be made in whole or in part under Medicare, Medicaid, or other Federal health care programs.

(v) The services performed under the agreement do not involve the counseling or promotion of a business arrangement or other activity that violates any State or Federal law.

(vi) The aggregate services contracted for do not exceed those which are reasonably necessary to accomplish the commercially reasonable business purpose of the services.

(2) As used in section 1128B of the Act, “remuneration” does not include any outcomes-based payment as long as all of the standards in paragraphs (d)(2)(i) through (ix) of this section are met:

(i) The outcomes-based payment is made between or among parties that are collaborating to:

(A) Measurably improve (or maintain improvement in) quality of patient care; or

(B) Appropriately and materially reduce costs to, or growth in expenditures of, payors while improving, or maintaining the improved, quality of care for patients.

(ii) To receive an outcomes-based payment, the agent satisfies one or more specific evidence-based, valid outcome measures that are:

(A) Related to:

(1) Measurably improving, or maintaining the improved, quality of patient care;

(2) Appropriately and materially reducing costs to, or growth in expenditures of, payors while improving, or maintaining the improved quality of care for patients; or

(3) Both; and

(B) Selected based upon clinical evidence or credible medical support.

(iii) The methodology for determining the aggregate compensation (including any outcomes-based payments) paid between or among the parties over the term of the agreement is: Set in advance; commercially reasonable; consistent with fair market value; and not determined in a manner that directly takes into account the volume or value of any referrals or business otherwise generated between the parties for which payment may be made in whole or in part by a Federal health care program.

(iv) The agreement neither limits any party's ability to make decisions in their patients' best interest nor induces any party to reduce or limit medically necessary items or services.

(v) The term of the agreement is not less than 1 year.

(vi) The services performed under the agreement do not involve the counseling or promotion of a business arrangement or other activity that violates any State or Federal law.

(vii) For each outcome measure under the agreement, the parties:

(A) Regularly monitor and assess the agent's performance, including the impact of the outcomes-based payment arrangement on patient quality of care; and

(B) Periodically rebase during the term of the agreement, to the extent applicable.

(viii) The parties set forth in a signed writing, in advance of, or contemporaneous with, the commencement of the terms of the outcomes-based payment arrangement. The writing states, at a minimum: The services to be performed by the parties for the term of the agreement; the outcome measure(s) the agent must satisfy to receive an outcomes-based payment; the clinical evidence or credible medical support relied upon by the parties to select the outcome measure(s); and the schedule for the parties to regularly monitor and assess the outcome measure(s).

(ix) The principal has policies and procedures to promptly address and correct identified material performance failures or material deficiencies in quality of care resulting from the outcomes-based payment arrangement.

(3) For purposes of this paragraph (d):

(i) An agent of a principal is any person, other than a bona fide employee of the principal, who has an agreement to perform services for, or on behalf of, the principal.

(ii) Outcomes-based payments are limited to payments from a principal to an agent that:

(A) Reward the agent for improving (or maintaining improvement in) patient or population health by achieving one or more outcome measures that effectively and efficiently coordinate care across care settings; or

(B) Achieve one or more outcome measures that appropriately reduce payor costs while improving, or maintaining the improved quality of care for patients.

(iii) Outcomes-based payments exclude any payments:

(A) Made, directly or indirectly, by a pharmaceutical manufacturer; a manufacturer, distributor, or supplier of durable medical equipment, prosthetics, orthotics, or supplies; or a laboratory; or

(B) That relate solely to the achievement of internal cost savings for the principal.

* * * * *

(g) Warranties. As used in section 1128B of the Act, “remuneration” does not include any payment or exchange of anything of value under a warranty provided by a manufacturer or supplier of one or more items and services (provided the warranty covers at least one item) to the buyer (such as a healthcare provider or beneficiary) of the items and services, as long as the buyer complies with all of the following standards in paragraphs (g)(1) and (2) of this section and the manufacturer or supplier complies with all of the following standards in paragraphs (g)(3) through (6) of this section:

(1) The buyer (unless the buyer is a Federal health care program beneficiary) must fully and accurately report any price reduction of an item or service (including a free item or service) that was obtained as part of the warranty, in the applicable cost reporting mechanism or claim for payment filed with the Department or a State agency.

* * * * *

(3) * * *

(i) The manufacturer or supplier must fully and accurately report any price reduction of an item or service (including free items and services) that the buyer obtained as part of the warranty on the invoice or statement submitted to the buyer and inform the buyer of its obligations under paragraphs (g)(1) and (2) of this section.

* * * * *

(4) The manufacturer or supplier must not pay any remuneration to any individual (other than a beneficiary) or entity for any medical, surgical, or hospital expense incurred by a beneficiary other than for the cost of the items and services subject to the warranty.

(5) If a manufacturer or supplier offers a warranty for more than one item or one or more items and related services, the federally reimbursable items and services subject to the warranty must be reimbursed by the same Federal health care program and in the same Federal health care program payment.

(6) The manufacturer or supplier must not condition a warranty on a buyer's exclusive use of, or a minimum purchase of, any of the manufacturer's or supplier's items or services.

(7) For purposes of this paragraph (g), the term warranty means:

(i) Any written affirmation of fact or written promise made in connection with the sale of an item or bundle of items, or services in combination with one or more related items, by a manufacturer or supplier to a buyer, which affirmation of fact or written promise relates to the nature of the quality or workmanship and affirms or promises that such quality or workmanship is defect free or will meet a specified level of performance over a specified period of time;

(ii) Any undertaking in writing in connection with the sale by a manufacturer or supplier of an item or bundle of items, or services in combination with one or more related items, to refund, repair, replace, or take other remedial action with respect to such item or bundle of items in the event that such item or bundle of items, or services in combination with one or more related items, fails to meet the specifications set forth in the undertaking, which written affirmation, promise, or undertaking becomes part of the basis of the bargain between a seller and a buyer for purposes other than resell of such item or bundle of items; or

(iii) A manufacturer's or supplier's agreement to replace another manufacturer's or supplier's defective item or bundle of items (which is covered by an agreement made in accordance with this paragraph (g)), on terms equal to the agreement that it replaces.

* * * * *

(y) Electronic health records items and services. As used in section 1128B of the Act, “remuneration” does not include nonmonetary remuneration (consisting of items and services in the form of software or information technology and training services, including certain cybersecurity software and services) necessary and used predominantly to create, maintain, transmit, receive, or protect electronic health records, if all of the conditions in paragraphs (y)(1) through (13) of this section are met:

* * * * *

(2) * * * For purposes of this paragraph (y)(2), software is deemed to be interoperable if, on the date it is provided to the recipient, it is certified by a certifying body authorized by the National Coordinator for Health Information Technology to electronic health record certification criteria identified in 45 CFR part 170.

(3) The donor (or any person on the donor's behalf) does not engage in a practice constituting information blocking, as defined in 45 CFR part 171, in connection with the donated items or services.

* * * * *

(7) [Reserved]

* * * * *

(13) [Reserved]

* * * * *

(14) For purposes of this paragraph (y), the following definitions apply:

(i) Cybersecurity means the process of protecting information by preventing, detecting, and responding to cyberattacks;

(ii) Health plan shall have the meaning set forth at § 1001.952(l)(2);

(iii) Interoperable shall mean able to:

(A) Securely exchange data with, and use data from other health information technology without special effort on the part of the user;

(B) Allow for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and

(C) Does not constitute information blocking as defined in 45 CFR part 171; and

(iv) Electronic health record shall mean a repository of electronic health information that:

(A) Is transmitted by or maintained in electronic media; and

(B) Relates to the past, present, or future health or condition of an individual or the provision of healthcare to an individual.

* * * * *

(bb) * * *

(1) * * *

(iv) * * *

(B) Within 25 miles of the healthcare provider or supplier to or from which the patient would be transported, or within 75 miles if the patient resides in a rural area, as defined in this paragraph (bb), except that, if the patient is being discharged from an inpatient facility and transported to the patient's residence, or another residence of the patient's choice, the mileage limits in this paragraph (bb)(1)(iv)(B) shall not apply; and

* * * * *

(2) * * *

(iii) The eligible entity makes the shuttle service available only within the eligible entity's local area, meaning there are no more than 25 miles from any stop on the route to any stop at a location where healthcare items or services are provided, except that if a stop on the route is in a rural area, the distance may be up to 75 miles between that stop and any providers or suppliers on the route;

* * * * *

(3) For purposes of this paragraph (bb), the following definitions apply:

(i) An eligible entity is any individual or entity, except for individuals or entities (or family members or others acting on their behalf) that primarily supply healthcare items;

(ii) An established patient is a person who has selected and initiated contact to schedule an appointment with a provider or supplier, or who previously has attended an appointment with the provider or supplier;

(iii) A shuttle service is a vehicle that runs on a set route, on a set schedule;

(iv) A rural area is an area that is not an urban area, as defined in paragraph (bb)(3)(v) of this section; and

(v) An urban area is:

(A) A Metropolitan Statistical Area (MSA) or New England County Metropolitan Area (NECMA), as defined by the Executive Office of Management and Budget; or

(B) The following New England counties, which are deemed to be parts of urban areas under section 601(g) of the Social Security Amendments of 1983 (Pub. L. 98-21, 42 U.S.C. 1395ww (note)): Litchfield County, Connecticut; York County, Maine; Sagadahoc County, Maine; Merrimack County, New Hampshire; and Newport County, Rhode Island.

(cc)-(dd) [Reserved]

(ee) Care coordination arrangements to improve quality, health outcomes, and efficiency. As used in section 1128B of the Act, “remuneration” does not include the exchange of anything of value pursuant to a value-based arrangement if all of the standards in paragraphs (ee)(1) through (12) of this section are met:

(1) The VBE participants establish one or more specific evidence-based, valid outcome measures against which the recipient will be measured and which the parties reasonably anticipate will advance the coordination and management of care of the target patient population.

(2) The value-based arrangement is commercially reasonable, considering both the arrangement itself and all value-based arrangements within the VBE.

(3) In advance of, or contemporaneous with, the commencement of the value-based arrangement or any material change to the value-based arrangement, the offeror of the remuneration and any recipient(s) of such remuneration have set forth the terms of the value-based arrangement in a signed writing. The writing states, at a minimum:

(i) The value-based activities to be undertaken by the parties to the value-based arrangement;

(ii) The term of the value-based arrangement;

(iii) The target patient population;

(iv) A description of the remuneration;

(v) The offeror's cost for the remuneration;

(vi) The percentage of the offeror's cost contributed by the recipient;

(vii) If applicable, the frequency of the recipient's contribution payments for ongoing costs; and

(viii) The specific evidence-based, valid outcome measure(s) against which the recipient will be measured.

(4) The remuneration exchanged:

(i) Is in-kind;

(ii) Is used primarily to engage in value-based activities that are directly connected to the coordination and management of care for the target patient population;

(iii) Does not induce VBE participants to furnish medically unnecessary items or services or reduce or limit medically necessary items or services furnished to any patient; and

(iv) Is not funded by, and does not otherwise result from the contributions of, any individual or entity outside of the applicable VBE.

(5) The offeror of the remuneration does not take into account the volume or value of, or condition the remuneration on:

(i) Referrals of patients who are not part of the target patient population; or

(ii) Business not covered under the value-based arrangement.

(6) The recipient pays at least 15 percent of the offeror's cost for the in-kind remuneration. If a one-time cost, the recipient makes such contribution in advance of receiving the in-kind remuneration. If an ongoing cost, the recipient makes such contribution at reasonable, regular intervals.

(7) The value-based arrangement:

(i) Is directly connected to the coordination and management of care of the target patient population;

(ii) Does not place any limitation on VBE participants' ability to make decisions in the best interest of their patients;

(iii) Does not direct or restrict referrals to a particular provider, practitioner, or supplier if:

(A) A patient expresses a preference for a different practitioner, provider, or supplier;

(B) The patient's payor determines the provider, practitioner, or supplier; or

(C) Such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act; and

(iv) Does not include marketing to patients of items or services or engaging in patient recruitment activities.

(8) The VBE, a VBE participant in the value-based arrangement acting on the VBE's behalf, or the VBE's accountable body or responsible person monitors and assesses, and reports such monitoring and assessment to the VBE's accountable body or responsible person as applicable, no less frequently than annually or at least once during the term of the value-based arrangement for arrangements with terms of less than 1 year:

(i) The coordination and management of care for the target population in the value-based arrangement;

(ii) Any deficiencies in the delivery of quality care under the value-based arrangement; and

(iii) Progress toward achieving the evidence-based, valid outcome measure(s) in the value-based arrangement.

(9) The parties terminate the arrangement within 60 days if the VBE's accountable body or responsible person determines that the value-based arrangement:

(i) Is unlikely to further the coordination and management of care for the target patient population;

(ii) Has resulted in material deficiencies in quality of care; or

(iii) Is unlikely to achieve the evidence-based, valid outcome measure(s).

(10) The offeror does not, and should not, know that the remuneration is likely to be diverted, resold, or used by the recipient for an unlawful purpose.

(11) The VBE or VBE participant makes available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this paragraph (ee).

(12) For purposes of this paragraph (ee), the following definitions apply:

(i) Coordination and management of care (or coordinating and managing care) means, for purposes of the anti-kickback statute safe harbors at § 1001.952, the deliberate organization of patient care activities and sharing of information between two or more VBE participants or VBE participants and patients, tailored to improving the health outcomes of the target patient population, in order to achieve safer and more effective care for the target patient population.

(ii) Target patient population means an identified patient population selected by the VBE or its VBE participants using legitimate and verifiable criteria that:

(A) Are set out in writing in advance of the commencement of the value-based arrangement; and

(B) Further the value-based enterprise's value-based purpose(s).

(iii) Value-based activity

(A) Means any of the following activities, provided that the activity is reasonably designed to achieve at least one value-based purpose of the value-based enterprise:

(1) The provision of an item or service;

(2) The taking of an action; or

(3) The refraining from taking an action.

(B) Does not include the making of a referral.

(iv) Value-based arrangement means an arrangement for the provision of at least one value-based activity for a target patient population between or among:

(A) The value-based enterprise and one or more of its VBE participants; or

(B) VBE participants in the same value-based enterprise.

(v) Value-based enterprise or VBE means two or more VBE participants:

(A) Collaborating to achieve at least one value-based purpose;

(B) Each of which is a party to a value-based arrangement with the other or at least one other VBE participant in the value-based enterprise;

(C) That have an accountable body or person responsible for financial and operational oversight of the value-based enterprise; and

(D) That have a governing document that describes the value-based enterprise and how the VBE participants intend to achieve its value-based purpose(s).

(vi) Value-based enterprise participant or VBE participant means an individual or entity that engages in at least one value-based activity as part of a value-based enterprise. VBE participant does not include a pharmaceutical manufacturer; a manufacturer, distributor, or supplier of durable medical equipment, prosthetics, orthotics, or supplies; or a laboratory.

(vii) Value-based purpose means:

(A) Coordinating and managing the care of a target patient population;

(B) Improving the quality of care for a target patient population;

(C) Appropriately reducing the costs to, or growth in expenditures of, payors without reducing the quality of care for a target patient population; or

(D) Transitioning from healthcare delivery and payment mechanisms based on the volume of items and services provided to mechanisms based on the quality of care and control of costs of care for a target patient population.

(ff) Value-based arrangements with substantial downside financial risk. As used in section 1128B of the Act, “remuneration” does not include the exchange of payments or anything of value between a VBE and a VBE participant pursuant to a value-based arrangement if all of the standards in paragraphs (ff)(1) through (8) of this section are met:

(1) The VBE (directly or through a VBE participant acting on the VBE's behalf) has assumed (or is contractually obligated to assume in the next 6 months) substantial downside financial risk (as defined in this paragraph (ff)) from a payor for providing or arranging for the provision of items and services for a target patient population.

(2) Under the value-based arrangement, the VBE participant meaningfully shares in the VBE's substantial downside financial risk for providing or arranging for the provision of items and services for the target patient population. For purposes of this paragraph (ff), a VBE participant meaningfully shares in the VBE's substantial downside financial risk if the value-based arrangement provides that the VBE participant is subject to risk under one of the following three methodologies:

(i) A risk-sharing payment pursuant to which the VBE participant is at risk for 8 percent of the amount for which the VBE is at risk under its agreement with the applicable payor;

(ii) A partial or full capitation payment or similar payment methodology, excluding the Medicare inpatient prospective payment system or other like payment methodology; or

(iii) In the case of a VBE participant that is a physician, a payment that meets the requirements of the regulatory exception for value-based arrangements with meaningful downside financial risk at § 411.357(aa)(2) of this title.

(3) The remuneration provided by, or shared among, the VBE and VBE participant:

(i) Is used primarily to engage in value-based activities that are directly connected to the items and services for which the VBE is at substantial downside financial risk and that are set forth in writing pursuant to paragraph(ff)(4) of this section;

(ii) Is directly connected to one or more of the VBE's value-based purposes, at least one of which must be the coordination and management of care for the target patient population;

(iii) Does not induce VBE participants to reduce or limit medically necessary items or services furnished to any patient;

(iv) Does not include the offer or receipt of an ownership or investment interest in an entity or any distributions related to such ownership or investment interest; and

(v) Is not funded by, and does not otherwise result from the contributions of, any individual or entity outside of the VBE.

(4) In advance of, or contemporaneous with, the commencement of the value-based arrangement or any material change to the value-based arrangement, the VBE and VBE participant set forth in a signed writing the terms of the value-based arrangement. The writing states all material terms of the value-based arrangement, including: A description of the nature and extent of the VBE's substantial downside financial risk for the target patient population; a description of the manner in which the recipient meaningfully shares in the VBE's substantial downside financial risk; the value-based activities; the target patient population; and the type and the offeror's cost of the remuneration.

(5) The VBE or VBE participant offering the remuneration does not take into account the volume or value of, or condition the remuneration on:

(i) Referrals of patients who are not part of the target patient population; or

(ii) Business not covered under the value-based arrangement.

(6) The value-based arrangement does not:

(i) Place any limitation on VBE participants' ability to make decisions in the best interest of their patients;

(ii) Direct or restrict referrals to a particular provider, practitioner, or supplier if:

(A) A patient expresses a preference for a different practitioner, provider, or supplier;

(B) The patient's payor determines the provider, practitioner, or supplier; or

(C) Such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act; or

(iii) Include marketing to patients of items or services or engaging in patient recruitment activities.

(7) The VBE or VBE participant makes available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this paragraph (ff).

(8) For purposes of this paragraph (ff), the following definitions apply:

(i) Substantial downside financial risk means risk, for the entire term of the value-based arrangement, in the form of:

(A) Shared savings with a repayment obligation to the payor of at least 40 percent of any shared losses, where loss is determined based upon a comparison of costs to historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures;

(B) A repayment obligation to the payor under an episodic or bundled payment arrangement of at least 20 percent of any total loss, where loss is determined based upon a comparison of costs to historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures;

(C) A prospectively paid population-based payment for a defined subset of the total cost of care of a target patient population, where such payment is determined based upon a review of historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures; or

(D) A partial capitated payment from the payor for a set of items and services for the target patient population, where such capitated payment reflects a discount equal to at least 60 percent of the total expected fee-for-service payments based on historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures of the VBE participants to the value-based arrangement.

(ii) Coordination and management of care, target patient population, value-based activity, value-based arrangement, value-based enterprise, value-based purpose, and VBE participant shall have the meaning set forth in paragraph (ee) of this section.

(gg) Value-based arrangements with full financial risk. As used in section 1128B of the Act, “remuneration” does not include the exchange of payments or anything of value between the VBE and a VBE participant pursuant to a value-based arrangement if all of the standards in paragraphs (gg)(1) through (8) of this section are met:

(1) The VBE (directly or through a VBE participant acting on behalf of the VBE) has assumed (or is contractually obligated to assume in the next 6 months) full financial risk from a payor and has a signed writing with the payor that specifies the target patient population and contains terms evidencing that the VBE is at full financial risk for that population for a period of at least 1 year.

(2) The value-based arrangement is set out in a writing signed by the parties that specifies the material terms of the value-based arrangement, including the value-based activities to be undertaken by the parties, and is for a period of at least 1 year.

(3) The VBE participant does not claim payment in any form directly or indirectly from a payor for items or services covered under the value-based arrangement.

(4) The remuneration exchanged between the VBE and a VBE participant:

(i) Is used primarily to engage in the value-based activities set forth in writing pursuant to paragraph (gg)(2) of this section;

(ii) Is directly connected to one or more of the VBE's value-based purposes, at least one of which must be the coordination and management of care for the target patient population;

(iii) Does not induce the VBE or VBE participants to reduce or limit medically necessary items or services furnished to any patient;

(iv) Does not include the offer or receipt of an ownership or investment interest in an entity or any distributions related to such ownership or investment interest; and

(v) Is not funded by, and does not otherwise result from the contributions of, any individual or entity outside of the VBE.

(5) The VBE or VBE participant does not take into account the volume or value of, or condition the remuneration on:

(i) Referrals of patients who are not part of the target patient population; or

(ii) Business not covered under the value-based arrangement.

(6) The VBE provides or arranges for:

(i) An operational utilization review program; and

(ii) A quality assurance program that protects against underutilization and specifies patient goals, including measurable outcomes, where appropriate.

(7) The value-based arrangement does not include marketing to patients of items or services or engaging in patient recruitment activities.

(8) The VBE or VBE participant makes available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this paragraph (gg).

(9) For purposes of this paragraph (gg), the following definitions apply:

(i) Full financial risk means the VBE is financially responsible for the cost of all items and services covered by the applicable payor for each patient in the target patient population and is prospectively paid by the applicable payor;

(ii) Items and services shall have the meaning set forth in § 1001.952(t)(2)(iv); and

(iii) Coordination and management of care, target patient population, value-based activity, value-based arrangement, value-based enterprise, value-based purpose, and VBE participant shall have the meaning set forth in paragraph (ee) of this section.

(hh) Arrangements for patient engagement and support to improve quality, health outcomes, and efficiency. As used in section 1128B of the Act, “remuneration” does not include a patient engagement tool or support furnished by a VBE participant to a patient in a target patient population if all of the conditions in paragraphs (hh)(1) through (6) of this section are met:

(1) The patient engagement tool or support is furnished directly to the patient by a VBE participant.

(2) No individual or entity outside of the applicable VBE funds or otherwise contributes to the provision of the patient engagement tool or support.

(3) The patient engagement tool or support:

(i) Is an in-kind preventive item, good, or service, or an in-kind item, good, or service such as health-related technology, patient health-related monitoring tools and services, or supports and services designed to identify and address a patient's social determinants of health;

(ii) That has a direct connection to the coordination and management of care of the target patient population;

(iii) Does not include any gift card, cash, or cash equivalent;

(iv) Does not include any in-kind item, good, or service used for patient recruitment or marketing of items or services to patients;

(v) Does not result in medically unnecessary or inappropriate items or services reimbursed in whole or in part by a Federal health care program;

(vi) Is recommended by the patient's licensed healthcare provider; and

(vii) Advances one or more of the following goals:

(A) Adherence to a treatment regimen determined by the patient's licensed healthcare provider.

(B) Adherence to a drug regimen determined by the patient's licensed healthcare provider.

(C) Adherence to a follow-up care plan established by the patient's licensed healthcare provider.

(D) Management of a disease or condition as directed by the patient's licensed healthcare provider.

(E) Improvement in measurable evidence-based health outcomes for the patient or for the target patient population.

(F) Ensuring patient safety.

(4) The offeror does not, and should not, know that the remuneration is likely to be diverted, sold, or utilized by the patient other than for the express purpose for which the patient engagement tool or support is provided.

(5) The aggregate retail value of patient engagement tools and supports furnished to a patient by a VBE participant on an annual basis does not exceed $500 unless such patient engagement tools and supports are furnished to patients based on a good faith, individualized determination of the patient's financial need.

(6) The VBE participant makes available to the Secretary, upon request, all materials and records sufficient to establish that the patient engagement tool or support was distributed in a manner that meets the conditions of this paragraph (hh).

(7) For purposes of this paragraph (hh), coordination and management of care, target patient population, value-based purpose, VBE, and VBE participant shall have the meaning set forth in paragraph (ee) of this section.

(ii) CMS-sponsored model arrangements and CMS-sponsored model patient incentives.

(1) As used in section 1128B of the Act, “remuneration” does not include an exchange of anything of value between or among CMS-sponsored model parties under a CMS-sponsored model arrangement in a model for which CMS has determined that this safe harbor is available if all of the following conditions are met:

(i) The CMS-sponsored model parties reasonably determine that the CMS-sponsored model arrangement will advance one or more goals of the CMS-sponsored model;

(ii) The exchange of value does not induce CMS-sponsored model parties or other providers or suppliers to furnish medically unnecessary items or services or reduce or limit medically necessary items or services furnished to any patient;

(iii) The CMS-sponsored model parties do not offer, pay, solicit, or receive remuneration in return for, or to induce or reward, any Federal health care program referrals or other Federal health care program business generated outside of the CMS-sponsored model;

(iv) The CMS-sponsored model parties, in advance of, or contemporaneous with the commencement of, the CMS-sponsored model arrangement, set forth the terms of the CMS-sponsored model arrangement in a signed writing. The writing must specify, at a minimum, the activities to be undertaken by the CMS-sponsored model parties and the nature of the remuneration to be exchanged under the CMS-sponsored model arrangement;

(v) The parties to the CMS-sponsored model arrangement make available to the Secretary, upon request, all materials and records sufficient to establish whether the remuneration was exchanged in a manner that meets the conditions of this safe harbor; and

(vi) The CMS-sponsored model parties satisfy such programmatic requirements as may be imposed by CMS in connection with the use of this safe harbor.

(2) As used in section 1128B of the Act, “remuneration” does not include a CMS-sponsored model patient incentive under a model for which CMS has determined that this safe harbor is available, if all of the conditions of paragraph (ii)(2)(i) through (v) are met of this section:

(i) The CMS-sponsored model participant reasonably determines that the CMS-sponsored model patient incentive will advance one or more goals of the CMS-sponsored model;

(ii) The CMS-sponsored model patient incentive has a direct connection to the patient's healthcare;

(iii) The CMS-sponsored model participant makes available to the Secretary, upon request, all materials and records sufficient to establish whether the CMS-sponsored model patient incentive was distributed in a manner that meets the conditions of this paragraph; and

(iv) The CMS-sponsored model participant satisfies such programmatic requirements as may be imposed by CMS in connection with the use of this safe harbor.

(v) For purposes of this paragraph (ii)(2), a patient may retain any incentives received prior to the termination or expiration of the participation documentation of the CMS-sponsored model participant.

(3) For purposes of this paragraph (ii), the following definitions apply:

(i) CMS-sponsored model means:

(A) A model being tested under section 1115A(b) of the Act or a model expanded under section 1115A(c) of the Act; or

(B) The Medicare shared savings program under section 1899 of the Act;

(ii) CMS-sponsored model arrangement means an arrangement between or among CMS-sponsored model parties to engage in activities under the CMS-sponsored model and that is consistent with, and is not a type of arrangement prohibited by, the participation documentation;

(iii) CMS-sponsored model participant means an individual or entity that is subject to, and is operating under, participation documentation with CMS to participate in a CMS-sponsored model;

(iv) CMS-sponsored model party means:

(A) A CMS-sponsored model participant; or

(B) Other individual or entity who the participation documentation specifies may enter into a CMS-sponsored model arrangement;

(v) CMS-sponsored model patient incentive means remuneration not of a type prohibited by the participation documentation and is furnished consistent with the CMS-sponsored model by a CMS-sponsored model participant (or by an agent of the CMS-sponsored model participant under the CMS-sponsored model participant's direction and control) directly to a patient under the CMS-sponsored model; and

(vi) Participation documentation means the participation agreement, cooperative agreement, regulations, or model-specific addendum to an existing contract with CMS that:

(A) Is currently in effect, and

(B) Specifies the terms of a CMS-sponsored model.

(jj) Cybersecurity technology and related services. As used in section 1128B of the Act, “remuneration” does not include nonmonetary remuneration (consisting of certain types of cybersecurity technology and services), if all of the conditions in paragraphs (jj)(1) through (5) of this section are met:

(1) The technology and services are necessary and used predominantly to implement and maintain effective cybersecurity.

(2) The donor does not:

(i) Directly take into account the volume or value of referrals or other business generated between the parties when determining the eligibility of a potential recipient for the technology or services, or the amount or nature of the technology or services to be donated; or

(ii) Condition the donation of technology or services, or the amount or nature of the technology or services to be donated, on future referrals.

(3) Neither the recipient nor the recipient's practice (or any affiliated individual or entity) makes the receipt of technology or services, or the amount or nature of the technology or services, a condition of doing business with the donor.

(4) The arrangement is set forth in a written agreement that:

(i) Is signed by the parties;

(ii) Describes the technology and services being provided and the amount of the recipient's contribution, if any; and

(5) The donor does not shift the costs of the technology or services to any Federal health care program.

(6) For purposes of this paragraph (jj) the following definitions apply:

(i) Cybersecurity means the process of protecting information by preventing, detecting, and responding to cyberattacks.

(ii) Technology means any software or other types of information technology, other than hardware.

(kk) ACO Beneficiary Incentive Program. As used in section 1128B of the Act, “remuneration” does not include an incentive payment made by an ACO to an assigned beneficiary under a beneficiary incentive program established under section 1899(m) of the Act, as amended by Congress from time to time, if the incentive payment is made in accordance with the requirements found in such subsection.

PART 1003—CIVIL MONEY PENALTIES, ASSESSMENTS AND EXCLUSIONS

3. The authority citation for part 1003 continues to read as follows:

Authority: 42 U.S.C. 262a, 1302, 1320-7, 1320a-7a, 1320b-10, 1395u(j), 1395u(k), 1395cc(j), 1395w-141(i)(3), 1395dd(d)(1), 1395mm, 1395nn(g), 1395ss(d), 1396b(m), 11131(c), and 11137(b)(2).

4. Section 1003.110 is amended by adding paragraph (10) to the definition of “remuneration” and adding in alphabetical order a definition for “telehealth technologies” to read as follows:

Definitions.
* * * * *

Remuneration * * *

* * * * *

(10) The provision of telehealth technologies by a provider of services or a renal dialysis facility (as such terms are defined for purposes of title XVIII of the Act) to an individual with end stage renal disease who is receiving home dialysis for which payment is being made under part B of such title, if—

(i) The telehealth technologies are furnished to the individual by the provider of services or the renal dialysis facility that is currently providing the in-home dialysis, telehealth visits, or other end stage renal disease care to the patient;

(ii) The telehealth technologies are not offered as part of any advertisement or solicitation;

(iii) The telehealth technologies contribute substantially to the provision of telehealth services related to the individual's end stage renal disease, is not of excessive value, and is not duplicative of technology that the beneficiary already owns if that technology is adequate for the telehealth purposes; and

(iv) The provider of services or a renal dialysis facility does not bill Federal health care programs, other payors, or individuals for the telehealth technologies, claim the value of the telehealth technologies as a bad debt for payment purposes under a Federal health care program, or otherwise shift the burden of the value of the telehealth technologies onto a Federal health care program, other payors, or individuals.

* * * * *

Telehealth technologies, for purposes of the definition of the term “remuneration” as set forth in this section and the telehealth technologies exception to section 50302(c) of the Bipartisan Budget Act of 2018, which adds an exception as new section 1128A(i)(6)(J) of the Act, means multimedia communications equipment that includes, at a minimum, audio and video equipment permitting two-way, real-time interactive communication between the patient and distant site physician or practitioner used in the diagnosis, intervention, or ongoing care management—paid for by Medicare Part B—between a patient and the remote healthcare provider. Telephones, facsimile machines, and electronic mail systems are not telehealth technologies.

* * * * *

Dated: September 30, 2019.

Alex M. Azar II,

Secretary.

Joanne M. Chiedi,

Acting Inspector General.

Footnotes

1.  Public Law 108-173, 117 Stat. 2066.

Back to Citation

2.  Public Law 109-171, 120 Stat. 4.

Back to Citation

3.  Public Law 110-275, 122 Stat. 2494.

Back to Citation

4.  Public Law 111-148, 124 Stat. 119, as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152, 124 Stat. 1029).

Back to Citation

5.  The Innovation Center's purpose is to test innovative payment and service delivery models to reduce the cost of care furnished to patients in the Medicare and Medicaid programs while preserving or enhancing the quality of that care. Using its authority in section 1115A of the Social Security Act (the Act), 42 U.S.C. 1315a, the Innovation Center is testing many healthcare delivery and payment models in which providers, suppliers, and individual practitioners participate.

Back to Citation

6.  42 U.S.C. 1320a-7b(b).

Back to Citation

7.  42 U.S.C. 1320a-7a(a)(5).

Back to Citation

8.  42 U.S.C. 1395nn.

Back to Citation

9.  Public Law 104-191, 110 Stat. 1936.

Back to Citation

10.  Medicare and State Health Care Programs: Fraud and Abuse; Request for Information Regarding the Anti-Kickback Statute and Beneficiary Inducements CMP, 83 FR 43607 (Aug. 27, 2018), available at https://oig.hhs.gov/​authorities/​docs/​2018/​RFI_​Regarding_​AKS_​Beneficiary_​Inducements_​CMP.pdf.

Back to Citation

11.  Medicare Program; Request for Information Regarding the Physician Self-Referral Law, 83 FR 29524 (June 25, 2018), available at https://www.gpo.gov/​fdsys/​pkg/​FR-2018-06-25/​pdf/​2018-13529.pdf.

Back to Citation

12.  H.R. Rep. No. 100-85, Pt. 2, at 27 (1987).

Back to Citation

13.  Medicare and State Health Care Programs: Fraud and Abuse; OIG Anti-Kickback Provisions, 56 FR 35952 (July 29, 1991); Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbors for Protecting Health Plans, 61 FR 2122 (Jan. 25, 1996); Federal Health Care Programs: Fraud and Abuse; Statutory Exception to the Anti-Kickback Statute for Shared Risk Arrangements, 64 FR 63504 (Nov. 19, 1999); Medicare and State Health Care Programs: Fraud and Abuse; Clarification of the Initial OIG Safe Harbor Provisions and Establishment of Additional Safe Harbor Provisions Under the Anti-Kickback Statute, 64 FR 63518 (Nov. 19, 1999); 64 FR 63504 (Nov. 19, 1999); Medicare and State Health Care Programs: Fraud and Abuse; Ambulance Replenishing Safe Harbor Under the Anti-Kickback Statute, 66 FR 62979 (Dec. 4, 2001); Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbors for Certain Electronic Prescribing and Electronic Health Records Arrangements Under the Anti-Kickback Statute, 71 FR 45109 (Aug. 8, 2006); Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbor for Federally Qualified Health Centers Arrangements Under the Anti-Kickback Statute, 72 FR 56632 (Oct. 4, 2007); Medicare and State Health Care Programs: Fraud and Abuse; Electronic Health Records Safe Harbor Under the Anti-Kickback Statute, 78 FR 79202 (Dec. 27, 2013); and Medicare and State Health Care Programs: Fraud and Abuse; Revisions to the Safe Harbors Under the Anti-Kickback Statute and Civil Monetary Penalty Rules Regarding Beneficiary Inducements, 81 FR 88368 (Dec. 7, 2016).

Back to Citation

14.  Medicare and State Health Care Programs: Fraud and Abuse; OIG Anti-Kickback Provisions, 56 FR at 35958.

Back to Citation

15.  OIG, ACOs' Strategies for Transitioning to Value-Based Care: Lessons From the Medicare Shared Savings Program (July 2019), available at https://oig.hhs.gov/​oei/​reports/​oei-02-15-00451.pdf.

Back to Citation

16.  Id.

Back to Citation

17.  CMS, Chronic Condition Special Need Plans (C-SNP), List of Chronic Conditions, https://www.cms.gov/​Medicare/​Health-Plans/​SpecialNeedsPlans/​Chronic-Condition-Special-Need-Plans-C-SNP.html#s1.

Back to Citation

18.  Note that, should we adopt, as discussed below, the definition of “applicable manufacturer” set forth in 42 CFR 403.902, such definition would include distributors and wholesalers (which include re-packagers, re-labelers, and kit assemblers) that hold title to a covered drug, device, biological, or medical supply.

Back to Citation

19.  OIG, Special Fraud Alert: Physician-Owned Entities (Mar. 26, 2013), available at https://oig.hhs.gov/​fraud/​docs/​alertsandbulletins/​2013/​POD_​Special_​Fraud_​Alert.pdf.

Back to Citation

20.  See, e.g., Agency for Healthcare Research and Quality, Care Coordination Measures Atlas 6 (2014) (citing K. McDonald et al., Closing the Quality Gap: A Critical Analysis of Quality Improvement Strategies (2007)), https://www.ahrq.gov/​sites/​default/​files/​publications/​files/​ccm_​atlas.pdf.

Back to Citation

21.  See, e.g., NEJM Catalyst, What is Care Coordination? (Jan. 1, 2018), https://catalyst.nejm.org/​what-is-care-coordination/​ (providing examples and noting that “[c]are coordination synchronizes the delivery of a patient's health care from multiple providers and specialists. The goals of coordinated care are to improve health outcomes by ensuring that care from disparate providers is not delivered in silos, and to help reduce health care costs by eliminating redundant tests and procedures.”).

Back to Citation

22.  See, e.g., Health Care Industry Cybersecurity Task Force Report, available at https://www.phe.gov/​preparedness/​planning/​cybertf/​documents/​report2017.pdf.

Back to Citation

23.  See Kevin F. Erickson et al., Consolidation in the Dialysis Industry, Patient Choice, and Local Market Competition, 28 Clinical J. of the American Society of Nephrology 3 (Mar. 7, 2017).

Back to Citation

24.  For clarity, we note that we would not consider a prospective payment system for acute inpatient hospitals, home health agencies, hospice, outpatient hospitals, inpatient psychiatric facilities, inpatient rehabilitation facilities, long-term-care hospitals, and SNFs, or other like payment methodologies to meet any of the prongs of our proposed definition of “substantial downside financial risk.”

Back to Citation

25.  To afford VBE participants flexibility, we are not prescribing how parties may determine the basis for shared savings, shared losses, population-based payments, or partial capitation payments. However, we expect any such approach will reflect a legitimate compensation methodology, not one that simply manipulates numbers to artificially inflate savings or decrease losses, as may be applicable.

Back to Citation

26.  A practice permissible under the anti-kickback statute, whether through statutory exception or regulations issued by the Secretary, is also excepted from the beneficiary inducements CMP. Section 1128A(i)(6)(B) of the Act.

Back to Citation

27.  Medicare Program; Final Waivers in Connection With the Shared Savings Program, 80 FR 66726, 66743 (Oct. 29, 2015).

Back to Citation

28.  See, e.g., Notice of Waivers of Certain Fraud and Abuse Laws in Connection with the Bundled Payments for Care Improvement Advanced Model (May 25, 2018), available at https://www.cms.gov/​Medicare/​Fraud-and-Abuse/​PhysicianSelfReferral/​Downloads/​BPCI-Advanced-Model-Waivers.pdf.

Back to Citation

29.  Note that, should we adopt the definition of “applicable manufacturer” as set forth in in 42 CFR 403.902, such definition would include distributors and wholesalers (which include re-packagers, re-labelers, and kit assemblers) that hold title to a covered drug, device, biological or medical supply.

Back to Citation

30.  42 CFR 425.400(a)(4)(ii). We offer this as an illustrative example. Participants in the Medicare Shared Savings Program and Innovation Center ACO models have existing fraud and abuse law waivers and may not need new safe harbor protection.

Back to Citation

31.  We do not intend to incorporate the definition of “preventive care” found in the regulations interpreting the beneficiary inducements CMP, 42 CFR 1003.110. Note that the definitions found at 42 CFR 1003.110 apply to part 1003, not part 1001, where the proposed 42 CFR 1001.952(hh) would be located.

Back to Citation

32.  See, e.g., Michael Marmot et al., on behalf of the World Health Organization and Commission on Social Determinants of Health, Closing the gap in a generation: Health equity through action on the social determinants of health, 372 Lancet 9650 (2008), available at https:/www.thelancet.com/​journals/​lancet/​issue/​vol372no9650/​PIIS0140-6736(08)X6047-7;​ Gayle Shier et al., Strong Social Support Services, Such As Transportation And Help For Caregivers, Can Lead To Lower Health Care Use And Costs, 32 Health Affairs 3 (2013), available at https://www.healthaffairs.org/​doi/​pdf/​10.1377/​hlthaff.2012.0170.

Back to Citation

33.  See, e.g., J. Michael McGinnis, Pamela Williams-Russo, and James R. Knickman, The Case For More Active Policy Attention To Health Promotion, 21 HEALTH AFFAIRS 2 (Mar. 2002), available at https://www.healthaffairs.org/​doi/​10.1377/​hlthaff.21.2.78.

Back to Citation

34.  Marmot, supra.

Back to Citation

35.  McGinnis, supra.

Back to Citation

36.  McGinnis, supra.

Back to Citation

37.  While OIG's regulations found at 42 CFR 1003.110 define “items and services or items or services,” we do not cross-reference such definition in this proposed safe harbor, nor do we propose to limit the items, goods, and services potentially protected by this proposed safe harbor to the items and services that would satisfy the definition found at 42 CFR 1003.110. Note also that the definitions found at 42 CFR 1003.110 apply to part 1003, not part 1001, where the proposed 42 CFR 1001.952(hh) would be located.

Back to Citation

38.  Adv. Op. No. 18-14, available at https://oig.hhs.gov/​fraud/​docs/​advisoryopinions/​2018/​AdvOpn18-14.pdf.

Back to Citation

39.  See, e.g., Cathy J. Bradley & David Neumark, Small Cash Incentives Can Encourage Primary Care Visits by Low-Income People with New Health Care Coverage, 36 Health Affairs 8 (2017), https://www.healthaffairs.org/​doi/​10.1377/​hlthaff.2016.1455;​ Scott D. Halpern, MD, Ph.D. et al., Randomized Trial of Four Financial-Incentive Programs for Smoking Cessation, 372 New Eng. J. Med. 2108 (2015), https://www.nejm.org/​doi/​full/​10.1056/​NEJMoa1414293.

Back to Citation

40.  OIG continues to consider items convertible to cash (such as a check) or that can be used like cash (such as a general purpose debit card) to be cash equivalents.

Back to Citation

41.  The $75 amount parallels OIG's 2016 “Office of Inspector General Policy Statement Regarding Gifts of Nominal Value to Medicare and Medicaid Beneficiaries Policy Statement,” which currently sets the retail value of permissible “inexpensive” or “nominal value” gifts at $15 per item and $75 in the aggregate per patient on an annual basis. See OIG, Office of Inspector General Policy Statement Regarding Gifts of Nominal Value to Medicare and Medicaid Beneficiaries (Dec. 7, 2016), available at https://oig.hhs.gov/​fraud/​docs/​alertsandbulletins/​OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.

Back to Citation

42.  See, e.g., Special Fraud Alert: Routine Waiver of Copayments or Deductibles Under Medicare Part B, 59 FR 65372, 65374 (Dec. 19, 1994).

Back to Citation

43.  See, e.g., OIG, Special Fraud Alert, 59 FR 65372, 65374 (Dec. 19, 1994).

Back to Citation

44.  OIG recognizes that gift cards can take a number of forms, including tangible gift cards, electronic gift cards, and the replenishment of funds available, through a smartphone application, to purchase items, goods, or services at a particular entity.

Back to Citation

45.  For further information regarding the Federal anti-kickback statute and beneficiary inducements CMP implications of free product samples, see e.g., OIG, Compliance Program Guidance for Pharmaceutical Manufacturers, 68 FR 23731, 23739 (May 5, 2003); Adv. Op. No. 08-04, available at https://oig.hhs.gov/​fraud/​docs/​advisoryopinions/​2008/​AdvOpn08-04.pdf;​ Adv. Op. No. 15-11, available at https://oig.hhs.gov/​fraud/​docs/​advisoryopinions/​2015/​AdvOpn15-11.pdf.

Back to Citation

46.  We note here that the word “drug” is synonymous with and inclusive of “medication,” neither of which terms we are defining for purposes of this proposed safe harbor. Similarly, “followup care plan” would include so-called “discharge plans.”

Back to Citation

47.  See, e.g., CMS, Fraud and Abuse Waivers for Select CMS Models and Programs, available at https://www.cms.gov/​Medicare/​Fraud-and-Abuse/​PhysicianSelfReferral/​Fraud-and-Abuse-Waivers.html.

Back to Citation

48.  See, e.g., 76 FR 67992 at 67992 (Nov. 2, 2011); 80 FR 66726 at 66726 (Oct. 29, 2015) (Medicare Shared Savings Program is designed to promote the formation of accountable care organizations that are accountable for a Medicare patient population, coordinate items and services under Parts A and B, and encourage investment in infrastructure and redesigned care processes for high-quality and efficient service delivery).

Back to Citation

49.  For example, CMS might specify in a participation agreement whether or not this safe harbor would apply to any arrangement under the CMS-sponsored model or to particular types of arrangements under the CMS-sponsored model.

Back to Citation

50.  Unlike the patient engagement and support safe harbor proposed at 1001.952(hh), under the CMS-sponsored model patient incentives safe harbor, CMS would determine the types of patient incentives CMS-sponsored model parties may provide on a model-by-model basis.

Back to Citation

51.  See, e.g., OIG, Semiannual Report to Congress, Apr. 1, 2018-Sept. 30, 2018, at 84.

Back to Citation

52.  See, e.g., Health Care Industry Cybersecurity Task Force, Report on Improving Cybersecurity in the Health Care Industry, June 2017 (HCIC Task Force Report), available at https://www.phe.gov/​preparedness/planning/cybertf/documents/report2017.pdf.

Back to Citation

53.  See, e.g., OIG, 2018 Top Management & Performance Challenges Facing HHS, available at https://oig.hhs.gov/​reports-and-publications/​top-challenges/​2018/​.

Back to Citation

54.  Public Law 114-113, 129 Stat. 2242.

Back to Citation

55.  HCIC Task Force Report, available at https://www.phe.gov/​preparedness/​planning/​cybertf/​documents/​report2017.pdf.

Back to Citation

56.  Id. at 27.

Back to Citation

57.  Appendix B, Version 1.1 (Apr. 16, 2018) available at https://nvlpubs.nist.gov/​nistpubs/​CSWP/​NIST.CSWP.04162018.pdf.

Back to Citation

58.  71 FR 45110, 45120 (Aug. 8, 2006).

Back to Citation

59.  We note that, if a system is only as strong as its weakest link, then even a very low-referring entity poses a cybersecurity risk.

Back to Citation

60.  See OIG, Final Rule: Safe Harbors for Certain Electronic Prescribing and Electronic Health Records Arrangements Under the Anti-Kickback Statute, 71 FR 45110, 45128 (Aug. 8, 2006) (excluding pharmaceutical, device, DMEPOS manufacturers, or other entities that indirectly furnish items and services used in the care of patients both because “[our] enforcement experience demonstrates that unscrupulous manufacturers have offered remuneration in the form of free goods and services to induce referrals of their products” and because they lack “a direct and central patient care role that justifies safe harbor protection for the provision of electronic health records technology”).

Back to Citation

61.  HIPAA for Professionals, Guidance on Risk Analysis (Mar. 2017), available at https://www.hhs.gov/​hipaa/​for-professionals/​security/​guidance/​guidance-risk-analysis/​index.html.

Back to Citation

62.  NIST Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments (Sept. 2012), available at https://nvlpubs.nist.gov/​nistpubs/​legacy/​sp/​nistspecialpublication800-30r1.pdf.

Back to Citation

63.  84 FR 7424 (Mar. 4, 2019).

Back to Citation

64.  78 FR 79201, 79204 (Dec. 27, 2013).

Back to Citation

65.  78 FR 79213 (Dec. 27, 2013).

Back to Citation

66.  84 FR at 7602-05.

Back to Citation

67.  See Implementation of the 21st Century Cures Act: Achieving the Promise of Health Information Technology Before the S. Comm. On Health, Education, Labor, & Pensions, 115th Cong. 1 (2017) (statement of James Cannatti, Senior Counselor for Health Information Technology HHS OIG).

Back to Citation

68.  We recognize that the ONC NPRM is not a final rule and is subject to change. However, we base our proposal on both the statutory language and the language in ONC's proposed rule for purposes of soliciting public input on our proposals.

Back to Citation

69.  PHSA § 3022(a)(1)(B)(ii).

Back to Citation

70.  71 FR 45136.

Back to Citation

71.  For instance, a secure log-in or encrypted access mechanism included with an EHR system or EHR software suite would be cybersecurity features of the EHR that are protected under the existing EHR safe harbor.

Back to Citation

72.  84 FR 7424, 7513 (Mar. 4, 2019).

Back to Citation

73.  71 FR 45110, 45126 (August 8, 2006).

Back to Citation

74.  PHSA § 3000(9); 42 U.S.C. 300jj(9).

Back to Citation

75.  84 FR 7424, 7589 (Mar. 4, 2019).

Back to Citation

76.  71 FR 45127.

Back to Citation

77.  Id. at 45128.

Back to Citation

78.  42 CFR 1001.952(d)(4), (5) and (7).

Back to Citation

79.  We note that section 1128A(b)(1) of the Act (the “Gainsharing CMP”) prohibits a hospital from knowingly making payments, directly or indirectly, to a physician to induce the physician to reduce or limit medically necessary services to Medicare or Medicaid beneficiaries who are under the physician's direct care. Hospitals that make (and physicians who receive) payments prohibited by this provision are liable for civil money penalties for each patient for which the prohibited payment was made. However, our proposed condition is in recognition that other parties, besides hospitals and physicians, may seek protection under this safe harbor.

Back to Citation

80.  42 CFR 1001.952(g).

Back to Citation

81.  Adv. Op. No. 18-10, available at https://www.oig.hhs.gov/​fraud/​docs/​advisoryopinions/​2018/​AdvOpn18-10.pdf.

Back to Citation

82.  Adv. Op. No. 01-08, available at https://www.oig.hhs.gov/​fraud/​docs/​advisoryopinions/​2001/​ao01-08.pdf. OIG acknowledged that the arrangement at issue in advisory opinion number 01-08 implicated the anti-kickback statute and did not fit in the warranties safe harbor but approved the arrangement on the basis that it presented a sufficiently low risk of fraud and abuse under the anti-kickback statute.

Back to Citation

83.  We clarify that our proposed changes would not protect free or reduced-price items or services that sellers provide either as part of a bundled warranty agreement or ancillary to a warranty agreement. Whether a seller's provision of free or reduced-price items or services in connection with a warranty arrangement would implicate and potentially violate the anti-kickback statute would depend on whether other safe harbor protection exists for the arrangement, and if not, whether those items or services have independent value to a buyer other than for purposes of determining whether the terms of a warranty have been met. For example, laboratory testing required for patient care may be necessary to determine if a warranted outcome was achieved, but the laboratory test would have independent value to the buyer. A seller's provision of laboratory testing for free or at a reduced charge as part of a warranty agreement would implicate the anti-kickback statute. Additionally, the provision of medication adherence services for free or below fair market value would implicate the anti-kickback statute. In contrast, if sellers provide items and services with no independent value to a buyer, other than to determine whether the conditions of a warranty have been satisfied, the items and services may not constitute remuneration under the anti-kickback statute, and thus, may not implicate the statute. See OIG Compliance Program Guidance for Pharmaceutical Manufacturers, 68 FR 23731, 23735 (May 5, 2003), for a discussion of pharmaceutical manufacturers' provision of limited support services tailored to the manufacturers' products that may not implicate the anti-kickback statute.

Back to Citation

84.  See, e.g., Kanter v. Warner-Lambert Co., 99 Cal. App. 4th 780, 798 (2002); Goldsmith v. Mentor Corp., 913 F. Supp. 56, 63 (D.N.H. 1995); Kemp v. Pfizer, Inc., 835 F. Supp. 1015, 1024-25 (E.D. Mich. 1993).

Back to Citation

85.  42 CFR 1001.952(bb)(1)(iv)(B).

Back to Citation

86.  See 81 FR 88368, 88384 (Dec. 7, 2016).

Back to Citation

87.  81 FR at 88387.

Back to Citation

88.  81 FR 88384.

Back to Citation

89.  Public Law 115-123, 132 Stat. 64.

Back to Citation

90.  Medicare Program; Medicare Shared Savings Program; Accountable Care Organizations—Pathways to Success and Extreme and Uncontrollable Circumstances Policies for Performance Year 2017, 83 FR 67816, 67823 (Dec. 31, 2018).

Back to Citation

91.  Id. at 67980.

Back to Citation

92.  For additional background information on section 1899(m) and 1899(b)(2)(I), see Medicare Program; Medicare Shared Savings Program; Accountable Care Organizations—Pathways to Success and Extreme and Uncontrollable Circumstances Policies for Performance Year 2017, 83 FR 67816 (Dec. 31, 2018).

Back to Citation

93.  Section 1899(m)(1)(A) of the Act.

Back to Citation

94.  CMS, in the final rule establishing the ACO Beneficiary Incentive Program, determined that the ACO Beneficiary Incentive Program required additional program integrity safeguards. CMS included several requirements at 42 CFR 425.304(c) to help mitigate the program integrity risks associated with ACO Beneficiary Incentive Programs. Under 42 CFR 425.304(c)(4)(iv), for example, ACOs are prohibited from offering an incentive payment as part of an advertisement or solicitation to beneficiaries.

Back to Citation

95.  Section 50302(b) of the Budget Act of 2018 made additional changes related to the provision of telehealth services to ESRD patients, such as the inclusion of a renal dialysis facility and the home of an individual as telehealth originating sites but only for the purposes of the monthly ESRD-related clinical assessments furnished through telehealth provided under section 1881(b)(3)(B) of the Act. For additional information, see Medicare Program; Revisions to Payment Policies Under the Physician Fee Schedule and Other Revisions to Part B for CY 2019; Medicare Shared Savings Program Requirements; Quality Payment Program; Medicaid Promoting Interoperability Program; Quality Payment Program-Extreme and Uncontrollable Circumstance Policy for the 2019 MIPS Payment Year; Provisions From the Medicare Shared Savings Program-Accountable Care Organizations-Pathways to Success; and Expanding the Use of Telehealth Services for the Treatment of Opioid Use Disorder Under the Substance Use-Disorder Prevention That Promotes Opioid Recovery and Treatment (SUPPORT) for Patients and Communities Act 83 FR 59452, 59495 (Nov. 23, 2018), available at https://www.govinfo.gov/​content/​pkg/​FR-2018-11-23/​pdf/​2018-24170.pdf. See also 42 CFR 410.78, 414.65.

Back to Citation

96.  See, e.g., 81 FR 88368, 88373 (Dec. 7, 2016).

Back to Citation

97.  U.S. Census Bureau, 2015 SUSB Annual Data Tables by Establishment Industry, https://www.census.gov/​data/​tables/​2015/​econ/​susb/​2015-susb-annual.html.

Back to Citation

98.  U.S. Department of Labor, Bureau of Labor Statistics, May 2018 National Occupational Employment and Wage Estimates United States, https://www.bls.gov/​oes/​2018/​may/​oes_​nat.htm.

Back to Citation

[FR Doc. 2019-22027 Filed 10-9-19; 4:15 pm]

BILLING CODE 4152-04-P


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.