AGENCY:

Office of Inspector General (OIG), HHS.

ACTION:

Proposed rule.

SUMMARY:

This proposed rule would amend the civil money penalty (CMP or penalty) rules of the Department of Health and Human Services (HHS or Department) Office of Inspector General (OIG) to: Incorporate new authorities for CMPs, assessments, and exclusions related to HHS grants, contracts, other agreements; incorporate new CMP authorities for information blocking; and increase the maximum penalties for certain CMP violations.

DATES:

To ensure consideration, comments must be delivered to the address provided below by no later than 11:59 p.m. Eastern Standard Time on June 23, 2020.

ADDRESSES:

In commenting, please reference file code OIG-2605-P. Because of staff and resource limitations, we cannot accept comments by facsimile (fax) transmission. However, you may submit comments using one of three ways (no duplicates, please):

1. Electronically. You may submit electronically through the Federal eRulemaking Portal at http://www.regulations.gov. (Attachments should be in Microsoft Word, if possible.)

2. By regular, express, or overnight mail. You may mail your printed or written submissions to the following address: Aaron S. Zajic, Office of Inspector General, Department of Health and Human Services, Attention: OIG-2605-P, Cohen Building, 330 Independence Avenue SW, Room 5527, Washington, DC 20201.

Please allow sufficient time for mailed comments to be received before the close of the comment period.

3. By hand or courier. You may deliver, by hand or courier, before the close of the comment period, your printed or written comments to: Aaron S. Zajic, Office of Inspector General, Department of Health and Human Services, Attention: OIG-2605-P, Cohen Building, 330 Independence Avenue SW, Room 5527, Washington, DC 20201.

Because access to the interior of the Cohen Building is not readily available to persons without Federal Government identification, commenters are encouraged to schedule their delivery with one of our staff members at (202) 619-0335.

Inspection of Public Comments: All comments received before the end of the comment period will be posted on http://www.regulations.gov for public viewing. Hard copies will also be available for public inspection at the Office of Inspector General, Department of Health and Human Services, Cohen Building, 330 Independence Avenue SW, Washington, DC 20201, Monday through Friday from 8:30 a.m. to 4 p.m. To schedule an appointment to view public comments, phone (202) 619-0335.

FOR FURTHER INFORMATION CONTACT:

Robert Penezic at (202) 205-3211, Office of Counsel to the Inspector General.

SUPPLEMENTARY INFORMATION:

I. Executive Summary:

A. Purpose and Need for Regulatory Action

This proposed rule seeks to address three issues: (1) The amendment of the Civil Monetary Penalties Law (CMPL), 42 U.S.C. 1320a-7a, by the 21st Century Cures Act (Cures Act), Public Law 114-255, sec. 5003, authorizing HHS to impose CMPs, assessments, and exclusions upon individuals and entities that engage in fraud and other misconduct related to HHS grants, contracts, and other agreements (42 U.S.C. 1320a-7a(o)-(s)); (2) the amendment of the Public Health Service Act (PHSA), 42 U.S.C. 300jj-52, by the Cures Act authorizing OIG to investigate claims of information blocking and providing the Secretary of HHS (Secretary) authority to impose CMPs for information blocking; and (3) the increase in penalty amounts in the CMPL effected by the Bipartisan Budget Act of 2018 (BBA 2018), Public Law 115-123. Each of these issues is discussed further below.

First, this proposed rule would modify 42 CFR parts 1003 and 1005 to add HHS's new authority related to fraud and other misconduct involving grants, contracts, and other agreements into the existing regulatory framework for the imposition and appeal of CMPs, assessments, and exclusions. The additions would: (1) Expressly enumerate in the regulation, HHS's grant, contract, and other agreement fraud and misconduct CMPL authority; and (2) give individuals and entities sanctioned for fraud and other misconduct related to HHS grants, contracts, and other agreements, the same procedural and appeal rights that currently exist under 42 CFR parts 1003 and 1005 for those sanctioned under the CMPL and other statutes for fraud and other misconduct related to, among other things, the Federal health care programs. We propose to codify these new authorities and their corresponding sanctions in the regulations at §§ 1003.110, 1003.130, 1003.140, 1003.700, 1003.710, 1003.720, 1003.1550, 1003.1580, and 1005.1.

Second, Section 4004 of the Cures Act added sec. 3022 to the PHSA, 42 U.S.C. 300jj-52, which, among other provisions, provides OIG the authority to investigate claims of information blocking and authorizes the Secretary to impose CMPs against a defined set of individuals and entities that OIG determines committed information blocking. Investigating and taking enforcement action against individuals and entities that engage in information blocking is consistent with OIG's history of investigating serious misconduct that impacts HHS programs and beneficiaries. Information blocking can pose a threat to patient safety and undermine efforts by providers, payers, and others to make our health system more efficient and effective. Addressing the negative effects of information blocking is consistent with OIG's mission to protect the integrity of HHS programs, as well as the health and welfare of program beneficiaries.

We propose to implement 3022(b)(2)(C), which requires information blocking CMPs to follow the procedures of sec. 1128A of the Act. Specifically, the proposed rule would add the information blocking CMP authority to the existing regulatory framework for the imposition and appeal of CMPs, assessments, and exclusions (42 CFR parts 1003 and 1005), pursuant to the PHSA sec. 3022(b)(2)(C) (42 U.S.C. 300jj-52(b)(2)(C)). The proposed modifications would give individuals and entities subject to CMPs for information blocking the same procedural and appeal rights that currently exist under 42 CFR parts 1003 and 1005. We propose to codify this new information blocking authority at §§ 1003.1400, 1003.1410, and 1003.1420. The proposed rule also explains OIG's anticipated approach to enforcement and coordination within HHS to implement the information blocking authorities.

The Office of the National Coordinator for Health Information Technology (ONC) has finalized the information blocking regulations in the Cures Act final rule in 45 CFR part 171 (ONC Final Rule). This proposed rule incorporates by reference the relevant information blocking regulations in the ONC Final Rule as the basis for imposing CMPs and determining the amount of penalty imposed.

Finally, on February 9, 2018, the President signed into law the Bipartisan Budget Act of 2018 (BBA 2018). Section 50412 of the BBA 2018 (42 U.S.C. 1320a-7a(a), (b)) amended the CMPL to increase the amounts of certain civil money penalties. The proposed regulation would codify the increased civil money penalties at 42 CFR part 1003. Specifically, for conformity with the CMPL as amended by the BBA 2018, we propose to revise the civil money penalties contained at §§ 1003.210, 1003.310, and 1003.1010.

B. Legal Authority

The legal authority for this regulatory action is found in the Social Security Act (Act) and the PHSA, as amended by the Cures Act and the BBA 2018. The legal authority for the proposed changes is listed by the parts of Title 42 of the Code of Federal Regulations (CFR) that we propose to modify:

1003: 42 U.S.C. 1320a-7a(a)-(b), (o)-(s); 42 U.S.C. 300jj-52

1005: 42 U.S.C. 1320a-7a(o)-(s); 42 U.S.C. 300jj-52

C. Summary of Major Provisions

This proposed rule incorporates into OIG's CMP regulations at 42 CFR parts 1003 and 1005 two new CMP authorities established by the Cures Act related to: (1) Fraud and other misconduct involving HHS grants, contracts, and other agreements; and (2) information blocking. The proposed rule also incorporates into 42 CFR part 1003, new maximum CMP amounts for certain offenses, as set by the BBA 2018.

In the context of HHS grants, contracts and other agreements, the Cures Act authorizes CMPs, assessments, and exclusions for:

• Knowingly presenting or causing to be presented a specified claim under a grant, contract, or other agreement that a person knows or should know is false or fraudulent;
• knowingly making, using, or causing to be made or used, any false statement, omission, or misrepresentation of a material fact in any application, proposal, bid, progress report, or other document that is required to be submitted in order to directly or indirectly receive or retain funds provided in whole or in part by HHS pursuant to a grant, contract, or other agreement;
• knowingly making, using, or causing to be made or used, a false record or statement material to a false or fraudulent specified claim under a grant, contract, or other agreement;
• knowingly making, using, or causing to be made or used, a false record or statement material to an obligation to pay or transmit funds or property to HHS with respect to a grant, contract, or other agreement;
• knowingly concealing or knowingly and improperly avoiding or decreasing an obligation to pay or transmit funds or property to HHS with respect to a grant, contract, or other agreement; and
• failing to grant timely access, upon reasonable request, to OIG, for the purposes of audits, investigations, evaluations, or other statutory functions of OIG in matters involving grants, contracts, or other agreements.

In the context of information blocking, the Cures Act authorizes CMPs for:

• Any practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information if this practice is conducted by a developer of certified health information technology (health IT), an entity offering certified health IT, a health information exchange, or a health information network, and the developer of certified health IT, entity offering certified health IT, health information exchange, or health information network knows or should know that this practice is likely to interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information.

The ONC Final Rule implements certain Cures Act information blocking provisions, including defining terms and establishing reasonable and necessary exceptions to the definition of information blocking. OIG and ONC have coordinated extensively on both the ONC Final Rule and this proposed rule to align both regulatory actions. We propose to incorporate by reference the regulatory definitions and exceptions from the ONC Final Rule related to information blocking in 45 CFR part 171 as the basis for imposing CMPs and determining the amount of penalty imposed. These regulatory definitions, penalties for information blocking, and applicable procedures are reflected in the proposed regulations.

We further propose changes to the CMP regulations at 42 CFR part 1003 for conformity with the civil penalty amounts contained in the Act, as amended by the BBA 2018.

II. Background

For over 35 years, OIG has exercised the authority to impose CMPs, assessments, and exclusions in furtherance of its mission to protect Federal health care and other Federal programs from fraud, waste, and abuse. OIG recently received new CMP authorities, granted under the Cures Act, related to fraud and other prohibited conduct involving HHS grants, contracts, other agreements, and information blocking. OIG also received authority through the BBA 2018 to impose larger CMPs for certain offenses committed after February 9, 2018.

A. Overview of OIG Civil Money Penalty Authorities

The CMPL (sec. 1128A of the Act, 42 U.S.C 1320a-7a) was enacted in 1981 to provide HHS with the statutory authority to impose CMPs, assessments, and exclusions upon individuals and entities that commit fraud and other misconduct related to the Federal health care programs, including Medicare and Medicaid. The Secretary delegated the CMPL's authorities to OIG. 53 FR 12993 (April 20, 1988). HHS has promulgated regulations at 42 CFR parts 1003 and 1005 that: (1) Enumerate specific bases for the imposition of CMPs, assessments, and exclusion under the CMPL and other CMP statutes; (2) set forth the appeal rights of individuals and entities subject to those sanctions; and (3) outline the procedures under which a sanctioned party may appeal the sanction. Since 1981, Congress has created various other CMP authorities related to fraud and abuse that were delegated by the Secretary to OIG and added to part 1003.

B. The Cures Act and the ONC Final Rule

The Cures Act amended the CMPL to give HHS the authority to impose CMPs, assessments, and exclusions upon persons that commit fraud and other misconduct related to HHS grants, contracts, and other agreements. 42 U.S.C. 1320a-7a(o)-(s). This authority allows for the imposition of sanctions for a wide variety of fraudulent and improper conduct involving HHS grants, contracts, and other agreements, including, among other things, the making of false or fraudulent specified claims to HHS, the submission of false or fraudulent documents to HHS, and the creation of false records related to HHS grants, contracts, or other agreements. The authority applies to a broad array of situations in which HHS provides funding, directly or indirectly, in whole or in part, pursuant to a grant, contract, or other agreement. The Cures Act also created a new set of definitions related to grant, contract, and other agreement fraud and misconduct, outlined the sanctions for violation of the statute, and referenced the procedures to be used when imposing sanctions under the statute.

In addition, sec. 4004 of the Cures Act added sec. 3022 of the PHSA, which defines conduct that constitutes information blocking by developers of health IT, entities offering certified health IT, health information exchanges, health information networks, and health care providers. Specifically, sec. 3022(a) of the PHSA defines information blocking as: “a practice that—(A) except as required by law or specified by the Secretary pursuant to rulemaking under paragraph (3), is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information; and (B)(i) if conducted by a health information technology developer, exchange, or network, such developer, exchange, or network knows, or should know, that such practice is likely to interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information; or (ii) if conducted by a health care provider, such provider knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” Section 3022(a)(3) of the PHSA further provides that the Secretary shall, through rulemaking, identify reasonable and necessary activities that do not constitute information blocking. Section 3022(a)(4) of the PHSA states that the term “information blocking” does not include any conduct that occurred before January 13, 2017.

Section 3022(b)(1) of the PHSA authorizes OIG to investigate claims of information blocking by individuals and entities described in sec. 3022(a) of the PHSA, and also authorizes OIG investigations of claims that health IT developers or other entities offering certified health IT have submitted false attestations under the ONC Health IT Certification Program (sec. 3001(c)(5) of the PHSA). Section 3022(b)(2)(A) authorizes the Secretary to impose CMPs not to exceed $1 million per violation, on health IT developers or other entities offering certified health IT, health information exchanges, and health information networks that OIG determines committed information blocking. Section 3022(b)(2)(A) also provides that a determination to impose CMPs shall consider factors such as the nature and extent of the information blocking and harm resulting from such information blocking, including, where applicable, the number of patients affected, the number of providers affected, and the number of days the information blocking persisted. Section 3022(b)(2)(C) of the PHSA applies the procedures of sec. 1128A of the Act to civil money penalties imposed under sec. 3022(b)(2) of the PHSA in the same manner as such provisions apply to a civil money penalty or proceeding under such sec. 1128A(a) of the Act. This proposed rule would implement sec. 3022(b)(2)(A) and (C) of the PHSA.

Further, Section 3022(b)(2)(B) of the PHSA provides that any health care provider determined by OIG to have committed information blocking shall be referred to the appropriate agency to be subject to appropriate disincentives using authorities under applicable Federal law, as the Secretary sets forth through notice and comment rulemaking. This proposed rule only addresses OIG's imposition of CMPs for information blocking by health IT developers or other entities offering certified health IT, health information exchanges, and health information networks. This proposed rule does not apply to health care providers who engage in information blocking.^[1] However, health care providers that also meet the definition of a health information exchange or health information network as defined in the ONC Final Rule would be subject to information blocking CMPs. Once established, OIG will coordinate with, and send referrals to, the agency or agencies identified in future rulemaking by the Secretary that will apply the appropriate disincentive for health care providers that engage in information blocking, consistent with sec. 3022(b)(2)(B).

The Cures Act also identifies ways for ONC, OCR, and OIG to consult, refer, and coordinate. For example, sec. 3022(b)(3) of the PHSA states that OIG may refer instances of information blocking to OCR where a consultation regarding the health privacy and security rules promulgated under sec. 264(c) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2 note) (HIPAA) will resolve such information blocking claims. Additionally, sec. 3022(d)(1) requires ONC to share information with OIG as required by law. For additional discussion related to coordination, see section III.A.5 of the preamble.

We intend that the provisions of the ONC Final Rule and the OIG proposed rule will work in tandem and that each will inform the public's understanding of the other. As a result, we encourage parties to read this proposed rule together with the ONC Final Rule. ONC's Final Rule will define “information blocking,” define specific terms related to information blocking, and implement reasonable and necessary exceptions to the definition of information blocking. OIG's proposed rule will describe the parameters and procedures applicable to information blocking CMPs.

C. The Bipartisan Budget Act of 2018

The BBA 2018 amended the CMPL to increase certain civil money penalty amounts contained in 42 U.S.C. 1320a-7a(a) and (b). The BBA 2018 increased maximum civil money penalties in sec. 1128A(a) of the Act (42 U.S.C. 1320a-7a) from $10,000 to $20,000; from $15,000 to $30,000; and from $50,000 to $100,000. The BBA 2018 increased maximum civil money penalties in sec. 1128A(b) of the Act from $2,000 to $5,000 in paragraph (1), from $2,000 to $5,000 in paragraph (2), and from $5,000 to $10,000 in paragraph (3)(A)(i). This statutory increase in civil money penalty amounts is effective for acts committed after the date of enactment, February 9, 2018. This proposed rule would update our regulations to reflect the increased civil money penalties authorized by the 2018 BBA amendments.

III. Provisions of the Proposed Rule

A. Civil Money Penalty, Assessment, and Exclusion Authorities Under 42 CFR Part 1003

1. Subpart A—General Provisions

Subpart A contains the general provisions that apply to part 1003. The proposed changes revise the “Basis and Purpose” and “Definitions” sections of subpart A to incorporate into part 1003 OIG's new statutory authorities to impose sanctions related to grants, contracts, and other agreements, and information blocking.

§ 1003.100—Basis and Purpose

We propose to add the statutory authority for OIG's imposition of information blocking CMPs—sec. 3022 of the PHSA (42 U.S.C. 300jj-52)—to the list of statutory CMP provisions that appears in § 1003.100.

§ 1003.110—Definitions

We propose to make several changes to the “Definitions” section at § 1003.110 to add and revise definitions to incorporate OIG's new authorities into part 1003.

Department, Obligation, Other Agreement, Program Beneficiary, Recipient, Specified Claim, Specified State Agency

We propose to add the statutory definitions of the terms “Department,” “obligation,” “other agreement,” “program beneficiary,” “recipient,” “specified claim,” and “specified State agency” (codified at 42 U.S.C. 1320a-7a(q)-(s)) to § 1003.110. There are two differences between the statutory definitions and proposed regulatory definitions. First, the proposed regulatory definitions of “specified State agency” and “obligation” contain internal citations to regulatory—not statutory—provisions. Second, we propose to define the term “recipient” to clarify that the term means all persons (excluding program beneficiaries as defined in § 1003.110) directly or indirectly receiving money or property under a grant, contract, or other agreement funded in whole or in part by the Secretary, including subrecipients and subcontractors. We believe based upon the structure and purpose of the statute that Congress intended the term “recipient” to apply to any person that directly or indirectly receives money or property from the Secretary under a grant, contract, or other agreement, and authorized HHS to impose penalties, assessments, and exclusions against any individual or entity that commits acts in its interactions with these recipients that violate 42 U.S.C. 1320a-7a(o)(1)-(4).

Reasonable Request

The Cures Act provided HHS with the authority to impose CMPs, assessments, and exclusions for the failure “to grant timely access, upon reasonable request (as defined by such Secretary in regulations), to the Inspector General of the Department, for the purpose of audits, investigations, evaluations, or other statutory functions of such Inspector General in matters involving such grants, contracts, or other agreements.” 42 U.S.C. 1320a-7a(o)(5). This statutory language largely mirrors the language of 42 U.S.C. 1320a-7a(a)(9), which has for many years given HHS the authority to impose sanctions for the failure to grant timely access to OIG, upon reasonable request, “for the purpose of audits, investigations, evaluations, or other statutory functions” of OIG. Because the statutory language of 42 U.S.C. 1320a-7a(o)(5) and 42 U.S.C. 1320a-7a(a)(9) are similar, and based upon OIG's experience enforcing 42 U.S.C. 1320a-7a(a)(9), we believe the definition of “Reasonable Request” that currently appears in § 1003.110 and applies to CMP actions under 42 U.S.C. 1320a-7a(a)(9) for failure to grant timely access upon reasonable request to OIG in the healthcare fraud context, should be extended to circumstances involving grants, contracts, and other agreements. As such, we propose to amend § 1003.110 (Definitions—Reasonable Request) to apply the definition of “Reasonable Request” to actions under 42 U.S.C. 1320a-7a(o)(5) for failure “to grant timely access, upon reasonable request (as defined by such Secretary in regulations), to the Inspector General of the Department, for the purpose of audits, investigations, evaluations, or other statutory functions of such Inspector General in matters involving such grants, contracts, or other agreements.”

§1003.130—Assessments

We propose to add the term “specified State agency” to § 1003.130 to conform the language of § 1003.130 to the Cures Act changes to the CMPL. This revision would make explicit that assessments imposed under part 1003 are in lieu of damages sustained not only by the Department or a State agency, but also by a “specified State agency,” a term that is defined by 42 U.S.C. 1320a-7a(q)(6) and differs from the term “State agency” defined by 42 U.S.C. 1320a-7a(i)(1). The statutory definition of the term “specified State agency” is also being added to § 1003.110.

§1003.140—Determinations Regarding the Amount of Penalties and Assessments and the Period of Exclusion

We propose to change the cross-reference in § 1003.140(c)(3) from “as defined by paragraph (e)(2) of this section” to “as defined by paragraph (d)(2) of this section” to correct a scrivener's error from a prior amendment of part 1003, which took place on December 7, 2018. 81 FR 88354. We also propose to add a new subsection (5) to section § 1003.140(d), stating that the penalty amounts in part 1003 are adjusted annually for inflation. We are proposing this addition because we are proposing to eliminate footnotes 1 through 12 in part 1003 to simplify those sections.

2. Subpart B—CMPs, Assessments, and Exclusions for False or Fraudulent Claims or Other Similar Misconduct

We propose to modify §§ 1003.210 and 1003.310 to conform the subpart to the BBA 2018 amendments to the CMPL regarding the increase of CMP amounts. We propose to add text to each provision that provides a penalty amount to reflect the increased penalty amounts in the BBA 2018 for the applicable time periods. We also propose to delete footnotes 1-12, which are found in §§ 1003.210, 1003.310, 1003.410, 1003.510, 1003.610, 1003.810, 1003.910, 1003.1010, 1003.1110, 1003.1210, and 1003.1310. The proposed deletions accompany a parallel proposal to add a new § 1003.140(d)(5), stating that penalty amounts are adjusted annually. We are proposing these technical changes to state the annual adjustment to penalty amounts once in the “General Provisions” sections rather than repetitively in footnotes.

§1003.210—Amount of Penalties and Assessments

We propose to modify the text of § 1003.210, regarding the amount of penalties, to reflect the BBA 2018 penalty increases in 42 U.S.C. 1320a-7a(a) and (b). Specifically, in paragraphs (a)(1), (3), (4), and (8), we propose to insert the phrase “for conduct that occurred on or before February 9, 2018, and not more than $20,000 for conduct that occurred after February 9, 2018,” after “$10,000” to conform to the BBA 2018 amendments to the CMPL regarding the increase of CMP amounts. In paragraph (a)(3), we further propose to insert a comma after the words “per day” for grammatical clarity.

In paragraphs (a)(2) and (9), we propose to insert the phrase “for conduct that occurred on or before February 9, 2018, and not more than $30,000 for conduct that occurred after February 9, 2018,” after “$15,000,” to conform to the BBA 2018 amendments to the CMPL.

In paragraphs (a)(6) and (7), we propose to insert the phrase “for conduct that occurred on or before February 9, 2018, and not more than $100,000 for conduct that occurred after February 9, 2018,” after “50,000” to conform to the BBA 2018 amendments to the CMPL.

In paragraph (a)(10)(i), we propose to insert “for conduct that occurred on or before February 9, 2018, and $10,000 for conduct that occurred after February 9, 2018,” after “5,000” to conform to the BBA 2018 amendments to the CMPL.

§ 1003.310—Amount of Penalties and Assessments

Similarly, for § 1003.310, we propose to modify the text regarding the amount of penalties to reflect the BBA 2018 penalty increases to 42 U.S.C. 1320a-7a(a)(7). In paragraph (a)(3), we propose to insert “for conduct that occurred on or before February 9, 2018, and $100,000 for conduct that occurred after February 9, 2018,” after “50,000” to conform to the BBA 2018 amendments to the CMPL.

3. Subpart G—CMPs, Assessments, and Exclusions for Fraud or False Claims or Similar Conduct Related to Grants, Contracts, and Other Agreements

We propose to add a new subpart G that would codify in regulation OIG's new authority under the Cures Act to impose CMPs, assessments, and exclusions for fraud, false claims, and similar conduct related to HHS grants, contracts, and other agreements. Subpart G would also identify the maximum assessments and penalties that OIG may impose under part 1003 and aggravating and mitigating factors OIG may consider when imposing sanctions.

§ 1003.700—Basis for Civil Money Penalties, Assessments, and Exclusions

New § 1003.700 would enumerate in regulation the new CMP offenses in 42 U.S.C. 1320a-7a(o) created by the Cures Act related to fraud and other misconduct involving grants, contracts, and other agreements, which provided OIG with the authority to impose CMPs, assessments, and exclusions for a variety of abusive conduct involving important HHS programs that provide many billions of dollars in funding every year. The five distinct categories of offenses, which would be enumerated in regulation at § 1003.700(a)(1) through (5), make sanctionable a variety of fraudulent or otherwise improper conduct related to HHS grants, contracts, and other agreements.

First, OIG may impose sanctions against any person that knowingly presents or causes to be presented a specified claim related to a grant, contract or other agreement that a person knows or should know is false or fraudulent. A “specified claim” includes an application, request, or demand for money or property under a grant, contract, or other agreement, and would include a request for a drawdown or other payment that is made to a computerized payment administration system like the HHS Payment Management System. Second, OIG may impose sanctions against any person who knowingly makes, uses, or causes to be made or used any false statement, omission, or misrepresentation of a material fact in any of the wide array of documents (such as applications, proposals, bids, or progress reports) that are required to be submitted in order to directly or indirectly receive or retain funds provided in whole or in part pursuant to an HHS grant, contract, or other agreement. Third, OIG is authorized to impose sanctions against any person who knowingly makes, uses, or causes to be made or used, false records or statements material to false or fraudulent specified claims under a grant, contract, or other agreement. Fourth, OIG has authority to sanction any person who knowingly conceals, avoids, or decreases an obligation to pay or transmit funds or property with respect to a grant, contract, or other agreement, or knowingly makes, uses, or causes to be made or used, a false record or statement material to such an obligation. Finally, OIG is authorized to impose sanctions for a person's failure to grant timely access upon reasonable request to OIG personnel who are carrying out audits, evaluations, investigations, and other statutory functions related to grants, contracts, and other agreements. The regulatory text in proposed § 1003.700 is consistent with the statutory language of 42 U.S.C. 1320a-7a(o), with technical modifications to change internal cross-references to regulatory provisions, not statutory provisions.

The statutory authority to impose CMPs, assessments, and exclusions under 42 U.S.C. 1320a-7a(o) applies to a wide array of situations in which HHS provides funding, directly or indirectly, in whole or in part, pursuant to a grant, contract, or other agreement. Regarding OIG's authority to impose sanctions for conduct involving “other agreements,” the statutory definition of “other agreement” under 42 U.S.C. 1320a-7a(q)(3) is broad and identifies a non-exclusive list of arrangements that could constitute “other agreements” under the statute. When OIG investigates potential misconduct under the statute and decides whether to impose sanctions, it will evaluate each matter on a case-by-case basis to determine whether the funding arrangement at issue constitutes an “other agreement” under the statute and if the conduct at issue violates the statute.

§ 1003.710—Amount of Penalties and Assessments

We propose to add a new § 1003.710 that codifies in the regulation the maximum statutory penalties and assessments OIG may impose for violation of the new offenses for grant, contract, and other agreement fraud and misconduct. As with proposed § 1003.700, the regulatory language of proposed § 1003.710 is consistent with the statutory language of 42 U.S.C. 1320a-7a(o) that establishes the maximum penalties and assessments for violations of the statute, with only slight technical modifications to change internal citations to regulatory provisions, not statutory provisions. Penalties authorized under 42 U.S.C. 1320a-7a(o) range from a maximum of $10,000 per offense to a maximum of $50,000 per offense, and OIG may impose an assessment of not more than three times the amount involved with the improper conduct.

§ 1003.720—Determinations Regarding the Amount of Penalties and Assessments and Period of Exclusion

We propose to add a new § 1003.720 to identify factors that OIG may consider in conjunction with § 1003.140 as aggravating and mitigating factors when imposing penalties, assessments, and exclusions resulting from violations of the Cures Act's new grant, contract, and other agreement fraud and misconduct offenses. This list of factors is not all-inclusive and largely mirrors the list of circumstances already established under § 1003.220 that OIG may consider as aggravating and mitigating when imposing penalties, assessments, and exclusions for violations of § 1003.200 related to the fraudulent or false submission of healthcare claims. Based upon OIG's experience enforcing CMPs against health care providers and others, this non-exhaustive set of factors provides a framework to aid OIG in assessing the severity of the conduct at issue when determining the size and scope of the penalties, assessments, and exclusions to be imposed. The factors as stated for assessing violations in the healthcare context are also applicable in assessing violations of grant, contract, and other agreement fraud and misconduct offenses.

Proposed § 1003.720 states that OIG should consider it a mitigating circumstance if the violations included in an action brought under proposed § 1003.700 were of the same type and occurred within a short period of time, there were few such violations, and the total amount claimed or requested related to the violations was less than $5,000. The proposed list of mitigating circumstances is nearly identical to the list of mitigating circumstances in § 1003.220(a), which OIG currently uses to determine the amount of the penalty and assessment and period of exclusion imposed in actions brought under § 1003.200 for CMPL violations related to the submission of false or fraudulent healthcare claims. Like the proposed § 1003.720(a), it is considered mitigating in the healthcare fraud context under § 1003.220(a), if the total amount claimed or requested for the items or services at issue was less than $5,000.

Proposed § 1003.720 also identifies a non-exclusive list of factors that OIG could consider as aggravating circumstances in actions brought under proposed § 1003.700, including if: (1) The violations were of several types or occurred over a lengthy period of time; (2) there were many such violations (or the nature and circumstances indicate a pattern of false or fraudulent specified claims, requests for payment, or a pattern of violations); (3) the amount requested or claimed or related to the violations was $50,000 or more; or (4) the violation resulted, or could have resulted, in physical harm to any individual. As with the proposed mitigating factors, the proposed aggravating factors are consistent with the aggravating factors listed in § 1003.220(b) that OIG currently uses to determine the amount of the penalty and assessment and period of exclusion imposed in actions brought under § 1003.200 for conduct related to the submission of false or fraudulent healthcare claims. For example, like the proposed § 1003.720(b)(3), it is considered aggravating under § 1003.220(b)(3) if the total amount claimed or requested for the items or services at issue was more than $50,000.

We solicit comments on other aggravating or mitigating circumstances OIG should consider when imposing penalties, assessments, and exclusions under its new grant, contract, and other agreement CMP authority.

4. Subpart J—CMPs, Assessments, and Exclusions for Beneficiary Inducement Violations

We propose to modify § 1003.1010 to conform to the BBA 2018 amendments to the CMPL regarding the increase of CMP amounts.

§ 1003.1010—Amount of Penalties and Assessments

We propose to modify the text of § 1003.1010, regarding the amount of penalties, to reflect the BBA 2018 penalty increases to 42 U.S.C. 1320a-7a(a)(5). In paragraph (a), we propose to insert “for conduct that occurred on or before February 9, 2018, and $20,000 for conduct that occurred after February 9, 2018,” after “$10,000” to conform to the BBA 2018 amendments to the CMPL.

5. Subpart N—CMPs for Information Blocking

OIG has a long and successful history of investigating serious conduct that negatively affects HHS programs and program beneficiaries. Investigating and taking enforcement action against individuals and entities that engage in information blocking is consistent with this history. Information blocking can pose a threat to patient safety and undermine efforts by providers, payers, and others to make our health system more efficient and effective. Addressing the negative effects of information blocking is consistent with OIG's mission to protect the integrity of HHS programs, as well as the health and welfare of program beneficiaries.

We are aware that some individuals and entities subject to information blocking CMPs may not be familiar, or may have limited experience, with OIG's enforcement authorities, especially OIG's other CMP authorities in 42 CFR part 1003. To address potential questions or concerns, we explain our anticipated approach to information blocking enforcement, including our expected priorities. The following information regarding OIG's anticipated approach to information blocking enforcement is not a regulatory proposal, and is provided for information only. This preamble discussion of enforcement priorities is not binding on OIG and does not impose any legal restrictions related to OIG's discretion to choose which information blocking complaints to investigate.

OIG has significant experience investigating and taking enforcement action for conduct that is subject to other CMPs. For example, OIG investigates and imposes CMPs on individuals and entities that submit false claims to health care programs (i.e., healthcare fraud). For over 35 years, OIG has conducted other CMP investigations and enforcement and will use this institutional knowledge to ensure effective enforcement of the information blocking provision. OIG's investigation of information blocking allegations and exercise of discretion regarding penalties would utilize similar methods and techniques appropriately tailored to each complaint's unique facts and circumstances.

As with other conduct that OIG has authority to investigate, OIG has discretion to choose which information blocking complaints to investigate. To maximize efficient use of OIG's resources, OIG focuses on selecting cases for investigation that are consistent with enforcement priorities.

Based on our current expectations, OIG's enforcement priorities will include conduct that: (i) Resulted in, is causing, or had the potential to cause patient harm; (ii) significantly impacted a provider's ability to care for patients; (iii) was of long duration; (iv) caused financial loss to Federal health care programs, or other government or private entities; or (v) was performed with actual knowledge. We expect these priorities will evolve as OIG gains more experience investigating information blocking.

We emphasize that information blocking—as defined in sec. 3022(a)(1)(B)(i) of the PHSA and in 45 CFR 171.103(b)—includes an element of intent (“if conducted by a health information technology developer, exchange, or network, such developer, exchange, or network knows, or should know, that such practice is likely to interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information”). OIG lacks the authority to pursue information blocking CMPs against actors who OIG concludes did not have the requisite intent. Consequently, OIG will not bring enforcement actions against actors who OIG determined made innocent mistakes (i.e., lack the requisite intent for information blocking). OIG has significant experience and expertise investigating and determining whether to take an enforcement action based on other laws that are intent-based (e.g., the CMPL and the Federal anti-kickback statute). This history will inform our use of discretion to take action against individuals and entities who we conclude have the requisite intent.

Each allegation of information blocking will be assessed based on its own merits given the unique facts and circumstances presented. We will closely coordinate with ONC given its separate, but related, authority under the PHSA and its program expertise related to the information blocking regulations. Additionally, consistent with sec. 3022(b)(3)(A) of the PHSA, OIG may refer an information blocking claim to OCR if a consultation regarding the health privacy and security rules promulgated under sec. 264(c) of HIPAA would resolve an information blocking claim. Depending on the facts and circumstances of the claim, OIG may exercise its discretion in referring individuals and entities to consult with OCR to resolve information blocking claims. In exercising that discretion, OIG will coordinate closely with OCR for referrals under sec. 3022(b)(3)(A) of the PHSA.

Section 3022(d)(4) requires the Secretary, to the extent possible, to ensure that information blocking penalties do not duplicate penalty structures that would otherwise apply with respect to information blocking and the type of individual or entity involved as of the day before the date of enactment of the Cures Act. OIG will closely coordinate with other agencies within HHS, such as ONC and OCR, as well as other Federal agencies, such as the Department of Justice and the Federal Trade Commission, to ensure that any information blocking penalties do not duplicate other penalties structures that would otherwise apply with respect to information blocking conduct. In this way, OIG will exercise its enforcement discretion in a manner that is consistent with this section.

We propose to add a new subpart N that would codify in the regulation OIG's authority under the Cures Act to impose CMPs for information blocking.

OIG will not begin enforcing the information blocking CMPs until the OIG CMP information blocking regulations are effective. We are proposing that the effective date of these regulations be 60 days from the date of publication of our final rule. We are also considering an alternative proposal for the effective date of subpart N described in detail later in this preamble.

We appreciate that information blocking is newly regulated conduct. We also understand the significant negative effect that information blocking can have on patient safety, care coordination in the healthcare system, and the ability of patients and providers to have information to make informed, appropriate decisions about important healthcare decisions. The goal in exercising our enforcement discretion is to provide individuals and entities that are taking necessary steps to comply with the ONC Final Rule with time to do so while putting the industry on notice that penalties will apply to information blocking conduct within a reasonable time.

Recognizing that goal, OIG is providing notice through publication of this proposed rule that enforcement will begin 60 days after our rule is final. We note that section 3022(b) of the PHSA is self-implementing and the only explicit timing limitation of the information blocking provision is in section 3022(a)(4) of the PHSA.

Notwithstanding that legal authority, OIG emphasizes that we will exercise our enforcement discretion to impose CMPs against actors who have engaged in information blocking after the effective date of our final rule. Conduct that occurs before the effective date of our final rule will not be subject to information blocking CMPs. Even though we are proposing that enforcement of information blocking will not begin until 60 days after our rule is final, individuals and entities subject to the information blocking regulations must comply with the ONC Final Rule as of the compliance date for 45 CFR part 171, finalized at 45 CFR 171.101(b). The period between the compliance date of the ONC Final Rule and the proposed start of OIG's information blocking enforcement will provide individuals and entities with time to come into compliance with the ONC Final Rule with added certainty that practices during that period will not be subject to penalties. We believe the proposed effective date of 60 days after publication of the OIG final rule provides a reasonable amount of time for individuals and entities to come into compliance with ONC's Final Rule.

We are also considering for the final rule an alternative proposal for the effective date to apply only to subpart N of part 1003, which would also affect the start of OIG's information blocking enforcement. The alternative proposal would establish a specific date that OIG's information blocking CMP regulations would be effective. Specifically, we are considering for the final rule an effective date of October 1, 2020 for subpart N of part 1003. By considering this specific, effective date, we seek to provide entities a time certain that OIG enforcement will begin. As discussed above, individuals and entities are legally subject to the information blocking regulations and must comply with those rules as of the compliance date of ONC's Final Rule finalized at 45 CFR 171.101(b). This alternative proposal would provide a definite period to these individuals and entities to continue their compliance efforts with the ONC Final Rule with the knowledge that their conduct would not be subject to OIG enforcement until October 1, 2020. OIG believes that this time frame would be more than adequate for actors to implement necessary changes to align with ONC's Final Rule. At a minimum, enforcement would not begin until the compliance date of the ONC Final Rule finalized at 45 CFR 171.101(b).

Having a specific date to target may assist in the execution and timing of amending agreements, issuing updates, or other actions needed to comply with the ONC Final Rule. We recognize that proposing a specific effective date would require OIG to complete the final rulemaking process before this proposed specific date. We have considered that factor and believe this alternative proposal allows time for that process.

We solicit comment on these proposed approaches for the effective date of OIG's information blocking CMP regulations, which would subsequently determine the start of OIG's information blocking enforcement. We are considering alternative effective dates that are sooner or later than October 1, 2020, and are interested in comments on potential dates and explanations about why parties would need a longer or shorter time period to come into compliance with the ONC Final Rule.

We emphasize that these proposed effective dates are only applicable to the information blocking provisions, and not the grant, contract, and other agreement fraud and misconduct CMP provisions of the proposed rule. The grant, contract, and other agreement fraud and misconduct CMP provisions of the proposed rule will go into effect 30 days after publication of the final rule.

§ 1003.1400—Basis for Civil Money Penalties

We propose to add a new § 1003.1400 at subpart N that would codify the new information blocking CMP authority by incorporating the relevant provisions of 45 CFR part 171 established by the ONC Final Rule. These provisions subject health IT developers of certified health IT, which includes other entities offering certified health IT as defined in part 45 CFR part 171, health information networks, and health information exchanges to CMPs if OIG determines, following an investigation, that they have committed information blocking.^[2] Among other things, the ONC Final Rule establishes regulatory definitions related to information blocking and identifies reasonable and necessary activities that do not constitute information blocking for purposes of sec. 3022(a)(1) of the PHSA. OIG investigations of information blocking will utilize ONC's regulatory definitions and exceptions to information blocking to assess conduct by health IT developers of certified technology, entities offering certified health IT, health information networks, health information exchanges, and health care providers. Enforcement action using the CMP authority implemented by PHSA sec. 3022(b)(2)(A), will similarly depend on the information blocking regulations in the ONC Final Rule.

We are proposing new regulatory text at § 1003.1400 implementing OIG's information blocking CMP authority. The proposed rule incorporates 45 CFR 171.103(b) with regard to the types of actors that may be liable for CMPs and also the information blocking provisions in 45 CFR part 171 to determine the conduct that triggers the information blocking CMP authority. By incorporating the ONC regulations, OIG enforcement will rely on the regulatory definition of information blocking and the related exceptions.

With the addition of the new information blocking CMP to part 1003, the public can gain an understanding of the procedures for appealing such a determination before enforcement begins. PHSA sec. 3022(b)(2)(C) applies the CMP procedures from sec. 1128A of the Act to information blocking CMPs. The procedures that OIG follows in imposing CMPs under sec. 1128A of the Act are codified in 42 CFR part 1003, subpart O, and the procedures for members of the public to appeal the imposition of CMPs are codified in 42 CFR part 1005. Under the proposal to incorporate the information blocking CMP into 42 CFR part 1003, any CMP determination based on an investigation of information blocking would be subject to the CMP procedures and appeal process in parts 1003 and 1005, as the procedures and appeal process would apply to any CMPs imposed under sec. 1128A of the Act. We solicit comment, for purposes of a final rule, on the proposed incorporation of the information blocking regulations into 42 CFR part 1003, and the proposed application of the existing CMP procedures and appeal process in parts 1003 and 1005 to the information blocking CMP.

The proposal to codify the CMP authority provided in sec. 3022(b)(2)(A) of the PHSA is consistent with the limitations on CMPs that are found throughout sec. 3022. The authority for CMPs extends only to those entities listed in sec. 3022(b)(2)(A) (i.e., a health information technology developer of certified health information technology or other entity offering health information technology, or a health information exchange or network). Pursuant to sec. 3022(b)(2)(B), the CMP authority does not extend to health care providers. If OIG determines that a health care provider has committed information blocking, it shall refer such health care provider to the appropriate agency for appropriate disincentives. The appropriate agency and appropriate disincentives will be established by the Secretary in future notice and comment rulemaking. OIG will coordinate closely with other agencies within HHS to develop consultation and referral processes consistent with such rulemaking by the Secretary. Further, in determining whether a health care provider has committed information blocking, OIG shall consider whether, in accordance with sec. 3022(a)(7), a developer of health information technology or another entity offering health information technology to such provider failed to ensure that the technology meets the requirements to be certified under the ONC Health IT Certification Program.

The proposal is also consistent with the PHSA's establishment of a referral channel from OIG to OCR where a consultation with OCR under HIPAA will resolve an information blocking claim. OIG is coordinating closely with OCR to refer appropriate information blocking claims pursuant to sec. 3022(b)(3).

§ 1003.1410

We propose to add a new § 1003.1410 to codify the maximum penalty OIG can impose per violation of the PHSA's information blocking provisions. PHSA sec. 3022(b)(2)(A) authorizes a maximum penalty not to exceed $1,000,000 per violation. The proposed regulatory language reflects this maximum penalty amount. We solicit comments on this proposed regulatory language.

Furthermore, the proposed rule would define “violation” as each practice that constitutes information blocking. The proposed definition of violation incorporates the definition of “practice” in 45 CFR 171.102 and “information blocking” in 45 CFR part 171. We believe it is necessary to propose a definition of “violation” to clarify how OIG will determine the number of information blocking practices that might be penalized. To explain the intent of the proposed definition of “violation” and illustrate how OIG would determine what constitutes a single violation or multiple violations, we provide hypothetical examples of conduct that would meet the definition of information blocking. We emphasize that these examples are illustrative and not exhaustive. We further emphasize that what constitutes a violation will depend on the facts and circumstances of each allegation of information blocking.

For purposes of this preamble and proposed rule, these examples assume that the conduct meets all elements of the information blocking definition, which includes the requisite level of statutory intent, are not required by law, and do not meet an exception set forth in the ONC Final Rule. The following two examples would each constitute a single violation:

• A health care provider notifies its health IT developer of its intent to switch to another electronic health record (EHR) system and requests a complete electronic export of its patients' electronic health information (EHI) via the capability certified to in 45 CFR 170.315(b)(10). The developer refuses to export any EHI without charging a fee. The refusal to export EHI without charging this fee would constitute a single violation.
• A health IT developer (D1) connects to a health IT developer of certified health IT (D2) using a certified API. D2 decides to disable D1's ability to exchange information using the certified API. D1 requests EHI through the API for one patient of a health care provider for treatment. As a result of D2 disabling D1's access to the API, D1 receives an automated denial of the request. This would be considered a single violation.

For these examples, the facts or circumstances could affect the penalty amount but would not likely result in determining that there were multiple violations. However, when investigating information blocking, OIG will assess the facts and circumstances on a case-by-case basis, which may lead to a determination that multiple violations occurred. In the first example, the number of patients affected by the health IT developer's information blocking practice is a factor OIG would consider when determining the penalty amount consistent with the regulations proposed at 42 CFR 1003.1420. For determining the number of violations, the important fact would be that the health IT developer engaged in one practice (charging a fee to the health care provider to perform an export of electronic health information for the purposes of switching health IT) that meets the elements of the information blocking definition in 45 CFR 171.103(a). Although several patients might be affected by the health IT developer's practice of information blocking, the health IT developer only engaged in one practice in response to the request from the provider. Therefore, under the proposed rule, the fact scenario in this example would constitute only one violation. We solicit comment, for purposes of the final rule, on the examples of a single violation and what constitutes a single violation.

The following non-exhaustive list of examples illustrates scenarios where OIG would determine that there is more than one violation under the proposed rule. As with the prior examples, these examples assume that the facts meet all the elements of the information blocking definition, which includes the requisite level of statutory intent, are not required by law, and do not meet any exception established by the ONC Final Rule.

• A health IT developer's software license agreement with one customer prohibits the customer from disclosing to its IT contractors certain technical interoperability information (i.e., interoperability elements), without which the customer and the IT contractors cannot access and convert EHI for use in other applications. The health IT developer also chooses to perform maintenance on the health IT that it licenses to the customer at the most inopportune times because the customer has indicated its intention to switch its health IT to that of the developer's competitor. For this specific circumstance, one violation would be the contractual prohibition on disclosure of certain technical interoperability information and the second violation would be performing maintenance on the health IT in a discriminatory fashion. Each violation would be subject to a separate penalty.
• A health IT developer requires vetting of third-party applications before the applications can access the health IT developer's product. The health IT developer denies applications based on the functionality of the application. There are multiple violations based on each instance the health IT developer vets a third-party application because each practice is separate and based on the specific functionality of each application. Each of the violations in this specific scenario would be subject to a penalty.

For the two examples illustrating multiple violations, we note that important facts, in determining the number of violations under the proposed rule, are the discrete practices that each meet the elements of the information blocking definition. In the first example, the health IT developer engages in two separate practices: (1) Prohibiting disclosure of certain technical interoperability information and (2) performing maintenance on the health IT in a discriminatory fashion. Each practice would meet the definition of information blocking separately. Therefore, the first example illustrates a scenario with two violations under the proposed rule. In the second example, the health IT developer vets each third-party application separately and makes a separate decision for each application. For each denial of access to EHI based on the discriminatory vetting, there is a practice that meets the definition of information blocking. Thus, each denial of access would constitute a separate violation under the proposed rule.

We solicit comments on the proposed definition of “violation,” for purposes of the final rule, as it pertains to proposed subpart N of 42 CFR part 1003. The examples are offered solely to illustrate OIG's current understanding of what constitutes a single violation versus multiple violations. However, as previously stated, these examples are non-exhaustive and our understanding of single versus multiple violations will be informed by OIG's experience enforcing the information blocking CMP authority.

§ 1003.1420

We propose to add a new § 1003.1420 that would codify the factors that OIG must consider when imposing a CMP against an individual or entity for committing information blocking. PHSA sec. 3022(b)(2)(A) mandates that a determination to impose a CMP for an information blocking violation must consider factors such as the nature and extent of the information blocking and the harm resulting from such information blocking, including, where applicable, the number of patients affected, the number of providers affected, and the number of days the information blocking persisted. The proposed regulatory language at new § 1003.1420 includes these statutory factors. These factors are similar to those found in other sections of part 1003, for consideration in OIG's imposition of its other CMP authorities.

Given that the regulation of information blocking conduct is new, as is enforcement, we have limited experience to inform the proposal of additional aggravating and mitigating circumstances to adjust the CMP penalties. For these reasons, we have only proposed implementation of the statutory factors described above. We solicit comments on any additional factors we should consider, for purposes of a final rule, in determining the amount of information blocking CMPs, including examples of specific conduct that should be subject to higher or lower penalty amounts.

6. Subpart O—Procedures for the Imposition of CMPs, Assessments, and Exclusions

We propose two technical modifications to subpart O to apply the language of the subpart to situations involving fraud and other improper conduct involving grants, contracts, and other agreements.

§ 1003.1550—Collection of Penalties and Assessments

We propose to add the phrase “or specified claim” in § 1003.1550(b) as a technical modification to apply the changes enacted by the Cures Act (42 U.S.C. 1320a-7a(o)) to § 1003.1550. As written, § 1003.1550(b) permits the United States to file suit to recover penalties and assessments imposed under part 1003 in the United States district court for the district in which the claim was presented or where the respondent resides. This modification would permit the United States to also file suit in the United States district court for the district in which a specified claim was presented.

§ 1003.1580—Statistical Sampling

We propose to add the term “specified claims” in § 1003.1580(a) as a technical modification to apply the changes enacted by the Cures Act to § 1003.1580.

B. Appeals of Exclusions, Civil Money Penalties and Assessments Under 42 CFR Part 1005

§ 1005.1—Definitions

The procedures set forth in part 1005 govern the appeal of CMPs, assessments, and exclusions in all cases for which OIG has been delegated authority to impose those sanctions, including cases involving grants, contracts, and other agreements, and information blocking. As such, we propose deleting the phrase “under Medicare or the State health care programs” from the definitions of “civil money penalty cases” and “exclusion cases” to correctly define those terms as applying to all cases for which OIG has been delegated authority to apply CMPs, assessments, and exclusions, not only to those cases involving Medicare or the State health care programs.

IV. Regulatory Impact Statement

We have examined the impact of this proposed rule as required by Executive Order 12866, the Regulatory Flexibility Act (RFA) of 1980, the Unfunded Mandates Reform Act of 1995, and Executive Order 13132.

A. Executive Order No. 12866

Executive Order No. 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, if regulations are necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, and public health and safety effects; distributive impacts; and equity). A regulatory impact analysis must be prepared for major rules with economically significant effects (i.e., $100 million or more in any given year). This is not a major rule as defined at 5 U.S.C. 804(2); it is not economically significant because it does not reach that economic threshold. The vast majority of Federal health care programs would be minimally impacted from an economic perspective, if at all, by these proposals.

This proposed rule would codify new statutory enforcement provisions, including new CMP authorities. The regulatory changes implement provisions of the Cures Act and BBA 2018 into 42 CFR parts 1003 and 1005. We believe that the likely aggregate economic effect of these regulations would be significantly less than $100 million.

The expected benefits of the regulation are deterring conduct that negatively affects the integrity of HHS grants, contracts, and other agreements and potentially enhanced statutory compliance by HHS grantees, contractors, and other parties. It also will deter information blocking conduct that interferes with effective health information exchange and negatively impacts many important aspects of health and health care. We refer readers to the impact analysis of the benefits of prohibiting and deterring information blocking in section XII.C.2.a.(4.2) of the ONC Final Rule.

We anticipate that OIG will incur some costs associated with investigation and enforcement of the statutes underlying these penalty provisions. The FY 2021 President's Budget proposes $5.3 million for OIG information blocking activities. Additionally, investigated parties may incur some costs in response to an OIG investigation or enforcement action. Absent information about the frequency of prohibited conduct, we are unable to determine precisely the potential costs of this regulation.

Civil monetary penalties and assessments, if any, would be considered transfers. However, we are unable to reliably estimate potential penalty and assessment amounts because enforcement action will depend on the facts and circumstances of individual cases, some enforcement will be of newly regulated conduct, and some cases may result in settlement. We seek comment on potential impacts of the rulemaking.

B. Regulatory Flexibility Act

The RFA and the Small Business Regulatory Enforcement and Fairness Act of 1996, which amended the RFA, require agencies to analyze options for regulatory relief of small businesses. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and Government agencies.

The Department considers a rule to have a significant impact on a substantial number of small entities if it has an impact of more than 3 percent of revenue for more than 5 percent of affected small entities. This proposed rule should not have a significant impact on the operations of a substantial number of small entities, as these changes would not impose any new requirement on any party. These changes largely codify existing regulatory authority. In addition, we expect that increases in the maximum penalty proposed here will only have an impact in a small number of cases. As a result, we have concluded that this proposed rule likely will not have a significant impact on a substantial number of small entities and that a regulatory flexibility analysis is not required for this rulemaking.

In addition, sec. 1102(b) of the Act (42 U.S.C. 1302) requires us to prepare a regulatory impact analysis if a rule under Titles XVIII or XIX or sec. B of Title XI of the Act may have a significant impact on the operations of a substantial number of small rural hospitals. We have concluded that this proposed rule should not have a significant impact on the operations of a substantial number of small rural hospitals because these changes would not impose any requirement on any party and small rural hospitals are not subject to CMPs for information blocking under this proposed rule. Therefore, a regulatory impact analysis under sec. 1102(b) is not required for this rulemaking.

C. Unfunded Mandates Reform Act

Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104-4, also requires that agencies assess anticipated costs and benefits before issuing any rule that may result in expenditures in any one year by State, local, or Tribal governments, in the aggregate, or by the private sector, of $100 million, adjusted annually for inflation. In 2019, this threshold is approximately $154 million. As indicated above, these proposed revisions comport with statutory amendments and clarify existing law. We believe that there are no significant costs associated with these proposed revisions that would impose any mandates on State, local, or Tribal governments or the private sector that would result in an expenditure of $154 million or more in any given year and that a full analysis under the Unfunded Mandates Reform Act is not necessary.

D. Executive Order 13771

Executive Order 13771 requires that the costs associated with significant new regulations “to the extent permitted by law, be offset by the elimination of existing costs associated with at least two prior regulations.” This rulemaking, while significant under Executive Order 12866, is expected to impose only de minimis costs and therefore is not anticipated to be a regulatory or deregulatory action under Executive Order 13771.

E. Executive Order 13132

Executive Order 13132, Federalism, establishes certain requirements that an agency must meet when it promulgates a rule that imposes substantial direct requirements or costs on State and local governments, preempts State law, or otherwise has Federalism implications. In reviewing this rule under the threshold criteria of Executive Order 13132, we have determined that this proposed rule would not significantly affect the rights, roles, and responsibilities of State or local governments. Nothing in this proposed rule imposes substantial direct requirements or costs on State and local governments, preempts State law, or otherwise has Federalism implications. We are not aware of any State laws or regulations that are contradicted or impeded by any of the provisions in this proposed rule.

The Secretary is authorized by 42 U.S.C. 1320a-7a(o), which we propose to codify in the regulation at § 1003.700, to impose CMPs and assessments against individuals and entities that engage in fraud and other improper conduct against specified State agencies that administer or supervise the administration of grants, contracts, and other agreements funded in whole or in part by the Secretary. Additionally, 42 U.S.C. 1320a-7a(f)(4) directs that these CMPs and assessments be deposited into the Treasury of the United States. Amounts collected under this authority could not be used to compensate a State for damages it incurs due to improper conduct related to grants, contracts, or other agreements funded by the Secretary that are administered or supervised by specified State agencies.

However, neither 42 U.S.C. 1320a-7a nor this proposed regulation preclude or impede any State's authority to pursue actions against entities and individuals that defraud or otherwise engage in improper conduct related to grants, contracts, or other agreements funded by the Secretary that are administered or supervised by specified State agencies. For this reason, the Secretary's authority related to specified State agencies will not have a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government.

Based on OIG's prior approach to enforcement that involves state programs and agencies, we also anticipate coordinating closely with the relevant State authorities, which would provide states notice about the improper conduct and the opportunity to pursue action under the state authority. We solicit comment on the potential Federalism implications of this rulemaking.

V. Paperwork Reduction Act

These proposed changes to parts 1003 and 1005 impose no new reporting requirements or collections of information. Therefore, a Paperwork Reduction Act review is not required.

List of Subjects

42 CFR Part 1003

• Fraud—Grant Programs
• Contracts; Information Blocking; Penalties

42 CFR Part 1005

• Administrative practice and procedure

For the reasons set forth in the preamble, the Office of Inspector General, Department of Health and Human Services, proposes to amend 42 CFR chapter V, subchapter B as follows:

PART 1003—CIVIL MONEY PENALTIES, ASSESSMENTS AND EXCLUSIONS

1. Revise the authority citation for part 1003 to read as follows:

Authority: 42 U.S.C. 262a, 300jj-52, 1302, 1320-7, 1320a-7a, 1320b-10, 1395u(j), 1395u(k), 1395cc(j), 1395w-141(i)(3), 1395dd(d)(1), 1395mm, 1395nn(g), 1395ss(d), 1396b(m), 11131(c), and 11137(b)(2).

2. Amend § 1003.100 by revising paragraph (a) to read as follows:

3. Amend § 1003.110 by:

a. Adding in alphabetical order definitions for “Department”, “Obligation”, “Other agreement”, and “Program beneficiary”;

b. Revising the definition of “Reasonable request”; and

c. Adding in alphabetical order definitions for “Recipient”, “Specified claim”, and “Specified state agency”.

The revisions and additions read as follows:

4. Revise § 1003.130 to read as follows:

5. Amend § 1003.140:

a. In paragraph (c)(3), by removing the phrase “(as defined by paragraph (e)(2) of this section)” and adding in its place the phrase “(as defined by paragraph (d)(2) of this section)”; and

b. By adding paragraph (d)(5).

The addition reads as follows:

Subpart B—CMPs, Assessments, and Exclusions for False or Fraudulent Claims and Other Similar Misconduct

6. In each location referenced in the first column of the following table, the text is amended by removing the footnote referenced in the second column.

7. Section 1003.210 is further amended by revising paragraphs (a)(1) through (4), (6) through (9), (a)(10) introductory text, and (a)(10)(i) to read as follows:

8. Section 1003.310 is further amended by revising paragraph (a)(3) to read as follows:

9. Add subpart G to read as follows:

Subpart G—CMPs, Assessments, and Exclusions for Fraud or False Claims or Similar Conduct Related to Grants, Contracts, and Other Agreements

10. Section 1003.1010 is further amended by removing the figure “$10,000” and adding in its place the phrase “$10,000 for conduct that occurred on or before February 9, 2018, and $20,000 for conduct that occurred after February 9, 2018” in paragraph (a).

Subpart N—CMPs for Information Blocking

11. Add subpart N to read as follows:

Subpart N—CMPs for Information Blocking

12. Amend § 1003.1550 in paragraph (b) by removing the phrase “where the claim” and adding in its place the phrase “where the claim or specified claim”.

13. Amend § 1003.1580 by revising paragraph (a) to read as follows:

PART 1005—APPEALS OF EXCLUSIONS, CIVIL MONEY PENALTIES AND ASSESSMENTS

14. The authority citation for part 1005 continues to read as follows:

Authority: 42 U.S.C. 405(a), 405(b), 1302, 1320a-7, 1320a-7a and 1320c-5.

15. Amend § 1005.1 by revising the definitions of “Civil money penalty cases” and “Exclusion cases” to read as follows:

Footnotes