By Douglas A. Hastings and Marcia S. Handler

Application of the Stark law and the antikickback statute to managed care arrangements involving provider-owned networks is a "gray" area of the law for which there is little clear guidance. Although the government, including the Office of the Inspector General (OIG) of the U.S. Department of Health and Human Services (the chief Medicare enforcement agency), seems to recognize that certain financial arrangements are appropriately part of managed care, the government also does not automatically authorize providers in managed care networks to engage in all of the financial practices that the providers claim are implemented by "commercial" payors (at least not without significant scrutiny).

Stark II

Whether the Stark law is implicated by a provider-owned network depends, in part, on whether the network would be viewed as 'furnishing" designed health services payable by Medicare or Medicaid. The Stark law prohibits physicians from referring patients for "designated health services" payable by the Medicare or Medicaid programs to entities in or with which the physicians have financial arrangements (whether through compensation, ownership or investment). 42 U.S.C. § 1395nn.

Historically, only managed care organizations that directly employed providers of designated health services or owned entities that provided designated health services were thought to be entities to which the Stark law could apply. Network entities, such as PHOs (physician-hospital organizations), that contracted for the services of participating providers generally felt exempt from the Stark law limitations. However, the Health Care Financing Administration (HCFA) has attempted, in the Stark II proposed regulations, to expand the definition of "furnishing" designated health services to include entities that furnish services through contractual arrangements where the entity bills for such services. Under such a broad proposed definition of "furnished," the Stark law could be implicated by contractual arrangements among a network of providers, if the network entity (i.e., the PHO) "arranges" for services by contracting with providers and "bills" for such services by submitting claims or receiving payment for such services from a governmental payor.

This proposed position by the government is significant in that it could extend the Stark law to purely contractual network arrangements (i.e., where the network entity does not own or employ the providers of designated health services) and affect even commercial (non-Medicare/Medicaid) arrangements (i.e., where the possibility remains that Medicare-eligible persons or persons for whom Medicare is secondary payor are part of the covered population).

Another issue articulated by the proposed Stark II regulations is that the government may review a provider network's risk-sharing model as an "indirect" financial arrangement between the hospitals and physicians in the network. If the Stark law is implicated by a proposed provider risk-sharing arrangement, then the arrangement needs to be structured to meet a Stark law exception in order for the physicians lawfully to make referrals for designated health services to the hospitals in the network. The Stark law includes a prepaid plan exception that exempts services furnished to Medicare enrollees in Medicare risk arrangements, with federally qualified HMOs, or in other limited cases (Medicaid managed care plans are not currently expressly included in this exemption).

The recently released interim final rules for the Medicare+Choice program extended this Stark law prepaid plan exception to Medicare+ Choice contractors. The preamble to the proposed Stark II regulations also states HCFA's position that the prepaid plan exception would apply to protect services furnished by the entity that qualifies as the "prepaid plan," as well as services furnished to the organization's enrollees by "outside physicians, providers, or suppliers under contract with" the organization. 63 Fed. Reg. at 1697. Thus, financial arrangements covering services furnished to enrollees in Medicare risk or Medicare+Choice arrangements should be protected for first-tier "downstream" network arrangements involving providers.

Alternatively, the Stark law personal services exception might be available to protect certain provider risk-sharing arrangements that fail to qualify under the prepaid plan exception. The government likely would be more willing to challenge this argument, however, where facts showed that the network was merely a "shell" designed to direct benefits toward higher referring physicians, and less likely to occur where the network's structure was "neutral" toward referring physicians and was not merely a corporate "shell." Key to compliance with the personal services exception is that the remuneration to be paid to the physician not be based on the "volume or value" of referrals by the physician. Therefore, issues can arise with regard to whether specific physician incentive arrangements, such as length of stay or average cost per case measures, would be found to be based on "volume or value" of referrals.

Interestingly, the proposed Stark II regulations state that:

we do not believe that an arrangement affects the volume or value standard for any designated health services a physician is required to refer within a network, provided the entity itself is, through a risk-sharing arrangement, at substantial financial risk for the cost or utilization of items or services that the entity is obligated to provide. In these situations, we believe the requirement that a physician refer within a network addresses the issue of where a physician must refer, rather than whether the physician is encouraged or discouraged form making a referral (resulting in under or overutilization). 63 Fed. Reg. at 1700.

However, it is not clear that the government would adopt this position outside of the context of a payor-imposed limitation on referrals. That is, there remains an issue as to whether the government would allow providers in a network to agree among themselves, in the absence of a payor-imposed mandate, to establish a risk-sharing methodology that incentivized referrals within the provider network.

Antikickback Statute

The federal antikickback statute also would apply to incentive arrangements implemented by a provider-owned network where the network was comprised of hospitals and physicians. The antikickback statute prohibits the knowing and willful offering, paying, soliciting or receiving of remuneration in exchange for referrals of federal health care program patients or business (including Medicare and Medicaid program patients or businesses). 42 U.S.C. § 1320a-7b(b). Although there are certain "managed care" safe harbors applicable to specific beneficiary incentive arrangements, Medicare SELECT PPO (preferred provider organization) arrangements and provider price reductions with managed care organizations, none of these managed care safe harbors squarely protects a risk-sharing program established by hospitals and physicians within a provider network. While there is a "personal services" safe harbor, which applies to an arrangement between a "principal" and an "agent" that meets certain requirements, the safe harbor requires that the aggregate compensation — i.e., the total amount — be set in advance. Therefore, the safe harbor may not be available to protect arrangements where all or a portion of the physician's total compensation is at risk (and not set or determined in advance).

Fortunately, the antikickback statute was amended in 1996 to exclude certain risk-sharing arrangements. The risk-sharing exception, which applies to arrangements effective Jan 1, 1997, excludes any "remuneration between an organization and an individual or entity providing items or services...pursuant to a written agreement...if the organization is an eligible organization under [Social Security Act] Section 1876 or if the written agreement, through a risk-sharing arrangement, places the individual or entity at substantial financial risk for the cost or utilization of the items or services...which the individual or entity is obligated to provide."

A negotiated rulemaking process was established to develop standards relating to this exception with industry input. As a result, two safe harbors were issued in interim final form in November 1999 under this exception. The first risk-sharing safe harbor protects arrangements between eligible managed care organizations (EMCOs) and entities that are "first-tier" contractors with such EMCOs under certain circumstances. EMCOs include most Medicare+Choice organizations, certain Medicaid MCOs and federally qualified HMOs. Arrangements are protected if they cover services for which the first-tier entity does not claim payment from a federal health care program. Also, neither party to the arrangement may give or receive remuneration to induce the provision of federal health care program fee-for-service business (known as "swapping"). Similar requirements apply in the case of arrangements with "downstream" entities to EMCOs, with certain limited exceptions. The second risk-sharing safe harbor covers contractual arrangements between MCOs and contractors who are at substantial financial risk for the cost or utilization of items or services that they provide or order for federal health care program beneficiaries, provided that the MCO submits claims directly to the federal health care program, pursuant to a valid reassignment agreement, no remuneration is paid to induce federal fee-for-service business, and other criteria are met.

PIP Rules

Also relevant to assessing the regulatory risk of a network risk-sharing arrangement are the Medicare and Medicaid prohibitions on certain physician incentive arrangements (the Physician Incentive Plan (PIP) rules) implemented by health plans with government contracts. 42 CFR § 1395mm; 422.208. For this purpose, "physician incentive plan" means any compensation arrangement to pay a physician or physician group that may directly or indirectly have the effect of reducing or limiting the services provided to any plan enrollee. The PIP rules prohibit an HMO from making a specific payment, directly or indirectly, to a physician or physician group as an inducement to reduce or limit medically necessary services furnished to any particular enrollee. Although a provider network might not be a Medicare or Medicaid contractor directly subject to these rules, the physician incentive rules reflect the government's long-standing policy to prohibit any financial arrangements based on specific physician referrals that affect how services are provided to specific enrollees.

CMP Provisions

Similar prohibitions apply under the civil monetary penalty (CMP) provisions directly to hospitals that seek to enter into incentive arrangements directly with physicians. The CMP provisions prohibit a hospital from knowingly making a payment to a physician, directly or indirectly, as an inducement to reduce or limit services provided with respect to individuals entitled to Medicare or Medicaid benefits who are under the direct care of the physician. 42 U.S.C. § 1320a-7a. These CMP provisions formed the basis for the OIG's recent special advisory bulletin on "gainsharing," in which the OIG stated that hospital programs that compensate physicians on the basis of hospital cost savings are prohibited under the CMP provisions. Interestingly, the OIG excludes from its gainsharing analysis physician incentive programs implemented with respect to Medicare and Medicare risk-based managed care plans subject to the PIP rules.


The next generation of provider risk-sharing arrangements is evolving following the unseen results of many such arrangements entered into in the early to mid-1990s. To manage costs effectively, providers will need to implement effective risk-sharing arrangements. It is legally possible to do so, but the applicable federal laws are many in nature and weave a complex tapestry of requirements. Business planners and lawyers will need to work together to implement successful risk-sharing programs.

This article was reprinted with persmission from the March 2000 edition of Managed Care Law Strategists. © 2000 NLP IP Company.

Please feel free to contact Douglas Hasting at 202/861-0900 in the firm's Washington office if you have any questions or comments. Mr. Hasting's e-mail address is

This publication is provided by Epstein Becker & Green, P.C. for general information purposes; it is not and should not be used as a substitute for legal advice.

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.