On October 9, 2019, the Centers for Medicare & Medicaid Services (“CMS”) and the Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) took the next step in their Regulatory Sprint to Coordinated Care by publishing advance copies of companion proposed rules that present significant changes to the regulatory framework of the federal physician self-referral law (commonly referred to as the “Stark Law”), the federal health care program’s Anti-Kickback Statute, and the civil monetary penalties (“CMP”) law regarding beneficiary inducements.

By way of background, the Regulatory Sprint to Coordinated Care reflects ongoing efforts by HHS to accelerate the transition to a value-based health care system focused on care coordination. About two years ago, HHS expressed an intent to identify regulatory requirements that act as obstacles to coordinated care and then issue guidance or revise regulations to address these obstacles and incentivize coordinated care. As a result, both CMS and OIG published Requests for Information (“RFIs”)[1] that sought feedback on ways to modify the Stark regulations and safe harbors to the Anti-Kickback Statute to reduce regulatory burdens and advance alternative payment models and coordinated care. Subsequently, HHS’s Office of Civil Rights (“OCR”) issued a RFI[2] seeking input on how the agency should revise the Health Insurance Portability and Accountability Act (“HIPAA”) rules to remove regulatory obstacles (either real or perceived) to improving care coordination and promoting the transition to value-based health care, while preserving patients’ privacy. Although it was anticipated that all three agencies would release their proposed rules simultaneously, OCR has not yet issued a corollary proposed rule.

This Client Alert serves as the first in a three-part series in which we describe and analyze the proposed rules. Part 2 will focus on OIG’s proposed Anti-Kickback Statute safe harbors and CMP exceptions, and Part 3 will address the Stark Law. Both Parts 2 and 3 will provide in-depth analyses, identify gaps in each agency’s proposal, and discuss areas of opportunity for comment.

The proposed rules are an outgrowth of substantial public input received through the RFI process. After reviewing over 700 collective comments from the public in response to their respective RFIs, CMS and OIG proposed sweeping changes to current regulations that align in their focus on value-based payment arrangements. Currently, both proposed rules are scheduled for publication in the Federal Registeron October 17, 2019, with comments being due 75 days after date of publication in the Federal Register (i.e., unless an extension is granted, comments may be due on December 31, 2019).

Below is a brief overview of the key changes CMS and OIG proposed and a preview of upcoming alerts as part of this series:

OIG Proposed Rule:
“Revisions to Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary Penalties Rules Regarding Beneficiary Inducements”

OIG’s proposed rule creates new, and modifies existing, safe harbors to the Anti-Kickback Statute to promote innovative arrangements that improve quality and health outcomes and accelerate the transition of the health care system to one that pays for value and promotes care coordination.

The proposed rule contemplates creating new safe harbors for:

  • Value-based arrangements. OIG proposes three safe harbors that provide increasing flexibility as the parties assume higher levels of downside financial risk.
  • Patient engagement incentives. This safe harbor would protect in-kind remuneration that advances a clinical or safety goal.
  • CMS-sponsored payment models. By protecting remuneration related to CMS-sponsored models, this safe harbor should reduce the need for OIG to issue separate and distinct fraud and abuse waivers for each new model.
  • Donations of cybersecurity technology and services. OIG proposes a new safe harbor to protect certain cybersecurity-related donations.

In addition to proposing new safe harbors, OIG is proposing revisions to a number of existing safe harbors, including:

  • modifying the electronic health records safe harbor to add protections for certain cybersecurity technology, to update provisions regarding interoperability, and to remove the sunset date;
  • adding flexibility to the existing safe harbor for personal services and management contracts with respect to outcomes-based payments and part-time arrangements;
  • providing protection for warranties for bundled items and related services; and
  • expanding and modifying mileage limits for rural areas and for transportation for discharged patients under the safe harbor for local transportation.

CMS Proposed Rule:
“Modernizing and Clarifying the
Physician Self-Referral Law”

The caption of CMS’s proposed rule hints at its broad scope. CMS proposes changes that seek not only to alleviate regulatory burdens the Stark Law has imposed on alternative payment models, but also to reassess “the appropriate scope of the statute’s reach.”

The changes include:

  • creating broad new exceptions for value-based payment programs that fall into three categories based on the financial risk associated with each program (in addition, CMS proposes certain terminology specific to the value-based exceptions);
  • defining key terms that have been the subject of ongoing discussion and commentary since the Stark Law’s inception, including “commercially reasonable” and “fair market value,” and creating a “bright-line” test for determining when compensation is determined in a manner that takes into account the volume or value of referrals or other business generated between the parties;
  • establishing a new exception to address “nonabusive business practices,” where limited remuneration is provided to a physician in exchange for items and services (as an outgrowth of CMS’s experience in administering the Self-Referral Disclosure Protocol (“SRDP”), this exception recognizes that limited remuneration (under $3,500) does not pose a risk of program or patient abuse, provided that certain other requirement are met);
  • addressing the continued expansion of technology-based arrangements by proposing to make the electronic health record (“EHR") donation exception permanent (or extend the sunset period), and creating a new exception for donations of cybersecurity technology;
  • revising certain exceptions that seemingly had been unavailable, such as “remuneration unrelated to the provision of DHS” (these proposed changes could make certain exceptions more accessible given the clarity around what types of remuneration will and will not be covered); and
  • decoupling the Stark Law from the Anti-Kickback Statute, thereby removing the incorporation of an intent-based requirement into a strict liability statute and making it easier for entities to meet their burden of proof with respect to denied payments.

Although OIG’s proposed value-based arrangements safe harbors and CMS’s proposed value-based exceptions follow the same construct, providing increasing flexibility as parties take on more downside financial risk, OIG’s proposed safe harbors are, in many cases, different or more restrictive than CMS’s comparable proposals. OIG noted that, for some arrangements, the Anti-Kickback Statute appropriately should serve as “backstop” protection for arrangements that might qualify for protection under the Stark Law. This overlapping but differentiated structure is intended to insulate entities that enter into innovative arrangements from the dire consequences of non-compliance with the strict liability Stark Law, while providing adequate safeguards against program abuse. Both CMS and OIG propose to require that remuneration exchanged pursuant to value-based arrangements cannot induce an arrangement’s participants to reduce or limit medically necessary services.

The public has the opportunity to submit comments to CMS and OIG prior to these regulations being issued in final, and we believe that the following types of entities and arrangements may benefit from commenting on these proposed rules:

  • hospitals that desire to pay physicians for assisting the hospitals in achieving certain quality and cost-saving benchmarks (e.g., gainsharing or pay-for-performance arrangements);
  • hospitalsand physician groups that receive care coordination, shared savings, or similar value-based payments from commercial payers and that desire to pass a portion of those payments to downstream referring physicians;
  • hospitals and skilled nursing facilities engaging in efforts to reduce readmissions;
  • accountable care organizations that do not participate in the Medicare Shared Savings Program and wish to provide remuneration among the accountable care organization and its participants;
  • integrated health care delivery systems that provide remuneration among their members;
  • designated health service entities that desire to provide physicians with infrastructure, tools, and/or related services for the purpose of encouraging and achieving care coordination, quality, and efficiency;
  • multi-specialty physician groups focused on care coordination that provide ancillary services but may not qualify as a “group practice” under the Stark Law; and
  • health care providers that wish to provide patient engagement incentives of more than a nominal value to encourage adherence to a drug or treatment regimen.

As stated above, Part 2 of this series will provide a deeper analysis of OIG’s proposed new and modified safe harbors while Part 3 will address CMS’s proposed rule.

* * *

This Client Alert was authored by Jason E. Christ, Anjali N.C. Downs, David E. Matyas, Jennifer E. Michael, Gregory R. Mitchell, Victoria Vaskov Sheridan, and Carrie Valiant. For additional information about the issues discussed in this Client Alert, please contact one of the authors or the Epstein Becker Green attorney who regularly handles your legal matters.


[1] Medicare Program; Request for Information Regarding the Physician Self-Referral Law, CMS, 83 Fed. Reg. 29,524 (June 25, 2018); Medicare and State Health Care Programs: Fraud and Abuse; Request for Information Regarding the Anti-Kickback Statute and Beneficiary Inducements CMP, OIG, 83 Fed. Reg. 43,607 (Aug. 27, 2018).

[2] Request for Information on Modifying HIPAA Rules To Improve Coordinated Care, OCR, 83 Fed. Reg. 64,302 (Dec. 14, 2018).

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.