Summary of Proposed Changes

The HHS proposed rule (Rule) proposes creating and/or amending the following exceptions to the physician self-referral law (the Stark Law):

  • For certain value-based compensation arrangements between or among physicians, providers, and suppliers;
  • For certain arrangements under which a physician receives limited remuneration for items or services actually provided by the physician;
  • For donation of cybersecurity technology and related services; and
  • For electronic health records (EHR) items and services.

Once published in the Federal Register, CMS will accept public comments on the proposed rule until 75 days after the publication date.

Background

The purpose of the Stark Law was to combat the concern that financial self-interest would affect a physician’s medical decision making and ensure that patients have options for quality care. The aim was to prevent a patient from being referred for services that are not needed or being steered toward less convenient, lower quality, or more expensive providers because the patient’s physician would financially benefit from the referrals.

The Stark Law prohibits a physician from making referrals for certain designated health services payable by Medicare, to an entity with which the physician or an immediate family member of the physician has a financial relationship. The law also prohibits an entity from filing claims with Medicare for those referred services. A “financial relationship” is defined as an ownership or investment interest in the entity, or a compensation arrangement with the entity. Various exceptions to the Stark Law are already in place.

Proposed Changes

The proposed changes are an attempt to modernize the Stark Law given the recent emphasis on value-based payment arrangements and care coordination. Specifically, the notable proposed exceptions are as follows:

Value-Based Compensation Arrangements (§411.357(aa))

  1. The proposed rule will establish several new, key definitions that will be the basis for certain new exceptions proposed to be codified in 42 C.F.R. §411.357(aa).Specifically, a value-based arrangement (VBA) would be defined as an arrangement for at least one value-based activity for a target patient population between or among: (1) the value-based enterprise (VBE) and one or more of its VBE participants; or (2) VBE participants in the same value-based enterprise1.
  • The exceptions will apply only to compensation arrangements that qualify as VBAs.
  • The Rule proposes an exception that applies to a VBA where the value-based enterprise has (during the entire term of the arrangement) assumed full financial risk from a payor for patient care services for a target patient population.
  • The Rule proposes an exception that remuneration paid under a VBA, where the physician is at “meaningful downside financial risk”2 for failure to achieve the value-based purposes of the value-based enterprise during the entire term of the arrangement, does not constitute prohibited remuneration.
  • The proposed exceptions for VBAs do not include a requirement that the remuneration not be determined in a manner that takes into account the volume or value of referrals.

Limited Remuneration to a Physician (§411.357(z))

  • The Rule proposes an exception for limited remuneration from an entity to a physician for items or services actually provided by the physician, provided that such exception:
    1. Only applies where the remuneration does not exceed an aggregate of $3,500 per calendar year, and
    2. The remuneration may not be determined by taking into account the value or volume of referrals or other business by the physician; may not exceed fair market value for the items or services provided by the physician; and the compensation arrangement must be commercially reasonable.
  • The exception is not applicable to payments from an entity to a physician’s immediate family member, or to payments for items or services provided by a physician’s immediate family member.
  • The Rule proposes a further exception to the $3,500 limit for long-term arrangements for items or services where the aggregate annual compensation exceeds $3,500--such an arrangement is allowed if the compensation is set in advance, before the provision of services or items, in order to ensure that payments made over the term of the arrangement are not determined retrospectively to reward past referral or encourage increased future referrals.
  • The Rule proposes to incorporate prohibitions on percentage-based and per-unit of service compensation to the extent that the remuneration is for the use or lease of office space or equipment.

Cybersecurity Technology and Related Services (§411.357(bb))

  • The proposed exception protects arrangements involving the donation of certain cybersecurity3 technology4 and related services.
  • The exception requires that the donation be necessary and used predominantly to implement, maintain, or reestablish cybersecurity.
  • The definition of “technology” excludes hardware, however, two alternative proposals are being considered to allow for donation of certain cybersecurity hardware:
    1. Proposal 1 – Exception covers specific hardware that is necessary for cybersecurity, provided that the hardware is stand-alone and only serves cybersecurity purposes; or
    2. Proposal 2 – Exception permits entities to donate a broader range of cybersecurity technology, including hardware, subject to certain requirements:
      1. The donor performs a cybersecurity risk assessment and it identifies the recipient as a risk to the donor’s cybersecurity; and
      2. The recipient has a cybersecurity risk assessment that provides a reasonable basis to determine that the donated hardware is needed to address a risk or threat identified by the assessment.
  • Under the proposed exception, a donor cannot condition the amount or nature of cybersecurity donations on referrals.
  • A potential recipient or potential recipient’s practice may not make receipt of cybersecurity technology and related services, or the amount or nature of cybersecurity technology and services, a condition of continuing to do business with the donor.
  • The proposed exception does not require a recipient to contribute to the cost of donated cybersecurity technology or related services, but it does not prohibit donors from requiring a contribution

Modifications to the EHR Exception

  • Modifies language to clarify that in order to be deemed “interoperable,” certification of donated software must be current as of the date of donation.
  • Prohibits donors from engaging in information blocking, as defined in section 3022 of the Public Health Service Act (PHSA).
  • Clarifies that donations of certain cybersecurity software and services are permitted under the EHR exception.
  • Removes the sunset provision.
  • Modifies the definitions of “electronic health record”5 and “interoperable”6 for consistency with the 21st Century Cures Act.
  • Modifies the 15 percent physician contribution requirement in one of two possible ways:
    1. Eliminating or reducing the percentage contribution required for small or rural physician organizations; or
    2. Reducing or eliminating the fifteen percent contribution requirement for all physician recipients.

Implications

If passed, the proposed rule would bring significant changes to the Stark Law. It would create protections for certain value-based activities and would provide greater flexibility for physicians and entities to work together. The Rule would increase the potential for progress in cybersecurity protections in the healthcare field. Furthermore, the Rule has the potential to reduce burdens on physicians through added flexibility. The practical result of such changes is that internal and/or external compliance mechanisms must be allocated to such new arrangements to ensure they are set-up and maintained in a compliant fashion