On April 10, 2013, the U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) and the Centers for Medicare & Medicaid Services (CMS) simultaneously issued proposed rules to amend the Anti-Kickback Statute safe harbor and Stark Law exception permitting hospitals and certain other entities to provide technology-related items and services for electronic health records (EHRs). See the OIG proposed rule, the CMS proposed rule, and see 42 CFR §1001.952(y) and 42 CFR §411.357(w) for the existing regulations.

Three Major Proposed Changes

The proposed rules would amend the current Anti-Kickback safe harbor and Stark Law exception concerning EHR items and services to:

  • Update the rule for deeming EHR software interoperable;
  • Remove the requirement related to electronic prescribing capability; and
  • Extend the sunset date from December 2013 to a later date.

1.     Interoperability

The current regulations require donated software to be “interoperable” when it is donated to the recipient. In the regulations, “interoperable” means the software is “able to communicate and exchange data accurately, effectively, securely, and consistently with different information technology systems, software applications, and networks in various settings and exchange data such that the clinical or operational purpose and meaning of the data are preserved and unaltered.” Under the current regulations, software is deemed interoperable if a certifying body “recognized” by the Secretary of HHS has certified the software within no more than 12 months prior to the date it is provided to the recipient.

The proposed rules would update two aspects of the interoperability requirement. First, they would indicate that the Office of National Coordinator for Health Information Technology (ONC) is responsible for “recognizing” certifying bodies (rather than the Secretary) because certifying bodies must successfully complete an authorization process established by ONC to be “recognized.”

Second, the rules would remove the 12-month time period within which software must have been certified and allow software to be eligible to be deemed interoperable if, on the date it is provided to the recipient, it has been certified to any edition of the EHR certification criteria that is identified in the then-applicable definition of certified EHR technology in the Code of Federal Regulations. See 45 CFR Part 170. This change would be consistent with the ONC’s regulatory process for adopting certification criteria and standards.

2.    Electronic Prescribing Capability

The current regulations require that the donated software must contain electronic prescribing capability, either through an electronic prescribing component or the ability to interface with the recipient’s existing electronic prescribing system that meets Medicare Part D, at the time the items and services are donated. However, due to industry advances in electronic prescribing and new laws passed since the current regulations were finalized, including laws authorizing the Medicare electronic prescribing incentive program and the EHR incentive program, the agencies are proposing to remove the electronic prescribing requirement.

3.    The Sunset Date

Currently, the EHR safe harbor and Stark exception are scheduled to sunset on December 31, 2013. The agencies included this sunset date because they recognized that the need for safe harbor donations of EHRs would diminish significantly over time. Nevertheless, despite measureable progress in EHR adoption, the goal of nationwide, universal adoption has yet to be achieved. As a result, they are proposing to extend the sunset date to December 31, 2016. This date corresponds to the last year that Medicare EHR incentive payments are available, and the last year to initiate participation in the Medicaid EHR incentive program.

They are also considering an alternative sunset date of December 31, 2021, which corresponds to the end of the EHR Medicaid incentives. In addition, the agencies are requesting comments on an appropriate sunset date for providers who are not eligible for the Medicare or Medicaid EHR incentive programs, such as mental health and behavioral health providers, long-term care and post-acute care facilities.

Other Proposed Changes

Protected Donors. Due to concerns about potentially abusive EHR donations, such as those that may “lock-in” a recipient’s data or referrals to the donor, the proposed rule would limit the protected donors to hospitals, group practices, Part D Plan sponsors and Medicare Advantage organizations. Alternatively, the proposed rule would keep the current protected donors, but exclude certain types of entities associated with a high risk of fraud and abuse (e.g., ancillary services, laboratories, DME suppliers, independent home health agencies) because their donations may be motivated by securing future business rather than better coordinating care for beneficiaries.

Data Lock-In and Exchange. The agencies are seeking comments on new or modified conditions that would reduce the possibility of improper data or referral lock-in, for example, modifying the existing condition that the donor, or any person on the donor’s behalf, not take any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or EHR systems.

Covered Technology. Although commenters raised questions about whether certain items or services are technology covered by the safe harbor and exception, the agencies concluded that the current regulations, as clarified by the preamble commentary published along with the final regulations, are sufficient guidance. Nevertheless, the agencies are seeking comments on this issue.

The previously published preamble clarifies that a number of items are covered technology. For example, “interface and translation software; rights licenses, and intellectual property related to electronic health records software; connectivity services, including broadband and wireless internet services; clinical support and information services related to patient care (but not separate research or marketing support services); maintenance services; secure messaging (for example, permitting physicians to communicate with patients through electronic messaging); and training and support services (such as access to help desk services)” are covered technology.

Interested in Making Comments? OIG and CMS are accepting comments on their proposed rules through June 9, 2013.