Medicare and State Health Care Programs: Fraud and Abuse; Electronic Health Records Safe Harbor Under the Anti-Kickback Statute
| Federal Information & News Dispatch, Inc. |
Final rule.
CFR Part: "42 CFR Part 1001"
RIN Number: "RIN 0991-AB33"
Citation: "78 FR 79202"
"Rules and Regulations"
SUMMARY: In this final rule, the
   EFFECTIVE DATE: Effective Date: With the exception of the revision of 42 CFR 1001.952(
   FOR FURTHER INFORMATION CONTACT:
   SUPPLEMENTARY INFORMATION:
Social security actUnited States code citation citation 1128B 42 U.S.C. 1320a-7b
Executive Summary
A. Purpose of the Regulatory Action
   Pursuant to section 14 of the
B. Summary of the Final Rule
   In this final rule, we amend the current safe harbor in several ways. First, we update the provision under which electronic health records software is deemed interoperable. Second, we remove the requirement related to electronic prescribing capability from the safe harbor. Third, we extend the sunset date of the safe harbor to
C. Costs and Benefits
   This final rule modifies an existing safe harbor to the anti-kickback statute. This safe harbor permits certain entities to provide certain items and services in the form of software and information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records to certain parties. Parties may voluntarily seek to comply with safe harbors so that they have assurance that their conduct will not subject them to any enforcement actions under the anti-kickback statute, the civil monetary penalty (CMP) provision for anti-kickback statute violations, or the program exclusion authority related to kickbacks, but safe harbors do not impose new requirements on any party.
   This is not a major rule, as defined at 5 U.S.C. 804(2). It is also not economically significant, because it will not have a significant effect on program expenditures, and there are no additional substantive costs to implement the resulting provisions. We expect the safe harbor, as modified by this final rule, to continue to facilitate the adoption of electronic health records technology.
I. Background
A. Anti-Kickback Statute and Safe Harbors
   Section 1128B(b) of the Act (42 U.S.C. 1320a-7b(b), the anti-kickback statute) provides criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration in order to induce or reward the referral of business reimbursable under any of the Federal health care programs, as defined in section 1128B(f) of the Act. The offense is classified as a felony and is punishable by fines of up to
   The types of remuneration covered specifically include, without limitation, kickbacks, bribes, and rebates, whether made directly or indirectly, overtly or covertly, in cash or in kind. In addition, prohibited conduct includes not only the payment of remuneration intended to induce or reward referrals of patients, but also the payment of remuneration intended to induce or reward the purchasing, leasing, or ordering of, or arranging for or recommending the purchasing, leasing, or ordering of, any good, facility, service, or item reimbursable by any Federal health care program.
   Because of the broad reach of the statute, concern was expressed that some relatively innocuous commercial arrangements were covered by the statute and, therefore, potentially subject to criminal prosecution. In response,
   Health care providers, suppliers, and others may voluntarily seek to comply with safe harbors so that they have the assurance that their business practices will not be subject to any enforcement action under the anti-kickback statute, the CMP provision for anti-kickback violations, or the program exclusion authority related to kickbacks. In giving the
B. The Electronic Health Records Safe Harbor
   Using our authority at section 1128B(b)(3)(E) of the Act, we published a notice of proposed rulemaking (the 2005 Proposed Rule) that would promulgate two safe harbors to address donations of certain electronic health records software and directly related training services. 70 FR 59015, 59021 (
   On
C. Summary of the 2013 Proposed Rulemaking
   On
D. Summary of the Final Rulemaking
   In this final rulemaking, we amend the electronic health records safe harbor at 42 CFR 1001.952(y) in several ways. First, we update the provision under which electronic health records software is deemed interoperable. Second, we remove the requirement related to electronic prescribing capability from the safe harbor. Third, we extend the sunset date of the safe harbor to
   As we observed in the 2006 Final Rule,
   OIG has a longstanding concern about the provision of free or reduced price goods or services to an existing or potential referral source. There is a substantial risk that free or reduced-price goods or services may be used as a vehicle to disguise or confer an unlawful payment for referrals of Federal health care program business. Financial incentives offered, paid, solicited, or received to induce or in exchange for generating Federal health care business increase the risks of, among other problems: (i) [o]verutilization of health care items or services; (ii) increased Federal program costs; (iii) corruption of medical decision making; and (iv) unfair competition.
71 FR 45110, 45111 (
We further stated that,
consistent with the structure and purpose of the anti-kickback statute and the regulatory authority at section 1128B(b)(3)(E) of the Act, we believe any safe harbor for electronic health records arrangements should protect beneficial arrangements that would eliminate perceived barriers to the adoption of electronic health records without creating undue risk that the arrangements might be used to induce or reward the generation of Federal health care program business.
Id.
   We believe that the safe harbor, as amended by this final rule, achieves this goal.
   Elsewhere in this issue of the
   FOOTNOTE 1 42 CFR 411.357(w). END FOOTNOTE
II. Summary of Public Comments and OIG Responses
   OIG received approximately 109 timely filed comments from a variety of entities and individuals. CMS received a similar number of timely filed comments. Overall, the commenters (including in comments submitted to CMS) supported the proposed amendments to the electronic health records safe harbor. However, we received many specific comments about various aspects of the proposed amendments. We have divided the summaries of the public comments and our responses into five parts: A. The Deeming Provision, B. The Electronic Prescribing Provision, C. The Sunset Provision, D. Additional Proposals and Considerations, and E. Comments Outside the Scope of Rulemaking.
A. The Deeming Provision
   Our current electronic health records safe harbor requires at 42 CFR 1001.952(
   The first proposed modification would reflect ONC's responsibility for authorizing certifying bodies. The second proposal would modify the time frame during which donated software must be certified. Currently, to meet the deeming provision, the safe harbor requires software to be certified within no more than 12 months prior to the date of donation.
   Subsequent to the issuance of the 2006 Final Rule, ONC developed a regulatory process for adopting certification criteria and standards, which is anticipated to occur on a cyclical basis. (For more information, see ONC's
   Additionally, we solicited comments on whether removing the current 12-month certification requirement would impact donations and whether to retain the 12-month certification period as an additional means of determining eligibility under the deeming provision.
   After consideration of the public comments, we are finalizing the proposed revisions to subparagraph (
the ability of software to be interoperable is evolving as technology develops. In assessing whether software is interoperable, we believe the appropriate inquiry is whether the software is as interoperable as feasible given the prevailing state of technology at the time the items or services are provided to the recipient.
71 FR 45110, 45126 (
   We believe our final rule with respect to this condition is consistent with that understanding and our objective of ensuring that software is certified to the current required standard of interoperability when it is donated.
ONC as Agency To Recognize Certifying Bodies
   Comment: All commenters addressing the subject supported the proposed modification that would amend the safe harbor to recognize ONC as the agency responsible for authorizing certifying bodies on behalf of the Secretary, with one commenter requesting that we clarify that software need not be certified to ONC standards to be eligible for donation.
   Response: We appreciate the commenters' support for this modification. With respect to the request for clarification, the commenter is correct that 42 CFR 1001.952(
   Comment: One commenter expressed concerns about linking the interoperability requirement of the safe harbor to ONC's certification criteria and standards because they do not, in the commenter's assessment, reflect contemporary views of interoperability. The commenter suggested that we instead implement a broad definition of interoperability adopted by the
   Response: While we are mindful that other non-governmental organizations may be developing their own standards to encourage the adoption of interoperable electronic health records technology, the ONC certification criteria and standards are the core policies the Department is utilizing to accelerate and advance interoperability and health information exchange. ONC and CMS jointly published a Request for Information (78 FR 14793 (
   We believe it is reasonable and appropriate to link the deeming provision to the ONC certification criteria and standards because of ONC's expertise and its public process for considering and implementing the criteria and standards. ONC is the Department agency with expertise in determining the relevant criteria and standards to ensure that software is as interoperable as feasible given the prevailing state of technology. ONC expects to revise and expand such criteria and standards incrementally over time to support greater electronic health record technology interoperability. See 77 FR 54163, 54269 (
   Comment: One commenter stated that many electronic health records systems lack the capabilities to function within a patient-centered medical home. The commenter suggested that we finalize policies that further strengthen the use of core electronic health records features.
   Response: As discussed, ONC is the Department agency with expertise in determining the relevant criteria and standards for electronic health records technology, including those related to the use of core features. ONC certification criteria and standards that are implemented through a public process afford the best opportunity for interested parties to comment on, understand, and ultimately implement those criteria and standards. Therefore, we are not adopting the commenter's suggestion.
Time Frame for Certification
   Comment: Of the commenters that addressed the issue, most supported our proposal to modify the time frame within which donated software must have been certified to more closely track the current ONC certification program. Commenters asserted that aligning with ONC's certification program will provide donors and recipients more certainty about the deemed status of donated software because the software must be certified to meet only one set of standards on the same certification cycle to comply with both the ONC certification criteria and the deeming provision of the safe harbor. One commenter supported the modification, but suggested that the 12-month certification time frame also be retained or, alternatively, that we allow software to be deemed to be interoperable if it has been certified to any edition of the ONC electronic health record certification criteria.
   Response: We appreciate the commenters' support for our proposal to modify the safe harbor certification time frame to align with ONC's certification program. We believe, as the commenters suggest, that such a modification will support our dual goals of the deeming provision: (1) To ensure that donated software is as interoperable as feasible given the prevailing state of technology at the time it is provided to the recipient and (2) to provide donors and recipients a means to have certainty that donated software satisfies the interoperability condition of the safe harbor.
   We are not persuaded to adopt the commenter's suggestion to retain the 12-month certification time frame; this would not ensure that software is certified to the current required standard of interoperability. In the course of evaluating the commenter's alternative proposal, however, we realized that our proposed regulatory text may be too narrow to satisfy the dual goals of the deeming provision. Under our proposed regulatory text from the 2013 Proposed Rule, software would be deemed interoperable if it was certified to an edition /2/ of certification criteria referenced in the then-applicable definition of "Certified EHR Technology" at 45 CFR 170.102. That definition applies only to the
   FOOTNOTE 2 ONC has recently begun characterizing sets of adopted certification criteria as "editions." END FOOTNOTE
   Thus, we are finalizing our policy to more closely track ONC's certification program in the deeming provision. We are adopting modified regulatory text to provide that software is deemed to be interoperable if, on the date it is provided to the recipient, it has been certified by a certifying body authorized by the National Coordinator for Health Information Technology to an edition of the electronic health record certification criteria identified in the then-applicable version of 45 CFR part 170. We believe that this modified regulatory text is consistent with the intent we articulated in the 2013 Proposed Rule to modify the deeming provision by removing the 12-month timeframe and substituting a provision that more closely tracks ONC's certification program. Further, we believe that the regulatory text, as modified, will support our dual goals of the deeming provision, which we discussed above.
New Certification/Deeming Requirements
   Comment: One commenter suggested that, for deeming purposes, we should require that software be certified to the latest edition of electronic health record certification criteria rather than any edition then-applicable. This commenter also suggested that the electronic directory of service (e-DOS) standard should be a certification requirement for donated software, and asserted that both recommendations would help ensure electronic health records software is interoperable.
   Response: We decline to adopt the commenter's suggested requirements for the safe harbor at 42 CFR 1001.952(y). We believe that requiring that donated software be certified to editions that are adopted and not yet retired by ONC through its certification program ensures that the software is certified to interoperability standards updated regularly by the Department agency with the relevant expertise. Further, adding requirements to the ONC certification criteria and standards is outside the scope of this rule. Therefore, we are not implementing the commenter's suggestions.
B. The Electronic Prescribing Provision
   At 42 CFR 1001.952(
   We understand the critical importance of electronic prescribing. However, in light of developments since the 2006 Final Rule, we proposed to delete from the safe harbor the condition at 42 CFR 1001.952(
   Comment: Two commenters disagreed that it is no longer necessary to require the inclusion of electronic prescribing capability in donated electronic health records software. One of the commenters stated that it was encouraged by the growth in the number of physicians using electronic prescribing between 2008 and 2012, but believed that the requirement should remain for patient safety reasons because electronic prescribing is critical to lowering the incidences of preventable medication errors.
   Response: Like the commenters, and as we stated in the 2013 Proposed Rule (78 FR 21314, 21317 (
   Comment: Many commenters supported our proposal to eliminate the requirement that donated software include electronic prescribing capability at the time it is provided to the recipient, agreeing that developments since the promulgation of the safe harbor make it unnecessary to retain this requirement. One of the commenters asserted that the goal of the requirement for the inclusion of electronic prescribing technology in donated electronic health records software--that is, increasing the use of electronic prescribing--had been achieved through the electronic prescribing incentive program authorized by the Medicare Improvements for Patients and Providers Act of 2008.
   Response: We appreciate the commenters' support and, for reasons explained in more detail previously in this final rule, we are eliminating the requirement in 42 CFR 1001.952(
C. The Sunset Provision
   Protected donations under the current electronic health records safe harbor must be made on or before
   As we discussed in the 2013 Proposed Rule, although the industry has made great progress in the adoption and meaningful use of electronic health records technology, the use of such technology has not yet been adopted nationwide. Continued use and further adoption of electronic health records technology remains an important goal of the Department. We continue to believe that as progress on this goal is achieved, the need for a safe harbor for donations should continue to diminish over time. Accordingly, we proposed to extend the sunset date of the safe harbor to
   Comment: Numerous commenters urged us to make permanent the safe harbor at 42 CFR 1001.952(y). According to these commenters, a permanent safe harbor could (1) provide certainty with respect to the cost of electronic health records items and services for recipients, (2) encourage adoption by physicians who are new entrants into medical practice or have postponed adoption based on financial concerns regarding the ongoing costs of maintaining and supporting an electronic health records system, (3) encourage adoption by providers and suppliers that are not eligible for incentive payments through the
   Response: We agree with the commenters that the continued availability of the safe harbor plays a part in achieving the Department's goal of promoting electronic health record technology adoption. However, we do not believe that making the safe harbor permanent is required or appropriate at this time. The permanent availability of the safe harbor could serve as a disincentive to adopting interoperable electronic health record technology in the near-term. Moreover, as described in the 2013 Proposed Rule and elsewhere in this final rule, we are concerned about inappropriate donations of electronic health records items and services that lock in data and referrals between a donor and recipient, among other risks. A permanent safe harbor might exacerbate these risks over the longer term without significantly improving adoption rates. Instead, we believe that a reasonable extension of the safe harbor strikes an appropriate balance between furthering the Department's electronic health record adoption goals and safeguarding against undue risks of abuse. In light of other modifications we are making in this final rule to mitigate ongoing risks, including removing laboratory companies from the scope of protected donors, we are persuaded to permit the use of the safe harbor for more than the additional 3-year period that we proposed.
   The adoption of interoperable electronic health records technology remains a challenge for some providers and suppliers, despite progress in its implementation and meaningful use since the
   Comment: Two commenters suggested that the sunset date should be extended, but not beyond
   Response: After considering all of the comments on this issue, we believe that an extension of the safe harbor to
   Comment: A few commenters expressed general support for extending the sunset date, but did not specify whether the extension should be for 3 years, 8 years, or some other length of time. Commenters noted that failure to extend the sunset of the safe harbor would negatively impact the adoption of electronic health records technology, as well as its continued use.
   Response: As described previously, we are finalizing our alternative proposal to extend the availability of the safe harbor through
   Comment: A number of commenters urged us to let the safe harbor expire on
   Response: Although we appreciate the commenters' concerns, on balance we continue to believe that the safe harbor serves to advance the adoption and use of interoperable electronic health records. However, we caution that a donation arrangement is not protected under the anti-kickback statute unless it satisfies each condition of the safe harbor at 42 CFR 1001.952(y). Arrangements that disguise the "purchase" or lock-in of referrals and donations that are solicited by the recipient in exchange for referrals would fail to satisfy the conditions of the safe harbor.
   Comment: Numerous commenters suggested that the safe harbor sunset as scheduled on
   Response: We consider these comments to be related to "protected donors" and address them later in section II.D.1.
D. Additional Proposals and Considerations
1. Protected Donors
   As we discussed in the 2013 Proposed Rule, while broad safe harbor protection may significantly further the important public policy goal of promoting electronic health records, we continue to have concerns, which we originally articulated in the 2006 Final Rule, about the potential for fraud and abuse by certain donors. 78 FR 21314, 21318 (
   In order to address these concerns, we proposed to limit the scope of protected donors under the electronic health records safe harbor. In the 2013 Proposed Rule, we stated that we were considering revising the safe harbor to cover only the MMA-mandated donors we originally proposed when the safe harbor was first established: hospitals, group practices, prescription drug plan (PDP) sponsors, and
   Many commenters raised concerns about donations of electronic health records items and services by laboratory companies and strongly urged us to adopt our proposal to eliminate from the safe harbor protection for such donations, either by excluding laboratory companies from the scope of protected donors (if we extend the availability of the safe harbor), or by letting the safe harbor sunset altogether (for more detailed discussion of comments concerning the sunset provision, please see section II.C. of this final rule). Other commenters raised similar concerns, but did not suggest a particular approach to address them. We summarize the relevant comments and provide our responses below. We have carefully considered the comments that we received on this proposal and, based on the concerns articulated by commenters and the wide-ranging support from the entire spectrum of the laboratory industry (from small, pathologist-owned laboratory companies to a national laboratory trade association that represents the industry's largest laboratory companies), we are finalizing our proposal to remove laboratory companies from the scope of protected donors under the safe harbor. We believe this decision is consistent with and furthers the goal of promoting the adoption of interoperable electronic health record technology that benefits patient care while reducing the likelihood that the safe harbor will be misused by donors to secure referrals. We also believe that our decision will address potential abuse identified by some of the commenters involving potential recipients conditioning referrals for laboratory services on the receipt of, or redirecting referrals for laboratory services following, donations from laboratory companies.
Protected Donors: Comments and Suggestions Regarding Laboratory Companies
   Comment: Many commenters raised concerns that, notwithstanding a clear prohibition in the safe harbor, laboratory companies are, explicitly or implicitly, conditioning donations of electronic health records items and services on the receipt of referrals from the recipients of those donations or establishing referral quotas and threatening to require the recipient to repay the cost of the donated items or services if the quotas are not reached. Some commenters suggested that such quid pro quo donations, and donations by laboratory companies generally, are having a negative effect on competition within the laboratory services industry (including increased prices for laboratory services) and impacting patient care as referral decisions are being made based on whether a laboratory company donated electronic health records items or services, not whether that company offers the best quality services or turnaround time. A few commenters also raised concerns that laboratory companies were targeting possible recipients based on the volume or value of their potential referrals.
   Response: The current safe harbor provision at 42 CFR 1001.952(
   We appreciate the commenters sharing their concerns about arrangements involving laboratory company donations. As previously discussed, we have decided to exclude laboratory companies from the scope of protected donors. We believe that our decision will continue to support the Department's electronic health record adoption policies, while addressing the risk of fraud and abuse. By excluding laboratory companies from the scope of protected donors, parties to such donations will not be able to assert safe harbor protection for such arrangements. The effect will be a reduction in the risk that parties will enter into arrangements like the quid pro quo and targeted donation arrangements described by the commenters.
   Comment: Several commenters raised concerns about laboratory company arrangements with electronic health record technology vendors. The commenters described arrangements involving laboratory companies and vendors that result in the vendor charging other laboratory companies high fees to interface with the donated technology or prohibiting other laboratory companies from purchasing the technology for donation to their own clients. One of the commenters also raised the concern that volume discount arrangements between laboratory companies and vendors of electronic health record technology are resulting in donations of electronic health record technology that may not best suit the needs of the recipient. The commenter asserted that donor laboratory companies are pushing a particular vendor's specific electronic health record system onto recipients because of a donor's close business relationship with the vendor.
   Response: Excluding potential competitors of the donors from interfacing with the donated items or services described by the commenters can result in data and referral lock-in. We discuss the issue of lock-in elsewhere in this final rule in more detail. We believe that our determination to exclude laboratory companies from the scope of protected donors will help address the data and referral lock-in risks posed by arrangements such as those described by the commenters. We also believe that the changes we are finalizing to the scope of protected donors will help address the commenter's concern about the negative impact of relationships between laboratory companies and vendors on the selection of electronic health records technology by providers and suppliers. We stated in the 2006 Final Rule that, although physicians and other recipients remain free to choose any electronic health record technology that suits their needs, we do not require donors to facilitate that choice for purposes of the safe harbor. However, donors must offer interoperable products and must not impede the interoperability of any electronic health record software they decide to offer. 71 FR 45110, 45128-9 (
   Comment: Many commenters noted that several States--including
   Response: We appreciate the commenters providing this information and we believe that our determination to exclude laboratory companies from the scope of protected donors will address the fraud and abuse concerns the commenters referenced. With respect to the commenter's concern about being disadvantaged, we note that our decision to remove laboratory companies from the scope of protected donors under the electronic health records safe harbor applies equally to all laboratory companies, regardless of their location.
   Comment: Several commenters, including a national laboratory trade association that represents the industry's largest laboratory companies, took exception to what it perceived as a characterization that laboratory companies are solely responsible for problematic donations. Some of these commenters asserted that electronic health record vendors are encouraging physicians to seek or demand donations from laboratory companies, and that physicians are threatening to withhold referrals or send laboratory business elsewhere if donations are not made. According to one commenter, because physicians are not paying for a significant portion of the cost of these items and services, electronic health record technology vendors are able to charge high prices and the size of donations (in dollars) in recent years has increased exponentially. The commenter also suggested that vendors may be manipulating pricing to maximize the amount a laboratory company pays for donated items and services while minimizing or eliminating any physician responsibility. Another commenter raised a related concern that electronic health records technology vendors have increased the costs of their products because they know that laboratory companies are paying for them. Generally, commenters raising concerns about the conduct of electronic health record technology vendors and physicians recommended that we remove safe harbor protection for laboratory company donations.
   One commenter asserted that electronic health records items and services are no longer being chosen by physicians based on which system is most appropriate, but rather based on which will produce the largest donation. Another commenter claimed that many physicians will change laboratory companies and seek a new donation once an existing donor laboratory company ceases to subsidize the physicians' electronic health records items and services costs. This commenter stated that such conversions are not only inefficient, but undermine the spirit of the regulatory requirement that recipients do not possess the same or equivalent items or services as those being donated.
   Response: Our proposed modification related to the scope of protected donors and, thus, the focus of our discussion in the 2013 Proposed Rule was on donor conduct. Some of the comments we describe in this final rule also raise concerns about the conduct of recipients. We are clarifying that we do not believe that problematic donations involving laboratory companies are solely the result of questionable conduct by laboratory companies. Our decision to exclude laboratory companies from the scope of protected donors is the best way to reduce the risk of misuse of donations by both donors and recipients and address the concerns identified by the commenters.
   The safe harbor at 42 CFR 1001.952(
   Comment: Several commenters suggested that laboratory companies should be prohibited from making donations to physicians or that physicians should pay for their own electronic health records technology. Other commenters asserted that laboratory companies do not share an essential interest in their referring clients having electronic health records technology. Still other commenters stated simply that laboratory companies represent a high risk of fraud and abuse.
   Response: We are excluding laboratories from the scope of protected donors.
   Comment: A few commenters noted that laboratory companies typically use a laboratory information system (LIS), anatomic pathologist information system and/or blood banking system to store and share patients' laboratory results, and that these systems should not be confused with an electronic health record that includes a patient's full medical record composed of information from many medical specialties, including pathology. One of these commenters asserted that laboratories already bear the cost of establishing LIS interfaces that they provide in order to exchange laboratory services data electronically, and that clinical and anatomic laboratories could continue to do so legally even if they were no longer protected donors under the safe harbor. One commenter expressed concern about the costs associated with interfaces, other commenters asked us to clarify our position on the donation of interfaces by laboratory companies, and one commenter stated that interfaces were not closely analogous to facsimile machines.
   Response: We appreciate the information provided by the commenters. We take this opportunity to note that our decision to exclude laboratory companies from the scope of protected donors under the safe harbor does not affect our position concerning the provision of free access to certain limited-use interfaces. We have long distinguished between free items and services that are integrally related to the offering provider's or supplier's services and those that are not. For instance, we have stated that a free computer provided to a physician by a laboratory company would have no independent value to the physician if the computer could be used only, for example, to print out test results produced by the laboratory company. In contrast, a free personal computer that the physician could use for a variety of purposes would have independent value and could constitute an illegal inducement. 56 FR 35952, 35978 (
   We disagree with the commenter that asserted that interfaces are not sufficiently analogous to facsimile machines. We believe that a limited-use interface (as described in the preceding paragraph) is the contemporary analog to the limited-use computer described in the example from the 1991 preamble to the safe harbor regulations. A similarly limited-use facsimile machine would not materially differ from the limited-use computer and, thus, would be analogous to the access to the limited-use interface. It is the lack of independent value to the recipient that takes the donation outside the scope of the anti-kickback statute's prohibition, not the mode of technology. Finally, in the circumstances presented above, the free access to a limited-use interface would not require safe harbor protection, and thus the costs of the interface are outside the scope of this rulemaking.
   Comment: Several commenters inquired whether our proposal to remove laboratory companies from the scope of protected donors applied to suppliers of both anatomic and clinical pathology services, and suggested that our proposal should apply to both. Commenters also inquired about the application of this proposal to hospitals that operate laboratory companies for non-hospital affiliated customers. Raising concerns about an uneven playing field, some of these commenters urged us to exclude such hospitals from the scope of protected donors if we determined to exclude laboratory companies. One commenter suggested that we effectuate this limitation by restricting protected hospital donations to those made to the hospital's employed physicians and the hospital's wholly-owned physician practices.
   Response: Our proposal applied to "laboratory companies" and did not distinguish between those that provide anatomic pathology services and those that provide clinical pathology services. We intend that references to "laboratory company" or "laboratory companies" include entities that furnish either type of service. With respect to the commenters' suggestion to limit or prohibit hospital donations, we appreciate the commenters' concerns, but are not adopting their suggestion at this time. We continue to believe that hospitals have a substantial and central stake in patients' electronic health records. Further, the types and prevalence of the concerns that have been brought to our attention and discussed elsewhere in this final rule in the context of laboratory company donations have not arisen, to our knowledge, in the hospital-donation context.
   We are clarifying that if a hospital furnishes laboratory services through a laboratory that is a department of the hospital for
   Comment: One commenter requested that, if we finalize our proposal to exclude laboratory companies from the scope of protected donors, we specifically clarify that "[laboratory companies] are prohibited from providing [ ] software to physicians unless they comply with another one of the existing safe harbors." The commenter went on to cite examples of software leases and sales at fair market value.
   Response: We cannot make the statement requested. Safe harbors set forth specific conditions that, if met, assure the parties involved of not being subject to any enforcement actions under the anti-kickback statute, the CMP provision for anti-kickback violations, or the program exclusion authority related to kickbacks for the arrangement qualifying for the safe harbor. However, safe harbor protection is afforded only to those arrangements that precisely meet all of the conditions set forth in the safe harbor. The failure of an arrangement to fit in a safe harbor does not mean that the arrangement is illegal. That an arrangement does not meet a safe harbor only means that the arrangement must be evaluated on a case-by-case basis. Arrangements regarding the lease or sale of software are outside the scope of this rulemaking.
   Comment: One commenter shared its concerns about a practice that it described as "post donation in-sourcing." The commenter stated that it is aware of situations in which laboratory companies are donating to ordering physicians only to have those physicians in-source their laboratory services shortly after the donation. The commenter suggested that "[t]he donation enables [ ] ordering physicians to avoid bearing the full cost of the [electronic health records items and services] when they discontinue use of an outside laboratory and bring the specimen testing into their own in-house self-referral arrangement just after receiving the donation."
   Response: The safe harbor does not require the donation recipient to make referrals to the donor. To the contrary, subparagraph (
   Comment: Two commenters raised issues regarding the type of remuneration permissible under the safe harbor at 42 CFR 1001.952(y). One commenter characterized the safe harbor in terms of allowing laboratory companies to donate funds to recipients to help them implement electronic health records technology. Another commenter noted that some donations from laboratory companies have included hardware.
   Response: We remind stakeholders that the electronic health records safe harbor applies only to the donation of nonmonetary remuneration (consisting of items and services in the form of software or information technology and training services) necessary and used predominantly to create, maintain, transmit, or receive electronic health records. As stated in the preamble to the 2006 Final Rule, reimbursement for previously incurred expenses is not protected, as it poses a substantial risk of fraud and abuse. 71 FR 45110, 45134 (
Scope of Protected Donors: Other Comments and Suggestions
   Although the majority of commenters recommended removing safe harbor protection for donations by laboratory companies, including by excluding laboratory companies from the scope of protected donors, some commenters had alternate or additional recommendations.
   Comment: A number of commenters recommended that we maintain our current scope of protected donors. Some of these commenters stated that limiting the scope of protected donors could have an impact on specialists, who, according to the commenters, still have relatively low rates of electronic health records adoption. Along the same lines, one commenter stated that limiting the categories of donors that may seek protection under the safe harbor will negatively impact recipients by preventing certain entities from helping move the entire healthcare system towards more interoperable electronic health records systems. Others cautioned that restricting the scope of protected donors will stymie innovation and restrict learning from the technology. Finally, some commenters contended that laboratory companies and other ancillary service providers and suppliers have a legitimate clinical interest in donating electronic health record items and services, and that many physician practices depend on it.
   Some commenters, while acknowledging our concerns regarding abusive donation practices, suggested alternative means to address the concerns we articulated in the 2013 Proposed Rule. These commenters variously recommended that we strengthen interoperation requirements, provide education materials, or adopt enforcement policies to prevent abuses rather than limiting the scope of potential donors.
   Response: We agree with many of the reasons articulated by the commenters that support maintaining our current broad scope of protected donors. We recognize that limiting the scope of potential donors could constrain the ability of many providers and suppliers to adopt electronic health record technology. Other than with respect to laboratory companies, the scope of protected donors will remain the same. We will continue to monitor and may, prior to 2021, reconsider in a future rulemaking the risk of fraud or abuse relating to the use of the safe harbor by other donors or categories of donors.
   We appreciate the suggestions from commenters regarding alternative means of addressing abusive donation practices. The purpose of safe harbors is to permit certain non-abusive arrangements that, in the absence of the safe harbor, potentially would be prohibited by the anti-kickback statute. Compliance with safe harbors is voluntary, and safe harbor protection is afforded only to those arrangements that precisely meet all of the conditions set forth in the safe harbor. Thus, any individual or entity engaging in an arrangement that does not meet all conditions of the safe harbor could be subject to an enforcement action unless the arrangement otherwise complies with the law. In response to the suggestion that we provide additional education materials, we would like to highlight our efforts to educate the industry about compliance with the anti-kickback statute and other fraud and abuse laws generally. Our Web site (www.oig.hhs.gov) has a "Compliance" tab with many compliance-related materials. These include Compliance Education for Physicians, Compliance Program Guidance documents for various segments of the industry (including hospitals, nursing facilities, and others), Special Fraud Alerts, advisory opinions, and more. We believe that the information we include in this final rule sufficiently sets forth donors' and recipients' requirements under the safe harbor with respect to donations. If an individual or entity desires guidance about a specific arrangement involving the donation of electronic health records items or services under the safe harbor, our advisory opinion process remains available. Finally, we address the issue of interoperation requirements elsewhere in this final rule.
   Comment: We received a number of comments requesting that we retain certain categories of providers and suppliers within the scope of protected donors under the safe harbor at 42 CFR 1001.952(y). For example, commenters that provide dialysis services specifically requested that they remain protected donors. One of the dialysis provider commenters noted that excluding this specialty would have a chilling effect on the development and availability of the specialized electronic health records systems used by nephrologists. A few commenters requested that we continue to include hospitals and health systems as protected donors in order for them to retain the ability to assist physicians in adopting electronic health records technology. Other commenters requested that we explicitly retain home health agencies as protected donors. In support of retaining home health agencies, one commenter stated that the depth, breadth, and frequency of communications between home health agencies and other direct care providers makes the use of interoperable electronic health record technology essential to improving clinical outcomes and financial efficiencies. We also received comments in support of retaining safety-net providers and pharmacies as protected donors.
   Response: We agree generally with the thrust of these comments. We recognize the value of permitting individuals and entities that participate directly in the provision of health care to patients and that have a need to coordinate with care providers and suppliers to donate electronic health record items or services to facilitate those interactions. Based on the information we have available at this time, we intend to continue to protect donors, other than laboratory companies, that provide patients with health care items or services covered by a Federal health care program and submit claims or requests for payment to those programs directly or through reassignment. Thus, whether a particular donation is eligible for safe harbor protection will hinge, in part, on whether the particular individual or entity making the donation meets this standard. For example, a hospital (whether stand-alone or within a health system) is an entity that typically provides health care services and submits claims or requests for payment to Federal health care programs and, therefore, could be a protected donor under this safe harbor.
   Comment: Some commenters agreed with the option we presented in the 2013 Proposed Rule to retain the current scope of protected donors but exclude providers and suppliers of ancillary services associated with a high risk of fraud and abuse. A few of these commenters suggested that taking a targeted approach minimizes the risk of unintended consequences. One of these commenters asserted that we should exclude the particular individuals or entities that have been the subject of complaints. Another of these commenters specifically recommended that we target categories of providers and suppliers with a history or pattern of abusive behavior. Other commenters variously recommended excluding laboratory companies, DME suppliers, home health agencies, or safety-net providers from the scope of protected donors. One commenter asserted that entities like laboratory companies and DME suppliers do not have an overarching and essential interest in having physicians use electronic health records, nor do they coordinate a patient's care. In contrast, one commenter objected to singling out a provider or supplier type to exclude from the scope of protected donors. This commenter stated that such an action unjustly (1) penalizes a whole category of providers or suppliers when most, in the commenter's assessment, are law-abiding, and (2) supports other providers or suppliers that may have similar motivations.
   Response: We respond earlier to the commenters who recommended removing only laboratory companies from the scope of protected donors. With respect to the other comments, we note that, in the 2013 Proposed Rule, we specifically requested comments with supporting reasons regarding whether particular provider or supplier types should not be protected. 78 FR 21314, 21318 (
   Comment: A few commenters recommended restricting the scope of protected donors under the safe harbor to those types listed in the MMA. These commenters also made suggestions regarding how to restrict donations from these limited categories of donors. For example, one commenter recommended limiting the protected donors to hospitals and providers and suppliers operating in an integrated setting and to MA plans and providers and suppliers under contract with them. Another commenter suggested limiting the application of the safe harbor to a similar integrated model, and to hospitals that donate to their employed physicians and the physician groups that they own. In contrast, one commenter suggested that limiting the protected donor types to the original MMA list is too restrictive because some provider and supplier types not listed in the MMA (e.g., ambulatory surgical centers that now perform many procedures previously performed only in hospitals) should have the opportunity to make donations.
   Response: We agree that providers and suppliers operating in an integrated environment need interoperable electronic health records. However, we do not believe that the need for this technology is limited to individuals and entities in an integrated care setting. Patients may receive care from providers and suppliers that are not in the same integrated system, and the patient's medical records need to be shared with those providers and suppliers who care for a patient. The Department's goal continues to be fostering broad adoption of interoperable electronic health records technology. At this time, we believe that excluding laboratory companies from the scope of protected donors, rather than limiting the scope to the original MMA list of donors (or some other subset of protected donors) strikes the right balance between furthering that goal and preventing fraud and abuse.
2. Data Lock-In and Exchange
   We solicited comments on what new or modified conditions could be added to the electronic health records safe harbor to achieve the two goals of (1) preventing misuse of the safe harbor that results in data and referral lock-in and (2) encouraging the free exchange of data (in accordance with protections for privacy). Additionally, we requested comments on whether those conditions, if any, should be in addition to, or in lieu of, our proposal to limit the scope of protected donors. We also solicited comments on possible modifications to 42 CFR 1001.952(
Data Lock-In: Comments on Current Conditions
   Comment: Many commenters asserted that the current conditions of the safe harbor provide adequate safeguards to prevent donations that result in data or referral lock-in between the donor and recipient. These commenters expressed general support for enforcement when arrangements do not comply with the conditions of the safe harbor. Several of these commenters were also concerned that adding or modifying conditions of the safe harbor may increase the burden of compliance and, therefore, lead to fewer entities willing to make appropriate donations.
   Response: We are not persuaded to adopt significant new requirements or modifications to the safe harbor to address the issue of data and referral lock-in at this time. However, as described below, we are making limited clarifications to current conditions to reflect our intended meaning.
   We remain committed to investigating potentially abusive arrangements that purport to meet the conditions of the safe harbor, but, in fact, do not. Donations that do not meet the conditions of the safe harbor--because they are used to lock in referrals--are suspect under the law.
   Comment: Several commenters expressed concerns about donations that lead to data lock-in. As described elsewhere in this final rule, some commenters suggested that, although some donated items or services have the ability to be interoperable, vendors may charge providers and suppliers who do not use the same donated software high fees to interface with it. The commenters contended that these business practices result in electronic health records software that is not practically interoperable because non-donor providers and suppliers cannot afford to connect to it. Other commenters expressed general concerns that donated items or services are capable of interoperation, but that recipients implicitly agree to send referrals only to the donor. These commenters did not provide specific recommendations to modify the data lock-in conditions of the safe harbor, but generally supported our efforts to prevent data lock-in.
   Two commenters representing laboratory companies expressed specific concerns about a feature of donated software that may lead to data lock-in. They explained that some software is designed to limit the accessibility of data that is received from an electronic health records system that is different than the donated software. Most often, data sent from the non-donated electronic health records system cannot populate automatically in a patient's electronic health record or other limits are placed on the portability of data sent from the non-donated electronic health records system. According to these commenters, the limited accessibility of the data makes it harder for the recipient to access and use it for clinical purposes. As a result, a physician or other recipient is more likely to use only the donor's services to make sure that necessary data is easily accessible. These commenters asserted that there are no technical solutions to reducing the possibility of data lock-in; rather, the only solution is to remove laboratory companies from the scope of protected donors.
   Several other commenters endorsed generally our efforts to prevent referral and data lock-in. These commenters evidenced strong support of the free exchange of health information across different provider and supplier types to better coordinate care for patients. However, apart from supporting our efforts to ensure that electronic health records systems are interoperable, the commenters made no specific recommendations regarding modifications to the exception.
   Response: We share the commenters' concerns about the interoperability of donated software. While any definitive conclusion regarding the existence of an anti-kickback violation requires a case-by-case determination of the parties' intent, we note that donations of items or services that have limited or restricted interoperability due to action taken by the donor or by any person on the donor's behalf (which could include the recipient acting on the donor's behalf) would fail to meet the condition at 42 CFR 1001.952(
   However, whether a donation actually satisfies the conditions of the safe harbor depends on the specific facts of each donation arrangement. We encourage the reporting of instances of data lock-in, as we believe that investigation may establish that where such lock-in has occurred, existing conditions of the safe harbor have not been met. Moreover, any action taken to achieve such a result could be evidence of intent to violate the anti-kickback statute. In regard to the specific recommendation to remove laboratories from the scope of protected donors, we note that we are excluding laboratory companies from the scope of protected donors as discussed earlier in this final rule.
Data Lock-In: Recommendations Outside the Scope of the Rulemaking
   Comment: One commenter expressed concern regarding data lock-in and supported ensuring that donations are transparent and free of any attempts to steer future business. Although the commenter denied knowledge of any specific abuse of the safe harbor, the commenter requested that we allow individuals or entities to remedy a donation that may not be protected by the safe harbor. The commenter suggested that the remedy for failure to satisfy the conditions of the safe harbor as modified by this final rule should be to make recipients pay the fair market value of any costs for ongoing support of the donated items or services and provide 3 years for the recipient to either pay full value for the donation or make a transition to a new system.
   Response: We appreciate the commenter's concern and recommendation; however we decline to make the suggested modification. Even if we were inclined to do so, implementing the commenter's suggestions would be outside the scope of this rulemaking.
Data Lock-in: Recommendations for Additions or Modifications to the Safe Harbor Conditions
   Comment: A few commenters urged us to amend the safe harbor to require that the recipient or the donor participate in actual health information exchange with an electronic health records system that is different from the donated item. One commenter specifically suggested that the recipient should have to demonstrate exchange with at least one other electronic health record system within a certain time frame after receipt of the donation. Another commenter suggested that the donor should have to--upon request--enable the donation recipients to engage in bi-directional exchange of data with competitors not using the same electronic health record system.
   Response: We appreciate the commenters' recommendations; however, we are not modifying the conditions of the safe harbor that require the parties to a donation arrangement to demonstrate interoperation. We question whether adequate demonstration of interoperation could occur only after the donation has been made, which would create uncertainty about whether the donation meets the conditions for protection under the safe harbor at the time of the donation. This uncertainty would undermine the Department's goal to support widespread adoption of interoperable electronic health record technology. It is our intent and expectation that interoperation will, in fact, occur, and we believe the safe harbor conditions, in their entirety, promote such interoperation. Moreover, routine interoperation with systems other than those of the donor may be evidence that neither the donor nor any person on the donor's behalf has taken any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems. See 42 CFR 1001.952(
   Further, we note that the Department is considering a number of policies to accelerate and advance interoperability and health information exchange. As part of this process, ONC and CMS requested input from the public on possible policies and programmatic changes to accelerate electronic health information exchange among individuals and entities that furnish health care items and services, as well as new ideas that would be both effective and feasible to implement. 78 FR 14793, 14794 (
   FOOTNOTE 3 ONC and CMS have subsequently published a "Strategy and Principles to Accelerate HIE" document. http://www.healthit.gov/policy-researchers-implementers/accelerating-health-information-exchange-hie. END FOOTNOTE
   Comment: In response to our solicitation of comments, some commenters provided suggestions as to how we could broaden the current safe harbor conditions related to data lock-in. Two commenters suggested broadening 42 CFR 1001.952(
   Another commenter suggested amending 42 CFR 1001.952(
   Response: The current language in the regulatory text prohibits donors (or persons on the donor's behalf) from taking any action to limit or restrict the use, compatibility, or interoperability of donated items or services with other "electronic prescribing or electronic health records systems." The term "electronic prescribing or electronic health records systems" was intended to be broad in order to account for developments in the health information technology industry. Based on the commenters' suggestions it appears, however, that some have read this term more narrowly. This narrow reading is inconsistent with our intended meaning. We have always believed and continue to believe that an action taken by a donor (or on behalf of the donor) that limits the use, compatibility, or interoperability of donated items or services with any other health information technology may impede the free exchange of data and limit the ability of providers and suppliers to coordinate care, which is inconsistent with one of the goals of the safe harbor. Therefore, we are clarifying 42 CFR 1001.952(
   We are not adopting the commenters' suggestion to modify the safe harbor to state that neither the donor nor the recipient may take any actions to limit the interoperability of the donated item or service. The condition at 42 CFR 1001.952(
   We are not implementing the suggestion that we provide in regulation text examples of actions that may cause a donation not to meet the condition of 42 CFR 1001.952(
Data Lock-in: Other Comments and Suggestions
   Comment: One commenter objected to the use of the safe harbor to address the issue of data lock-in. The commenter contended that data lock-in may arise in response to legitimate concerns, such as Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules, liability issues, licensing requirements, and anti-trust issues. Further, according to the commenter, data lock-in conditions may cause uncertainty for donors because parties may not be able to determine whether a donation met these conditions until after donation.
   Response: Nothing in this final rule is intended to prohibit legitimate actions taken to ensure that donated items and services appropriately protect data, including measures to ensure the privacy and security of health information data. We recognize that there may be appropriate security, privacy, and other business reasons to protect data. This final rule addresses only actions that inappropriately lock in data, for example locking in data to secure future referrals.
   Comment: One commenter expressed support for preventing electronic health records data lock-in and the free exchange of data. However, the commenter did not agree that additional conditions designed to promote these goals would be effective. Instead, the commenter suggested that CMS adopt payment models that continue to foster care coordination activities.
   Response: We appreciate the commenter's suggestion; however, changes to CMS payment models are outside the scope of this
   Comment: Two commenters suggested data lock-in could be limited by requiring electronic health record software to be open or "open source." Both commenters asserted that open source software would limit data lock-in due to the transparent nature of open source software. In addition, it would lead to greater interoperability of electronic health record systems. One commenter also suggested that we require mandatory advance disclosure of the operational and business policies and practices associated with the electronic health record technologies. One commenter suggested that we adopt the e-DOS standard as certification criteria for electronic health records.
   Response: We generally share the commenters' support for free exchange of health information, provided that there are appropriate protections for privacy and security. However, we are not adopting the commenters' recommendations because software certification criteria and standards are determined by ONC and are, therefore, outside the scope of this rulemaking.
3. Covered Technology
   In the 2013 Proposed Rule, we noted that "we received questions concerning whether certain items or services . . . fall within the scope of covered technology under the electronic health records safe harbor." 78 FR 21314, 21319 (
   Comment: Several commenters stated that the regulatory text describing the scope of technology covered by the safe harbor, when read in light of the 2006 Final Rule preamble, is sufficiently clear. One of these commenters urged us not to revise the regulation in any way that might limit the scope of covered technology, limit the ability of donors and recipients in the design and selection of items and services, or create barriers to achieving interoperability. Other commenters agreed that the current definition of covered technology is appropriate, with two of these commenters suggesting that we revisit the definition in the future as health information technology evolves. Still other commenters asserted that the existing regulatory language can be interpreted to include "services that enable the interoperable exchange of electronic health records data;" thus, no revisions to the regulatory text are required. In contrast, one commenter suggested that we incorporate into the regulatory text the preamble language from the 2006 Final Rule where we discussed examples of items and services that would qualify for coverage under the safe harbor. Another commenter suggested that we revise the regulatory text to include as many examples of covered "software, information technology and training services" as possible while emphasizing that the list is not exhaustive.
   Response: We agree that maintaining flexibility is important, particularly as health information technology evolves. We endeavor to avoid revisions to the regulation text that could inadvertently narrow the safe harbor, which is intended to promote the adoption of interoperable electronic health record technology. Moreover, our interpretation of what is covered by the safe harbor has not changed. As we stated in the 2013 Proposed Rule, whether specific items or services fall within the scope of covered technology under the safe harbor depends on the exact items or services that are being donated. 78 FR 21314, 21319 (
   For these reasons, we are not revising the regulation text at 42 CFR 1001.952(y) to identify any specific types of items or services that may be donated if the other conditions of the safe harbor are satisfied. We are also not modifying the examples identified in the preamble discussion in the 2006 Final Rule. 71 FR 45110, 45151-2 (
   Comment: A few commenters requested clarification regarding whether third-party fees related to the exchange of health information, such as health information exchange (HIE) service charges for interconnectivity, are "covered technologies" under the safe harbor.
   Response: The safe harbor protects only nonmonetary remuneration. Whether particular items or services, like interconnectivity services, can be donated under the safe harbor depends on the exact item or service that is being donated and whether the item or service is: (1) In the form of software, information technology and training services; and (2) necessary and used predominantly to create, maintain, transmit, or receive electronic health records. We caution, however, that the donation of items or services, including interconnectivity services that are eligible for donation, would not be protected if the recipient, the recipient's practice, or any affiliated individual or entity makes the receipt, amount or nature of the donated items or services a condition of doing business with the donor or if the donor determines the eligibility of a recipient or the amount or nature of the items or services to be donated in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. See 42 CFR 1001.952(
   Comment: One commenter suggested that, in addition to maintaining as much flexibility as possible, we broaden the scope of the technology covered by the safe harbor to include software and services used for care coordination, quality measurement, improving population health, or improving the quality or efficiency of health care delivery among parties. The commenter noted that some of these items may be covered by the waivers issued in connection with the Medicare Shared Savings Program (MSSP); however, because those waivers extend only to parties participating in that program, protection for the donation of items or services that advance the Department's goal of encouraging the adoption of health information technology that supports public policy objectives is not available to other health care industry stakeholders. To advance these goals in a broader way, the commenter suggested that the safe harbor be expanded to include items potentially covered by the MSSP pre-participation waiver, such as electronic health information exchanges that allow for electronic data exchange across multiple platforms, data reporting systems (including all-payer claims data reporting systems), and data analytics (including staff and systems, such as software tools, to perform analytic functions). Another commenter suggested that we broaden the scope of technology covered by the safe harbor to include software separate from the certified electronic health record software as long as it is interoperable with the electronic health record software. The commenter gave as examples of such electronic health-records-associated components "patient portals that support patient engagement, direct and other standards-compliant means for secure patient information exchange between providers, solutions to support transition care, and tools that may assist in inter- and intra-patient matching." A third commenter urged us to consider a broader array of covered technologies, provided that they support policy goals such as reducing hospital readmissions and coordinated care across settings outside of traditional office settings, including telemonitoring and telemedicine. Another commenter suggested that we expand the protection of the safe harbor to cover "any additional items or services that will be required or helpful in meeting Stage 2 or Stage 3 requirements for [the EHR Incentive Programs]."
   Response: As stated previously, whether specific items or services fall within the scope of covered technology under the safe harbor depends on the exact items or services that are being donated. Some of the particular items and services that may be included within the broad categories identified by the commenters may be eligible for donation. For example, if a particular software product related to transitions of care was necessary and used predominantly to create, maintain, transmit, or receive electronic health records, then it would be eligible for donation, provided that the donation met all of the other safe harbor conditions. As noted previously in this final rule, software is not required to be certified to ONC certification criteria in order to be donated under the electronic health records safe harbor. Thus, software that is separate from certified software may still be eligible for donation if it satisfies the definition of "interoperable" in the Note to paragraph (y) in 42 CFR 1001.952(y). To the extent that the commenters suggest that we expand the scope of the safe harbor to protect items or services that are not already eligible for donation, we note that revision of the safe harbor to include such items or services would be outside the scope of this rulemaking. In the 2013 Proposed Rule, with respect to the scope of technology potentially covered by the safe harbor, we sought input from the public regarding the singular issue of "whether the current regulatory text, when read in light of the preamble discussion, is sufficiently clear concerning the scope of covered technology." 78 FR 21314, 21319 (
   Comment: One commenter suggested that we define "equivalent technology" for purposes of the condition in the safe harbor that the donor of electronic health record technology may not have actual knowledge of, or act in reckless disregard or deliberate ignorance of, the fact that the recipient possesses or has obtained items or services equivalent to those being donated. This commenter also suggested that we prohibit a provider or supplier from seeking or accepting a donation before a certain period of time has elapsed since the receipt of a previous donation. Another commenter urged us to eliminate maintenance and service agreements from the scope of potentially protected donations under the safe harbor. In the alternative, the commenter suggested that we impose a restriction on the time period that donations of such services would be permitted. The commenter noted concerns that donors may use ongoing donations of maintenance and service agreements to lock in referrals from recipients. A commenter that urged us not to extend the availability of the safe harbor suggested that we prohibit the donation of all technology except interfaces for reporting of laboratory results.
   Response: Although we appreciate the commenters' suggestions, we are not making the requested changes. We believe that the modifications to and clarifications of 42 CFR 1001.952(y) adopted in this final rule and the clarifications offered in this preamble address the concerns raised by these commenters.
   Comment: One commenter asserted that the prohibition on donating equivalent technology currently included in the safe harbor locks physician practices into a vendor, even if they are dissatisfied with the technology, because the recipient must choose between paying the full amount for a new system and continuing to pay 15 percent of the cost of the substandard system. The commenter asserts that the cost difference between these two options is too high and effectively locks physician practices into electronic health record technology vendors.
   Response: Although we appreciate the commenter's concern, we continue to believe that items and services are not "necessary" if the recipient already possesses the equivalent items or services. 71 FR 45110, 45123 (
   Comment: One commenter referenced the 2013 Proposed Rule's statement that "software or information technology and training services necessary and used predominantly for electronic health records purposes" included "information services related to patient care (but not separate research or marketing support services." 78 FR 21314, 21319 (
   Response: We decline to retract our statement in the 2013 Proposed Rule. To promote adoption of electronic health records while minimizing the risk of abuse, the scope of items and services permitted to be donated under the safe harbor is limited to items and services in the form of software and information technology and training services that are "necessary and used predominantly to create, maintain, transmit, or receive electronic health records." Donations of software for research that is separate from clinical support and information services related to patient care are not consistent with the primary goals of the safe harbor.
   The electronic health records safe harbor addresses only the donation of electronic health records items and services, not the use of data. Thus, the portion of the comment related to data use is outside the scope of this rulemaking. We note, however, that nothing in the safe harbor prohibits the use of data in electronic health record systems for research purposes (assuming the parties comply with all other applicable laws, including HIPAA privacy and security rules).
   Comment: One commenter asked us to confirm that patient portals are within the scope of the technology potentially protected by the safe harbor.
   Response: We are not certain what the commenter precisely means by "patient portals." Patient portals come in a variety of forms; the key to the safe harbor analysis is whether the specific item or service donated is: (1) In the form of software, information technology and training services; and (2) necessary and used predominantly to create, maintain, transmit, or receive electronic health records. As we stated in the 2006 Final Rule in response to a commenter's recommendation that the safe harbor specifically protect the provision of patient portal software that enables patients to maintain online personal medical records, including scheduling functions (71 FR 45110, 45125 (
E. Comments Outside the Scope of Rulemaking
   In addition to some of the comments noted above, we received several comments from stakeholders, including suggestions on policy changes, that are outside the scope of this rulemaking. For example, one commenter raised concerns about a private insurer's proposed fee schedule for laboratory services. Another commenter expressed a concern about "outrageous bills" the commenter received from a laboratory company. While we appreciate the commenters taking time to raise these concerns, we will not be addressing them as they are outside the scope of this rulemaking.
III. Provisions of the Final Regulations
   For the most part, this final rule incorporates the proposed revisions from the 2013 Proposed Rule. Specifically, we update the provision under which electronic health records software is deemed interoperable by revising 42 CFR 1001.952(
IV. Waiver of the Delay in the Effective Date
   Ordinarily we provide a delay of at least 30 days in the effective date of a final rule after the date that the rule is issued. However, the 30-day delay in effective date can be waived if the rule grants or recognizes an exemption or relieves a restriction. We believe that it is appropriate to waive the 30-day delay in effective date for 42 CFR 1001.952(
   The 30-day delay in effective date can also be waived if the agency finds for good cause that the delay is impracticable, unnecessary, or contrary to the public interest, and the agency incorporates a statement of the findings and reasons in the rule issued. We find that it is unnecessary to provide a 30-day delay in effective date for 42 CFR 1001.952(
V. Regulatory Impact Statement
   We have examined the impact of this final rule as required by Executive Order 12866 on Regulatory Planning and Review (
   Executive Orders 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). A regulatory impact analysis (RIA) must be prepared for major rules with economically significant effects (
   This final rule updates (1) the provision under which electronic health records software is deemed interoperable; (2) removes the requirement related to electronic prescribing capability; (3) extends the safe harbor's sunset date to
   The summation of the economic impact analysis regarding the effects of electronic health records in the ambulatory setting that is presented in the 2006 Final Rule still pertains to this final rule. 71 FR 45110 (
   As discussed in more detail in the preamble to the 2013 Proposed Rule, section 132 of MIPPA authorized an electronic prescribing incentive program (starting in 2009) for certain types of eligible professionals. The HITECH Act authorized CMS to establish the EHR Incentive Programs for certain eligible professionals, eligible hospitals, and critical access hospitals. Also, the HITECH Act required that eligible professionals under the EHR Incentive Programs demonstrate meaningful use of certified electronic health record technology, including the use of electronic prescribing. Specifically, the final rule for Stage 2 EHR Incentive Programs (77 FR 53968 (
   The RFA generally requires an agency to conduct a regulatory flexibility analysis of any rule subject to notice and comment rulemaking requirements unless the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities. For purposes of the RFA, small entities include small businesses, certain non-profit organizations, and small governmental jurisdictions. Most hospitals and most other providers and suppliers are small entities, either by nonprofit status or by having revenues below specific limits that range from
   In addition, section 1102(b) of the Act requires us to prepare a regulatory impact analysis if a rule may have a significant impact on the operations of a substantial number of small rural hospitals. This analysis must conform to the provisions of section 604 of the RFA. For purposes of section 1102(b) of the Act, CMS defines a small rural hospital as a hospital that is located outside of a Metropolitan Statistical Area for
   Title II of the Unfunded Mandates Reform Act of 1995 (UMRA) (codified at 2 U.S.C. 1531-1538) establishes requirements for Federal agencies to assess the effects of their regulatory actions on State, local, and tribal governments and the private sector. Under UMRA, agencies must assess a rule's anticipated costs and benefits before issuing any rule that may result in aggregate costs to State, local, or tribal governments, or the private sector, of greater than
   Executive Order 13132 establishes certain requirements that an agency must meet when it issues a final rule that imposes substantial direct requirement costs on State and local governments, preempts State law, or otherwise has Federalism implications. For the reasons stated earlier, this final rule will not have a substantial effect on State or local governments, nor does it preempt State law or have Federalism implications.
   In accordance with Executive Order 12866, this final rule was reviewed by the
VI. Paperwork Reduction Act
   The provisions in this final rule will not impose any new or revised information collection, recordkeeping, or disclosure requirements. Consequently, this rule does not need additional
List of Subjects in 42 CFR Part 1001
   Administrative practice and procedure, Fraud, Grant programs--health, Health facilities, Health professions, Maternal and child health,
   Accordingly, 42 CFR part 1001 is amended as set forth below:
PART 1001--[AMENDED]
   1. The authority citation for part 1001 continues to read as follows:
   Authority: 42 U.S.C. 1302, 1320a-7, 1320a-7b, 1395u(j), 1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e), 1395cc(b)(2)(D), (E) and (F), and 1395hh; and sec. 2455, Pub. L. 103-355, 108
   2. Section 1001.952 is amended by revising paragraphs (
* * * * *
   (y) * * *
   (1) * * *
   (i) An individual or entity, other than a laboratory company, that provides services covered by a Federal health care program and submits claims or requests for payment, either directly or through reassignment, to the Federal health care program; or
* * * * *
   (2) The software is interoperable at the time it is provided to the recipient. For purposes of this subparagraph, software is deemed to be interoperable if, on the date it is provided to the recipient, it has been certified by a certifying body authorized by the National Coordinator for Health Information Technology to an edition of the electronic health record certification criteria identified in the then-applicable version of 45 CFR part 170.
   (3) The donor (or any person on the donor's behalf) does not take any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems (including, but not limited to, health information technology applications, products, or services).
* * * * *
   (10) [Reserved]
* * * * *
   (13) The transfer of the items and services occurs, and all conditions in this paragraph (y) have been satisfied, on or before
* * * * *
   Dated:
Inspector General.
   Approved:
Secretary.
[FR Doc. 2013-30924 Filed 12-23-13;
BILLING CODE 4152-01-P
| Copyright: | (c) 2013 Federal Information & News Dispatch, Inc. |
| Wordcount: | 20188 |


CCC Export Credit Guarantee (GSM-102) Program and Facility Guarantee Program (FGP)
Advisor News
- Poor money habits are a dealbreaker in a new relationship
- DC plan sponsors see opportunity in alternatives
- The American Dream: Redefined as financial stability
- Partial annuitization: How advisors can help clients balance income, growth
- Guide women along the walk through widowhood
More Advisor NewsAnnuity News
- Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
- AM Best Managing Director Joins ‘Target Topics’ Podcast to Discuss State of Delegated Underwriting Authority Enterprises Market
- KBRA Assigns Rating to TruSpire Retirement Insurance Company
- Partial annuitization: How advisors can help clients balance income, growth
- Guide women along the walk through widowhood
More Annuity NewsHealth/Employee Benefits News
- Findings on Science Detailed by Researchers at Health Analysis Division (The role of nonfinancial factors in the Congressional Budget Office’s health insurance coverage projections): Science
- New Managed Care Findings from University of Illinois Described (Dental Care Access for Young Children With Medicaid: Groundtruthing Online Data and Actual Access in the Chicago Metro Area): Managed Care
- Study Results from Kansai Medical University Update Understanding of Cerebrovascular Disease (Cardiovascular Safety of Romosozumab Versus Other Anti-Osteoporosis Medications in Patients with Osteoporosis: A Nationwide Health Insurance Claims …): Central Nervous System Diseases and Conditions – Cerebrovascular Disease
- This Miami health system could go out-of-network with United. What it means for you
- Health benefit premiums for NJ school workers expected to rise by 34%
More Health/Employee Benefits NewsLife Insurance News
- Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
- AM Best Upgrades Credit Ratings of Sagicor Financial Company Ltd. and Most of Its Subsidiaries
- Trust, technology and the future of claims
- New York Life Launches an Indemnity Benefit for its Asset Flex Long-Term Care Insurance Solution
- AM Best Affirms Credit Ratings of DB Insurance Co., Ltd.
More Life Insurance News