Section 101 of the MMA directed the OIG and CMS to establish regulations that would protect arrangements involving the donation of technology used for receiving and transmitting electronic prescription drug information. In response, the OIG and CMS issued final regulations, published in the Federal Register on August 8, 2006, creating exceptions to both the federal antikickback statute and the physician self-referral (Stark) law not only for donations of e-prescribing technology, but additional protection under both laws for donations of certain electronic health record (EHR) technology and training services. The new rules, which are intended to encourage the development of widespread health information technology while addressing fraud and abuse concerns, became effective October 7, 2006. See 71 Fed. Reg. 45,110 (Aug. 8, 2006) (to be codified at 42 C.F.R. § 1001.952(x), (y)) (antikickback safe harbors); 70 Fed. Reg. 59,182 (Aug. 8, 2006) (to be codified at 42 C.F.R. § 411.357(v), (w), (x)) (Stark exceptions).

While both the federal antikickback statute and the Stark law are potentially implicated when free or discounted goods or services are offered to referral sources, there are significant differences in the two laws. The federal antikickback law establishes criminal as well as civil money penalties that may be imposed when individuals or entities knowingly offer, pay, solicit, or receive remuneration to induce the referral of business which is payable under federal health care programs. In addition to certain statutory exceptions, the OIG—the agency responsible for administering the antikickback statute—has established certain regulatory “safe harbors” which protect certain relationships or transactions. Compliance with a safe harbor removes a relationship or transaction from the risk of administrative or criminal prosecution under the antikickback statute. To qualify for protection, an arrangement must satisfy all of the conditions of the statutory exception or regulatory safe harbor. Failure to fit within a statutory exception or regulatory safe harbor, however, does not necessarily mean that an arrangement is unlawful.

By contrast, the Stark law applies solely to relationships with physicians. It prohibits a physician from making referrals for any designated health service covered under Medicare or Medicaid, including inpatient and outpatient hospital services, to an entity with which the physician, or an immediate family member of the physician, has a “financial relationship,” subject to various statutory and regulatory exceptions. The Stark law is a strict liability statute, i.e., it is not intent-based like the antikickback statute and any arrangement that does not meet all the requirements of an exception violates the Stark law. The regulatory exceptions to Stark are established by CMS—the agency responsible for administering the Stark law.

Both the OIG and CMS published separate proposed regulations relating to electronic prescribing (e-prescribing) on October 11, 2005. Both agencies proposed narrow exceptions for e-prescribing, while CMS also proposed exceptions protecting the provision of EHRs. Curiously, the OIG addressed a new proposed safe harbor for EHR, but did not include any proposed language for such a rule. In the final rules, however, both CMS and the OIG establish regulatory protection for the donation of EHR. See 70 Fed. Reg. 59,015 (Oct. 11, 2005); 70 Fed. Reg. 59,182 (Oct. 11, 2005).

E-prescribing Protections
Under the OIG’s e-prescribing safe harbor, donors may provide items and services to recipients for the purpose of receiving and transmitting electronic prescription information. Such donations are protected if the following conditions are met:

The items and services must be in the form of hardware, software, or information technology and training services.

The items and services must be (1) necessary, and (2) used solely for the purpose of receiving and transmitting electronic prescription information.

The items and services are provided by (1) hospitals to physicians on their medical staff; (2) group practices to prescribing health care professionals who are members of the group practice; or (3) prescription drug program (PDP) sponsors or Medicare Advantage (MA) organizations to pharmacists and pharmacies participating in the network and to prescribing health care professionals.

The items and services must also be donated as part of, or used to access, an electronic prescription drug program that meets applicable standards under Medicare Part D.

The donor may not take any actions to limit or restrict unnecessarily the use or compatibility of the items or services with other electronic prescription information items or services or electronic health information systems.

For items and services that are of the type that can be used for any patient without regard to payor status, the donor may not restrict, or take any action to limit, the recipient’s right or ability to use the items or services for any patient.

The recipient may not make the receipt of the items or services a condition of doing business with the donor.
Neither the eligibility of a recipient, nor the amount or nature of the items or services, is determined in a manner that takes into account the volume or value of referrals or other business generated between the parties.
The arrangement must be set forth in a written agreement that is (1) signed by the parties; (2) specifies the items or services being provided and the value of the items and services; and (3) covers all of the electronic prescribing items and services to be furnished by the donor (this requirement may be met by incorporating by reference other agreements between the parties or by the use of cross references to a master list of agreements between the parties).
The donor must not have actual knowledge of, or act in reckless disregard or deliberate ignorance of, the fact that the recipient possessed or had obtained items and services that were equivalent to those provided by the donor.

The proposed Stark exception for e-prescribing is practically identical to the proposed antikickback safe harbor, except that it applies only to transactions involving physicians; i.e., it does not apply to pharmacies, pharmacists, or other prescribing health care professionals.

Protections of EHR Donations
Under the proposed regulations, both the OIG and CMS acknowledged the need for additional protections relating to the donation of items and services that would promote the transition to electronic health records but only CMS proposed an exception for such donations. In the final rules, however, both the OIG and CMS set forth rules protecting the donation of EHR. Although the proposed regulations included protection for the donations of hardware, CMS and the OIG opted not to protect donations of hardware in the final regulations because they believed that “electronic health records software and training services were the components of electronic health records systems most likely to be needed by recipients, and because gifts of valuable, multi-functional hardware (such as computers and servers) would inherently pose a higher risk of constituting a disguised payment for referrals.” 71 Fed. Reg. at 45,120.

The antikickback safe harbor and Stark exception protect the donation nonmonetary items and services in the form of software or information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records, if the following conditions are met:

The software is interoperable at the time it is provided to the recipient.

The donor does not take any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or EHR systems.

Neither the recipient (nor the recipient’s practice) makes the receipt of the donation or the amount or nature of the donation a condition of doing business with the donor.

Neither the eligibility of a recipient, nor the amount or nature of the donated items or services, is determined in a manner that takes into account the volume or value of referrals or other business generated between the parties.

The arrangement must be set forth in a written agreement that is (1) signed by the parties; (2) specifies the items or services being provided and the value of the items and services; and (3) covers all of the electronic prescribing items and services to be furnished by the donor (this requirement may be met by incorporating by reference other agreements between the parties or by the use of cross references to a master list of agreements between the parties).

The donor must not have actual knowledge of, or act in reckless disregard or deliberate ignorance of, the fact that the recipient possessed or had obtained items and services that were equivalent to those provided by the donor.

For items and services that are of the type that can be used for any patient without regard to payor status, the donor may not restrict, or take any action to limit, the recipient’s right or ability to use the items or services for any patient.

The items and services donated may not include staffing of the recipient’s office and are not used primarily to conduct personal business or business unrelated to the recipient’s clinical practice or clinical operations.

The EHR software must contain an electronic prescribing capability, either through an electronic prescribing component or the ability to interface with the recipient’s existing electronic prescribing system, that meets the applicable standards under Medicare Part D at the time of the donation.

Before the donation is made, the recipient must pay 15 percent of the donor’s cost for the items and services. The donor may not finance the recipient’s payment or loan funds to be used by the recipient to pay for the donated items or services.
The donor does not shift the costs of the donation to any federal health care program.

The transfer of the items and services occurs, and all of the above conditions have been satisfied, on or before December 12, 2013.

The preamble lists permissible software, IT, and training services:

Interface and translation software;

Rights, licenses, and intellectual property related to electronic health records software;

Connectivity services, including broadband and wireless internet services;
Clinical support and information services related to patient care (but not separate research or marketing support services);

Maintenance services;

Secure messaging (e.g., permitting physicians to communicate with patients through electronic messaging); and

Training and support services (such as access to help desk services).

Although the donated software packages may include other “functionality” related to the care and treatment of individual patients (e.g., patient administration, scheduling functions, billing, and clinical support), the electronic health record function must predominate.

With respect to interoperability, the donated items or services may either (1) meet the definition of “interoperable” (i.e., “able to communicate and exchange data accurately, effectively, securely, and consistently with different information technology systems, software applications, and networks, in various settings; and exchange data such that the clinical and operational purpose and meaning of the data are preserved and unaltered”), or (2) be deemed interoperable by being certified by a certification body recognized by HHS within 12 months of the donation.

In lieu of limiting the value of the donated EHR, the final regulations add a cost-sharing component, requiring the recipients to contribute 15 percent of the donor’s cost of the technology. Donors should be aware that the OIG and CMS view variation in the amount of cost-sharing for different recipients by the same donor may give rise to an inference that an arrangement is directly related to the volume or value of referrals or other business generated between the parties. In addition, the cost of any updates or upgrades to donated items or services are also subject to a separate 15 percent cost-sharing requirement. Finally, for internally developed software that is not purchased from an outside vendor—and thus difficult to value for purposes of calculating the cost-sharing component—the parties are encouraged to “use a reasonable and verifiable method for allocating costs and are strongly encouraged to maintain contemporaneous and accurate documentation.”

The proposed regulations were going to limit donations to those made by hospitals to their medical staff (or group practices to members of the group), but the final regulations broadened the scope of potential donors AND recipients considerably. Donors may use selective criteria in choosing recipients; however, the donor cannot use any criteria (with respect to choosing the recipient) or an amount (with respect to the value of the donation) that takes into account the volume or value of referrals or other business generated between the parties.

The regulations list some “bright line” criteria as well as a general provision which would permit any other reasonable and verifiable selection criteria that does not relate directly to the volume or value of referrals or other business between the parties. The bright line criteria include determinations based on the following:

the total number of prescriptions written by the recipient (but NOT the volume or value of prescriptions dispensed or paid by the donor or billed to a federal health care program);

the size of the recipient’s medical practice (e.g., total patients, total patient encounters, or total relative value units);

the total number of hours that the recipient practices medicine;

the recipient’s overall use of automated technology in his or her medical practice (without specific reference to the use of technology in connection with referrals made to the donor);

whether the physician is a member of the donors medical staff, if the donor is a hospital or other entity with a formal medical staff;

the level of uncompensated care provided by the recipient; OR

any reasonable and verifiable manner that does not directly take into account the volume or value of referrals or other business generated between the parties.

Finally, the new regulations protecting the donation of EHR sunset on December 31, 2013. This provision reflects concerns expressed by both the OIG and CMS that the need for donations of EHR will diminish over time as the use of EHR technology will become a standard and necessary part of a medical practice. In addition, given that there is no limit placed on the monetary value of the donated items and services, a sunset provision would, in effect, provide a safeguard against fraud and abuse in that it would provide a different sort of “cap.”

The new e-prescribing and EHR safe harbors and Stark exceptions are clearly necessary protections for hospitals and physicians as the integration of information technology becomes increasingly important. This is particularly true because these new technologies are intended to reduce medical errors and costs, and improve overall patient care. However, where the OIG and CMS remain focused on the potential risks of program abuse, finding the right balance between meeting the needs of a technologically evolving health care industry and avoiding fraud and abuse may be an elusive goal. Some have questioned whether the protections—especially those for EHR—are adequate to ensure the continued development of new technology in health care.