HHS issues final rule on anti-kickback statute

| January 19, 2021

HHS issues final rule on anti-kickback statute

In a Final Rule issued November 20, 2020, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) added seven new safe harbors that provide protections for, among other things, coordinated care and value-based arrangements; arrangements for patient engagement; support to improve quality, health outcomes and efficiency; and cybersecurity technology and related services.

The Final Rule is part of the administration’s Regulatory Sprint to Coordinated Care, and was issued in tandem with a separate Final Rule that creates new and modified exceptions under the Physician Self-Referral or Stark law.


Modifications to the personal services and management contracts safe harbor

Under the current personal services and management contracts safe harbor, contracts that are periodic or part-time can only qualify for safe harbor protection if the schedule of such services and exact charge for each interval is specified up front. This makes it difficult for medical directors working on a part-time or as-needed basis or others to qualify for safe harbor protection. The Final Rule removes this provision, making it much easier to receive safe harbor protection.

In addition, the methodology for determining compensation payable under a services contract must be set in advance.

The safe harbor still requires that compensation reflect fair market value and not be based on the volume or value of referrals or other business generated between the parties. However, the above changes vastly expand the types of arrangements that may qualify for personal services and management contracts’ safe harbor protections.

The OIG also finalized a new provision within this safe harbor for outcome-based payments between a principal and an agent, in which the agent achieves certain outcome measures. The outcome measures must be based on clinical evidence or credible medical support, must have benchmarks used to quantify improvements in patient care and/or reduction in costs. Excluded from protection are payments related solely to achievement of internal cost savings by the principal or based solely on patient satisfaction or convenience.


Value-based enterprise arrangements

Under three new safe harbors for value-based enterprise (VBE) arrangements, eligible participants can more easily collaborate to achieve certain value-based goals. The new safe harbors are designed to protect:

  • Certain in-kind and nonmonetary remuneration exchanged between qualifying VBE participants to advance value-based activities for care coordination and management.
  • In-kind and monetary arrangements where the VBE assumes substantial downside financial risk from a payor.
  • In-kind and monetary arrangements where the VBE assumes full downside financial risk from a payor.

The new safe harbors do not, however, protect remuneration given directly to patients.

The first of these new safe harbors, which does not require any downside risk, is limited to nonmonetary ­remuneration exchanged between VBE participants, such as in-kind services, provided they are intended to achieve one of four value-based purposes:

  • Coordinating and managing the care of a target patient population.
  • Improving quality of care for a target patient population.
  • Appropriately reducing costs to payors without reducing quality for the target population.
  • Transitioning from a fee-for-service delivery and payment system to one based on quality of care and control of costs.

Unlike most other safe harbors, the VBE safe harbor does not require the remuneration from one VBE participant to another to meet the fair market value requirement, nor is there a prohibition on it being tied to volume or value of referrals, provided the remuneration is intended to benefit the target population.

Significantly, this safe harbor is not available to pharmaceutical companies, pharmacy benefit managers (PBMs), laboratories, compounding pharmacies, or most device, supply and durable medical equipment (DME) companies (with one narrow exception for limited technology participants).

The two other new safe harbors for VBEs require substantial or full downside risk from payors and allow for both monetary and nonmonetary remuneration. Under these safe harbors, the VBE must accept financial risk if value-based objectives are not achieved.


Arrangements for patient engagement and support to improve quality, health outcomes, and efficiency

 This new safe harbor, which does not require downside risk, allows certain VBE participants to provide a patient engagement tool or support directly to individuals in the target population of a VBE arrangement that advances certain enumerated goals:

  • Adherence to a treatment or drug regimen or follow-up care plan as directed by the patient’s health care professional.
  • Prevention or management of a disease or condition as directed by the patient’s health care professional.
  • Ensures patient safety.

Most significant is that the annual value of all remuneration to a specific patient cannot exceed $500 in value.

An arrangement that qualifies for protection under this safe harbor is also considered to be protected under the Beneficiary Inducements Civil Monetary Penalty (CMP) law.

As with the VBE safe harbors, pharmaceutical companies, PBMs, laboratories, compounding pharmacies, DMEPOS suppliers, and medical device distributors are not eligible to use this safe harbor. In addition, medical device manufacturers are not eligible to use the safe harbor unless the patient engagement tool or support is digital health technology defined as “hardware, software, or services that electronically capture, transmit, aggregate, or analyze data that are used for the purpose of coordinating and managing care.”


Cybersecurity and electronic health records technology (42 C.F.R. § 1001.952(jj))

 The OIG has created a new safe harbor intended to permit industry stakeholders to reduce the risk of cyberattacks by allow them to make nonmonetary donations of software and cybersecurity technology and related services to help improve the cybersecurity posture of the health care industry. This is in addition to the existing electronic health records (EHR) safe harbor which protects remuneration intended to support EHR. The new cybersecurity safe harbor allows donation of technology that is necessary and used predominantly for cybersecurity purposes. Remuneration can be to patients or health care providers and has no monetary cap provided the donor, does not shift the costs to any federal health care program and the donation is not based on volume or value of referrals or other business generated.

What qualifies for a safe harbor?

In considering whether an arrangement qualifies for a safe harbor, it is important to remember that failure to qualify for a safe harbor does not mean that an arrangement is illegal; instead, it will be evaluated based on its specific facts and circumstances. We recommend that providers consider modifying business practices based on these new safe harbors and consider having legal counsel review the arrangement to ensure it does not create risks under the anti-kickback or civil monetary penalties laws.

The Advocacy Council is preparing other articles on the final Physician Fee Schedule as it effects coding in your practice. Watch the College’s Advocacy Insider for more on the 2021 fee schedule. The Advocacy Council – we have you covered.