Skip to Main Content

Key Takeaways from the AKS Final Rule

  • January 01, 2021
  • Tony Maida , McDermott Will & Emery
  • James Cannatti , McDermott Will & Emery LLP
  • Drew Elizabeth McCormick , McDermott Will & Emery LLP

On November 20, 2020, the Department of Health and Human Services (HHS) released the final rules1 to amend the regulations for the federal physician self-referral statute (Stark Law),2 the federal Anti-Kickback Statute (AKS),3 and the civil monetary penalty (CMP) statute4 as part of the “Regulatory Sprint to Coordinated Care” initiative (the “Sprint”). These rules finalized, in large part, the proposals promulgated by the Centers for Medicare & Medicaid Services (CMS) and the HHS Office of Inspector General (OIG), respectively, in October 2019.5 These rules are set to become effective on January 19, 2021.

HHS specifically identified the broad reach of these laws as potentially inhibiting beneficial arrangements that would advance the transition to value-based care and improve the coordination of patient care among providers and across care settings in both the federal health care programs and commercial sector. The Sprint’s stated purpose is to reduce regulatory barriers and accelerate the transformation of the health care system into one that achieves the “Triple Aim” under the theory that paying for value will result in improved outcomes, lower costs or reduced growth in costs, and improved efficiencies in care delivery by promoting care coordination.6

As in the proposed rules, OIG and CMS appear to have worked closely in finalizing the rules, especially in creating the value-based exceptions and safe harbor framework. However, both OIG and CMS were of the same view that the rules could not completely align due to what they characterized as fundamental differences in the statutory structure, operation, and penalties between the Stark Law and the AKS.

New Value-Based Safe Harbors

OIG, similar to CMS, proposed three new safe harbors based on whether the “value-based enterprise” (VBE) assumed full,7 substantial downside,8 or “no risk” (called the “care coordination arrangements to improve quality, health outcomes, and efficiency” safe harbor).9 OIG finalized its safe harbor requirements for value-based arrangements as more restrictive than CMS’ comparable proposals, as OIG views the criminal, intent-based AKS to serve as a “backstop” protection for arrangements that might be protected by a less restrictive exception to the civil, strict liability Stark Law.10

Helpfully, OIG and CMS adopted the same terminology for the exceptions and safe harbors. As a threshold matter, arrangements are protected only if done under the auspices of a VBE, which is a collaboration among two or more VBE participants to achieve at least one “value-based purpose.” The VBE must have an “accountable body or person” responsible for financial and operational oversight of the VBE, and a “governing document” that describes the VBE and how VBE participants intend to achieve the VBE’s value-based purposes. OIG did not finalize its proposal that “coordinating and managing the care of a target patient population” be a requirement to meet any of the safe harbors. Instead, OIG makes this purpose a requirement of the “no risk” safe harbor but permits other purposes for the remaining safe harbors. OIG further defines “coordinating and managing care” to be “the deliberate organization of patient care activities and sharing of information between two or more VBE participants, one or more VBE participants and the VBE, or VBE participants and patients, that is designed to achieve safer, more effective, or more efficient care to improve the health outcomes of the target patient population.” This final definition is broader than the proposed in an effort to respond to comments.

OIG partially finalized a proposal to prohibit certain entities from being able to rely on the value-based safe harbors. Non-eligible entities are pharmaceutical manufacturers; distributors and wholesalers; pharmacy benefit managers; laboratory companies; compounding pharmacies; most medical device and supply manufacturers, distributors, and wholesalers; and most Durable Medical Equipment, Prosthetics, Orthotics and Supplies (DMEPOS) companies. In recognition of the value that digital technology can have in achieving better care coordination and outcomes and reduced costs, OIG created a limited pathway for certain non-physician-owned medical device or supply manufacturers and entities or individuals that sell or rent DMEPOS (other than a pharmacy or a physician, provider, or other entity that primarily furnishes services) to contribute digital health technology in reliance on the “no risk” care coordination arrangements safe harbor.

The safe harbors vary by the types of remuneration protected (in-kind versus in-kind and monetary) and the types of safeguards included as safe harbor conditions. The safe harbors also follow a tiered structure; the safe harbors offer greater flexibility for value-based care arrangements where the parties assume more downside risk for the cost of care. The most flexible safe harbor is where the VBE is fully at risk for the cost of care for the target patient population. Less flexibility is available for VBEs that are at substantial downside financial risk. However, in response to comments, OIG reduced the risk sharing from at least 40% in the proposed rule to at least 30% of shared losses for all items and services covered by the payor and furnished to a target patient population or at least 20% of shared losses for items and services furnished during an episode of care. Note that each VBE participant needs to be at risk for at least 5% of the losses realized by the VBE or receive a prospective per-patient payment for the costs of care.

The most restrictive, and likely more frequently used, safe harbor, is for VBEs that take on no risk. Chief among the no-risk restrictions is the requirement that the remuneration only be in-kind where monetary or in-kind remuneration is possible for the substantial or full risk safe harbors. Also, OIG finalized the proposal that “no-risk” recipients must contribute at least 15% of the cost or fair market value of the in-kind remuneration received. Parties to the value-based arrangement must create one or more legitimate outcome or process measures that the parties reasonably anticipate will advance the coordination and management of care to the target patient population based on clinical evidence or credible medical or health sciences support. These measures must include at least one benchmark that is related to improving or maintaining improvements in coordination and management of care. The VBE must monitor, assess, and prospectively revise the measures and benchmarks as necessary to ensure they continue to advance the coordination and management of care. The measures must relate to the remuneration exchanged under the value-based arrangement and cannot solely be based on patient satisfaction or convenience.

Common requirements among all the safe harbors include that the remuneration is directly connected to one or more of the value-based purposes. Remuneration cannot induce the reduction or limitation of medically necessary services; take into account the volume or value of, or condition the remuneration on, referrals of patients not part of the target patient population or business not covered by the value-based arrangement; and cannot be funded by non-VBE participants. OIG expects the VBE to monitor the achievement of the value-based purposes and remediate or terminate the VBE within a certain period of time if it is unlikely to achieve the desired outcomes or further coordination and management of care or has resulted in material quality deficiencies.

Apart from the value-based safe harbors, OIG finalized many of its other proposals to modify existing AKS safe harbors, create new AKS safe harbors, and create a new CMPL exception.

New AKS Safe Harbors

Patient Engagement and Support.11 OIG finalized a safe harbor to protect furnishing “patient engagement” tools and supports to patients to improve quality, health outcomes, and efficiency. In the Final Rule, OIG removed the illustrative list of types of patient engagement tools and supports that are covered by the safe harbor, whether health-related technology, patient health-related monitoring, or tools and supports to identify and address social determinants of health. Instead, OIG articulates a policy to be agnostic as to the types of in-kind tools and supports that can be protected if all safe harbor conditions are met. However, not every useful tool or support is covered by the safe harbor. More specifically, there are several restrictions on the tools and supports eligible for safe harbor protection, including: (1) the tool or support must be only an in-kind item, good, or service (not cash or a cash equivalent) and must have a direct connection to the coordination and management of care of the target patient population; (2) the tool or support must be recommended by the patient’s licensed health care professional and must either ensure patient safety or advance (a) adherence to a treatment or drug regimen or a follow up care plan established by the patient’s licensed health care professional, or (b) prevention or management of a disease or condition as directed by the patient’s licensed health care professional; (3) the tool or support does not result in medically unnecessary or inappropriate items or services reimbursed in whole or part by federal health care programs; and (4) the availability of the tool or support cannot be determined in a manner that takes into account the type of insurance coverage of the patient.

Each VBE participant is limited to providing tools and supports up to $500 per patient per year in aggregate retail value, adjusted for inflation. VBE participants and eligible agents cannot exchange or use the tool or support to market other reimbursable items or services or for patient recruitment purposes. Records of any patient engagement tool or support may be requested by the HHS Secretary for six years after the tool or support is provided.

Importantly, this safe harbor is only available for VBE participants to provide tools and supports as part of a value-based arrangement to which the offering VBE participant is a party. This means that entities not eligible to rely on the VBE safe harbors—pharmaceutical manufacturers, distributors, and wholesalers; pharmacy benefit managers; laboratories; compounding pharmacies; physician-owned medical device and supply manufacturers; medical device distributors and wholesalers; and DMEPOS sellers—are also unable to rely on the patient engagement safe harbor, nor can they fund such tools and supports. However, in recognition of commenters’ suggestions that health technology is an important part of patient engagement, OIG created a limited exception for non-physician owned medical device and supply manufacturers to provide “digital health technology.” Notably, this exception does not extend to DMEPOS suppliers, unlike the “no risk” safe harbor. The tool or support must be delivered directly to the patient, or patient’s caregiver, family member, or other individual acting on the patient’s behalf, by a VBE participant or such participant’s “eligible agent.” Eligible agent is defined as anyone not otherwise excluded from the safe harbor.

CMS-Sponsored Models.12 OIG finalized a safe harbor to protect remuneration exchanged between or among CMS-sponsored model participants and to patients as part of an approved CMS model. This safe harbor is intended to reduce the need for HHS to issue individualized fraud and abuse waivers for each model in the future. Depending on the particular CMS-sponsored model’s parameters, the new safe harbor could protect a broad range of incentives, although any incentive prohibited by the applicable CMS-sponsored model would not be protected. CMS has to determine that the safe harbor is available for a particular CMS-sponsored model arrangement or patient incentive.

For remuneration between or among model participations to fit within the safe harbor, the following criteria must be satisfied: (1) the model parties must reasonably determine that the model arrangement will advance one or more goals of the model; (2) the exchange of value does not induce model parties or other providers or suppliers to furnish medically unnecessary items or services, or reduce or limit medically necessary items or services furnished to any patient; (3) the model parties do not offer, pay, solicit, or receive remuneration in return for, or to induce or reward, any federal health care program referrals or other federal health care program business generated outside of the model; (4) the model parties in advance of or contemporaneous with the commencement of the model arrangement set forth the terms of the model arrangement in a signed writing that specifies, at a minimum, the activities to be undertaken by the model parties and the nature of the remuneration to be exchanged under the arrangement; (5) the parties to the arrangement make available to the Secretary, upon request, all materials and records sufficient to establish whether the remuneration was exchanged in a manner that meets the conditions of this safe harbor; and (6) the model parties satisfy such programmatic requirements as may be imposed by CMS in connection with the use of this safe harbor.

For a CMS-sponsored model governed by participation documentation other than the legal instrument setting forth the terms and conditions of a grant or a cooperative agreement, the safe harbor protects the exchange of remuneration between model parties that occurs on or after the first day on which services under the model begin and no later than six months after the final payment determination made by CMS under the model. For a CMS-sponsored model governed by the legal instrument setting forth the terms and conditions of a grant or cooperative agreement, the safe harbor protects exchange of remuneration between model parties that occurs on or after the first day of the period of performance (as defined at 45 C.F.R. § 75.2) or such other date specified in the participation documentation and no later than six months after closeout occurs pursuant to 45 C.F.R. § 75.381.

For remuneration in the form of patient incentives for which CMS has determined that this safe harbor is available, the following criteria must be satisfied: (1) the model participant reasonably determines that the patient incentive will advance one or more goals of the model; (2) the patient incentive has a direct connection to the patient’s health care unless the participation documentation expressly specifies a different standard; (3) the patient incentive is furnished by a model participant (or by an agent of the model participant under the model participant’s direction and control), unless otherwise specified by the participation documentation; (4) the model participant makes available to the Secretary, upon request, all materials and records sufficient to establish whether the patient incentive was distributed in a manner that meets the conditions of this safe harbor; and (5) the patient incentive is furnished consistent with the CMS-sponsored model and satisfies such programmatic requirements as may be imposed by CMS in connection with the use of this safe harbor. The safe harbor protects an incentive given on or after the first day on which patient care services may be furnished under the model as specified by CMS in the participation documentation and no later than the last day on which patient care services may be furnished under the model, unless a different timeframe is established in the participation documentation. A patient may retain any incentives furnished.

Cybersecurity Technology and Services.13 OIG finalized a standalone safe harbor for donations of cybersecurity technology and services, including certain cybersecurity hardware donations, that are necessary and used predominantly to implement, maintain, or reestablish effective cybersecurity. The inclusion of hardware is notable because the Electronic Health Record (EHR) Safe Harbor does not protect hardware donations and many EHR donations to date that have included cybersecurity functionality, but required special hardware (e.g., internet appliances placed at a physician’s office to create a secure tunnel to a data center), were structured to require the recipient to pay 100% of the hardware costs and 15% of the costs for the donated EHR software and services. Now, the new cybersecurity safe harbor provides a protected pathway for donations that include hardware either as a standalone donation or in conjunction with an EHR donation (provided that the donation of EHR software and services meets all of the safe harbor conditions of the EHR Safe Harbor and the hardware donation meets the conditions of the new Cybersecurity Safe Harbor).

Similar to the EHR Safe Harbor, in order for cybersecurity donations to qualify for protection, the donor must not directly take into account the volume or value of referrals or other business generated between the parties when determining the eligibility of a potential recipient for the technology or services, or the amount or nature of the technology or services to be donated. Additionally, the donor must not condition the donation of technology or services, or the amount or nature of the technology or services to be donated, on future referrals. Neither the recipient nor the recipient’s practice (or any affiliated individual or entity) can make the receipt of technology or services, or the amount or nature of the technology or services, a condition of doing business with the donor. Also, the donor cannot shift the costs of the technology or services to any federal health care program. Finally, the parties need a signed writing that generally describes the technology and services being provided and the amount of the recipient’s contribution, if any. Unlike the EHR Safe Harbor, the recipient is not subject to a 15% cost-sharing requirement. Finally, OIG makes clear that patients are eligible recipients of cybersecurity donations under this Safe Harbor.

Modifications to Existing AKS Safe Harbors

Personal Services and Management Contracts Safe Harbor.14 OIG finalized a proposed modification to add greater flexibility by removing the part-time schedule requirement and the aggregate compensation set-in-advance requirement, which resulted in this safe harbor having limited applicability. Now, the safe harbor requires that the methodology for the compensation is set in advance and retains the fair market value and takes into account volume or value requirements. Many arrangements that have historically never been able to fit squarely within the safe harbor (e.g., all hourly fee arrangements) will now be able to.

OIG also created a new outcomes-based payments provision in this safe harbor to protect payments, outside of a value-based enterprise context. As described in the Final Rule, this safe harbor is intended to protect arrangements that reward improving patient or population health by achieving outcome measures that effectively and efficiently coordinate care across care settings, or by achieving outcome measures that appropriately reduce payor costs while improving, or maintaining improvements in, quality of care. As such, this new safe harbor appears to be designed to protect certain “gainsharing” arrangements.

To qualify for protection under the safe harbor, the payment must be triggered by achieving one or more legitimate outcomes measures that were selected based on clinical evidence or credible medical support to improve quality, a material reduction in payor costs or growth in payor expenditures, or both. The parties need to enter into a signed, written agreement in advance of, or contemporaneous with, the commencement of the terms of the outcomes-based payment arrangement. The writing needs to state at a minimum: a general description of the services to be performed by the parties for the term of the agreement; the outcome measure(s) the agent must achieve to receive an outcomes-based payment; the clinical evidence or credible medical support relied upon by the parties to select the outcome measure(s); and the schedule for the parties to regularly monitor and assess the outcome measure(s).

While the safe harbor allows for measures that “maintain improvement,” measures that merely reward the status quo would not meet the safe harbor condition requiring the parties to select legitimate outcome measures. In commentary, OIG clarified that that the safe harbor does not necessarily preclude product standardization arrangements, provided that product standardization measures selected by the parties do not limit a party’s ability to make decisions in the patients’ best interest and meet the other terms of the safe harbor. Further, process measures supported by strong evidence of improving an outcome may serve as a component of outcome measures. For example, an outcomes-based payment arrangement may measure the agent’s compliance with certain steps of a care process—such as providing mammograms—to improve a specific health outcome.

OIG also revised its proposed definition of “outcomes-based payment” to clarify that the payment may be either a reward for successfully achieving an outcome measure or a recoupment or reduction in payment for failure to achieve an outcome measure. The parties must periodically assess and revise benchmarks and remuneration under the arrangement as necessary to ensure that any remuneration is consistent with fair market value and not determined in a manner that takes into account the volume or value of federal health care program referrals or other business generated. The methodology for the compensation needs to be set in advance.

The safe harbor would not protect arrangements that are solely based on reducing internal costs or solely based on patient satisfaction or convenience measures, which are the way that many gainsharing arrangements have historically been structured. OIG expressed concern that such payments, while potentially generating efficiencies, pose risks to patient care that outweigh the potential for the arrangements to further the care coordination and efficiency goals of the Final Rule. As is often the case, a non-safe harbored arrangement would be subject to the normal “facts and circumstances” analysis and the other elements of the safe harbor may provide guidance for how to structure the arrangement.

Safe harbor protection is not limited to a particular list of arrangements or particular types or structures of arrangements or measures. Instead, OIG has taken a broader approach by providing additional protection to a variety of stakeholders, with a stated goal of facilitating innovation in designing compensation arrangements that are value-based. However, the OIG made certain entities ineligible for safe harbor protection for making direct or indirect outcomes-based payments—pharmaceutical and medical device manufacturers, distributors, and wholesalers; pharmacy benefit managers; compounding pharmacies; laboratory companies; and DMEPOS companies.

Local Transportation.15 OIG finalized its proposal to expand and modify mileage limits applicable to patient transportation in rural areas (expanded from 50 to 75 miles) and patient transportation from inpatient facilities post-discharge (removed all mileage limits). Notably, OIG did not extend safe harbor protection to transportation of patients to any location of their choice or for nonmedical purposes.

Electronic Health Records Items and Services Safe Harbor.16 Like CMS, OIG finalized many proposed changes to this safe harbor. For example, OIG finalized provisions permitting certain donations of replacement technology and removed the sunset provision, thus making the safe harbor permanent. In addition, OIG modified the timing of the 15% recipient contribution requirement. While still requiring the cost-sharing before receiving an initial donation or replacement donation, recipients are not required to pay their share towards updates to previously donated EHR items and services in advance of receiving the update. Also of note, OIG chose not to finalize its proposal to modify the provision addressing the concept of information blocking, and, consistent with CMS’ approach, instead removed that provision from the safe harbor entirely.

Warranties.17 OIG finalized its proposal to expand the warranty safe harbor to protect warranties covering a bundle of one or more items and related services. Specifically, the warranty safe harbor protects the remedies offered and given if the bundled items and services fail to perform as warranted. The bundled items and services must be reimbursed by the same federal health care program and the same federal health care program payment. The manufacturer or supplier cannot condition the warranty on a buyer’s exclusive use of or a minimum purchase of any of the manufacturer’s or supplier’s items or services.

Although most manufacturers and suppliers are not eligible for protection of value-based arrangements under the value-based safe harbors described above, the revised warranty safe harbor provides an avenue for manufacturers and suppliers to offer value-based arrangements through structuring warranties to guaranty product performance in conjunction with services intended to enhance clinical effectiveness.

Accountable Care Organization (ACO) Beneficiary Incentive Programs.18 OIG codified the Bipartisan Budget Act of 2018 statutory exception for ACO Beneficiary Incentive programs for the Medicare Shared Savings Program.

New CMPL Exception

Telehealth for In-Home Dialysis.19 OIG finalized its proposal to interpret and incorporate the Bipartisan Budget Act of 2018 statutory exception for furnishing telehealth technologies to certain in-home dialysis patients by a provider of services, a physician, or a renal dialysis facility that is currently providing in-home dialysis, telehealth services, or other end-stage renal disease care to the patient, or has been selected or contacted by the patient to schedule an appointment or provide services. The telehealth technology cannot be offered as part of an advertisement or solicitation and must be for the purpose of furnishing telehealth services related to the patient’s end-stage renal disease.

Conclusion

In all, OIG’s Final Rule includes further reductions in regulatory burden, including either eliminating or reducing the proposed requirements of the value-based safe harbors. That said, the value-based safe harbors remain complex and will require VBE participants to carefully structure their arrangements and monitor achieving the purported purposes and outcomes measures articulated for the arrangement. Notably, the differences between the Stark and AKS value-based care rules means that organizations will likely continue to find themselves in a compliance “grey zone” where an arrangement satisfies a Stark Law exception—because it must—but is unable to meet an AKS safe harbor because the safe harbor is too restrictive. This is not an unusual position to be in since this dynamic reflects the mandatory, strict liability nature of the Stark Law versus the voluntary, intent-based nature of the AKS safe harbors. The difference is that CMS and OIG are attempting to set forth the regulatory structure for arrangements that have not been developed yet by the health care community. It is not clear whether the community will want to invest the time and resources in developing these arrangements—which will likely include exchanging money between referral sources—where there is not safe harbor protection and where OIG has not yet articulated how it will analyze the facts and circumstances of a non-safe harbored arrangement. Entities may consider submitting an advisory opinion request to OIG to gain insight into what that analysis will look like.

Endnotes

1 85 Fed. Reg. 77492 (Dec. 2, 2020) (CMS Final Rule); 85 Fed. Reg. 77684 (Dec. 2, 2020) (OIG Final Rule).

2 42 U.S.C. § 1395nn; 42 C.F.R. § 411.350 et seq.

3 42 U.S.C. § 1320a-7b(b); 42 C.F.R. § 1001.952.

4 42 U.S.C. § 1320a-7a(a)(5); 42 C.F.R. § 1003.110 et seq.

5 See 84 Fed. Reg. 55694 (Oct. 17, 2019) (OIG Proposed Rule); 84 Fed. Reg. 55766 (Oct. 17, 2019) (CMS Proposed Rule).

6 See id.

7 42 C.F.R. § 1001.952(hh).

8 42 C.F.R. § 1001.952(ff).

9 42 C.F.R. § 1001.952(ee).

10 See 85 Fed. Reg. 77684, 77689.

11 42 C.F.R. § 1001.952(hh).

12 42 C.F.R. § 1001.952(ii).

13 42 C.F.R. § 1001.952(jj).

14 42 C.F.R. § 1001.952(d).

15 42 C.F.R. § 1001.952(bb).

16 42 C.F.R. § 1001.952(y).

17 42 C.F.R. § 1001.952(g).

18 42 C.F.R. § 1001.952(kk).

19 42 C.F.R. § 1003.110.


Tony Maida is a Partner at McDermott Will & Emery LLP and counsels health care and life sciences clients on government investigations, regulatory compliance, and compliance program development. Having served for almost a decade with the Office of Counsel to the Inspector General at the United States Department of Health and Human Services, Tony has extensive experience in health care fraud and abuse and compliance issues, including the federal and state Anti-Kickback and Stark Laws and Medicare and Medicaid coverage and payment rules.

James A. Cannatti III is a Partner at McDermott Will & Emery LLP and practices at the intersection of today’s most pertinent health care issues, including digital health, health IT policy, information blocking, and fraud and abuse, including Anti-Kickback Statute/Stark Law matters. With more than ten years of experience in the U.S. Department of Health & Human Services’ Office of Inspector General, most recently as Senior Counselor for Health Information Technology, James is well-attuned to the regulatory issues impacting the rapidly evolving digital health landscape. James also has experience counseling clients on fraud and abuse matters, assisting physicians, hospitals, and others navigate and assess health care business transactions with an eye towards compliance with the Anti-Kickback Statute and the Stark Law.

Drew Elizabeth McCormick is a Partner at McDermott Will & Emery and maintains a general health industry and regulatory practice. Drew advises health care clients on a wide variety of health care regulatory issues, including Medicare and Medicaid regulations, the federal Anti-Kickback Statute, Ethics in Patient Referral Law, False Claims Act, as well as state fraud and abuse laws, research regulation, and health care compliance matters. Drew also has experience counseling clients who are undergoing government audits and investigations.