December 07, 2020

CMS and OIG Update Self-Referral and Anti-Kickback Statutes

On Nov. 20, 2020, the Centers for Medicare and Medicaid (CMS) released the long-anticipated final rule regarding the physician self-referral regulations, often referred to as the Stark Law, entitled “Modernizing and Clarifying the Physician Self-Referral Regulations.” The Office of Inspector General (OIG) released a companion final rule focused on changes to the Anti-Kickback Statute (AKS) regulations. The Stark final rule updates regulations to account for significant changes in the delivery and financing of healthcare. The Stark Law prohibits a physician from making a referral to an entity for the furnishing of designated health services (DHS) if there is a financial relationship between the referring physician and the entity, and billing Medicare or Medicaid for those services, unless the parties meet an exception. The changes in these final rules generally are effective Jan. 19, 2021. Those changes to the group practice productivity bonuses/profit sharing requirements will be effective on Jan. 1, 2022.

The American College of Radiology® (ACR®) commented in December 2019 on CMS’ Stark proposed rule. Since Congress enacted Stark I in 1989 and extended it to address radiology and radiation therapy in 1993, the ACR has vigorously championed its enforcement to preclude arrangements that compromise federal programs and especially patients. In its proposed rule comments, the ACR cautiously welcomed the Agency’s efforts to modernize the 20-year-old regulations and reflect the clear shift to value-based healthcare. Yet, the ACR also urged CMS to maintain needed guardrails around any revisions to preserve program integrity and patient care. This Final Rule generally appears to accomplish both objectives. The ACR continues to analyze this extensive rulemaking but offers this initial overview.

Within the Stark Law final rule, CMS finalized definitions of several essential terms including:

  • Value-based activity;
  • Value-based arrangement (VBA);
  • Value-based enterprise (VBE);
  • Value-based purpose;
  • VBE participant; and
  • Target patient population.

CMS finalized the definition of VBE without modifications. CMS adopted its proposal that a Value-Based Enterprise is created when VBE participants collaborate to achieve at least one value-based purpose. However, CMS clarified that a VBE may be a distinct legal entity, such as an ACO, or an informal affiliation, and may consist of only the two parties to a VBA. CMS noted that definition of VBE “is focused on the functions of the enterprise, as it is not our intention to dictate or limit the appropriate legal structures for qualifying as a value-based enterprise.” Importantly, CMS decided to not finalize the proposed exclusion from the value-based activity definition of a “referral” that the law generally prohibits. Therefore, CMS will allow physicians who participate in care planning activities that meet the criteria of a “referral” to qualify as a value-based activity. However, CMS also revised the definition of “referral” to support its historical policy that physician “referrals” do not represent items or services for which Medicare or Medicaid will pay.” No current exceptions or new exceptions under this final rule will protect payments that, e.g., a hospital would make to a physician to receive the benefit of the physician’s referrals. Those payments would undermine Congress’ purpose for enacting the Law. CMS finalized an updated definition of VBA AKS by substituting “to which the only parties are” for “between or among” to make clear that all parties to the value-based arrangement must be VBE participants in the same value-based enterprise.

CMS finalized three new exceptions for certain value-based compensation arrangements between or among physicians, providers and suppliers:

  • The full financial risk exception;
  • The meaningful downside financial risk exception; and
  • The value-based arrangements exception.

CMS stated that the new exceptions will apply to arrangements involving Medicare beneficiaries, patients outside of Medicare and mixed patient populations. The full financial risk exception applies to value-based arrangements between VBE participants where the VBE accepts full financial risk for the cost of all patient care items and services covered in their target patient population for a specified period of time. CMS does not advise a specific manner for the assumption of full financial risk but does state the financial risk must be prospective. CMS also requires the VBE be at full financial risk for the entire duration of the value-based arrangement, starting within 12 months of the arrangement’s commencement. The meaningful downside risk exception is where physicians are at risk for at least 10% of the total value of the remuneration the physician receives under the value-based arrangement. CMS had originally proposed this to be set at 25%. The final exception, the value-based arrangement exception, does not require physicians or other entities to accept any financial risk. Yet, it requires physicians and other parties to maintain significant documentation regarding the details of the arrangement and annually monitor whether the VBE has furnished the value-based activities required under the arrangement.

In addition, CMS refined existing exceptions for the donation of electronic health records and cybersecurity technology and removed the period of disallowance regulations. CMS originally developed this exception, which was aimed to help address the growing threat of cyberattacks that penetrate data systems and corrupt or prevent access to health records and other information essential for the effective delivery of healthcare services. The ACR will analyze the critical EHR and cybersecurity exceptions further in an upcoming summary.

CMS and OIG worked to align the Stark Law regulations and AKS regulations in their respective final rules. The AKS prohibits offering, paying, soliciting or receiving remuneration to induce or reward referrals or generate business that is reimbursable by a federal healthcare program. The final rule modifies existing safe harbors to the AKS and adds new safe harbors and a new civil monetary penalty exception to remove barriers to more effective coordination and management of patient care and delivery of value-based care. The new safe harbors include protections for coordinated care and associated VBAs between clinicians, providers, suppliers and others; donations of cybersecurity technology; and beneficiary incentives for certain telehealth technologies for in-home dialysis patients. The OIG also finalized its proposed requirement that “the value-based arrangement is commercially reasonable.”

The OIG noted that it received several comments expressing concern that value-based arrangements “could be abused or used as a means to pay less for radiology and imaging services.” The ACR expressed this concern in comments on last year’s OIG proposed rule. However, OIG stated they believes the safeguards are in place in the finalized provisions to avoid these consequences. For instance, OIG will mandate that any recipient of coordinated care (to enhance quality and health outcomes) to contribute at least 15% of an offeror’s costs for the remuneration. The OIG specifically noted that it would not protect in this safe harbor exception any payments for radiology or imaging services. The ACR will provide a detailed summary of the extensive OIG final regulation in a future article.

The ACR will continue to analyze both final rules and will provide further guidance in the coming weeks. For additional questions, please contact Christina Berry at