CMS Issues Sweeping Reform to Modernize the Stark Law: Part I
Client Alert | 15 min read | 11.30.20
While the healthcare industry is evolving from fee-for-service to quality-based payment, the Stark Law (42 U.S.C. § 1395) and the Anti-Kickback Statute (42 U.S.C. § 1320a–7b) have remained stuck in the past. These two fraud and abuse laws have impeded the continued development and utilization of value-based arrangements that reward high quality health care and improved health outcomes. The Stark Law, for example, was created to combat the exchange of financial incentives in return for referring patients for designated health services (DHS) – an exchange that can incentivize the provision of unnecessary care under a fee-for-service payment system. However, with the healthcare industry’s recent shift toward value-based payments, overutilization is no longer the problem it used to be. The Stark Law and Anti-Kickback Statute are misaligned with the current health care industry payment landscape and as result have impeded forward progress toward value-based care.
On November 20, 2020, consistent with this Administration’s “Sprint to Coordinated Care,” the Centers for Medicare & Medicaid Services (CMS) and the HHS Office of the Inspector General (OIG) issued final regulations significantly overhauling the Stark Law and the Anti-Kickback Statute, and also issued one change to the Civil Monetary Penalty Law (CMPL) regulations, that broadly impact all parts of the health care industry. Generally effective January 19, 2021, these regulatory revisions recognize that the rules governing the health care payment landscape must change to allow providers and suppliers to more closely coordinate to achieve CMS’s triple aim goal of high-quality care, improved health outcomes, and lower per capita costs.
This alert focuses on CMS’s reform of the Stark Law regulations; Crowell & Moring will issue a companion alert in the next few days focusing on the OIG’s Anti-Kickback Statute and CMPL regulations. Also, in the coming weeks, we will provide a further in-depth analysis that focuses on the impact of these final regulations on specific portions of the health care industry: health systems, physicians, drug and device manufacturers, technology companies and other health care providers and suppliers. These deeper dive analyses will discuss specific implications for each type of entity, including new regulatory risks and potential new opportunities to engage in value-based arrangements.
Overview of Stark Law Regulatory Changes
The Stark Law changes in the Final Rule fall within three overarching categories: The “Big Three” Definitions; Three New Value-Based Care Exceptions; and “Other Important Stark Law Changes.”
Fundamentally, CMS finalized necessary and clarifying changes to three foundational definitions that are critical to the interpretation and operation of nearly all historical exceptions to the Stark Law’s broad prohibition on physician referrals to DHS entities with which a physician has a financial relationship: “commercial reasonableness,” “volume and value of referrals,” and “fair market value.” This was a step in the right direction at least in terms of clarity as the revisions generally provide a more objective standard for three important definitions that have been muddied in the face of confusing court decisions and Department of Justice (DOJ) litigation positions that often seemed at odds with CMS guidance.
If CMS had stopped at the revised definitions and made no additional reforms, the reform would have been far reaching – but incomplete. Fortunately, CMS created three new, monumental value-based care exceptions and a number of new supporting regulatory definitions to protect value-based arrangements. While fraud and abuse waivers created since passage of the Affordable Care Act protect value-based arrangements in the Medicare Shared Savings Program (MSSP) and other Center for Medicare & Medicaid Innovation (CMMI) models, value-based arrangements outside of those models have not been afforded the same protections. These three new value-based care exceptions expand to arrangements that would not have previously fallen within the scope of existing waivers.
In addition, CMS made important reforms to other definitions and exceptions under the Stark Law. For instance, CMS refined existing exceptions for the donation of electronic health records and cybersecurity technology while removing the period of disallowance regulations.
Revisions to “The Big Three” Definitions: Commercial Reasonableness, Volume and Value of Referrals, and Fair Market Value
Many Stark Law compensation exceptions – though not the three new value-based care exceptions – require providers to enter into arrangements that are commercially reasonable, do not take into account the volume or value of their referrals or other business between the parties, and are paid at fair market value. The lack of clarity regarding what these three terms mean has led to extraordinary compliance costs for health care providers and has exposed many of them to significant False Claims Act (31 U.S.C. § 3729) risk. For many years, the healthcare industry has been asking CMS to clarify these terms to create a bright line between compliant and non-compliant behavior. While CMS provided some clarity over time, many terms continued to be ambiguous.
Commercial Reasonableness
In the Final Rule, CMS defines commercial reasonableness to mean “that the particular arrangement furthers a legitimate business purpose of the parties to the arrangement and is sensible, considering the characteristics of the parties, including their size, type, scope, and specialty. An arrangement may be commercially reasonable even if it does not result in profit for one or more parties.” The second sentence in the definition was in response to many arguing that an individual physician may not earn a profit for their organization, but it is still commercially reasonable to pay them a certain salary because they serve a specific need in the community that is not met by other physicians. In other words, the industry view has been that not all physicians in a health system must earn a profit for their employer for the physician’s compensation to be commercially reasonable. CMS adopted this position in the Final Rule.
Volume and Value of Referrals
In the Final Rule, CMS sets forth an objective test to determine whether a physician’s compensation “takes into account the volume or value of referrals or other business generated” between the parties. Specifically, CMS sets forth a new definition of that phrase that explains that if the formula used to calculate a physician’s compensation contains as a variable either the physician’s referrals to the entity or other business generated for the entity, and that variable is positively or negatively correlated with the amount of the physician’s compensation, then that compensation “takes into account” the volume or value of referrals. In other words, if a variable in a physician’s compensation formula represents referrals or other business generated for the entity, and the physician’s compensation increases or decreases as the referrals or other business generation increases or decreases, that compensation arrangement would not fit within a Stark Law exception that contains this prohibitory “volume or value” language. This new definition appears to create a more objective test that can be used to achieve compliance.
Fair Market Value
Finally, CMS revised the definition of “fair market value.” Consistent with the statutory text, CMS stated that generally, “fair market value” means “the value in an arm’s-length transaction, consistent with the general market value of the subject transaction” (emphasis added). CMS then newly defined the phrase “general market value” separately for assets, compensation, and the rental of equipment or office space. We will provide further analysis on the impact of this revision in later alerts.
The Three New Value Based Care Exceptions
CMS finalized three new value-based care exceptions: (1) the full financial risk exception; (2) the meaningful downside financial risk exception; and (3) the value-based arrangements exception. In crafting these new value-based exceptions, CMS used many concepts that have been tried and tested in the existing CMMI fraud and abuse waivers. Under both the previously approved CMMI waivers and under the new value-based exceptions, CMS foregoes many of its historic fraud and abuse requirements, such as fair market value payment or the prohibition on payment based on the volume or value of referrals, if a provider or physician is willing to accept significant financial risk or is willing to be objectively measured on their achievement of quality goals.
In addition, CMS finalized a number of new interrelated definitions that are key to protecting value-based arrangements. In order to be protected by the three new value-based exceptions, physicians and DHS entities need to be participants in a value-based enterprise (VBE). A VBE is formed when VBE participants collaborate to achieve at least one of the following value-based purposes:
- Coordinating and managing the care of a target patient population;
- Improving the quality of care for a target population;
- Appropriately reducing the costs to growth in expenditures of payors without reducing the quality of care for a target patient population, or
- Transitioning from health care delivery and payment mechanisms based on the volume of items and services provided to mechanisms based on the quality of care and control of costs of care for a target patient population.
VBE participants engaged in a value-based activity focused on achieving one or more value-based purposes will be able to seek protection under one of the three the value-based exceptions.
(1) Full Financial Risk Exception
The first exception applies to value-based arrangements between VBE participants where the VBE accepts full financial risk for the cost of all patient care items and services covered in their target patient population for a specified period of time. For Medicare beneficiaries, this means that the VBE, at a minimum, would be responsible for all items and services covered under Parts A and B. In this rule, CMS does not prescribe a specific manner for the assumption of full financial risk, although CMS explains that the financial risk must be prospective. There are a few additional safeguards that must be in place for protection under this exception. For example, the VBE must be at full financial risk during the entire duration of the value-based arrangement – and the remuneration under the value-based arrangement must be for, or result from, value-based activities undertaken by the recipient of the remuneration for patients in the target patient population. The idea behind this exception is that full financial risk is a defining feature of a mature value-based payment system – and when a VBE is at full financial risk for the cost of all patient care services, the incentives to order unnecessary services or steer patients to higher-cost sites of service are diminished.
(2) The Meaningful Downside Financial Risk Exception
The second exception protects value-based arrangements where physicians are at risk for at least 10% of the total value of the remuneration the physician receives under the value-based arrangement. CMS originally proposed a 25% risk requirement, so the shift to 10% risk is a welcome change. While the exception does not limit the type of remuneration that may be provided, CMS included additional safeguards not found in the first full financial risk exception. For example, to use this exception, the nature and extent of the physician’s financial risk must be set in writing in order to allow the parties to monitor their value-based arrangements and ensure that they are operating as intended. In addition, the methodology used to determine the amount of the remuneration must be set in advance of the furnishing of the items or services for which the remuneration is provided. Further, as with the full financial risk exception, the remuneration must be for, or result from, value-based activities undertaken by the recipient of the remuneration for patients in the target patient population, among other requirements. Because VBEs and physicians will need to accept financial risk, it is possible that the first two exceptions will not see as much use in the short-term, but it may spur more providers to accept financial risk in the years ahead.
(3) Value-Based Arrangements Exception
The final exception applies to value-based arrangements, regardless of the level of risk undertaken by the VBE or VBE participants. In other words, this exception does not require physicians or other entities to accept any financial risk. Yet, the exception does require significant documentation regarding the details of the arrangement as well as annually monitoring whether the VBE has furnished the value-based activities required under the arrangement, whether and how continuation of the value-based activities is expected to further the value-based purpose(s) of the VBE, and the progress toward attainment of the outcome measures. If the monitoring indicates that a value-based activity is not meeting its purpose, the parties must terminate the ineffective value-based arrangement. Because of the hurdle of complying with the numerous and detailed requirements of this exception, providers and physicians will need to evaluate the risks and rewards of investing in its use.
A few final notes related to these important exceptions. CMS made clear that both direct and indirect value-based arrangements will be protected by these exceptions. While they made this clarification, they also provided clarity on a long-standing industry debate as to which other exceptions, beyond the indirect compensation exception, are available to protect indirect financial relationships. CMS also noted that while it proposed including price transparency as a new program integrity requirement for the Stark Law, it was not finalizing that proposal at this time.
Other Important Stark Law Changes
CMS made a number of other important Stark Law changes in this Final Rule. Here are some of the key changes:
- Group Practice Definition: CMS revised the group practice definition. Importantly, the new definition allows for physician groups who are engaged in value-based arrangements to distribute value-based payments to only those physicians who participated in the arrangements, rather than having an even bonus payment distribution to all physicians in the practice.
- EHR Donation Exception Changes: CMS provided limited though significant updates to the EHR exception including removal of the December 31, 2021 sunset date, making it permanent; clarified that the protection for certain cybersecurity technology is included as part of an electronic health records arrangement; and updated provisions regarding interoperability to align with newer CMS and the Office of the National Coordinator for Health Information Technology (ONC) certification program standards. The EHR exception continues to be available to physicians and entities other than laboratories and continues to require a 15% contribution by recipients.
- New Cybersecurity Donation Exception: The new exception for the donation of cybersecurity technology applies to cybersecurity software and other types of information technology and services used to prevent, detect, and respond to cyberattacks. CMS explained that this exception was aimed to help address the growing threat of cyberattacks that infiltrate data systems and corrupt or prevent access to health records and other information essential to the safe and effective delivery of health care. Unlike the EHR Donation Exception, the Cybersecurity exception does not include a 15% contribution by recipients.
- Decoupling Stark Law and the Anti-Kickback Statute: Many Stark Law exceptions have historically had an additional requirement that an arrangement needed to comply with the Anti-Kickback statute. CMS made a universal change to de-couple compliance with the Stark Law and Anti-Kickback statute.
- Change to “Designated Health Service” Definition: CMS made an important clarification that for services furnished to inpatients of hospitals, where furnishing the service does not increase the amount of payment under the applicable prospective payment system, that service is excluded from the definition of “designated health services.” The importance of this change is that minor services that a physician may provide to an admitted hospital patient that will have no impact on Medicare payment will not trigger application of the Stark Law. This will remove from the reach of the Stark Law a number of innocuous arrangements that have no impact on the Medicare trust fund and cause no risk of program or patient abuse.
- Isolated Financial Transaction: CMS clarified the isolated transaction exception and finalized a new definition of isolated financial transaction. CMS made clear that the exception applies to one payment and one transaction, rather than one payment covering many transactions. Therefore, if an entity otherwise does not meet an applicable exception, they cannot correct the mistake by making a one-time payment, and deem it an isolated transaction. This will likely cause compliance risks for entities that have historically relied upon this exception to cure Stark Law issues. Finally, CMS clarified that the settlement of a bona fide dispute between parties will qualify for this exception.
- Removal of Period of Disallowance Regulations: CMS is removing its period of disallowance regulations found at 42 CFR 411.353(c)(1). They found that while originally intended to create bright-line rules for the outer limits of non-compliance, they were too prescriptive. CMS clarified that the end of a non-compliant arrangement is determined based on the facts and circumstances of the particular financial relationship.
- Writing and Signature Requirements: CMS relaxed the writing and signature requirements such that parties can now satisfy these requirements if signatures are obtained or writings are established within 90 days from the beginning of the arrangement. CMS relaxed the set in advance requirement as well.
- Limited Remuneration to Physicians: CMS finalized a proposed new exception that allows for aggregate payment to physicians for items and services up to $5,000 per year. The benefit of this exception is that it does not have a writing or set in advanced requirement. Yet, unlike the non-monetary compensation exception, there is a still a fair market value, volume and value, and commercial reasonableness test. Therefore, the payment to the physician needs to be in exchange for actual items or services furnished, including professional services or rental of office space. The new exception should be very helpful to ensure compliance in those situations where the parties failed to set forth small financial arrangements in writing.
Important Take-Aways
- These changes will provide additional protection for those providers, suppliers, physicians, and other entities that wish to enter into value-based arrangements. Fortunately, the existing fraud and abuse waivers for various CMMI programs will remain. CMS states that their new value-based exceptions can protect all arrangements whether in existing or new programs. Therefore, we should not expect new fraud and abuse waivers for any new CMMI programs, because from CMS’s view, the exceptions make fraud and abuse waivers duplicative and unnecessary. Importantly, though, while the new exceptions may offer protection in existing and future programs, they are different from, and often harder to comply with, the existing fraud and abuse waivers.
- While CMS was contemplating excluding certain entities from protection under the value-based exceptions, they ultimately rejected that limitation. That is welcome news. Yet, as we will explain in greater detail in the coming days, the OIG did in fact exclude certain entities from protection under its value-based safe harbors, including laboratories and generally DMEPOS suppliers. This disparity between the OIG and CMS value-based exceptions and safe-harbors may limit the effectiveness and impact of both regulations.
- In order to comply with the new value-based arrangement exceptions, documentation is key. Some of the new exceptions further require maintaining an audit trail and retaining documents during a requisite time period. Although CMS does not dictate the terms of agreements needed between the parties for purposes of regulatory compliance, physicians and other entities need to ensure that any value-based agreement addresses every required regulatory requirement. If not, those entities will not enjoy protection from the broad Stark Law referral prohibition.
- CMS’s changes to the EHR Donation Exception clarify that for an EHR donation to be protected under the exception, the electronic health record software must be interoperable. An EHR is interoperable if it is able to securely exchange data with and use data from other health information technology and allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law. It will be “deemed” interoperable if it is certified at the time of donation.
- As noted above, there are a number of changes to the volume and value standard as well as changes to the special rules on compensation, like the unit-based compensation rules. Because of the complexity of these changes, physicians and other entities who rely on unit-based compensation models may want to review their contracts to ensure that they still comply under the new standards.
- The Stark Law has been the underlying predicate for significant False Claims Act liability for healthcare providers. While these regulatory changes have created more bright-line rules for some regulatory standards, CMS was not able to eliminate ambiguity. In these ambiguous areas, such as the definition of “fair market value,” False Claims Act relators may still lurk. CMS may feel hamstrung by the statutory language of the Stark Law in trying to create clearer regulations. Therefore, Congress may ultimately need to step in with small but important legislative changes to create or further refine bright line tests.
- There are many changes to the Stark Law that have all happened at once. While many of these changes are welcome and necessary, the Stark Law has always been a proving ground for the law of unintended consequences. As these changes are studied in greater depth over the next few weeks and months, there will be opportunities to create new financial arrangements previously prohibited. But there also may be regulatory changes that work at cross-purposes or new changes that create pitfalls and new compliance risks that CMS and the healthcare industry have not yet discovered.
Crowell & Moring continues to analyze this Stark Law Final Rule to ascertain compliance and risk management concerns as well as the impact to industry and new opportunities for arranging for health care delivery. As stated above, we will also issue a companion alert on the Anti-Kickback Statute and CMPL regulatory revisions as well as detailed entity-specific analyses. If you have any questions about how these regulatory changes impact your business, please do not hesitate to reach out to any of the attorneys listed below.
Insights
Client Alert | 3 min read | 12.24.24
Only Drugs Allowed: Federal Circuit Affirms Order To Delist Device Patents From the Orange Book
On December 20, 2024, the Federal Circuit affirmed a district court’s holding that five device patents had been improperly listed in the Orange Book by Teva Pharmaceuticals, Inc. as claiming a drug, and ordering that they be delisted.
Client Alert | 4 min read | 12.23.24
Client Alert | 8 min read | 12.20.24
Client Alert | 4 min read | 12.19.24