CMS and OIG Propose Significant Changes to the Stark Law and Anti-Kickback Statute to Remove Barriers as Healthcare Moves to a Value-Based System

Posted by

adrienneBy Adrienne Dresevic, Esq. and Arturo Trafny, Esq. of The Health Law Partners, P.C.

On October 9, 2019 the Centers for Medicare & Medicaid Services (CMS), issued a Proposed Rule to Update the Physician Self-Referral (Stark) Law. On the same day, the Office of Inspector General for the Department of Health and Human Services (OIG), issued a Proposed Rule to Update the Anti-Kickback Statute and Civil Monetary Penalty Rules to update the Anti-Kickback Statute (AKS) and the Civil Monetary Penalty law (CMP) regarding beneficiary inducements. These proposed rules by CMS and the OIG were issued with the intent to modify the existing regulations to remove potential barriers to the delivery of value-based care, to modernize regulations to fit with current healthcare standards, and to aid the continued shift of the healthcare industry from a fee-for-service (FFS) system to a value-based system that rewards the provider for the value of care delivered rather than the volume of care.

These proposed rules contain a number of similarities. For instance, both the Stark Law and AKS proposals establish protections for certain compensation for various value-based arrangements. Further, both rules propose to modify Electronic Health Record (EHR) protections by extending protection under the applicable exception/safe harbor for certain cybersecurity technology and services provided to protect EHR.

This article provides an overview of some of the important aspects of the proposed rules.  To view the proposed rules in their entirety, please follow the links above.

Updates to the Stark Law

As noted by CMS, the Stark Law was originally enacted when payments in the healthcare industry were based on the volume-based FFS system. However, given the recent evolution in healthcare to account for quality, modifications to the Stark Law are necessary to protect certain arrangements that would otherwise violate the Stark Law. Significantly, CMS has proposed several new exceptions to protect value-based arrangements between or among physicians, providers, and suppliers. These new exceptions are discussed below.

New Value-Based Enterprise Exceptions

CMS’ proposed rule includes three new exceptions available to value-based entities (VBEs). These proposed exceptions seek to increase adoption of value-based models in the healthcare industry and further remove regulatory barriers to innovation in the delivery of better and more efficient coordinated care. The exceptions would only apply to arrangements that qualify as value-based arrangements. Value-based arrangements under these exceptions would permit VBEs to provide remuneration in certain circumstances. CMS has proposed the following three new exceptions:

  • Full financial risk
  • Value-based arrangements with meaningful downside financial risk to the physician
  • Value-based arrangements

First, CMS proposes an exception to apply to a value-based arrangement where a VBE has assumed full financial risk from a payor for the patient care items and services for a target patient population. In regard to Medicare beneficiaries, this means that the VBE is, at minimum, responsible for all items and services covered under Parts A and B. This exception would protect any type of remuneration paid under a value-based arrangement as long as it results from a value-based activity. The benefit to taking on full financial risk is that this exception provides for maximum flexibility for the VBE. The scope of this exception is intended to extend coverage of the exception to cover all downstream entities of the VBE.

Second, CMS proposes an exception for value-based arrangements with meaningful downside financial risk to the physician. While CMS is not proposing to limit the type of remuneration that may be provided under this exception, the remuneration must be tied to the physician’s achievement of the value-based purposes of the VBE. Further, the exception requires that the physician is responsible to either pay no less than 25% of the value of the remuneration or is responsible for the cost of all patient care items and services covered by the payor. As this exception requires the physician to take on financial risk, it offers flexibility as well, albeit not as much flexibility as offered to the VBE that takes on full financial risk.

Third, CMS proposes an exception to value-based arrangements. The exception would permit both monetary and nonmonetary remuneration between parties to the arrangement. However, note that CMS is considering and seeks comments on whether to limit remuneration under this exception to nonmonetary remuneration. Lastly, the exception would not require either party to such a value-based arrangement to take on downside risk. As such, it offers the least amount of flexibility.

Limited Remuneration to Physicians

CMS has also proposed a new exception for limited remuneration to a physician. This exception would permit an entity to provide remuneration directly to a physician for items or services actually provided by the physician. CMS expects this exception to be sufficient to cover arrangements physicians enter into with entities to provide items and services on an infrequent or short-term basis. Note that the exception caps the aggregate amount of remuneration at $3,500/calendar year (adjusted annually).

Modifications to Group Practice Payments

CMS’ proposed rule also modifies the definition of Group Practice in order to permit physicians in a group practice to be paid a share of overall profits related to the physician’s participation in a VBE. Currently, the Stark Law prohibits profit shares or productivity bonuses to be paid to a physician that consider the volume or value of referrals by the physician to the group practice. CMS’ proposed rule would permit group practices to provide a share of the overall group practice’s profits from designated health services that are directly attributable to the physician’s participation in a VBE.

 Cybersecurity and EHR Services

To bolster cybersecurity in healthcare, CMS proposes to permit nonmonetary remuneration (consisting of cybersecurity technology and related services) to be paid if certain conditions are met. CMS is proposing to amend the EHR exception to include protection for software that protects EHR (e.g., cybersecurity software) and services expressly related to cybersecurity.

Further, CMS is proposing to establish a new exception to Stark for the donation of certain cybersecurity technology and related services. This exception would provide broader protection to the provision of cybersecurity software and services than the EHR exception. The belief is that wider availability of cybersecurity software and services would establish a healthier, safer healthcare industry. As CMS noted, donors of cybersecurity software and services are most likely willing to make such donations to protect themselves from cyberattack. Therefore, the donor and the recipient would both benefit from an exception for the provision of cybersecurity software and services.

Updates to the AKS

Similar to CMS, the OIG cited three guiding posts it relied on to develop its proposed rule to modify the AKS, they are: (1) to design safe harbors that allow for beneficial innovations in healthcare delivery; (2) to avoid promulgating safe harbors and exceptions that limit such innovation and may not reflect up-to-date understandings in medicine, science, and technology; and (3) to design proposed safe harbors useful for individuals and entities to engage in the coordination and management of patient care. Further, the OIG believes the proposed rule will remove barriers that potentially prevent beneficial arrangements that would advance the healthcare industry’s transition to a value-based care system. The proposed rule includes seven new safe harbors and amendments to previous safe harbors. Some key aspects of the proposals are set forth below.

New Safe Harbors for Value-Based Enterprises

Just like CMS, the OIG proposed new safe harbors for value-based enterprises. Similar to the Stark exceptions, these safe harbors offer varied levels of flexibility based upon the amount of financial risk the VBE assumes. The proposed safe harbors are as follows:

  • Care Coordination Arrangements to Improve Quality, Health Outcomes, and Efficiency (the “Care Coordination Safe Harbor”)
  • Value-Based Arrangements with Substantial Downside Risk
  • Value-Based Arrangements with Full Financial Risk

First, the Care Coordination Safe Harbor would protect only in-kind remuneration between VBE participants that clearly meet the safe harbor requirements. This safe harbor would not require the parties to the value-based arrangement to assume any downside risk. The safe harbor would also provide flexibility to the range of arrangements that would fall within the safe harbor.

Second, the proposed safe harbor for value-based arrangements with substantial downside financial risk would protect both monetary and in-kind remuneration between VBEs. For example, this safe harbor would permit the sharing of savings/losses earned or owed by a VBE with the payor it has contracted with. Further, this safe harbor would offer greater flexibility than the Care Coordination safe harbor while requiring the VBE to assume substantial downside financial risk.

Lastly, the OIG’s proposed safe harbor for value-based arrangements with full financial risk would offer protection to both monetary and in-kind remuneration. This safe harbor requires the VBE to take on full financial risk for the costs of care for a specific patient population. Similar to the Stark exception for VBEs that take on full financial risk, this safe harbor provides the greatest amount of flexibility to VBEs.

Personal Services and Management Contracts and Outcomes-Based Payment Arrangements

The OIG also proposes to modify the Personal Services and Management Contracts safe harbor to provide protection to outcomes-based payment arrangements. Outcomes-based payment arrangements reward an agent for achieving certain goals. Examples provided by OIG for permissible arrangements under this safe harbor include: gainsharing arrangements, shared savings and losses arrangements, and pay-for-performance arrangements.

Electronic Health Records and Cybersecurity Technology and Services

Similar to CMS’ proposed rule, the OIG’s proposed rule for the AKS modifies the safe harbors for electronic health records and cybersecurity. The OIG proposes to modify the safe harbor for EHR items and services to include protection for cybersecurity included with an EHR arrangement. This is very similar to the Stark modification of the EHR exception, permitting nonmonetary remuneration to be provided to entities if it protects EHR and the predominant purpose of the services is related to cybersecurity for EHR.

Moreover, the safe harbor for cybersecurity closely reflects the Stark exception for cybersecurity software and services, as it protects donations of certain cybersecurity technology and related services. The cybersecurity safe harbor would permit entities to donate cybersecurity technology and services to physicians or other Federal health care program referral sources.


These proposed rules include significant changes to the Stark Law and the Anti-kickback Statute. The comment period for the proposed rules closes on December 31, 2019. Radiology providers and suppliers should stay tuned for final rules to be issued next year.

For more information on issues relating to this article, please contact Adrienne Dresevic, Esq. at (248) 996-8510 or by email at

Adrienne Dresevic, Esq, is a founding shareholder of The Health Law Partners, PC, a nationally recognized healthcare law firm with offices in Michigan and New York. Practicing in all areas of healthcare law, she devotes a substantial portion of her practice to providing clients with counsel and analysis regarding compliance, Stark Law, Anti-Kickback Statute, and compliance related issues. Ms. Dresevic is a member of the American Bar Association Health Law Section’s Council, which serves as the voice of the national health law bar within the ABA. Ms. Dresevic is the Section’s Budget Officer.  She also served as the ABA Health Law Section’s Co-Chair of the Physicians Legal Issues Conference Committee. She is licensed to practice law in Michigan and New York, and can be contacted at

Arturo Trafny, Esq, is an associate attorney at the Health Law Partners, P.C. Mr. Trafny graduated from Chicago-Kent College of Law. Practicing healthcare law, Mr. Trafny concentrates on regulatory and transactional matters.

Post a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s