Electronic Healthcare Records

Warning: EHR Donations Could Violate 'Anti-Kickback' Regs

Hospitals that Donate EHRs that Don't Share Data Could Be in Trouble
Warning: EHR Donations Could Violate 'Anti-Kickback' Regs

As part of a government campaign to discourage health information "blocking," a federal agency has issued an alert warning that donations - such as from a hospital to a physician - of electronic health record software that has "limited or restricted interoperability" are potential violations of federal anti-kickback regulations.

See Also: Zero Trust Webinar Today: Research Insights Exploring the Actionable, Holistic & Integrative Approach to Security

The Oct. 6 alert from the Department of Health and Human Services' Office of Inspector General comes at a time when other HHS units, including the Office of the National Coordinator for Health IT - which oversee standards and policies for the HITECH Act EHR financial incentive program - and the HHS Office for Civil Rights - which enforces HIPAA - also have been trying to deter information blocking.

Back in April, ONC issued a report to Congress outlining how the secure exchange of health information is sometimes intentionally and unreasonably blocked by healthcare organizations, technology services providers and electronic health record vendors (see Overcoming Health Info Exchange Blocking). In some cases, the players are inappropriately invoking HIPAA privacy and security concerns, ONC says. Other times, EHR vendors refuse to offer affordable interfaces or establish connections that allow their products to exchange patient data with other entities using another vendor's technologies, ONC wrote in the report.

"Information blocking is a real, substantive problem in healthcare," says privacy attorney David Holtzman, vice president of compliance at the security consulting firm CynergisTek. "It can interfere with patient care, and it upends the basic tenet of why we have established a national imperative to invest in the adoption of health information exchange through EHR."

HHS and the Centers for Medicare and Medicaid Services have received a number of complaints concerning practices of healthcare organizations, laboratories and electronic health record vendors that have knowingly interfered or blocked the sharing or transfer of health information, Holtzman notes. "The action taken by the OIG is one of the few regulatory or enforcement tools available under current law to put a dent in this pernicious activity," he adds.

Safe Harbor Conditions

The "policy reminder" from OIG warns how information blocking may affect "safe harbor" protection under the federal anti-kickback statute, which prohibits individuals and entities from "knowingly and willfully offering, paying, soliciting, or receiving remuneration to induce or reward referrals of business reimbursable under any federal healthcare program," OIG says in the alert.

The anti-kickback regulations were meant to prohibit situations "such as a hospital giving a doctor a new car or another expensive item," including technology, in exchange of the physician referring patients who are covered under government health programs, such as Medicare or Medicaid, to the hospital, explains privacy attorney Kirk Nahra of law firm Wiley Rein.

However, there are exceptions to the federal anti-kickback statute, known as safe harbors. Among the safe harbors is an exclusion that permits certain arrangements involving the donation of interoperable EHR software, information technology and training services, OIG writes. "This safe harbor is intended to protect beneficial arrangements that would eliminate perceived barriers to the adoption of EHRs without creating undue risk that the arrangements might be used to induce or reward the generation of [federal healthcare program reimbursable] business," the watchdog agency writes.

"OIG's goal is to promote the adoption of interoperable [EHR] technology that benefits patient care while reducing the likelihood that the safe harbor will be misused by donors to secure referrals," the alert says.

In connection with the EHR safe harbor, OIG says, "Donations of items or services that have limited or restricted interoperability due to action taken by the donor or by any person on the donor's behalf - which could include the recipient acting on the donor's behalf - would fail to meet the condition... of the safe harbor to promote the use of technology that is able to communicate with products from other vendors."

Failure to meet the interoperability condition would mean that the safe harbor would not apply and the arrangement would be subject to case-by-case review under the federal anti-kickback statute, OIG writes. "Violation of the statute may also result in imposition of criminal penalties, civil monetary penalties, program exclusion and liability under the False Claims Act," OIG warns.

Aside from potential cases involving intentional information blocking that would be in violation of the federal anti-kickback laws, some hospitals may unwittingly be violating the safe harbor condition, Nahra says. That includes situations where "hospitals are donating to physician offices cheap EHR systems" that aren't designed to share data with other vendors' EHR systems, he says. "Hospitals can be victims of this too," he says. "Hospitals need to figure out if the EHRs they're giving away are interoperable. They should question their vendors."

ONC Response

ONC supports OIG's policy reminder regarding existing policies that deter information blocking, Jodi Daniel, the office's director of policy, tells Information Security Media Group. "Information blocking can compromise patient care and undermine interoperability," she says.

"Promoting interoperability and preventing information blocking is a priority of ONC. As such, ONC has been talking with federal and private partners that have an interest in promoting interoperability and reducing information blocking. OIG has had a policy in place since 2006 that entities should not limit interoperability. In the [alert and a related blog posting], OIG restated their longstanding policy in light of the [recent] ONC report on information blocking."

OIG did not immediately respond to a request for comment.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.