AHIMA Comments on Anti-Kickback NPRM to the HHS Office of Inspector General

December 9, 2005

Daniel R. Levinson
Acting Inspector General
Office of Inspector General
Department of Health and Human Services
Attention: OIG-405-P
Room 5246, Cohen Building
330 Independence Avenue, SW
Washington, DC 20201

Re: RIN 09991-AB39 (File Code OIG-405-P)

Dear Mr. Levinson:

On behalf of 50,000 professional health information management (HIM) members, the American Health Information Management Association (AHIMA) welcomes this opportunity to comment on the Office of Inspector General’s (OIG) proposed rule to create safe harbors for the existing statute in order to permit the sharing of electronic prescribing (e-Rx) and electronic health records (EHRs) with physician offices, as described in the October 11, 2005 Federal Register (70FR59015). AHIMA welcomes OIG’s attempt to establish such safe harbors to the federal anti-kickback statute in order to support efforts by the healthcare industry and the Department of Health and Human Services (HHS/Department) to support eRx and develop a standard EHR and a nation wide health information network leading to interoperable health information, to serve the patient and the population.

AHIMA is a 77- year-old professional association representing more than 50,000 educated and certified HIM professionals who work throughout the healthcare industry. HIM professionals serve the healthcare industry and the public by managing, analyzing, and utilizing data vital for patient care and making it accessible to healthcare providers, plans, researchers, and other appropriate parties where and when it is needed most. AHIMA members are active in a variety of healthcare sites and organizations leading the conversion from the paper healthcare record to the standard EHR and working with the industry and the HHS Secretary and Department to see the establishment of an interoperative nation wide health information network (NHIN). AHIMA members also serve as Medicare compliance officers in some facilities and are acutely aware of the OIG’s concerns to eliminate fraud and situations where “abuse” may occur intentionally or unintentionally.

AHIMA is supportive of HHS’ desire to further our electronic health information goals with these October 11 proposed rules. We have reviewed your proposal and made our comments from the perspective of a profession that manages health information and serves as the custodian of such information. Furthermore as noted, HIM professionals are deeply involved in the transformation of the healthcare industry from paper to electronic-based information and are active in multiple efforts to see the achievement of a standard electronic health record (EHR) and full interoperability as soon as possible.


General Comments

While AHIMA commends the OIG and the Department’s efforts to support the goals noted above, it is clear that the current anti-kickback statute as currently written and these proposed safe harbors do not fully acknowledge the current state of the healthcare industry.

The proposed safe harbors are narrow in their focus and presume that only hospitals or health systems may be in a position to provide electronic prescribing (eRx) or EHR components to physician practices or similar entities. In fact, such items, along with a variety of support elements including connectivity, software, technical support, training, and so forth could come from a variety of entities including health plans and similar organizations possibly even those contracted with CMS to deliver a number of products associated with the Medicare or Medicaid programs. Any regulations written at this time should take into account the potential for a wide variety of entities to supply a variety of eRx or EHR components to physician practices and similar provider entities.

OIG is very clear in the Background Section of the proposed rule on the limitations it believes are required under any new safe harbor, and how a new safe harbor will differ from parallel self-referral regulations changes that were proposed by the Centers for Medicare and Medicaid Services (CMS) on the same day (October 11, 2005). AHIMA is aware of the OIG’s concern for fraud occurring as expressed in the Background Section. Recently AHIMA addressed fraud concerns in an era of an EHR in studies conduced under the auspices of the ONC, namely: Use of Health Information Technology to Enhance and Expand Health Care Anti-fraud Activities and Automated Coding Software: Development and Use to Enhance Anti-Fraud Activities. (See: http://www.ahima.org/fore/programs/research.asp) From these studies and our work in the healthcare industry, we must point out that consideration must be given to the balance between moving forward to an EHR and interoperable systems that affords more fraud reduction, increased quality and efficiency, and better patient care, against an interim potential for fraud as a result of inappropriate provision of free or reduced price goods or services by a healthcare provider to a potential referral source.

AHIMA agrees with the OIG that fair market value transactions probably do not constitute any violation of the anti-kickback statute. However, what is being suggested by the industry and the Secretary is a period of time where the donation of items, software, training, communication links and so forth, cannot be judged strictly on a fair market value basis. The industry, the Department, and Congress all struggle with the fact that the benefits in the use of eRx and EHR technology may not reside with the user or owner of the technology. The benefit may construe to another provider, health plan (including a Medicare or Medicaid plan), the population, or the patient. In the community, donations may be made for the good of the entire community and not necessarily or specifically to the donor from the recipient. This was not the environment in which the anti-kickback statute was written, but it is the environment that needs the benefit of safe-harbors that recognize this fact, and calls for the OIG, HHS, and the Congress to recognize that the risks inherent in a safe harbor must be balanced against the overall benefits and achievement of the long term goal.

The OIG’s success in weeding out fraud and abuse in the healthcare industry is well known and commendable, but in so doing, the OIG created in many healthcare entities a fear to engage in any new relationship that has even a hint of what the OIG might consider fraudulent. We are concerned that this fear could lead to barriers that will retard and slow down the conversion to eRx and EHR technology and make such conversion more expensive. As a whole, we do not see the safe harbors as proposed lessening this fear or fitting into the current environment of the healthcare industry. AHIMA recommends that the OIG, office of the Secretary, and CMS, as well as the Office of the National Coordinator for Health Information Technology (ONC) and the American Health Information Community (the Community or AHIC) consider, together, safe harbors that recognize today’s healthcare delivery and HIT environment and develop an approach and safe harbors that will allow the US to achieve the President’s goals for interoperability by 2014 and eRx by 2008.

The proposed rule is written, like that of CMS, essentially in three parts: eRx, EHR “pre-Interoperability Exception,” and EHR “post-Interoperability Exception.” AHIMA is concerned with this three-part approach and the limited flexibility displayed in the regulations that could cause problems in the future:

  • While we understand the MMA eRx requirements are an important consideration, the assumptions for current relationships between eRx and electronic health records and eRX and a standard EHR, are not reflective of the existing environment. eRx and similar prescribing functions exist in a variety of relationships and combinations with other electronic software, and the safe harbor suggested does not reflect these combinations in today’s healthcare environment.
  • AHIMA has led the establishment of a certification commission and the process of certifying health information technology (HIT). Because of the involvement of our members and staff in this work, we understand the intent of the regulation, pre and post, as proposed. Unfortunately, we do not believe that many in the industry currently understand the role and position of the commission and we doubt that this “pre and post” approach makes much sense to them. Since the timetables for this regulation and for the standards and the criteria it addresses are not known, we recommend the OIG consider writing the safe harbor regulation from the perspective of “pre-Interoperability Exception” and not address the “post” era until sometime in the future. We also suggest the regulation state the intention of the OIG to update the safe harbor in the future to take into account the development and adoption of standards and product criteria. This will keep the industry and its vendors fully informed of the OIG’s intention and will keep all aware of the need to produce products that will assist the industry in meeting its needs and its goals.
  • In the introduction to your proposed EHR safe harbors, you note concern that “the provision of EHR technology to physicians and others poses greater risk of fraud or abuse” and you go on to state that “EHR technology is inherently more valuable to physicians in terms of actual cost, avoided overhead, and administrative expenses of an office practice.” AHIMA must point out that while the EHR is very valuable to physician practices and many others, the benefits of such technology and systems accrues even higher benefits to patients, health plans (including the federal government), and the population. While your concern for fraud is not trivial, neither should be the recognition of the great aggregate benefits that will accrue from the donation of such technology and services.
  • AHIMA believes that the appropriate adoption of a standard EHR and other health information standards will decrease the potential for fraud. Many organizations, including the Institute of Medicine (IOM) and CMS have also pointed out that eRx and the EHR will also lead to improved quality, reduced injury, and other outcomes that will reduce the cost of healthcare. While AHIMA applauds several positive items in the proposed rule that will eliminate fraud, we are concerned that there are aspects of the rule where attempts to ascertain value and costs of donations, for the purpose of fraud protection, will become barriers to adoption or a reduction on the return on investment for eRx and the EHR.
Protected Non-monetary Remuneration
  • AHIMA concurs that it is not in OIG’s best interest to sanction or provide duplication in the introduction of HIT hardware, software, and so forth in the same practice. However, while the industry is moving to standardization, most physician offices and many other entities are incapable of determining the extent to which a device or software may be duplicative of a part of some other device or software. Accordingly, we do not believe that most physician offices, or other similar healthcare entities, are capable of certifying that items and services provided are not technically or functionally equivalent to those already possessed by the physician. Likewise we are concerned that a donor might also not have the ability to ascertain if the recipient’s technology was duplicative. If donor and recipient cannot provide certification on face value then we are concerned that no exchange may occur. Saying that “the Recipient would be protected only if the certification is truthful” will cause most – excepting those who have very sophisticated HIT shops – from signing a certification.
  • AHIMA members also note that eRx is in many cases software that may exist in a larger domain of an electronic medical record. Therefore this potential regulation becomes a problem if the newly introduced device or software duplicates a part of previously acquired software. Physician offices or other groups should not have to worry about such situations, especially in this age of rapidly developing and evolving software. On the other hand, AHIMA is not opposed to language in the transfer agreement acknowledging the purpose for which the technology is being given and the limits that should govern the use of the technology. We are very concerned about how an organization, a physician office for example, will be expected to show that it did not use any functionality beyond that identified. Donors should be aware that adding functionality beyond that covered in the eRx, EHR, and interoperable networking situations could be considered a violation of the statute, if deliberately added to a product. The OIG must keep in mind that some product(s) may be obtained by the donor with such multi-functionality already in place, and tampering with or attempting to modify such functions could make the product unusable. The OIG is also reminded that the functions that may or may not be associated with these three areas may change over time and should be viewed in line with nation wide community practices.
  • The proposal makes an additional exception for hardware and we presume communication hardware and software that might be used as well. This is appropriate once again we are concerned about the burden a recipient might experience trying to record the volume of use of the device for the ERX or EHR functions and not other functions that might use the same hardware. The hardware, software, and training being suggested for possible donation is targeted to users in most cases currently using manual or paper-based systems – systems and processes that once the transition to electronic data systems will provide numerous benefits to patients , the population, and providers including the federal government. AHIMA is concerned that if the safe harbor regulations put too much of a reporting requirement on the use of such devices, providers already reluctant to convert (since the benefits often do not come to the provider) will become even more reluctant to make such a conversion, and the goals of this proposed rule will not be met.
  • AHIMA members also point out that a physician office could have a relationship with a hospital, but then as part of a local or regional health information exchange, have a second relationship that might initially require the practice to work with more than one piece of software or device. This is somewhat similar to hospitals that, in the past, had a different computer terminal in order to send different health plans exactly the same information. With standards this will change and improve, but the industry has not reached the use of such standards combined with application software at this time.
Donors and Recipients Protected by the Proposed Safe Harbor
  • AHIMA believes the OIG’s approach in proposed section 1001.952 (x) (1) (i) is too narrow and does not take into account entities other than hospitals and medical staff. We would note that healthcare services are provided in many other types of facilities that interface with prescribing professionals and any regulation should cover the entire spectrum of possibilities. Therefore, we suggest that the OIG expand the safe harbor to cover the full range of providers. Furthermore in response to your questions, we affirm that items or services provided should include all healthcare prescribing professionals and not just physicians.
  • AHIMA agrees with the OIG that there may not be a safe harbor needed between a group practice and its members. However, we disagree that independent contractors of the medical group should not be covered by the safe harbor, since such an independent contractor may be a prescribing professional, and ought to be covered.
  • Similar to our comment above AHIMA again reiterates that there is a need to protect all categories of donors or recipients that might be involved in the exchange of data for the purposes of eRx, or necessary data associated with the EHR.
Promoting Compatibility and Interoperability
  • AHIMA believes that the safe harbor should protect qualifying eRx that is used for the transmission of prescription information regarding items and services that are not drugs. The goal is to facilitate quality, reduce injury, and improve effectiveness. All aspects of the process that use a form of eRx must be protected if the industry is to achieve its goals.
  • AHIMA agrees that today no approved standards exist to ensure eRx products are interoperable, but the time is coming quickly. Meanwhile, we agree that donor or their agents should be prohibited from taking any actions to disable or limit that interoperability or otherwise impose barriers to compatibility, as proposed in section 1001.952 (x)(3). We must note, however, that this is also a reason why donors should not undo portions of functionality they might perceive the OIG require under other sections.
  • AHIMA understands the OIG’s desire to cap the value of items and services provided under the proposed protections, however, the costs of such items – devices, software, support services, training, and so forth will vary by region, size of the supplying organization (that may have access to discounts that others may not have), vendor, and so forth. Were the industry further along in the implementation of eRx or a standard eHR, we might suggest some practical way to judge the value of such donations in various successful communities, but this is not the case. We sympathize with the problem this creates for OIG, but believe that it should be judged in the context of the overall goals of interoperability including the potential to reduce fraud. Failure to have such a range for caps is a temporary problem and one worth having given the benefits that will accrue to all in the future.
Other Conditions

Under proposed section 1001.952 (X) (5), (x) (6), and (x) (7), we agree with the proposed conditions with the following exception.

  • As noted above, AHIMA does not believe that many recipients or some donors will be capable of certifying as to some of the functionality of the donated items or situations where functionality may be duplicated unknowingly. We do agree that an agreement should be able to spell out items and services being donated.
Safe Harbor – Covered Technology

In response to your solicitation AHIMA has the following comments for this section for which we have not previously commented:

  • As noted the safe harbor should permit the EHR or EHR software to be used for the transmission of prescription information regarding items and services that are not drugs.
  • At this time, without either agreed upon standards or product criteria, the computerized provider order entry (CPOE) component should not be required in EHR software. AHIMA also notes that at this time there is no final agreement by any authority on what software is inherent in a standard EHR.
  • While staff per se are not usually considered in the discussion of donated items or software, such items or software may not be of use or used properly if professional installers, trainers, and others services do not accompany the donated items, especially since most of the recipients may have little or no familiarity with electronic systems or functions. We expect that such donated professional service should be temporary during initial implementation.
  • As noted above, there is no agreement or standard to date on what software functions should be included in the definition of EHR. This is an activity underway in several parts of the industry including the federal government and we do not believe that it is in the best interest of the industry for these regulations to propose such a definition at this time. It might be easier for the OIG to suggest or comment on those functions that it believes are not part of an EHR, with an eye to ensuring that such functions are not important to the functioning of a NHIN or local health information exchange.
  • Except for large practices already invested in HIT, our members do not see many practices that invested considerably and would then divest in favor of shifting costs to a potential donor. We are aware that while there are a few potential recipients that can afford such a shift, the majority of health provider entities do not have the capital to do so, and if they have already spent the time to develop and use such software, their preference would usually be to keep it. While this does not suggest that inappropriate activities might not occur, we believe that an accounting of such sharing by the donor entity should be required and could be audited. Meanwhile, let’s not forego the opportunity to reach our goals for appropriate information sharing and recognize the potential administrative savings that will benefit the industry as a whole.
  • At some point in the future we agree that EHR software should be compatible with relevant Public Health Information Network preparedness standards, such as those related to BioSense. However, at this time, there is no industry consensus on standards, nor are there product criteria established. When the industry reaches such a plateau, we recommend that the OIG make it a requirement after a period to allow all to implement the improved standards. This same recommendation is made for the ability of an EHR or relevant architecture to produce quality measurement data, or similar data, as you propose.

Safe Harbor – Donor and Recipients

  • Your reference to covered donors and recipients includes a statement that “we do not believe that providers and suppliers of ancillary services, such as laboratories, have a comparable stake in advancing the goal of interoperable electronic health records for patients.” This statement would appear to ignore the fact that laboratories are often identified as key to local and nation wide health information exchange and especially identified when the discussion includes biosurveillance and similar activities. Likewise, it is the goal of reducing duplicate laboratory testing that is often raised as benefit to the implementation of interoperability and a standard EHR. AHIMA recognizes that the OIG has had negative experiences with some laboratories in the past, but suggests that the OIG work within HHS and especially with the ONC to ensure that safe harbor rules do not negate the goals of interoperability.
Proposed Post-Interoperability Safe Harbor

As noted above, AHIMA does not believe that the current proposed safe harbor should include a post-interoperability safe harbor. That said, AHIMA and others are actively working for the standards and criteria that will create the state for interoperability and define the EHR. We welcome the OIG’s participation in this task to ensure appropriate safeguards are in our systems and understanding obtained by the OIG that will permit appropriate safe harbor proposals in the future.


You note that you have been petitioned to develop safe harbors for community-wide health information systems – local health information exchange or the nation wide health information network. AHIMA agrees that the OIG should be a part of this development, both to ensure that fraud concerns are addressed and to understand the systems and processes in order to propose informed, appropriate safe harbors. Again, we hope that OIG staff will join this HHS and industry effort and we welcome your involvement.


The healthcare industry, the federal government, and most of all the patient/consumer/citizen will all benefit from the implementation and utilization of eRx, a standard EHR, and nation wide interoperability. The members of AHIMA applaud the OIG’s desire to provide safe harbors for the anti-fraud statute that would promote the sharing of eRX and EHR related devices, software, training and other related resources.

AHIMA understands the OIG’s concerns that sharing could be abused and result in activities creating fraud, but we suggest the benefits of interoperability be balanced against this risk. The environment is changing rapidly, and regulations must be designed to keep up with and promote advancement rather than become a barrier to advancement.

AHIMA is aware that the introduction of eRx, the EHR, and a NHIN could raise the risk of fraud, but we are also aware that this technology also has the promise of reducing fraud. The OIG has suggested that it may seek its input as to potential fraudulent situations. AHIMA suggests that staff of the OIG become active in federal and industry development of the standards, product criteria, and other elements that will make up the new healthcare process and environment. This will benefit the entire healthcare community and especially patients and the population as a whole.

AHIMA and its 50,000 member professionals are working hard to see the achievement of this nation’s interoperable goals. We hope these recommendations will assist the OIG in its efforts we stand ready to work with the Office in any way possible to achieve our common goal. If there are any questions regarding these comments and recommendations, or if there is any way that AHIMA might assist the department, please contact me, at (202) 659-9440 or dan.rode@ahima.org. We thank you again for your efforts to achieve our common goal and for this opportunity to provide input to your proposed regulation.


Dan Rode, MBA, FHFMA
Vice President, Policy and Government Relations