Thursday, October 24, 2019
On October 17, 2019, the Department of Health and Human Services (HHS) published proposed rules to update the regulatory Anti-Kickback Statute (AKS) safe-harbors and exceptions to the Physician Self-Referral (PSR) Law, known commonly as the Stark Law (AKS proposed rule available here; PSR proposed rule available here). In an earlier blog post, we described each of the proposed rules. Among the proposed changes are a new safe harbor/exception that would generally permit entities to donate certain cybersecurity technology and related services to physicians, subject to compliance with the conditions described below. In the preamble to each proposed rule, the HHS Office of Inspector General (OIG) (which published the AKS proposed rule) and the Centers for Medicare and Medicaid Services (CMS) (which published the PSR proposed rule) noted that cyber-attacks in the health care industry are on the rise and cybersecurity technology can be cost-prohibitive for some providers. Both OIG and CMS stated their hope that the proposed rules will improve overall cybersecurity in the health care industry and reduce instances of data breaches resulting from cyber-attacks.
The proposed safe harbor/exception protects non-monetary donations of “cybersecurity” “technology” and related services. The AKS and PSR proposed rules define cybersecurity and technology as follows:
“Cybersecurity” is the process of protecting information by preventing, detecting, and responding to cyber-attacks.
“Technology” is software or other types of information technology other than hardware.
The OIG and CMS each described taking an expansive view of what qualifies as cybersecurity technology and related services, but neither the AKS safe harbor ..
Support the originator by clicking the read the rest link below.
