Michael A. Cassidy
Tucker Arensberg, P.C.
December 2, 2020
EHR Safe Harbor Permanent
The existing electronic health records items and services Safe Harbor in 42 CFR Section 1001.952(y) was amended by deleting the sunset provision, thereby making the protection permanent.
Cybersecurity Technology and Services
A new Safe Harbor for cybersecurity and technology services is added in 42 CFR Section 1001.952(jj) to facilitate improved cybersecurity. The announcement states the healthcare sector is one of the most targeted industry sectors and that data breaches may have cost U.S. hospitals $6.2 billion in 2015 and 2016 – although these regulations will not be effective until 2021!
The new Safe Harbor provides that “remuneration” will not include non-monetary remuneration consisting of cybersecurity technology and services “necessary and used predominantly to implement, maintain or reestablish effective cybersecurity” if:
Cybersecurity is defined as the process of protecting information by preventing, detecting and responding to cyberattacks.
Technology is defined as software or other types of information technology(?)
The Stark Exceptions definitions have been amended to add “cybersecurity technology and related services” in 42 CFR Section 411.351(bb) as an exception to prohibited compensation arrangements, but retains the requirement that physicians bear 15% of the costs.
December 03, 2020
Enter your email address below and be notified when we post new information.