EHR donation exemption enticing but requires careful examination

Legally Speaking

Daniel F. Shay
Alice G. Gosfield

Daniel F. Shay, Esq. and Alice G. Gosfield, Esq., are health care attorneys at Alice G. Gosfield and Associates, P.C.

Bookmark and Share

The “Year of the EHR” has yet to arrive, in spite of previous declarations to the contrary, and several efforts by the federal government to spur adoption of electronic health records. The greatest impediment to physician adoption has been the price tag. As part of the government’s attempts to spur adoption, in 2005, the Department of Health and Human Services modified the anti-kickback safe harbors and the Stark law exceptions to permit the donation of EHR software. These exemptions are scheduled to last until the end of 2013.

The adoption of an EHR by a physician practice may indeed offer practical benefits, such as easier and more efficient documentation, streamlined ordering of services, the ability to develop useful data for improving care delivery, and the potential to improve office workflow. Moreover, if a hospital or laboratory donates the EHR software to the physician practice, the practice may reap these benefits at a substantially reduced price tag. However, while a hospital- or laboratory-donated EHR may sound attractive, dermatology practices should keep in mind the potential complexities of such donations. This article addresses the specific steps that must be taken to ensure the donation is made properly, what cannot be done, and what practical pitfalls await a practice entering into a donation or “downstreamed” EHR license agreement.

Fraud and abuse requirements

The Stark statute prohibits a physician or an immediate family member of the physician from referring a Medicare patient for “designated health services” to an entity with which the physician or family member has a financial relationship, unless the transaction conforms with an exception. Similarly, the federal anti-kickback statute prohibits soliciting, paying, offering, or receiving any remuneration, in cash or in kind, overtly or covertly, directly or indirectly, in exchange for referrals of federal health care business, to induce referrals, or for ordering, providing, leasing, furnishing, recommending, or arranging for the provision of any service, item, or good payable by a federal health care program.[pagebreak]

In laymen’s terms, this means that a hospital or laboratory generally cannot simply give goods or services to a physician practice for free, unless they can comply with a Stark exception and the safe harbors of the anti-kickback statute. In 2005, these were each revised to permit the donation of nonmonetary remuneration, including software or information technology and training services to create, maintain, transmit, or receive electronic health records (EHR), provided certain conditions were met. It is these conditions which can bedevil physician practices.

One key question to ask when considering a “donation” approach is what is actually being donated? Many times, smaller donor entities may offer simply to pay for a physician practice’s EHR system, either in terms of up-front costs, ongoing maintenance fees, or both. The federal regulations, however, prohibit donation of money alone — the donation must be non-monetary. Instead, the donor may donate goods (including software) or services (which can include maintenance services, but cannot include staff provided to physician offices).

The prohibition on monetary remuneration becomes confusing in light of another of the federal requirements: the physician receiving the goods or services must pay, prior to their receipt, at least 15 percent of the costs to the donor of the EHR goods and services themselves. Frequently, this concept is discussed as if the donor is paying 85 percent of the physician’s cost. This is wrong. To comply, the donor must have already paid for the goods and services, and the recipient physician is simply repaying a portion of the donor’s costs. In addition, the regulations require that the physician pay at least 15 percent of the donor’s costs, but there is nothing stopping the donor from requiring that a physician pay more than 15 percent. Moreover, bear in mind that the regulations do not specify how the 15 percent is calculated. Therefore, physicians should not necessarily assume that the donor will cover 85 percent of both the initial payment and all ongoing payments; the donation might not include, for example, ongoing maintenance fees or additional costs for incremental additions such as new modules for the software. Likewise, if the cost for the software license is on a per-user basis, any new users the physician adds may be at the physician’s own expense.

The goods and services donated must also be interoperable, and the donor cannot donate the goods and services if they are equivalent to what the physician already has. The concept of “equivalency” has not been defined, but in general, if a physician already has software that can functionally do what the donated software does, it may be seen as “equivalent.” Lastly, to qualify from a technical perspective, the software must have electronic prescribing capabilities.

Physician practices also may not make donation a requirement for continuing to do business with the donor, and the donor may not take into account the volume or value of any referrals between itself and the physician practice. There must also be an agreement in writing specifying what is being donated, the donor’s costs, and the amount of the physician’s contribution to those costs. These requirements are not difficult to satisfy, but they must be met to comply.[pagebreak]


While complying with the fraud and abuse requirements for the donation may be a relatively straightforward proposition, there are certain practical hurdles. The first question — and a critical one at that — is the number of contracts to be signed. There are two typical donation scenarios: (1) the physician practice has a single contract either with the donor (which itself has a contract with the vendor/developer of the software), or (2) there is one contract with the donor and another contract with the vendor/developer. Each has different pros and cons.

A one-contract approach (or a “linear” downstreamed license) is the most common arrangement, but it has one chief downside: a lack of “contractual privity” between the physician and the software vendor. “Contractual privity” is a legal concept meaning that a party to a contract has the ability to enforce the terms of the contract against another party. When the physician practice has no direct contract with the vendor, it lacks the legal ability to make the vendor do anything. This can create a host of issues regarding the duties each of the respective parties has.

For example, consider the issue of technical support. The license may say that the donor provides only low-complexity technical support, and the vendor provides higher-complexity support. Similarly, the vendor may be completely responsible for the installation of the software and any training. Without a contract between the physician and the vendor, the physician has no way to make the vendor meet his or her needs. So, if the vendor does not complete installation of the software on time, or if the vendor ceases to provide technical support for complex issues, the physician cannot compel it to do so, nor obtain damages from the vendor. A two-contract approach (or a “V-shaped” approach) resolves many of these issues, but will require more time and expense to review and negotiate the agreements.

Either approach can raise issues relating to termination of the agreements. For example, in a linear model, if the vendor terminates its agreement with the donor, will the practice be able to continue using the software? In a V-shaped model, the practice may be able to continue using the software, but it may want to condition continuation of the agreement between the physician and donor on the donor’s continued relationship with the vendor. This may also raise issues with respect to how payment is to be handled if, for example, the donor has not finished paying for the software but the vendor goes out of business. Ideally, the physician should not have to assume any payment duties, but these issues should be addressed in the language of any agreements.[pagebreak]

Last, and perhaps most critical, is the issue of HIPAA and data control. Physicians should always own the data they enter into an EHR, and any EHR license agreement they sign should state as much; the data should not belong to either the donor or the vendor. Physicians should be vigilant about whether and how their data will be used, and whether they are getting anything in return for its use. This is especially critical in a linear arrangement where the physician has no direct contractual relationship with the vendor. However, in some circumstances, the data may be shared with the donor (as described more fully below), which can create additional issues under HIPAA, depending on how data is stored.

If the data is stored offsite, rather than at the practice offices, the practice will need a business associate agreement with the entity storing the data. This issue can become more complicated when the data is stored in a central repository maintained by the donor as part of a health information network or exchange, and when some of the data becomes incorporated into the records of other physicians or providers who are also part of the network. This is a common problem with hospital donations. When one member of the network terminates its relationship with the network, it will need the donor to return any protected health information (PHI) under HIPAA. This, however, can prove difficult if the donor still needs to be able to share that data with other providers who treat the patients that the data covers. In such circumstances, it may not be possible to remove data from the repository (although there should be no problems returning a copy of all the practice’s data to the departing member) without also removing PHI from another member’s records. In this situation, the business associate agreement will likely require the donor to maintain the PHI as if the business associate agreement were still in effect.

A linear downstreamed arrangement also presents difficulties with respect to data control both during and after termination of the agreement between the physician and donor. For example, if the data is stored offsite in a vendor’s Web-based EHR, what happens if the vendor goes out of business? Who will store the data then? If the agreement between the vendor and the donor terminates, will the vendor return the data to the practice, continue to maintain it off-site, or will the vendor and practice need to enter into a contract directly? These types of issues should be considered and raised during negotiations, and ideally be addressed in the contract itself.

Moving forward

Donated EHR software can provide a physician practice with much-needed software at a reduced price. However, “downstreamed” relationships can be difficult to navigate, and require careful consideration of the legalities and practicalities. Consulting a lawyer familiar with EHR licenses and “downstreamed” relationships can be helpful.

AADA recommends extreme caution regarding EHR donations

The American Academy of Dermatology Association recently wrote to the Office of the Inspector General and the Centers for Medicare and Medicaid Services asking them to close the loophole that allows pathology labs to donate electronic health records systems to physicians, as it raises concerns about fraud and abuse. It also alerted members to the risks of pursuing such donations.

In the message to members, the Academy noted that dermatologists should “assess all opportunities and risks as they consider acquiring and using EHR systems.” While federal rules allow hospitals and labs to donate up to 85 percent of the cost of EHR software, training, and connectivity (but not hardware or maintenance) through Dec. 31, 2013, the Academy warned that “dermatologists interested in pursuing this opportunity should be very careful to follow the [compliance] requirements of the [anti-kickback] safe harbor and [Stark] exception, as well as to comply fully with both federal and state fraud and abuse laws,” noting that some states (including New York) ban such donations.

The Academy also reminded members that donations cannot be dependent on referrals, and “dermatologists and labs may not factor in the volume or value of referrals or other business generated between them in connection with the EHR donation.” Indeed, discussion of any quid pro quo arrangement is a violation of the law. - Richard Nelson



AADA recommends extreme caution regarding EHR donations
AADA recommends extreme caution regarding EHR donations