OIG Revises Health Care Fraud Self-Disclosure Protocol

On November 8, 2021, the U.S. Department of Health and Human Services – Office of Inspector General (“OIG”) made material revisions to the OIG Self Disclosure Protocol (“SDP”).  The SDP was created in 1998 to serve as a mechanism for healthcare providers, suppliers and other entities to voluntarily self-disclose matters involving potential fraud stemming from participation in the federal healthcare programs.  The types of fraud reportable under the SDP include submissions of improper claims to federal healthcare programs, potential violations of the federal Anti-Kickback Statute and the physician self-referral law (a.k.a., the “Stark Law”), and employment or contracting with excluded individuals on OIG’s List of Excluded Individuals and Entities.

The SDP’s goal is to facilitate compliance with federal healthcare program requirements by offering entities the opportunity to make good faith disclosures of potential fraud and avoid the costs and disruptions associated with federal investigations and civil or administrative litigation.

The timelines, content requirements and methods used to calculate damages are consistent between the 2013 and 2021 versions of the SDP.  The 2021 SDP changes are as follows:

  • OIG increased the minimum amounts required to settle under the SDP to match new statutory minimum penalty amounts as set forth under the amendments to Section 50412 of the Bipartisan Budget Act of 2018, which increased maximum civil monetary penalties in section 1128A(a) of the Social Security Act (42 USC 1320a-7a) for false claims from $10,000 to $20,000, and for Anti-Kickback Statute-related conduct from $50,000 to $100,000.
  • OIG now requires SDP submissions to be made through the OIG’s web page and online portal, rather than by sending a letter to OIG.
  • OIG clarified that a reporting party must indicate in its disclosure whether it is subject to a corporate integrity agreement. OIG also clarifies that reportable events (as defined by the corporate integrity agreement) can be disclosed under the SDP.
  • OIG made clarifying revisions to the existing language that confirmed the US Department of Justice’s ability to participate in the settlement of cases submitted under the SDP and resolve the matter under the False Claims Act.
  • OIG clarified that a party disclosing under the SDP must include damages to each affected federal healthcare program separately, as well as the sum of all damages to all affected federal healthcare programs.

The latest revisions to the SDP are part of OIG’s ongoing evaluation of the disclosure process. OIG previously issued Open Letters to Health Care Providers in 2006, 2008 and 2009 and solicited public comment prior to the 2013 version of the SDP, which amended and replaced the 1998 Federal Register Notice and Open Letters.

OIG reports that it has resolved more than 2,200 disclosures between 1998 and 2020, resulting in recoveries of more than $870 million to the federal healthcare programs.  Between 2016 and 2020, OIG resolved more than 330 settlements through the SDP.  According to OIG’s web page, OIG has entered into more than 600 settlements since 2013 with organizations that self-disclosed conduct through the SDP, with settlements as high as $20.9 million.

For additional information regarding the revised SDP, use the following link:




Law Offices of George W. Bodenger has significant experience in guiding clients through the OIG Self Disclosure Protocol process.  Please contact us at or at (610) 212-5031 to learn more about our qualifications and experience in this area.

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading

Recent Trends in COVID Aid-Related Fraud Prosecutions

The U.S. Justice Department’s COVID-related health care fraud initiative continues at an aggressive pace. Recently, the Justice Department announced – in a single day – criminal charges against 138 defendants in 31 federal districts throughout the United States, alleging about $1.4 billion in losses. Among those charged are 42 doctors, nurses and other licensed medical professionals. For businesses that took advantage of the $2.2 trillion in federal pandemic aid programs, this latest enforcement action demonstrates that an audit or investigation may be inevitable.

The Coronavirus Aid, Relief, and Economic Security (“CARES”) Act, enacted in March 2020, provided emergency financial assistance in the form of forgivable loans to businesses to cover payroll and other specified expenses through the Paycheck Protection Program (“PPP”). It also included the Provider Relief Fund (“PRF”), which provided needed medical care to Americans suffering from COVID-19. From the onset of these programs, the federal government vowed to take measures to prevent recipients from fraudulently taking advantage of the CARES Act programs. The Justice Department has been focused on COVID-19 health care related fraud since the onset of the pandemic.

A combination of federal and state law enforcement agencies are working together to investigate and prosecute alleged COVID-19 related fraud, including the Department of Health and Human Services Office of Inspector General, the FBI, the Drug Enforcement Administration, the Health Care Fraud Unit of the Criminal Division’s Fraud Section, the Health Care Fraud and Appalachian Regional Prescription Opioid Strike Force and the U.S. Attorneys’ Offices throughout the country.

Recent criminal charges associated with the COVID-19 fraud prevention program include a variety of allegations relating to the submission of false claims. The defendants are alleged to have misused patient information to submit claims to Medicare for many forms of medically unnecessary testing and telemedicine fraud. Individual defendants are also alleged to have misused PRF monies for their own personal expenses, including for gambling at Las Vegas casinos and payments to a luxury car dealership.

In 11 judicial districts, charges have been filed against 43 defendants who allegedly paid doctors and nurse practitioners to order unnecessary durable medical equipment (“DME”), genetic and other diagnostic testing, and pain medications, either without any patient interaction or with only a brief telephonic conversation with patients they had never met or seen. DME companies, genetic testing laboratories and pharmacies then purchased those orders in exchange for illegal kickbacks and bribes. Prosecutors allege they also submitted more than $1.1 billion in false and fraudulent claims to Medicare and other government health benefit programs. The proceeds of the scheme were allegedly spent on luxury items, including vehicles, yachts, and real estate. Criminal charges also included allegations that the defendants submitted fraudulent claims for tests and treatments for patients seeking treatment for drug and/or alcohol addiction through a national sober homes initiative program. Other medical professionals have been charged with over-prescribing millions of doses of opioids and other prescription narcotics and submitting false billings.


Law Offices of George W. Bodenger, LLC, a boutique law firm specializing in healthcare law, is asked by a broad array of clients to provide innovative solutions to today’s legal and business challenges. For more information, please visit

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading

HHS Releases $25.5 Billion in COVID-19 Relief Funding Targeting Smaller Providers

DHHS Releases $25.5 Billion in COVID-19 Relief Funding Targeting Smaller Providers

On September 10, 2021, the Biden-Harris Administration announced that the U.S. Department of Health and Human Services (“DHHS”), through the Health Resources and Services Administration, is making $25.5 billion in new funding available for health care providers affected by the COVID-19 pandemic.  This represents the first additional funding availed for these purposes in nearly 12 months.  The new funding comes roughly a week after Republican Senate leaders wrote to the Biden administration calling for the swift distribution of the remaining money.  The funding is intended to bolster reimbursement to providers that serve a disproportionate amount of Medicare and Medicaid patients. The September 10, 2021 announcement comes as some provider groups have advocated for DHHS to release the remainder of the $178 billion relief fund passed by Congress in 2020.  The funding includes $8.5 billion in resources from the American Rescue Plan Act passed earlier this year and another $17 billion from the Provider Relief Fund (“PRF”) previously established under the CARES Act.

The new funding will be allocated based on providers’ lost revenue and higher expenses from July 1, 2020 to March 31, 2021 (the “Reporting Time Period”).  DHHS is specifically targeting smaller providers for lost revenues and COVID-19 expenses incurred at a higher rate, as  compared to larger providers.  There will also be bonus payments for providers that serve Medicaid, Children’s Health Insurance Program and/or Medicare patients.  These bonuses will be based on the generally higher Medicare rates to ensure equity for those serving low-income children, pregnant women, people with disabilities and seniors.  DHHS will also make payments to rural providers based on the amount of Medicaid, CHIP and Medicare services provided to patients in rural areas.

In order to expedite and streamline the application process and minimize administrative burdens, providers will apply for both programs in a single application.  DHHS will use existing Medicaid, CHIP and Medicare claims data in calculating payments. The application portal will open on September 29, 2021. To help ensure that these funds are used for patient care, PRF recipients will be required to notify the HHS Secretary of any merger with, or acquisition of, another health care provider during the period in which they can use the payments.  Providers who report a merger or acquisition may be more likely to be audited to confirm their funds were used for coronavirus-related costs, consistent with an overall risk-based audit strategy.  Additionally, in light of the challenges providers across the U.S. are facing due to recent natural disasters and the Delta variant, DHHS has announced a 60-day grace period to help providers come into compliance with their PRF reporting requirements if they fail to meet the deadline on September 30, 2021, for the first PRF Reporting Time Period.  While the deadlines to use funds and the Reporting Time Period will not change, HHS has committed to not initiate collection activities or similar enforcement actions for noncompliant providers during this grace period.

For more information about eligibility requirements, the documents and information providers will need to complete their application, and the application process for PRF Phase 4 and ARP Rural payments, visit:


Law Offices of George W. Bodenger, LLC,  a boutique law firm specializing in healthcare law, is asked by a broad array of clients to provide innovative solutions to today’s legal and business challenges. For more information, please visit

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading

Pharmacist Arrested for Selling COVID Vaccination Cards Online

A licensed pharmacist was arrested on August 17, 2021 in Chicago on charges related to his alleged sale of several authentic Centers for Disease Control and Prevention (CDC) COVID-19 vaccination cards on eBay.

According to court documents, in March and April 2021, Tangtang Zhao, 34, of Chicago, sold 125 authentic CDC vaccination cards to 11 different buyers for approximately $10 per card.  Zhao was a licensed pharmacist in Illinois and was employed at Company 1, a pharmacy which distributed and administered COVID-19 vaccines at its physical locations nationwide.  As required by the CDC, Company 1 provided a CDC Vaccination Record Card to each vaccine recipient.  Zhao, who worked at Company 1 as a pharmacist during that time, obtained and subsequently offered authentic CDC vaccination cards for sale online. The indictment charges Zhao with 12 counts of theft of government property.

Zhao is charged by indictment with 12 counts of theft of government property.  Zhao made his initial court appearance on Aug. 17 before U.S. Magistrate Judge Sheila M. Finnegan of the U.S. District Court for the Northern District of Illinois. If convicted, he faces a sentence of 10 years in prison per count. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI and HHS-OIG are investigating the case.

Trial Attorney Leslie S. Garthwaite of the Criminal Division’s Fraud Section is prosecuting the case.

George W. Bodenger, Esquire
Law Offices of George W. Bodenger, LLC
575 S. Goddard Blvd, #213
King of Prussia, PA 19406
Office (610) 212-5031
Fax – (484) 416-0229

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading


In June 2021, the Centers for Medicare & Medicaid Services (“CMS”) published Advisory Opinion No. CMS-AO-2021-01 (“AO”), indicating that a physician practice could qualify as a “group practice” under the federal physician self-referral prohibitions (a.k.a. the “Stark Law”) if the practice furnishes designated health services (“DHS”) through a wholly-owned subsidiary entity that is enrolled in the Medicare program as a physician practice.


As a general matter, the Stark Law prohibits a physician from referring Medicare beneficiaries to an entity for the furnishing of DHS if the physician (or one of their immediate family members) has a financial relationship (either an ownership interest or a compensation arrangement) with the entity (the “DHS Entity”) unless a statutory or regulatory exception applies. The Stark Law also prohibits the DHS Entity from billing Medicare or any other person or entity for improperly referred DHS.  DHS includes the following twelve (12) categories of services:


Clinical laboratory services                                                    Durable medical equipment and supplies Physical

therapy services                                                                        Parenteral and enteral nutrients, equipment, and supplies

Occupational therapy services                                               Prosthetics, orthotics, and prosthetic devices and supplies

Outpatient speech-language pathology services                Home health services

Radiology and certain other imaging services                    Outpatient prescription drugs

Radiation therapy services and supplies                             Inpatient and outpatient hospital services


One of the most popular exceptions for physician practices is the in-office ancillary services exception (the “IOAS Exception”). The IOAS Exception generally is available to a physician practice consisting of two (2) or more physicians only if the physician practice qualifies as a “group practice.”  Under the Stark Law definition,  a group practice must be a single legal entity operating primarily for the purpose of being a physician group practice.  The group practice definition further requires that the single legal entity may be organized or owned by another medical practice, provided that the other medical practice is not an operating physician practice (regardless of whether the medical practices meets the conditions of being a group practice). The Stark Law also state that a group practice that is otherwise a single legal entity may itself own subsidiary entities, but does not specify whether the subsidiary can be a medical practice.  Prior to this AO, CMS specifically referenced the ability of a group practice to own and operate other legal entities (e.g., a clinical laboratory) for purposes of providing services to the group practice, but had not opined as to whether such a subsidiary entity could itself be enrolled in Medicare as an operating physician practice.



The advisory opinion request was submitted by a group practice (the “Group”) which owned and operated physician practices (each a “Subsidiary,” and collectively, the “Subsidiaries”) located in separate states. Each Subsidiary is enrolled as a physician practice in the Medicare program.  In this AO, CMS indicated that furnishing DHS through the Subsidiaries would not prevent the Group from qualifying as a group practice, thus permitting the Subsidiaries to furnish DHS.

As part of the CMS Stark Law advisory opinion process, the Group certified that all clinical employees and contractors of the Subsidiaries would be employed or contracted by the Group and assigned to work at the Subsidiaries.  The Group also certified that all revenues and expenses of the Subsidiaries would be treated as revenue and expenses of the Group, and patients seen by the Subsidiaries would be considered patients of the Group.  The favorable AO permits each Subsidiary of the Group to remain a Medicare-enrolled practice and bill Medicare for DHS without giving rise to a violation of the Stark Law, so long as the other requirements of the group practice definition and the IOAS Exception were satisfied.

In this AO, CMS emphasized that the requirement for a “group practice” to be a “single legal entity” expressly permits a group practice to own subsidiaries and, although CMS previously provided only the example of a laboratory wholly-owned by a group practice, this does not prevent a group practice from furnishing other services—including physicians’ professional services to its patients through other types of wholly-owned subsidiaries.  CMS also noted that a group practice must “primarily provide services of the type provided by a supplier that is enrolled in Medicare as a clinic/group practice.” This language serves to highlight that, although a group practice may own and operate subsidiary entities to furnish services to its patients, the group must remain, at its core, a physician practice, and cannot utilize the IOAS Exception to circumvent the referral prohibition of the Stark Law by establishing subsidiary entities that are not central to group practice’s services to patients.



For purposes of physician practice acquisitions, consolidating under a single taxpayer identification number (“TIN”) has been the standard practice for purposes of meeting the Stark Law definition of a group practice.  This AO establishes that an existing physician practice platform that is acquiring a physician practice may maintain the existing practice legal entity of the acquired practice as a wholly-owned subsidiary.  This development eliminates the need for transferring payor contracts and provider recredentialing such efforts in a practice acquisition transaction.  It is critical to note, however, that all other elements of the group practice definition must still be met for the relevant group practice to satisfy the IOAS Exception.  In particular, the practice must operate as a unified business with centralized decision-making, consolidated billing, accounting and financial reporting.  When structuring a group practice that intends to rely on subsidiary entities, extra care should be taken to ensure the “unified business” requirement is satisfied by the physician practice for Stark Law compliance.


Law Offices of George W. Bodenger, LLC,  a boutique law firm specializing in healthcare law, is asked by a broad array of clients to provide innovative solutions to today’s legal and business challenges. For more information, please visit

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading

Biden’s Executive Order Takes Aim at Non-Competes in Medical Spas and Medical Practices

On July 13, 2021, President Biden signed an Executive Order directing the Federal Trade Commission (“FTC”) to take actions on anti-competitive labor practices, including employee non-compete agreements for medical spas and medical practices.

This is not the first step toward federal regulation of non-compete agreements.  In October 2016, President Barack Obama issued a “State Call to Action on Non-Compete Agreements” to “address wage collusion, unnecessary non-compete agreements, and other anticompetitive practices.”  In Congress, multiple bipartisan bills aiming to ban non-competes have fallen by the wayside since that time.  More recently, the FTC hosted a workshop in January 2020 “to examine whether there is a sufficient legal basis and empirical economic support” to restrict non-competes.

The argument against non-competition agreements is that they can discourage workers from seeking out higher-paying jobs in their geographic areas and make it difficult for them to seek gainful employment in their fields.  Additionally, such arrangements can be difficult for lower-wage workers to defeat, since they typically lack the financial wherewithal to seek legal recourse.  It is not possible, at this nascent stage, to ascertain how the FTC will interpret and enforce such directives. As such, the impact on medical spas and physician practices remains to be seen.

While non-competes are fairly common in the realm of medical spas and medical practices, they still must have limitations in order to be enforceable.  A few states have, in fact, adopted laws and rules that prohibit these provisions, except in very limited circumstances.  Even in states that generally allow non-competition arrangements for licensed professionals, there still are limitations on their scope.  Generally, the permissible goal for a non-compete is to protect trade secrets and proprietary information that would damage the business or provide an unfair advantage to the former employee.  From a public policy standpoint, the clauses still need to be narrowly written to achieve that goal and not deprive the community of a trained and skilled professional.

It is important to note that an Executive Order is not a new law. Such an order cannot change existing law or give an agency more power than it currently has.  An Executive Order can, however, direct the agency to refocus their priorities or to change their interpretation of existing law.   Much remains to be done before any ban or limitations on restrictive covenant agreements by the FTC become reality.  In the instant case, legal experts appear divided on whether the FTC has the power to enforce such a ban on non-competes.  The FTC does have authority to act against “anti-competitive practices,” which they define as unfair business practices that are likely to reduce competition and lead to higher prices, reduced quality or levels of service, or less innovation.  It seems possible, therefore, that the FTC would have authority regarding non-competes in the context of “anti-competitive practices.”

If the FTC engages in rulemaking, it is unclear what level of regulation it may pursue.  Will the FTC seek to ban non-competes entirely?  Will it take a more nuanced approach, imposing restrictions on non-competes only for low-wage workers, as a number of states have done?  Will the FTC also try to regulate other restrictive covenants, such as non-solicitation and non-servicing provisions?  Moreover, if the FTC exercises its rulemaking authority to regulate restrictive covenants, will anyone challenge its legal authority to do so and what will the courts say? All these questions, and many more, remain unanswered.

For now, if they are not already doing so, employers should start thinking about how to protect their business interests if the FTC were to ban or limit some or all non-competition agreements or other restrictive covenants.


Law Offices of George W. Bodenger, LLC is a boutique legal practice providing sophisticated legal services to a broad range of healthcare providers.  The Firm has significant experience in drafting, negotiating and enforcing non-competition arrangements involving licensed health care professionals.  Please contact George W. Bodenger at 610-212-5031 or if you have any questions regarding these matters or if you would like additional information about the Firm.

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading



On July 13, 2021, the Centers for Medicare & Medicaid Services (“CMS”) released the calendar year 2022 Medicare Physician Fee Schedule proposed rule (the “Proposed Rule”). The Proposed Rule describes CMS’ plans to revise Medicare payment policies and rates for the upcoming year.  In the Proposed Rule, CMS sets forth its proposed changes in the regulations which codify its long-standing guidance on billing for “split (or shared)” evaluation and management (“E/M”) visits.  Split (or shared) visits are E/M visits provided in part by both physicians and non-physician practitioners (“NPPs”). NPPs generally include nurse practitioners, physician assistants and advanced practice practitioners.

As a general matter, Medicare reimburses physicians at a higher payment rate than NPPs for various services.  In the physician office setting, when a patient visit is performed in part by a physician and a NPP, the physician is permitted to bill for the visit, provided the visit meets the Medicare requirements for services furnished “incident to” a physician’s professional services.  Historically, CMS relied on guidance found in the Medicare Claims Processing Manual (“MCPM”) to permit a physician to bill for visits performed in part by a NPP outside of the physician office setting.  In May 2021, in response to a petition submitted under the U.S. Department of Health and Human Services Good Guidance Practices Regulation, CMS formally withdrew the MCPM sections specifically addressing split (or shared) visits and indicated that CMS would reissue the guidance as proposed regulations.

The Proposed Rule specifies the requirements that must be met in order for a physician or NPP to bill a split (or shared) visit in a hospital, skilled nursing facility (“SNF”) or other facility setting. If passed, the Proposed Rule will expand the clinical scenarios under which a healthcare professional can bill for services performed in part by another practitioner and would also impose restrictions on which performing practitioners can bill for the split (or shared) visit.


In addition to clarifying when split (or shared) visits may be billed to Medicare, the Proposed Rule modifies CMS policy, permitting physicians and NPPs to bill for split (or shared) visits for both new and established patients, critical care services and certain E/M visits in a SNF.  The prior guidance limited split (or shared) visit billing to established patients and prohibited billing for split (or shared) visits involving critical care services or in SNFs.  The Proposed Rule defines “split (or shared) visit” as E/M visits performed in part by a physician and NPP in institutional settings for which “incident to” payment is not available.  This is intended to distinguish between the policy applicable to services furnished “incident to” the professional services of a physician in a physician office setting and the policy applicable to services furnished in a facility setting on a split (or shared) basis.

Additionally, CMS is proposing to establish which of the physician or NPP performing a split (or shared) visit can bill Medicare for the visit.  This is a very important concept because the visit is paid at a higher rate if the physician submits the claim rather than the NPP.  Historically, in determining whether a physician or an NPP may bill for a split (or shared) visit, either the physician or NPP could bill for the service so long as the billing provider performed a “substantive portion” of the visit. In the Proposed Rule, CMS seeks to codify this policy by using time—as opposed to medical decision-making or a key component of the E/M visit—as the key factor in determining whether the physician or the NPP performed the substantive portion of the visit.  The Proposed Rule would further limit the billing provider to the individual who performed more than 50% of the visit.  In addition, CMS is proposing a list of activities that may count toward the total time of the E/M visit for purposes of determining the provider who performed the substantive portion of the visit.  Under the Proposed Rule, documentation in the medical record will need to identify both professionals who performed the visit and the individual who performed the substantive portion (and bills for the visit) would need to sign and date the medical record.

Previous MCPM guidance generally prohibited the billing of split (or shared) visits for new patients.  In the Proposed Rule, CMS is proposing important clarifications to its policy to permit either a physician or a NPP to bill for split (or shared) visits for both new and established patients and for initial or subsequent visits.  This change expands the availability of split (or shared) visit billing in the facility setting.  Under the previous MCPM guidance, CMS did not permit healthcare professionals to bill for split (or shared) visits for critical care services or for E/M visits furnished in a SNF.  In the Proposed Rule, CMS is proposing to permit healthcare providers to bill for split (or shared visits) that are critical care services.  The Proposed Rule also states that no other E/M visit can be billed for a patient on the same date as critical care services are furnished when the services are furnished by the same professional (or professionals) in the same specialty and group.  The Proposed Rule also expands split (or shared) visit billing to permit E/M visits to be furnished by a physician and a NPP in a SNF setting.

In the Proposed Rule, CMS explicitly declined to define “same group” for purposes of the new split (or shared) visit billing rule and is seeking comments on how to define same group.  While the Proposed Rule retains the requirement that split (or shared) visits be performed by a physician and NPP who are in the same group, CMS noted that it considered several options, including using the “group practice” definition under the Stark Law or considering practitioners under the same billing tax ID number to be the same group practice.  CMS also noted that some of the options it evaluated do not align with the definition of “group” used for Medicare enrollment purposes.  This determination is of significant import because if the two practitioners are determined not to be in the same group, neither of them may be able to bill for the visit if neither performed a complete E/M visit.  CMS, under the Proposed Rule, will not pay for partial E/M visits.

Finally, the Proposed Rule seeks to create a claim modifier that would be mandatory for split (or shared) visits.  This modifier would allow CMS to identify services furnished in part by NPPs and allow for more targeted review of services furnished by physicians and NPPs.

In summary, the Proposed Rule provides both new opportunities for billing split (or shared) visits, but also restricts the reimbursement opportunity for services that are performed primarily by NPPs.  Providers have an opportunity to provide comments to the Proposed Rule, which must be submitted by September 13, 2021.


Law Offices of George W. Bodenger, LLC is a boutique legal practice providing sophisticated legal services to a broad range of healthcare providers.    Please contact George W. Bodenger at 610-212-5031 or if you have any questions regarding these matters or if you would like additional information about the Firm.

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading

OCR to Ease HIPAA Enforcement for Web-Based Scheduling of COVID-19 Vaccinations

On February 12, 2021, the Office for Civil Rights (“OCR”) of the U.S Department of Health and Human Services (“HHS”) provided additional information regarding its previously-announced discretion in the enforcement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act related to privacy, security, and date breaches. OCR stated that it will not penalize covered entities or their business associates for non-compliance under HIPAA for the good faith use of online or web-based scheduling applications (“WBSAs”) for scheduling COVID-19 vaccination appointments during the COVID-19 pandemic.

During the COVID-19 public health emergency, covered entities, such as large pharmacy chains, or business associates acting on behalf of the covered entities, are permitted to use WBSAs to schedule individual appointments for COVID-19 vaccinations. For the purposes of this exercise of discretion, a WBSA is defined as an online or web-based application that only allows the intended parties to access the data and that provides individual appointment scheduling related to large-scale COVID-19 vaccination efforts. Technology that directly connects to electronic health records (“EHR”) systems used by covered entities is excluded from the definition of a WBSA. The HIPAA privacy rules allow business associates of a covered entity to use and disclose protected health information (“PHI”) for certain functions, only as dictated by a business associate agreement. During the COVID-19 pandemic, however, covered entities need to schedule a large number of vaccine appointments and often do this through the use of WBSAs. Some of these online scheduling applications, and the way in which covered entities use them, may not comply with the HIPAA privacy rules. Furthermore, vendors of the WBSAs may not know providers are using these applications to create and send PHI, potentially making the WBSA vendors business associates under HIPAA.

OCR will exercise discretion in the enforcement of HIPAA privacy rules and will not penalize covered entities, their business associates, or WBSA vendors who are technically business associates, for noncompliance as it relates to the scheduling of individual COVID-19 vaccination appointments during the COVID-19 pandemic. This enforcement discretion applies to covered healthcare providers and their business associates, which are, in good faith, using WBSAs to schedule COVID-19 vaccination appointments, as well as WBSA vendors whose platforms are being used to schedule COVID-19 vaccination appointments. Discretion does not apply to covered entities or business associates for activities unrelated to the scheduling of COVID-19 vaccinations or if the covered providers or business associates fail to act in good faith. Instances where a covered entity or business associate is not considered to be acting in good faith include: (i) the use of a WBSA that allows the sale of personal information collected; (ii) the use of a WBSA for purposes other than scheduling COVID-19 vaccination appointments; (iii) the use of a WBSA without reasonable safeguards to protect the PHI; and (iv) the use of a WBSA to screen individuals for COVID-19 before an in-person visit.

George W. Bodenger, Esquire
Law Offices of George W. Bodenger, LLC
575 S. Goddard Blvd, #213
King of Prussia, PA 19406
Office (610) 212-5031
Fax – (484) 416-0229

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading

CMS Implements Changes to Prior Authorization Regulations

On January 15, 2021, the Centers for Medicare & Medicaid Services (“CMS”) issued the final rule for CMS Interoperability and Prior Authorization (the “Final Rule”) to improve the prior authorization process and give patients more control in accessing and understanding their health information. Under the Final Rule, certain payers, such as Medicaid and CHIP managed care plans, state Medicaid and CHIP fee-for-service (“FFS”) programs and those that issue individual market qualified health plans (“QHPs”) on the federally-facilitated exchanges (“FFEs”) must develop and implement technology known as application programming interfaces (“APIs”). APIs are commonly used in smartphone applications, and when incorporated into electronic health records (“HER”), can enable simple and immediate access to health information for providers.

Each payer covered by the Final Rule must create a documentation search capability driven by an API, and make the program public, allowing providers to access health documentation and prior authorization requirements from various EHR platforms. Once a provider determines what each prior authorization requires, the authorization can then be submitted electronically. Payers are also required to provide, under the already established patient access API, laboratory results and other claims and encounter data, as well as information regarding a patient’s pending and active prior authorizations.

Payers are also required to share this data with a patient’s provider if requested, and with other payers, in circumstances where a a patient’s coverage or provider changes. This requirement will allow patients, providers, and payers to have access to all the necessary data when needed, automating the process and reducing the administrative burden on providers. As a result, providers will be less likely to work with incomplete health information and the likelihood of repeat prior authorization requests will decrease, resulting in more time the provider has to spend with the patient. Notably, Medicare Advantage plans are not subject to the requirements of the Final Rule; however, CMS is continuing to consider whether Medicare Advantage plans should be included.

Under the Final Rule, payers will have up to 72 hours to make prior authorizations on urgent requests, and 7 calendar days for non-urgent requests. All payers covered by the Final Rule must provide an exact reason for any denial, giving providers increased transparency in the authorization process. To further encourage accountability, payers are also required to make public statistics related to prior authorizations that illustrate how the payer operates its prior authorization process.

The Final Rule will benefit patients as well; patients will have a better understanding of the prior authorization process, and will be able to better coordinate with their provider to properly plan for their healthcare needs. Patients will also have easier access to their health information and can take their information with them as they change plan

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading

CMS Finalizes Overhaul To Stark And Anti-Kickback Laws

On November 20, 2020, the Centers for Medicare & Medicaid Services (“CMS”) released the final rules amending two (2) of the primary bodies of federal law governing commercial conduct in the healthcare industry, the physician self-referral prohibitions (known as the “Stark Law”) and the Anti-Kickback Statute (“AKS”).  The Stark Law and AKS were initially created for a fee-for-service healthcare system, where there are financial incentives to provide more services to patients.  Efforts to clarify these outdated laws began in 2018, with the goal of accommodating changing financial arrangements triggered by the shift from fee-for-service to value-based care in the U.S. healthcare system.

The Stark Law, was initially enacted to prohibit physicians from making referrals to entities with which they had a financial relationship (i.e., ownership interest, compensation arrangement).  The final rule creates exceptions for specific value-based payment arrangements among and between various providers and suppliers, and offers new guidance for providers with a financial relationship governed by the Stark Law.  Under the rule, a value-based arrangement is one that provides at least one (1) value-based activity to a patient between the value-based enterprise and at least one of its participants, or the participants in the same value-based enterprise.  A value-based activity can mean the provision of a service, an action, or refraining from taking an action, so long as the activity reasonably related to the achievement of a value-based purpose.

The final rule creates three (3) new exceptions to the Stark Law:

  1. Value-based arrangements for participants in a value-based enterprise that is financially responsible for, and assumes the entire prospective financial risk, for the cost of all related patient care items and services for every patient;
  2. Value-based arrangement remuneration to physicians at meaningful downside financial risk of failing to reach the value-based purpose of the enterprise; and
  3. Value-based compensation arrangements, no matter the risk undertaken by the enterprise or participants. This exception also allows for monetary and nonmonetary remuneration among the parties.

The AKS is a criminal statute, focused on the intent of the provider, that prohibits intentional remuneration, in cash or in kind, in exchange for referrals of items and services reimbursable by a Federal healthcare program. This final rule adds new safe harbors to protect specific payment practices and business arrangements from AKS penalties to allow for improved coordination and patient care management and value-based care.  Under the final rule, three (3) new AKS safe harbors are created:

  1. Care coordination arrangements that enhance quality, health outcomes, and efficiency, without necessitating that the participants assume risk. Protected remuneration under this safe harbor must be mainly used to engage in value-based activities directly associated with coordination and management of patient care;
  2. Value based arrangements involving the exchange of remuneration among a value-based entity that has substantial downside financial risk from a payor and a value-based participant that meaningfully shares in this financial risk; and
  3. The protection of remuneration between value-based entity and value-based participant in a value-based arrangement in which the entity assumes full financial risk for the cost of items and services covered by the payor for each patient.

These new Stark Law exceptions and AKS safe harbors are receiving mixed reviews from healthcare providers.  Hospital industry groups such as the American Hospital Association and the Federation of American Hospitals were optimistic about the regulatory changes, while physician groups such as the American Medical Group Association expressed some degree of skepticism. ______________________________________________________________

Law Offices of George W. Bodenger, LLC is a boutique legal practice providing sophisticated legal services to various types of healthcare providers.  The Firm plans to issue additional commentary on these important changes to the Stark Law and the AKS.  Please contact George W. Bodenger at 610-212-5031 or if you have any questions regarding these matters or if you would like additional information about the Firm.

Sign up to receive Bodenger Law Firm alerts on topics related to health care law.

Continue Reading

Attorney George W. Bodenger


  • Member, American Bar Association, Health Law Section
  • Member, American Health Lawyers Association
  • Member, American Health Lawyers Association Accountable Care Organization Task Force.


  • J.D., Temple University James E. Beasley School of Law
  • M.B.A., Drexel University, summa cum laude
  • B.S., Pennsylvania State University

Bar Admission(s)

  • Pennsylvania
  • New Jersey


November 2021
« Oct