Lexology January 16, 2020
Jones Day

In Short

The Situation: Despite the ongoing evolution of cybersecurity technology and services, patients’ health information and other confidential data remain vulnerable to cyberattacks because such technology and services are often not utilized uniformly across the health care industry and are often costly to implement and maintain.

The Action: In the simultaneously released proposed rules, the Centers for Medicare & Medicaid Services (“CMS”) and Office of the Inspector General (“OIG”) have proposed a new exception to the Stark Law and a new safe harbor from the Anti-Kickback Statute (“AKS”) that would permit stakeholders to donate cybersecurity technology and services in order to address the cybersecurity needs of donors and recipients.

Looking Ahead: While the agencies seek to use the proposed...