Donating EHR to Another Practice? Understand the AKS Safe Harbor First (42 CFR § 1001.952(y) & (z))

For many small medical practices, electronic health record (EHR) technology represents a major investment in both money and training. As practices upgrade systems, merge, or close, the question often arises: Can we donate our EHR system to another practice? While such generosity may seem harmless, or even beneficial to patients, federal fraud and abuse laws add a layer of complexity.

The Anti-Kickback Statute (AKS) makes it illegal to knowingly and willfully offer or receive remuneration in return for patient referrals or business reimbursable by federal healthcare programs. Donating EHR software or related services could be construed as an unlawful inducement unless it fits within a regulatory safe harbor.

The EHR donation safe harbors, codified at 42 CFR § 1001.952(y) and (z), provide a way for small practices to share or donate technology legally, provided they meet strict requirements. This article explores what the safe harbor covers, where small practices risk liability, and how to structure donations to remain compliant.

Understanding the Anti-Kickback Statute and Its Relevance to EHR

The AKS is designed to prevent financial arrangements that distort medical decision-making. In the context of EHR donations, regulators worry that a hospital or larger practice might donate technology to a small clinic in exchange for referrals, subtly tying access to valuable IT systems with patient flow.

Violations of the AKS can lead to:

• Criminal fines up to $25,000 per violation

• Imprisonment up to five years

• Civil monetary penalties

• Exclusion from federal healthcare programs

• False Claims Act liability if tainted claims are submitted

For small practices, such penalties can be devastating. Safe harbor protections provide a pathway for compliant arrangements that advance interoperability and patient care without creating referral-based incentives.

The EHR Donation Safe Harbors Explained

The EHR donation safe harbors at 42 CFR § 1001.952(y) and (z) were designed to encourage adoption of health IT while protecting against abuse. They apply to donations of software, information technology, and training services.

Key requirements include:

1. Written Agreement
   The donation must be documented in writing, clearly describing the EHR items or services provided.

2. Interoperability
   Donated technology must be interoperable when provided, ensuring patient data can move freely across systems.

3. No Referral Requirement
   Donations cannot be conditioned on referrals or business generation.

4. Recipient Contribution
   The receiving practice must pay at least 15% of the donor’s cost for the EHR technology. This ensures skin in the game and prevents donations from being disguised inducements.

5. Fair Market Value (FMV)
   Donors cannot adjust the value of contributions based on referral potential.

6. No Restrictive Terms
   The donor cannot limit the recipient’s ability to use or connect the EHR with competing systems.

7. Documentation of Compliance
   Records must be maintained to demonstrate compliance with the safe harbor criteria.

Together, these provisions balance promoting EHR adoption with preventing improper financial influence.

While the safe harbors provide protections, small practices must be careful to avoid pitfalls:

• Failure to Document Contributions: If the 15% cost-sharing is not recorded, regulators may view the donation as an inducement.

• Conditional Arrangements: Linking EHR donations to a preferred referral pattern can lead to AKS violations.

• Non-Interoperable Systems: Donating outdated, non-interoperable software undermines both compliance and patient care goals.

• Bundling with Other Services: Including free IT support, hosting, or unrelated services without valuation can violate fair market value principles.
  

A small cardiology group accepted donated electronic health records (EHR) software from a local hospital. There was no written agreement for this arrangement, and the hospital covered 100% of the costs, including what should have been the practice's share. This full subsidy, which required no financial contribution from the cardiology group, could be interpreted as an improper financial incentive for patient referrals.

Investigators found a troubling pattern: nearly all the cardiology group's Medicare patients were being referred to the hospital that donated the EHR software. This raised a major red flag, suggesting that the EHR wasn't a selfless gift, but rather a tool to steer business.

The Office of the Inspector General (OIG) concluded that the hospital's "donation" was effectively a kickback. Under federal law, it's illegal to offer or receive anything of value, including free software, in exchange for patient referrals. The fact that the hospital covered 100% of the costs, without any contribution from the cardiology group, only strengthened the OIG's case.

This case highlights a critical lesson: even seemingly helpful donations can be scrutinized as a form of illegal payment if they appear to induce referrals. All parties involved must ensure that such arrangements follow specific safe harbor regulations, which often require a clear, written agreement and a fair market value contribution from the recipient.

The practice faced civil monetary penalties and was forced to renegotiate its technology agreements under government oversight. This case highlights why strict adherence to safe harbor provisions is essential.

To avoid liability under the AKS, small practices should:

1. Use Clear Contracts
   Draft agreements that specify what is being donated, the cost-sharing terms, and compliance with the safe harbor.

2. Ensure Interoperability
   Require certification that the donated system meets interoperability standards set by the Office of the National Coordinator for Health IT.

3. Document the 15% Contribution
   Have the recipient practice pay its portion directly and keep detailed records.

4. Conduct FMV Assessments
   Use independent valuation to confirm costs and ensure the arrangement does not deviate from fair market principles.

5. Separate Donations from Referrals
   Make clear in contracts and in practice that patient referral patterns will not be tied to the donation.

6. Audit Regularly
   Conduct annual reviews to verify that donation arrangements continue to meet safe harbor conditions.
   

For small practices, compliance with the EHR donation safe harbors is not just about avoiding penalties. It is about protecting trust, ensuring patient data flows securely, and maintaining independence from larger healthcare organizations.

By meeting safe harbor requirements, practices can:

• Safely upgrade technology at reduced cost

• Strengthen data sharing for better patient care

• Avoid the appearance of improper financial influence

• Demonstrate proactive compliance in the event of an OIG audit

Donating or receiving EHR systems can significantly improve patient care and efficiency, but small practices must tread carefully. The AKS safe harbors at 42 CFR § 1001.952(y) and (z) provide a clear legal framework for compliant donations, requiring written agreements, interoperability, fair market valuation, and recipient cost-sharing.

By adhering to these requirements, small practices can embrace technology donations as a compliance-friendly opportunity, not a legal risk. Ignoring them, however, risks severe penalties, government investigations, and reputational harm.

AKS compliance should be a living process. By leveraging a regulatory tool, your practice can maintain real-time oversight of requirements, identify vulnerabilities before they escalate, and demonstrate to both patients and payers that compliance is built into your culture.

1. U.S. Department of Health & Human Services, Office of Inspector General. Safe Harbor Regulations

2. 42 CFR § 1001.952(y) & (z). EHR Donation Safe Harbors. Legal Information Institute.

3. Office of the National Coordinator for Health Information Technology (ONC).