Insights & Resources

Medicare/Medicaid Fraud & Abuse Resource Center

    Back To Medicare/Medicaid Fraud & Abuse Resource Center

    Comparison Chart of Anti-Kickback Safe Harbors and Stark Exceptions -- Cybersecurity

    Cybersecurity – Current as of March 2021

    Stark
    Stark exception for nonmonetary remuneration for cybersecurity 42 CFR 411.457(bb)

    Anti-Kickback
    Safe harbor for nonmonetary remuneration for cybersecurity 42 CFR 1001.952(jj)

    The remuneration is nonmonetary and consists of technology and services necessary and used predominantly to implement, maintain, or reestablish cyber security. Technology includes any software or other types of information technology.

    The remuneration is nonmonetary and consists of technology and services necessary and used predominantly to implement, maintain, or reestablish effective cybersecurity.  Technology includes any software or other types of information technology.

    The eligibility of the physician for the technology or services and the amount or nature of the technology or services is not determined in any manner that directly takes into account the value or volume of referrals or other business generated between the parties.

    The donor does not directly take into account the volume or referrals or other business generated between the parties when determining the eligibility of a potential recipient for the technology or services, or the amount or nature of technology or services to be donated, nor does the donor condition the donation of technology or services, or the amount or nature of the technology or services to be donated, on future referrals.

    The physician and the physician’s practice, including employees and staff members, does not make the receipt of the technology or services, or the amount or nature of the technology or services, a condition of doing business with the donor.

    Neither the recipient nor the recipient’s practice, or any affiliated individual or entity, makes the receipt of technology or services, or the amount or nature of the technology or services, a condition of doing business with the donor.

    The arrangement must be in writing

    A general description of the technology and services being provided and the amount of the recipient’s contribution, if any, must be set forth in writing and signed by the parties.

     

    The donor does not shift the costs of the technology or services to any Federal health care program.