May 21, 2020

On April 24, 2020, the Office of Inspector General of the Department of Health and Human Services (OIG) issued a Proposed Rule amending the Civil Monetary Penalties Law (CMPL) as a result of HHS’s expansion of authority resulting from the 21st Century Cures Act (the “Cures Act”). If finalized, the Proposed Rule would implement statutory changes through the imposition of (1) new enforcement authorities for civil monetary penalties (CMPs), assessments and exclusions related to HHS grants, contracts and other agreements; (2) new CMP authorities regarding information blocking; and (3) increased maximum penalties for certain violations. The above three topic areas are described in more detail below.


Traditionally, CMPL allows HHS to enforce CMPs, assessments, and exclusions upon individuals and entities committing fraud and other misconduct regarding Federal health care programs. However, the Cures Act modification of CMPL increased OIG’s authority to impose sanctions and penalties related to HHS grants, contracts, and other agreements. Now, OIG’s Proposed Rule aims to codify this newly expanded authority in HHS’s CMP regulations.

In accordance with the Proposed Rule, HHS will possess new enforcement authority with respect to “fraud and other misconduct” involving HHS grants, contracts, and other agreements. This new authority will be added into the existing regulatory framework regarding the imposition and appeal of CMPs, assessments and exclusions. Specifically, the rule proposal will allow OIG to enforce sanctions against individuals or entities who:

  • knowingly present or cause to be presented a specified claim related to a grant, contract or other agreement that a person knows or should know is false or fraudulent;
  • knowingly make, use, or cause to be made or used any false statement, omission, or misrepresentation of a material fact in any of the wide array of documents (such as applications, proposals, bids, or progress reports) that are required to be submitted in order to directly or indirectly receive or retain funds provided in whole or in part pursuant to an HHS grant, contract, or other agreement;
  • knowingly make, use, or cause to be made or used, false records or statements material to false or fraudulent specified claims under a grant, contract, or other agreement;
  • knowingly conceals avoids or decreases an obligation to pay or transmit funds or property with respect to a grant, contract, or other agreement, or knowingly make, use, or cause to be made or used, a false record or statement material to such an obligation; and
  • fail to grant timely access upon reasonable request to OIG personnel who are carrying out audits, evaluations, investigations, and other statutory functions related to grants, contracts, and other agreements.

The Proposed Rule explains that the statutory authority will permit OIG to impose CMPs, assessments, and exclusions to “a wide array of situations in which HHS provides funding, directly or indirectly, in whole or in part, pursuant to a grant, contract, or other agreement.” In determining what constitutes an “other agreement,” OIG makes clear that the definition is broad and 42 U.S.C. 1320a– 7a(q)(3) identifies a non-exclusive list of arrangements that may qualify as “other agreements.” Additionally, the agency will analyze each situation on a case-by-case basis to determine whether the funding arrangement at issue constitutes an ‘‘other agreement’’ under the statute and if the conduct at issue violates the statute.

Penalties for such violations would range from $10,000 to $50,000 per offense and OIG may impose an assessment of not more than three times the amount involved with the improper conduct. The Proposed Rule also identifies a framework of aggravating and mitigating factors that OIG may consider when imposing penalties, assessments and exclusions resulting from violations of the new grant contract and other agreement fraud and misconduct offenses. However, the list is not an all-inclusive list and largely mirrors the list of circumstances that OIG may consider as aggravating and mitigating when imposing penalties, assessments, and exclusions for violations related to the fraudulent or false submission of healthcare claims. Regardless, individuals and entities sanctioned for fraud and other misconduct related to HHS grants, contracts and other agreements under the Proposed Rule would maintain procedural and appeal rights that currently exist for those sanctioned under the CMPL and other statutes for fraud or other misconduct related to Federal health care programs.


The Public Health Service Act (PHSA) was amended by the Cures Act. One such modification included the authorization of HHS/OIG’s investigation and sanction authority regarding information blocking.  Pursuant to PHSA, information blocking generally is defined as a practice that “is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information, if:

  • conducted by a health information technology developer, exchange, or network, such developer, exchange, or network knows, or should know, that such practice is likely to interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information; or
  • if conducted by a health care provider, such provider knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.”

Overall, the PHSA provided OIG with new authority to investigate claims of information blocking and authorizes the Secretary of HHS to impose CMPs against a defined set of individuals and entities that OIG determines committed information blocking. Significantly, the Proposed Rule only addresses OIG’s ability to impose CMPs for information blocking against health IT developers or other entities offering certified health IT, health information exchanges, and health information networks. The Rule makes clear that health care providers are not subject to information blocking CMPs by OIG unless such provider also meets the definition of a health information exchange or health information network as defined in the HHS’ Office of the National Coordinator for Health Information Technology (ONC) Final Rule.[1] However, it is important to note that OIG can refer a health care provider to the “appropriate agency to be subject to for appropriate disincentives” if the agency determines a provider’s conduct constitutes information blocking.

Furthermore, under the Proposed Rule, OIG has clarified that it would have discretion to choose which information blocking complaints it will investigate. Based on current expectations, OIG will likely focus its enforcement priorities on conduct that: (i) resulted in, is causing, or had the potential to cause patient harm; (ii) significantly impacted a provider’s ability to care for patients; (iii) was of long duration; (iv) caused financial loss to Federal health care programs, or other government or private entities; or (v) was performed with actual knowledge. As for the actual date of enforcement, the Proposed Rule states that the effective date of these regulations will be 60 days from the date of publication of the final rule.

Finally, the proposed rule seeks to implement a maximum $1,000,000 penalty per violation. However, OIG must consider factors such as the nature and extent of the information blocking and harm resulting from such information blocking, including, where applicable, the number of patients affected, the number of providers affected, and the number of days the information blocking persisted when determining whether to impose CMPs. Under the Proposed Rule, OIG defines “violation” as “each practice that constitutes information blocking.” Fortunately, the Proposed Rule sets out a variety of examples that will provide insight into what OIG will find to be a single violation or an instance of multiple violations. One example of a single violation in the Proposed Rule (among others) is as follows:

“A health care provider notifies its health IT developer of its intent to switch to another electronic health record (EHR) system and requests a complete electronic export of its patients’ electronic health information (EHI) via the capability as certified pursuant to  45 CFR 170.315(b)(10). The developer refuses to export any EHI without charging a fee. The refusal to export EHI without charging this fee would constitute a single violation.”


Lastly, the Proposed Rule would amend OIG’s CMP regulations to reflect the increased maximum penalty amounts for certain civil money penalties in accordance with the Bipartisan Budget Act of 2018. With the proposed changes, the maximum penalty amounts related generally to unlawfully filed claims for items and services under a Federal health care program would change from $10,000 to $20,000; from $15,000 to $30,000; and from $50,000 to $100,000 depending on the particular violation. Additionally, CMPs related to payments made as an inducement to reduce or limit services will increase from $2,000 to $5,000 and from $5,000 to $10,000–all conditioned on the specific offense committed. This statutory increase in civil money penalty amounts is effective for acts committed after the date of enactment, February 9, 2018.


The comment period for the Proposed Rule will remain open for 60 days and will close on June 23, 2020.  If you would like assistance submitting a comment regarding the Proposed Rule or compliance guidance concerning any OIG sanction or penalty, please contact a member of Hancock Daniel’s Fraud and Abuse Team.

Click here for a full PDF of this advisory.

The information contained in this advisory is for general educational purposes only. It is presented with the understanding that neither the author nor Hancock, Daniel & Johnson PC, is offering any legal or other professional services. Since the law in many areas is complex and can change rapidly, this information may not apply to a given factual situation and can become outdated. Individuals desiring legal advice should consult legal counsel for up-to-date and fact-specific advice. Under no circumstances will the author or Hancock, Daniel & Johnson PC be liable for any direct, indirect, or consequential damages resulting from the use of this material.

[1] The ONC Final Rule implements certain Cures Act information blocking provisions, including defining terms and establishing reasonable and necessary exceptions to the definition of information blocking. OIG and ONC have coordinated extensively on both the ONC Final Rule and this proposed rule to align both regulatory actions.

Print Friendly, PDF & Email