HSCC requests to include patching in allowable Stark Law donations

Featured image

Share this article

HHSHSCC requests to include patching in allowable Stark Law donations

In October 2019, the U.S. Department of Health and Human Services (HHS) proposed changes to the Federal Anti-Kickback Statute (AKS) and the Physician Self-Referral Law (Stark Law) in order to clarify the definitions of safe cybersecurity technology and services donations.

HHS created the amendments to modernize and clarify the regulations within our fast-paced digital age.

The Healthcare and Public Health Sector Coordinating Council (HSCC) responded to requests for feedback with a press release, suggesting, among other topics, that patching and updates should be protected under the exception/safe harbor.

What are the Stark Law and the safe harbor amendment?

The government created AKS and Stark Law to address healthcare fraud and abuse referrals of services; AKS prohibits the exchange of remuneration while the Stark Law prohibits self-referral.

Safe harbor amendments provide legal exemptions to the laws in order to provide greater flexibility to providers and value-based arrangements.

According to the amendments, “The proposed rule would add a new safe harbor for donations of cybersecurity technology and amend the existing safe harbors for electronic health records arrangements, warranties, local transportation, and personal services and management contracts.”

Technology safe harbors could include malware prevention, business continuity, and encryption software; services could include risk assessments as well as the installation of cybersecurity software.

RELATED: HIPAA Compliant Email

HHS Deputy Secretary Eric Hargan stated that the proposal is an effort to “allow innovation…while maintaining the important protections patients need.”

The proposal received overall praise when first released.

Why is HSCC worried about patching?

HSCC’s December 2019 press release addressed four overarching topics including clarification regarding needed hardware and software patching and updates.

A well-known cybersecurity problem within the healthcare industry is its reliance on outdated systems that no longer provide updates or security patches as well as the expense of switching and continuously maintaining new devices.

Related: What is a Threat Vector and Why It’s Important to Define

HSCC’s press release emphasized that such donations are necessary to block cyberattacks and must be part of the exception/safe harbor to AKS and Stark Law.

A request for clarification is vital given the healthcare industry’s continuous cyber threat concerns; HHS has yet to respond.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022