United States: Legal Compliance For ACOs Under The Medicare Shared Savings Program

Last Updated: November 18 2015
Article by John D. Shire

Previously published by Arlington Healthcare Group

If you are a hospital or health system that owns and operates an accountable care organization (ACO) participating in the Medicare Shared Savings Program (MSSP), or if you are seeking to participate in the MSSP in the future, then you must be in compliance with a host of state and federal laws and regulations that govern your ACO's legal existence, governance, and operations. Pursuant to the MSSP, healthcare providers and suppliers that participate in ACO arrangements receive Medicare fee-for-service payments under Parts A and B; however, the ACOs that meet specified quality and savings requirements may be eligible to receive a shared savings payment.

Recent developments in rulemaking under the MSSP necessitate that you now understand the legal structural compliance requirements contained in the final MSSP implementation regulations (Final Rule), which will determine several outcomes for your ACO, including: (i) legal entity selection; (ii) governance composition, operations and duties; and (iii) legal contents of contractual agreements between your ACO and its contract parties. These regulations were promulgated by CMS, pursuant to the Final Rule, on June 4, 2015 (and published in the Federal Register on June 9, 2015). 80 Fed. Reg. 32692 (June 9, 2015).1

At the state level, your ACO can only exist pursuant to the legal authority pronounced under your state's law. Specifically, state law will dictate ACO corporate form to ensure compliance with several legal hurdles, including: (i) the corporate practice of medicine doctrine; (ii) licensing and/or certification requirements; (iii) fraud and abuse requirements; (iv) provider referral restrictions; (v) antitrust requirements; (vi) privacy and security law; and (vii) state "Blue Sky" laws.

At the federal level, your ACO must be in compliance with fraud and abuse laws and regulations, including the federal anti-kickback statute, 42 U.S.C. § 1320a-7b(b), the federal physician self-referral prohibition, 42 U.S.C. § 1395nn, and civil monetary penalties law provisions, 42 U.S.C. § 1320a-7a; however, the ACA provided authority to the U.S. Department of Health and Human Services (DHHS) to establish waivers from compliance with the federal fraud and abuse laws as necessary to carry out the mission of the MSSP. In the Fourth Quarter of 2011, the Centers for Medicare & Medicaid Services (CMS) and the DHHS, Office of the Inspector General (OIG) released a joint interim Final Rule, 76 Fed. Reg. 67992 (October 20, 2011) with Comment Period governing the MSSP waiver program; however, these waivers only apply to the federal fraud and abuse laws and do not address existing state laws.

Your ACO must also comply with the federal Health Insurance Portability and Accountability Act of 1996, as amended, and implementing regulations ("HIPAA"). In most instances, the ACO will be a business associate under HIPAA and must enter HIPAA-compliant business associate agreements with participating health care providers. Thus, the ACO must comply with the terms of its Data Use Agreement with CMS, as well as the terms of any business associate agreement it enters with individual providers participating in the ACO.

A detailed discussion of the state laws applicable to ACOs, and the impact of these laws on legal structure, governance and operations will follow in our subsequent ACO Compliance Series for Hospitals and Health Systems. We will also explore the federal law issues applicable to ACOs, including an in-depth look at the fraud and abuse waiver program (and state responses to the waiver program), and a discussion of the tax-exemption compliance issues presented by ACO relationships.

In this issue of ACO Compliance Series for Hospitals and Health Systems, we describe the key legal structural compliance requirements contained in the MSSP Final Rule that will determine the following four outcomes for your ACO.

1. Which of your legal entities serves as the operating ACO?

In general, your ACO must be a legal entity, formed under state, federal or tribal law, which is authorized to conduct business in each state in which it operates for the following four purposes: (i) receiving and distributing shared savings; (ii) repaying shares losses or other monies determined to be owned to CMS; (iii) establishing, reporting and ensuring provider compliance with healthcare quality criteria, including quality performance standards; and (iv) fulfilling all ACO functions required by 42 C.F.R § 425.100 et seq. 42 C.F.R. §425.104(a).

Pursuant to the Final Rule, if your ACO includes two (or more) independent ACO participants, then your ACO must be a separately-formed legal entity that is independent from any of the ACO participants. Id. at §425(b). What this means for you is that if your ACO is comprised of multiple ACO participants (and each belongs to the same health system), then the ACO legal entity must be a separately formed entity that is distinct from any one of the multiple providers or suppliers who participate in the ACO. 80 Fed. Reg. 32692, 32716 (June 9, 2015).

Conversely, the Final Rule adds new text to provide that an ACO formed by a single ACO participant may use its existing legal entity (and governing body) for operations; provided, however, that it satisfies all of the general criteria described above and the governance criteria discussed below in (Question 2). 42 C.F.R. §425.104(c).

Existing legal entities (i.e. those entities not specifically formed to participate in the MSSP program as an ACO), such as independent practice associations (IPAs) or physician-hospital organizations (PHOs)) that are typically engaged in activities unrelated to MSSP may only participate in the MSSP as ACOs if all of the entities' members participate in all line of business performed by such entities. As discussed below, the Final Rule amends previous regulations to impose fiduciary duties (i.e. the duty of loyalty) on the members of the governing body of the ACO. Id. § 425.106(b)(3).

2. What requirements control the composition, operations and duties of your ACO's governing body?

a. Composition.

There are five rules controlling the composition of your ACO's governing body. First, your ACO must provide for meaningful participation in the composition (and control) of your ACO's governing body for ACO participants or their designated representatives. 42 C.F.R. §425.106(c). This provision reflects CMS' preference that an ACO be operated by Medicare-enrolled entities that directly provide healthcare services to beneficiaries, but accommodates smaller groups of providers that lack the resources necessary to form an ACO and administer the program requirements on their own. 80 Fed. Reg. 32692, 32718 (June 9, 2015).

Second, your ACO governing body must include one or more Medicare beneficiary representatives who are served by your ACO. Neither the beneficiary representative(s) (nor an immediate family member of the representative(s)) can have a conflict of interest with your ACO. Third, at least 75 percent of the voting control of your ACO's governing body must be held by ACO participants. Fourth, such governing body members may serve in a similar manner for a participant of your ACO.

Finally, if the composition of your ACO's governing body does not comply with the beneficiary rule and the 75 percent test, then you must describe why your composition deviates from the rule and how your ACO will achieve meaningful representation and participation by ACO participants and Medicare beneficiaries. 42 C.F.R. §425.106(c).

b. Operations and Duties.

The governing body of your ACO has the responsibility for oversight and the strategic direction of your ACO's operations, and must hold management accountable for its activities. 42 C.F.R. §425.106(b). Specifically, the governing process must be transparent. The members of the governing body must have a fiduciary duty to your ACO and act in accordance with that fiduciary duty. Id. § 425.106(b)(1)-(3).

To further these objectives, CMS included in the Final Rule conflict of interest safeguards that apply to your ACO's governing body. Specifically, your ACO must establish and implement a conflict of interest policy that requires each member of the governing body to disclose all relevant financial interests and defines a procedure to determine whether a conflict of interest exists and resolving such conflicts to the extent that they exist. Id. § 425.106(d). Finally, the conflict of interest policy must define remedial actions for governing body members that fail to comply with the policy. Id.

3. What substantive provisions must be included in the contractual agreements between your ACO and the providers and/or suppliers who participate with your ACO?

Contractual arrangements between your ACO (on the one hand) and ACO participants and ACO providers and suppliers (on the other hand) are now governed by new provisions to the Final Rule under 42 C.F.R. § 425.116; however, the provisions governing agreements applicable to ACO participants and those applicable to ACO providers/suppliers are materially identical with few exceptions. Id. § 425.116(a) and (b).

There are nine requirements applicable your ACO's agreements with ACO participants.

  1. The parties to the agreements must include only your ACO and the ACO participant. Id. § 425.116(a)(1). This requirement reflects CMS' position that independent practice association and physician-hospital organization contracts are not appropriate or required for purposes of participation in the MSSP.
  2. The signatories to the agreements must be only individuals who are authorized to bind the ACO and the ACO participant. Id. § 425.116(a)(2).
  3. The agreements must state that the ACO participant agrees to participate in the MSSP and to comply with the requirements of the MSSP as well as all of the laws and regulations applicable to the program. Id. § 425.116(a)(3). Similarly, the ACO participant must agree to ensure that each ACO provider/supplier billing through the TIN of the ACO participant agrees to the same participation and compliance obligations as the ACO participant itself. Id.
  4. The agreements must define the ACO participant's rights and obligations in, and representation by, the ACO. Id. § 425.116(a)(4). These requirements include: (i) quality reporting requirements; (ii) beneficiary notification requirements; and (iii) a description of how participation in the MSSP affects the ability of the ACO participant and its ACO providers/suppliers to participate in other Medicare demonstration projects or programs that include shared savings mechanisms. Id.
  5. Your ACO agreements must identify how the opportunity to obtain shared savings will encourage the ACO participant to adhere to the quality assurance and improvement program and evidence-based medicine guidelines established by the ACO. Id. § 425.116(a)(5).
  6. Your ACO agreements must require the ACO participant to update its enrollment data, including the addition and deletion of ACO professionals and ACO providers/suppliers billing through the TIN of the ACO participant, on a timely basis in accordance with the Medicare program requirements and to notify the ACO of any such changes within 30 days after the change. Id. § 425.116(a)(6).
  7. Your ACO agreements must allow the ACO to take corrective action against the ACO participant, including a corrective action plan, denial of incentive payments, and termination of the ACO participant agreement, to address noncompliance with the MSSP and other program integrity issues. Id. § 425.116(a)(7). Similarly, the agreement must ensure that the ACO participant implements similar measures with its ACO providers/suppliers. Id.
  8. The term of your ACO agreements be for at least one year, and identify the consequences for early termination. Id. § 425.116(a)(8).
  9. Your ACO agreement must include completion of a close-out process upon the termination or expiration of the agreement that requires the ACO participant to provide all data necessary to complete the annual assessment of your ACO's quality of care and other relevant matters. Id. § 425.116(a)(9).

The provisions applicable to direct agreements between your ACO and ACO providers/suppliers include all of the provisions (1) – (7) above, which are applicable to contracts between your ACO and ACO participants. Id. § 425.116(b)(1) – (7).

Given the time required for (and complexity of) implementation of these provisions, CMS has given your ACO until January 1, 2017 to satisfy these contractual compliance requirements. Your ACO must submit executed ACO participant agreements for each ACO participant at the time of its initial application, renewal process, and when adding to its list of ACO participants. Id. § 425.116(c).

Click here to view original article


1 The Final Rule codifies existing CMS guidance and is designed to reduce administrative burden and improve MSSP function and transparency in the following categories: (i) data-sharing requirements; (ii) relationships between ACOs and the providers and suppliers that participate in the ACO arrangement; (iii) clarifications and updates to application requirements; (iv) eligibility requirements governing the number of beneficiaries in the ACO, obligatory processes for coordinating care, legal structure and governance; (v) assignment methodology; (vi) financial performance metrics; and (viii) issues governing program integrity and transparency. 80 Fed. Reg. 32692, 32694 (June 9, 2015). In order to achieve these objectives, CMS, in the Final Rule, adopted the following changes to the MSSP program: (i) – (vii).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions