Federal Anti-Kickback Statute Safe HarborsThe OIG has adopted two Safe Harbors that permit certain arrangements involving the donation of electronic prescribing technology and electronic health records (" EHR"). The ports reflect an attempt to encourage donation of this technology in circumstances where donations are unlikely to constitute business-generating incentives or rewards payable by federal health programs. Electronic Prescribing Items and Services Electronic Prescribing Safe Harbor protects the donation of hardware, software, information technology, and training services by certain donors to certain recipients in connection with the Medicare Part D program {Dunlop, 2007 #14} Specifically, only Safe Harbor protects donations from: (1) a hospital to its medical personnel; (2) a medical group to its members; and (3) a prescription drug plan (“PDP”) or Medicare Advantage organization (“MA”). healthcare professionals who prescribe drugs or network pharmacies and pharmacists.{Dunlop, 2007 #14}Donations of electronic prescribing technology must be documented by the parties in a signed document specifying the donor's costs for the technology provided. Donors may not select recipients based on the volume or value of referrals or other business generated between the parties, and recipients may not condition business with potential donors on the provision of electronic prescribing technology.{Dunlop, 2007 # 14} Additionally, donor technology must be compatible with other electronic prescribing and health record systems, and donors may not limit the recipient's right or ability to use the technology for all patients, regardless of payer status. EHR and Service Items... middle of paper... "addressable". A covered entity must implement a required implementation specification, but need not implement an addressable specification if it has determined that the specification is not a reasonable and appropriate safeguard given the entity's operating environment and the likely protective effect of the safeguard. If the implementation specification is determined not to constitute a reasonable and adequate response to the entity's security needs, the entity must implement an equivalent alternative, if reasonable and appropriate. Where no reasonable and appropriate alternative exists, the entity is not required to implement any safeguards. However, in situations where an entity decides not to implement an addressable specification, the entity must document the reasons why it determined that such implementation specification was unreasonable and inappropriate.