Why the Health Care Industry Should Be Concerned About Section 889 of the 2019 National Defense Authorization Act
On August 13, 2018, President Trump signed into law the National Defense Authorization Act (NDAA) of 2019. While the annual NDAAs are tracked, analyzed, and picked apart with great care by the federal contracting community, the health care industry typically pays them little mind. But ignoring the 2019 NDAA would be a big mistake, because tucked within its more than 1,000 sections is one that will have a significant impact on many health care industry players. It’s known as Section 889.
Section 889 has two key subsections:
Effective August 2019, Subsection A prohibits the federal government from purchasing products incorporating and services using Chinese technology produced by Huawei Technologies Company or ZTE Corporation (as well as three other Chinese companies).
Effective August 2020, Subsection B prohibits the federal government from contracting with an entity that uses products or services that incorporate or use covered technology, whether or not the products or services are used in the context of a federal contract.
As discussed in greater detail below, much of the health care, administration, and research services provided to the U.S. government will fall within the scope of Subsection A and/or B. Accordingly, contractors, payers, and providers are well advised to give Section 889 a close read.
What Does Section 889 Require?
As an initial matter, and admittedly in oversimplified form, Subsection A of Section 889 prohibits entities from selling to the government equipment that incorporates or services that use covered technology (i.e., technology containing components manufactured by Huawei, ZTE, and three other Chinese entities). Section 889 Subsection A also requires entities providing products or services to the U.S. government
To represent, prospectively, whether or not they will provide covered equipment or services as part of their service offering and, if so, to furnish additional detail about the covered equipment or services; and
To report (within one business day) any covered equipment or services discovered during the course of contract performance.
In fiscal year (FY) 2018, the government spent about $673 billion to procure health care services. And it has obligated almost $730 billion in FY 2019 for the same purpose. So it’s fair to say Subsection A of Section 889 has significant implications for the health care industry.
But compliance will become even more challenging in August 2020, when Subsection B of Section 889 goes into effect. In contrast to Subsection A, which focuses on products and services provided to the government (either through a procurement or a grant), Subsection B focuses on entities that merely use the covered products or services, whether or not in the context of a federal contract. The statutory language is quite broad:
[The Government shall not] “enter into a contract (or extend or renew a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”
Notably, the prohibition includes no exception for internal uses unrelated to federal contracting. It contains no “nexus” requirement that would limit its application to uses “in connection with” a federal contract or subcontract. In other words, a hospital’s use of Huawei telecommunications equipment in liaising with a food services vendor, for example, still could implicate Section 889, even if that use has little or no connection to the hospital’s federal contracts (i.e., to provide health services). Similarly, a payer’s use of Huawei telecommunications equipment for its videoconferencing capabilities could implicate Section 889. The only real limitation on Subsection B is that, as written, it applies only to entities that sell goods and services, and not to grant recipients. (Subsection A, the basic prohibition, in contrast, applies to grant recipients and contractors.)
Does Section 889 Apply To My Organization?
Driven by understandable public disbelief over the scope of Subsection B, the U.S. General Services Administration (GSA) held a public “Industry Engagement Forum” in late November 2019. The event was attended by about 100 contractors, manufacturers, and government officials, but few if any health care industry representatives were in attendance. Yet, as noted above, Section 889 clearly has tentacles that reach the health care industry.
Section 889’s prohibition applies to the head of an executive agency and, thus, appears to apply to the many federal executive agencies that contract for health care and related services and supplies. In fact, at least one such agency already has included Section 889’s prohibition in its contracts with prime contractors. Prime contractors that are or likely are subject to Section 889 are listed below. And since Federal Acquisition Regulation (FAR)-covered prime contractors must flow Section 889’s prohibitions down to their subcontractors, the list of covered entities actually goes well beyond the list below. In short, health care contractors, payers, and providers that accept money from the U.S. government, directly or indirectly, should be paying close attention to Section 889 and its implementing regulations.
National Institutes of Health (NIH) Contractors. Hospitals and health care systems that hold contracts with the NIH or its affiliated agencies will be covered by the regulations implementing Section 889. To take but one example, in FY 2018, the National Cancer Center—just one contracting entity within the NIH network—made over 450 contract awards, with a total potential contract value of over $1.85 billion. These awards will be covered by Section 889.
Defense Health Administration (DHA) Contractors. The DHA procures a lot of health care services. In May 2018 alone, DHA announced the award of 27 contracts—with a value of almost $1 billion—to provide medical support services to military treatment facilities across the U.S. Each of those contractors—like the hundreds of other DHA contractors—will be subject to Section 889.
Department of Veterans Affairs (VA) Schedule Contractors. The VA runs a multiple award contracting program known as the “VA Schedule.” In FY 2018, the government purchased more than $421 million through the VA Schedule. Each Schedule contractor will be subject to Section 889.
VA Community Care Third Party Administrators (TPAs). The VA contracts with TPAs to manage its nationwide network of providers under the Patient Centered Community Care (PC3) Program and currently emerging Community Care Network. These TPAs likely will be subject to Section 889.
VA Veterans Care Contractors. In locations where the VA cannot supply adequate care to its customers, the agency enters into contracts (Veterans Care Agreements) with local providers to fill the void in patient care. These providers likely will be subject to Section 889.
TRICARE Regional Contractors and Other Contractors. The entities that contract directly with the government to administer the military’s TRICARE program likely will be subject to Section 889.
Federal Employee Health Benefits Program (FEHBP) Carriers. The payers and other entities that contract directly with the Office of Personnel Management (OPM) to provide health care benefits to federal employees and annuitants under the FEHBP are subject to Section 889 as evidenced by OPM’s 2020 Standard Contract for FEHBP carriers.
University Health Systems. According to the Wall Street Journal, the U.S. has about 120 academic health centers. Since a college or university that holds a federal contract (e.g., a Department of Defense or Department of Health and Human Services (HHS) research and development contract) will be covered by Section 889, the hospitals and health systems affiliated with those covered schools also may be covered by Section 889.
Obviously, this is only a partial list of entities that will or may be subject to Section 889. But it does serve to highlight the breadth of the new rule.
Subsection A of Section 889 clearly covers grant recipients. The prohibition is written in clear terms: “The head of an executive agency may not obligate or expend loan or grant funds to procure or obtain, extend or renew a contract to procure or obtain, or enter into a contract (or extend or renew a contract) to procure or obtain the equipment, services, or systems described . . . .” Thus, unlike many federal purchasing rules, Section 889 is not limited to procurement contracts. This is a significant point in terms of the scope of the rule. The NIH awarded more than $27 billion in grants in FY 2018 alone, including grants to hospitals and health care systems. And that’s just a single agency. In short, the inclusion of grants within the scope of Section 889 brings within the rule’s reach a number of entities that often pay little attention to Congress’ annual NDAAs.
Payers in Non-FAR-Based Government Contracts
The GSA recently confirmed that Section 889 applies to all contracts and other award types, not just FARbased contracts. This suggests that Section 889 applies to the health insurers and other payers that contract with the Department of Health and Human Services’ Centers for Medicare and Medicaid Services (CMS) under the Medicare Advantage and Medicare Prescription Drug Benefit programs, which are not subject to the FAR. To date, CMS has not commented on the applicability of Section 889 to Medicare Advantage organizations and Medicare Prescription Drug Plan sponsors.
At the moment, it seems merely being a participating provider in the government’s TRICARE program (the federal government’s health care program for uniformed service members, retirees, and their families) will not transform a health care provider into a government contractor subject to Section 889. On November 6, 2019, the Department of Labor (DOL) published a Notice of Proposed Rulemaking taking the position that merely participating in the TRICARE program as a health care provider does not bring an entity with the reach of the Department of Labor’s various contracting rules and regulations. It stands to reason that, if the Proposed Rule moves forward, the Section 889 regulations similarly will be inapplicable to TRICARE participating providers. But even this could change.
For the time being, providers that contract with FEHBP carriers to provide health care to the carriers’ federal On November 6, 2019, the Department of Labor (DOL) published a Notice of Proposed Rulemaking taking the position that merely participating in the TRICARE program as a health care provider does not bring an entity with the reach of the Department of Labor’s various contracting rules and regulations. www.sheppardmullin.com -4- enrollees will not have to worry about Section 889 since health care providers are not “subcontractors” for purposes of OPM’s contracts with carriers. However, it is important to keep in mind, as the DOL Proposed Rule makes clear, DOL contracting rules and regulations—and, presumably, other federal contracting rules and regulations like Section 889—will continue to apply if an entity (including a hospital or health care system) holds “a separate covered Federal contract or subcontract.”
If My Organization Is Covered By Section 889, What Should We Do?
The health care contractors, payers, and providers that receive contracts or grants from the federal government will have their work cut out for them. Just think how many things in a hospital might incorporate technology produced by Huawei or ZTE (to name just two of the five companies covered by the law). Obviously, the hospital’s computers, medical record systems, routers, phones, printers, surveillance systems, and security systems might incorporate covered technology, but the list goes well beyond those items. The rule could cover a hospital’s smart thermostats, systems and devices that connect the hospital to ambulances and community physician offices, and even the copiers at nurses’ stations. It could cover the phones, tablets, and computers used by doctors, nurses, admissions personnel, and technicians. It could cover bedside medical or wearable devices that monitor patient care. And if the hospital is a contractor (versus merely a grant recipient), it will cover these items whether or not they are used in the performance of a federal contract.
As Section 889 Subsection A already is in effect, and Subsection B goes into effect August 2020, the health care industry needs to take immediate action to ensure compliance. The following steps probably should be part of the plan:
First, determine whether the organization provides a product or service to the United States, and/or performs under the terms of a grant for the United States. In making this assessment, consider all possible federal agreements, including contracts with the VA, HHS, DHA, and OPM.
Second, categorize direct and indirect purchases by risk (e.g., the purchase of a blue-tooth enabled hospital bed may be low risk; the purchase of a multifunction copier may be medium risk; the purchase of a medical monitoring device with communications capabilities likely is high risk).
Third, develop a standard, written, risk-based process for evaluating the content of the various products. Perhaps the process calls for no diligence with respect to lowrisk items, obtaining a certification from sellers from which medium risk items are procured, and obtaining a certification coupled with additional due diligence for high-risk items. The process should be memorialized in writing, applied consistently, and monitored and audited periodically.
Fourth, solicit the necessary representation of compliance from the appropriate distributors or manufacturers, and ensure a process is in place to track the requests and the responses.
Fifth, educate the organization’s purchasing/procurement/ materials management professionals to ensure they are up to speed on Subsection A and Subsection B of Section 889.
Adopting a robust, risk-based compliance approach along these lines not only will help reduce the likelihood of noncompliance, it will help demonstrate a reasonable, good-faith effort to comply should compliance efforts turn out to be less than perfectly implemented.
What Is The Risk Of Not Complying?
While compliance with such a far-reaching rule may seem costly, and it will be, not complying with the rule will be even more so. As a strictly contractual matter, an organization’s failure to submit an accurate representation to the government constitutes a breach of contract that can lead to cancellation, termination, and a host of financial consequences. However, the primary fear for most health care industry players will be the potential for an alleged False Claims Act violation based on noncompliance with Section 889. This liability can reach even those providers and subcontractors not directly covered by Section 889 if, by using the prohibited technology themselves, they cause prime contractors to submit false claims for payment to the government. Because the government can seek treble damages and up to $23,000 in penalties per False Claims Act violation, the cost of merely defending against and resolving an allegation of a False Claims Act violation can be enormous. As the health care industry already endures more than half of all False Claims Act filings, Section 889 gives plaintiffs yet another sandbox to play in. While the government may be inclined to give contractors, payers, and providers an adjustment period before opening intrusive audits and investigations, plaintiffs’ lawyers will not be so generous.
The federal regulations implementing Section 889 continue to evolve. The government issued an initial Interim Rule in August 2019, and then followed up with a second Interim Rule in early December 2019. One or more rules covering Subsection B are expected out in early- to mid-2020. That doesn’t give the health care industry much time to get its technological houses in order. Of course, Subsection A and its implementing regulations already are in effect, so one could say those houses already should be in order.