This document provides an overview of Corporate Integrity Agreements (CIAs) imposed by the Department of Health and Human Services Office of Inspector General (OIG). It discusses the evolving responsibilities of boards of directors and executives under CIAs, as well as the increasing use of outside experts like Independent Review Organizations and Compliance Experts. CIAs now routinely require certifications from boards, CEOs, and other executives to ensure accountability for compliance. Selecting qualified outside experts is important, as OIG relies on their reviews and reports.

1. Richard Kusserow, CEO Strategic Management
Tom Herrmann, JD, SVP Strategic Management
June 9, 2016

2. I. OVERVIEW OF EVOLVING CIAs
II. BOARD RESPONSIBILITIES UNDER CIAs
III. CIA MANDATES FOR OUTSIDE EXPERTS
IV. MANDATORY CERTIFICATIONS

3. •Purpose and character
•Number and types
•Standard provisions
•Evolving terms and conditions

4. As of June 1, 2016. All numbers are approximate.
Distribution of Active CIAs by HHS
OIG Categories

5.  Office of Investigations: Conducts investigations
 Office of Audit Services: Conducts audits
 Office of Evaluations and Inspections: Conducts reviews
 Office of Counsel: Negotiates settlements, develops CIAs,
monitors CIA compliance, imposes administrative
sanctions
 Office of Public Affairs: posts CIAs on OIG web site
http://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp
5

6.  Often part of a global settlement with DOJ & DHHS
 Contract with OIG to ensure future integrity
 Negotiated by the OIG Counsel's Office
 Monitored by the OIG Counsel's Office
 Usually in effect for five years
 Commits entity to compliance obligations in lieu of exclusion

7.  Approximately 350 CIAs currently in effect
 New CIAs being added at average of about 3 per month
 Standard terms/conditions + “case specific” requirements
 Intended to prevent recurrence of misconduct (e.g. false claims,
improper arrangements, misleading marketing)
 Focus areas:
- Arrangements with potential referral sources
- Claims to Federal health care programs
- Quality of Care (e.g. long term care)
- MCO enrollment/marketing

8.  Hospitals and health systems
 Physician practices
 Long term care facilities (e.g. SNFs)
 Pharmaceutical/device companies
 DME suppliers
 Therapy providers
 Emergency transportation companies
 Laboratories

9.  Establish (or enhance) Compliance Program
 Appoint Compliance Officer
 Bar employment/contracting with excluded parties
 Notify OIG of investigations and/or legal proceedings
 Identify, report, and repay overpayments
 Disclose “reportable events”
 Submit an Annual Report on status of CIA compliance
 Report change of business location or status
 OIG right to inspection, audit, and review
 Penalties for non-compliance with terms of CIA

10.  Take steps to meet CIA obligations
 Meet deadlines
 Search for a qualified Independent Review Organization (IRO)
 Search for a qualified Compliance Expert (CE)
 Enhance Compliance Program to meet CIA standards
 Engage expert to conduct a “mock” review”
 Take corrective action on identified deficiencies/problems

11.  OIG increasing oversight and accountability of CIAs
 Adding more requirements for executives and boards
 More Certifications by Boards, CEOs, executives, COs
 Boards hire Compliance Expert (CE) to assist with CP review
 Increased focus on effectiveness of the CPs
 Increasing role of Independent Review Organization (IRO)

12.  Entire CP infrastructure built and functioning
 Code developed & distributed to all Covered Persons
 CP Policies and Procedure
 Training on CP, policies, applicable laws, and CIA
 Hotline
 Sanction Screening
 Disclosures
 Use of outside experts to ensure compliance
 Certifications by Board, CEO, CFO, Compliance Officer

13.  “Corporate Responsibility and Corporate Compliance”
 “An Integrated Approach to Corporate Compliance”
 “A Toolkit for Health Care Boards”
 “Practical Guidance for Health Care Governing Boards
on Compliance Oversight?

14.  “Board involvement and commitment is critical for a
successful compliance program – top down approach.”
 “The best boards are active, questioning, even skeptical”
 “Boards should receive candid, timely, and
comprehensive information on how organization’s
compliance program is operating.”
 “Boards shouldn’t make assumptions, or view their job
narrowly, or shy away from tough questions.”

15. CIAs place greater responsibility on a Board of Directors,
which now has enumerated duties

16.  Members must undergo at least two hours of training annually
 Responsibility for meeting CIA requirements
 Responsibility for compliance program
 Responsibility for risks assessment and conducting oversight
 Members must certify to receiving the required training
 Certification shall specify training received and the date
 Copies of Certifications and course materials shall be retained

17.  Have at least one independent member
 Review/oversight of compliance with laws/regulations
 Ensure CIA requirements are met
 Meet at least quarterly to review and oversee the CP
 Meet in Executive Session with the Compliance Officer (CO)
 Review CO and Compliance Committee performance
 Report to OIG on steps taken under the CIA
 Inform OIG of documents and other materials reviewed
 Retain a Compliance Expert (CE) to perform a CP Review
 CE prepares CP Report with findings/recommendations
 Review CE Report and include it in Annual Report to OIG
 Prepare and maintain Minutes of meetings with the CE
 Certify to meeting mandated obligations

18. •Independent Review Organizations (IROs)
•Compliance Experts (CEs)
•Compliance Monitors

19.  OIG emphasis on Board responsibility/oversight of
compliance (See “Practical Guidance for Health Care
Governing Boards on Compliance Oversight” – 2015)
 OIG view on Board engagement of an independent CE to
assist in fulfilling compliance responsibilities
 OIG mandate in recent CIAs that a Board retain an
independent CE

20.  INDEPENDENT REVIEW ORGANIZATION (IRO):
Selected by an entity (subject to OIG approval) to conduct CIA
mandated reviews of identified risk area to make independent
and objective determination of compliance.
 INDEPENDENT MONITOR: OIG selected expert to assess
quality of care furnished by entity and Compliance Program.
 COMPLIANCE EXPERT (CE): OIG requirement that a
Board engage a CE to provide independent basis and support
for entity certification of CP compliance effectiveness. Also
called Compliance Advisor

21.  OIG consistently mandated retention of an IRO to assess
entity CIA compliance in risk area
 Initially, IROs perform both operational (e.g. claims,
arrangements) and CP reviews
 OIG eliminated IRO CP reviews to rely on Board
certification
 Evaluates Systems, Transactions, Admissions, Marketing
 IRO reviews may be annual or quarterly

22.  IROs were subject of discussion at OIG sessions
 OIG found cases of sub-standard IRO work
 Led to appointing Monitors to oversee compliance
 Media raised questions re Novartis moving to 3rd CIA
 Why didn’t IRO prevent same offenses
 IRO was also their Auditor: Question of Independence
 OIG said reviewing practices of better screening IRO

23.  Selected occasionally by the OIG to provide
independent oversight of the quality of care
furnished by an entity, or the CP and CIA
compliance
 Not common, but required in unusual cases
(e.g. Extendicare and DaVita CIAs)

24.  Board must engage an independent CE to assist meeting
their compliance oversight obligations
 Required to create a review work plan and conduct review
 Must prepare a Compliance Program Review Report
 Board must review Report as part of its oversight of the CP
 Entity shall send Report to OIG along with Annual Report
 Materials provided to the Board + Minutes of meetings
with CE are available for OIG review

25.  Entity selects an IRO and CE
 OIG does not endorse any companies or individuals
 OIG reserves the right to deny approval of the IRO or CE
 OIG has access to IRO/CE work papers & correspondence
 OIG has the right to review and question IRO and CE work
 OIG has right to request the replacement of an IRO or CE

26.  Federal health care program expertise
 Knowledge of statistical sampling (often necessary)
 Independent - no conflicts of interest
 Objective - not an advocate

27.  Engage a firm with program and technical expertise
 Review CIA experience (the more, the better)
 Determine number and type of reviews conducted
 Record important (shouldn’t learn at your expense)
 Knowledge/ experience increases efficiency & lowers costs
 Seek recommendations from others
 Select individual with a positive track record with the OIG
 Seek identity/credentials of those who will actually
conduct the review(s)

28.  Have expertise to conduct reviews
 Program reviews (systems/transactions), not financial audits
 Can be consulting, audit, or law firm
 CIA may require several different types of reviews with
different expertise
 Must warrant independence and objectivity
 Must warrant not having any conflict of interest
 Must follow GAO GAGAS operational review standards
 Must certify to meeting OIG required standards

29.  Did the firm met its obligations satisfactory?
 Were there any problems?
 Did the OIG find the firm’s work satisfactory?
 Did the firm perform services economically and efficiently?
 Was the firm sensitive to the entity’s operations and needs?
 Was the firm’s work professional, competent, and timely?

30. Required certifications by the Board,
CEO, CFO, CO, Program Managers

31.  OIG now routinely requires Board certifications for each
reporting period
 A Resolution is signed by each Board Member is required to
confirm its review and oversight of CIA compliance
obligations and compliance with applicable regulations
 All Board Members are required to adopt and sign a
Resolution for each CIA Reporting Period

32. "The Board of Directors has made a reasonable inquiry
into the operations of the Compliance Program
including the performance of the Compliance Officer
and the Compliance Committee. Based on its inquiry
and review, the Board has concluded that, to the best of
its knowledge, XXXX has implemented an effective
Compliance Program to meet Federal health care
program requirements and the obligations of the CIA."

33.  Top executives held personally responsible for CIA compliance
 Certifying Employees (Covered Persons) include CEO, SVPs,
and/or persons in charge of applicable functional areas
 Must monitor/oversee activities within their areas of authority
and annually certify compliance with CIA and applicable laws
 Must certify receiving specified compliance training by experts

34.  All requirements of the CIA have been met
 Procedures have been implemented ensuring compliance with
all applicable laws
 Reviewed the review reports of the IRO and CE and made
reasonable inquiry regarding its content
 Based upon making reasonable inquiry and review, has
determined that information in Report is accurate/truthful

35. "I have been trained on and understand the compliance
requirements and responsibilities as they relate to [insert
name of department], an area under my supervision. My
job responsibilities include ensuring compliance with
regard to the [insert name of department] with all
applicable Federal health care program requirements,
obligations of the CIA, and policies, and I have taken steps
to promote such compliance. To the best of my knowledge,
the [insert name of department] is in compliance with all
applicable Federal health care program requirements and
the obligations of the CIA. I understand that this
certification is being provided to and relied upon by the
United States."

36. “Within 120 days after the Effective Date, shall develop and
implement a written process for Certifying Employees to
follow for the purpose of completing the certification
required by this section (e.g., reports that must be
reviewed, assessments that must be completed, sub-
certifications that must be obtained, etc. prior to the
Certifying Employee making the required certification).”

37. Certifies in the first Annual Report under the CIA to the extent
applicable:
(a) Not to resubmit to any Federal health care program payors
any previously denied claims related to the Covered Conduct
addressed in the Settlement Agreement, and not to appeal
any such denials of claims;
(b) Not to charge to or otherwise seek payment from federal or
state payers for unallowable costs (as defined in the
Settlement Agreement); and
(c) To identify and adjust any past charges or claims for
unallowable costs.

38.  Ensure the CP has been implemented and can be evidenced
 Select promptly mandated experts (90 or 120 days)
 Need time to find and check credentials of outside experts
 OIG expects outside experts to be independent
 OIG relies on the reviews and reports of the experts
 IROs/CEs must have credible CIA record (more the merrier)
 Experts need to have specific health care sector expertise
 Experts must be free of any COI or appearances of conflicts
 Experts must use qualified staff for specified reviews
 Poorly prepared expert reports may trigger OIG review
 Certifying parties will rely upon the experts
 False certifications could result in criminal prosecution

39.  Expect CIAs to continue to evolve and change
 CIAs signal OIG changing expectations in CPs
 OIG “White Papers” telegraph new changes
 General movement to more personal accountability of
executives, compliance officers, and boards
 Increase supportable evidence of CP effectiveness
 Remember ACA requires CMS development of
mandated CP standards

40. Copyright 2016. Strategic Management Services, LLC. All Rights Reserved