This document provides an overview of Corporate Integrity Agreements (CIAs) imposed by the Department of Health and Human Services Office of Inspector General (OIG). It discusses the evolving responsibilities of boards of directors and executives under CIAs, as well as the increasing use of outside experts like Independent Review Organizations and Compliance Experts. CIAs now routinely require certifications from boards, CEOs, and other executives to ensure accountability for compliance. Selecting qualified outside experts is important, as OIG relies on their reviews and reports.
4. As of June 1, 2016. All numbers are approximate.
Distribution of Active CIAs by HHS
OIG Categories
5. Office of Investigations: Conducts investigations
Office of Audit Services: Conducts audits
Office of Evaluations and Inspections: Conducts reviews
Office of Counsel: Negotiates settlements, develops CIAs,
monitors CIA compliance, imposes administrative
sanctions
Office of Public Affairs: posts CIAs on OIG web site
http://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp
5
6. Often part of a global settlement with DOJ & DHHS
Contract with OIG to ensure future integrity
Negotiated by the OIG Counsel's Office
Monitored by the OIG Counsel's Office
Usually in effect for five years
Commits entity to compliance obligations in lieu of exclusion
7. Approximately 350 CIAs currently in effect
New CIAs being added at average of about 3 per month
Standard terms/conditions + “case specific” requirements
Intended to prevent recurrence of misconduct (e.g. false claims,
improper arrangements, misleading marketing)
Focus areas:
- Arrangements with potential referral sources
- Claims to Federal health care programs
- Quality of Care (e.g. long term care)
- MCO enrollment/marketing
8. Hospitals and health systems
Physician practices
Long term care facilities (e.g. SNFs)
Pharmaceutical/device companies
DME suppliers
Therapy providers
Emergency transportation companies
Laboratories
9. Establish (or enhance) Compliance Program
Appoint Compliance Officer
Bar employment/contracting with excluded parties
Notify OIG of investigations and/or legal proceedings
Identify, report, and repay overpayments
Disclose “reportable events”
Submit an Annual Report on status of CIA compliance
Report change of business location or status
OIG right to inspection, audit, and review
Penalties for non-compliance with terms of CIA
10. Take steps to meet CIA obligations
Meet deadlines
Search for a qualified Independent Review Organization (IRO)
Search for a qualified Compliance Expert (CE)
Enhance Compliance Program to meet CIA standards
Engage expert to conduct a “mock” review”
Take corrective action on identified deficiencies/problems
11. OIG increasing oversight and accountability of CIAs
Adding more requirements for executives and boards
More Certifications by Boards, CEOs, executives, COs
Boards hire Compliance Expert (CE) to assist with CP review
Increased focus on effectiveness of the CPs
Increasing role of Independent Review Organization (IRO)
12. Entire CP infrastructure built and functioning
Code developed & distributed to all Covered Persons
CP Policies and Procedure
Training on CP, policies, applicable laws, and CIA
Hotline
Sanction Screening
Disclosures
Use of outside experts to ensure compliance
Certifications by Board, CEO, CFO, Compliance Officer
13. “Corporate Responsibility and Corporate Compliance”
“An Integrated Approach to Corporate Compliance”
“A Toolkit for Health Care Boards”
“Practical Guidance for Health Care Governing Boards
on Compliance Oversight?
14. “Board involvement and commitment is critical for a
successful compliance program – top down approach.”
“The best boards are active, questioning, even skeptical”
“Boards should receive candid, timely, and
comprehensive information on how organization’s
compliance program is operating.”
“Boards shouldn’t make assumptions, or view their job
narrowly, or shy away from tough questions.”
15. CIAs place greater responsibility on a Board of Directors,
which now has enumerated duties
16. Members must undergo at least two hours of training annually
Responsibility for meeting CIA requirements
Responsibility for compliance program
Responsibility for risks assessment and conducting oversight
Members must certify to receiving the required training
Certification shall specify training received and the date
Copies of Certifications and course materials shall be retained
17. Have at least one independent member
Review/oversight of compliance with laws/regulations
Ensure CIA requirements are met
Meet at least quarterly to review and oversee the CP
Meet in Executive Session with the Compliance Officer (CO)
Review CO and Compliance Committee performance
Report to OIG on steps taken under the CIA
Inform OIG of documents and other materials reviewed
Retain a Compliance Expert (CE) to perform a CP Review
CE prepares CP Report with findings/recommendations
Review CE Report and include it in Annual Report to OIG
Prepare and maintain Minutes of meetings with the CE
Certify to meeting mandated obligations
19. OIG emphasis on Board responsibility/oversight of
compliance (See “Practical Guidance for Health Care
Governing Boards on Compliance Oversight” – 2015)
OIG view on Board engagement of an independent CE to
assist in fulfilling compliance responsibilities
OIG mandate in recent CIAs that a Board retain an
independent CE
20. INDEPENDENT REVIEW ORGANIZATION (IRO):
Selected by an entity (subject to OIG approval) to conduct CIA
mandated reviews of identified risk area to make independent
and objective determination of compliance.
INDEPENDENT MONITOR: OIG selected expert to assess
quality of care furnished by entity and Compliance Program.
COMPLIANCE EXPERT (CE): OIG requirement that a
Board engage a CE to provide independent basis and support
for entity certification of CP compliance effectiveness. Also
called Compliance Advisor
21. OIG consistently mandated retention of an IRO to assess
entity CIA compliance in risk area
Initially, IROs perform both operational (e.g. claims,
arrangements) and CP reviews
OIG eliminated IRO CP reviews to rely on Board
certification
Evaluates Systems, Transactions, Admissions, Marketing
IRO reviews may be annual or quarterly
22. IROs were subject of discussion at OIG sessions
OIG found cases of sub-standard IRO work
Led to appointing Monitors to oversee compliance
Media raised questions re Novartis moving to 3rd CIA
Why didn’t IRO prevent same offenses
IRO was also their Auditor: Question of Independence
OIG said reviewing practices of better screening IRO
23. Selected occasionally by the OIG to provide
independent oversight of the quality of care
furnished by an entity, or the CP and CIA
compliance
Not common, but required in unusual cases
(e.g. Extendicare and DaVita CIAs)
24. Board must engage an independent CE to assist meeting
their compliance oversight obligations
Required to create a review work plan and conduct review
Must prepare a Compliance Program Review Report
Board must review Report as part of its oversight of the CP
Entity shall send Report to OIG along with Annual Report
Materials provided to the Board + Minutes of meetings
with CE are available for OIG review
25. Entity selects an IRO and CE
OIG does not endorse any companies or individuals
OIG reserves the right to deny approval of the IRO or CE
OIG has access to IRO/CE work papers & correspondence
OIG has the right to review and question IRO and CE work
OIG has right to request the replacement of an IRO or CE
26. Federal health care program expertise
Knowledge of statistical sampling (often necessary)
Independent - no conflicts of interest
Objective - not an advocate
27. Engage a firm with program and technical expertise
Review CIA experience (the more, the better)
Determine number and type of reviews conducted
Record important (shouldn’t learn at your expense)
Knowledge/ experience increases efficiency & lowers costs
Seek recommendations from others
Select individual with a positive track record with the OIG
Seek identity/credentials of those who will actually
conduct the review(s)
28. Have expertise to conduct reviews
Program reviews (systems/transactions), not financial audits
Can be consulting, audit, or law firm
CIA may require several different types of reviews with
different expertise
Must warrant independence and objectivity
Must warrant not having any conflict of interest
Must follow GAO GAGAS operational review standards
Must certify to meeting OIG required standards
29. Did the firm met its obligations satisfactory?
Were there any problems?
Did the OIG find the firm’s work satisfactory?
Did the firm perform services economically and efficiently?
Was the firm sensitive to the entity’s operations and needs?
Was the firm’s work professional, competent, and timely?
31. OIG now routinely requires Board certifications for each
reporting period
A Resolution is signed by each Board Member is required to
confirm its review and oversight of CIA compliance
obligations and compliance with applicable regulations
All Board Members are required to adopt and sign a
Resolution for each CIA Reporting Period
32. "The Board of Directors has made a reasonable inquiry
into the operations of the Compliance Program
including the performance of the Compliance Officer
and the Compliance Committee. Based on its inquiry
and review, the Board has concluded that, to the best of
its knowledge, XXXX has implemented an effective
Compliance Program to meet Federal health care
program requirements and the obligations of the CIA."
33. Top executives held personally responsible for CIA compliance
Certifying Employees (Covered Persons) include CEO, SVPs,
and/or persons in charge of applicable functional areas
Must monitor/oversee activities within their areas of authority
and annually certify compliance with CIA and applicable laws
Must certify receiving specified compliance training by experts
34. All requirements of the CIA have been met
Procedures have been implemented ensuring compliance with
all applicable laws
Reviewed the review reports of the IRO and CE and made
reasonable inquiry regarding its content
Based upon making reasonable inquiry and review, has
determined that information in Report is accurate/truthful
35. "I have been trained on and understand the compliance
requirements and responsibilities as they relate to [insert
name of department], an area under my supervision. My
job responsibilities include ensuring compliance with
regard to the [insert name of department] with all
applicable Federal health care program requirements,
obligations of the CIA, and policies, and I have taken steps
to promote such compliance. To the best of my knowledge,
the [insert name of department] is in compliance with all
applicable Federal health care program requirements and
the obligations of the CIA. I understand that this
certification is being provided to and relied upon by the
United States."
36. “Within 120 days after the Effective Date, shall develop and
implement a written process for Certifying Employees to
follow for the purpose of completing the certification
required by this section (e.g., reports that must be
reviewed, assessments that must be completed, sub-
certifications that must be obtained, etc. prior to the
Certifying Employee making the required certification).”
37. Certifies in the first Annual Report under the CIA to the extent
applicable:
(a) Not to resubmit to any Federal health care program payors
any previously denied claims related to the Covered Conduct
addressed in the Settlement Agreement, and not to appeal
any such denials of claims;
(b) Not to charge to or otherwise seek payment from federal or
state payers for unallowable costs (as defined in the
Settlement Agreement); and
(c) To identify and adjust any past charges or claims for
unallowable costs.
38. Ensure the CP has been implemented and can be evidenced
Select promptly mandated experts (90 or 120 days)
Need time to find and check credentials of outside experts
OIG expects outside experts to be independent
OIG relies on the reviews and reports of the experts
IROs/CEs must have credible CIA record (more the merrier)
Experts need to have specific health care sector expertise
Experts must be free of any COI or appearances of conflicts
Experts must use qualified staff for specified reviews
Poorly prepared expert reports may trigger OIG review
Certifying parties will rely upon the experts
False certifications could result in criminal prosecution
39. Expect CIAs to continue to evolve and change
CIAs signal OIG changing expectations in CPs
OIG “White Papers” telegraph new changes
General movement to more personal accountability of
executives, compliance officers, and boards
Increase supportable evidence of CP effectiveness
Remember ACA requires CMS development of
mandated CP standards