When a hospital or other healthcare entity violates the False Claims Act, there are consequences. Often these include entering into a Corporate Integrity Agreement (CIA) with the U.S. Office of the Inspector General (OIG). The purpose of a CIA is to strengthen an organization’s compliance program with policies and procedures approved by the government. The OIG must have confidence that the organization is taking steps to prevent new violations.
What is a Corporate Integrity Agreement?
A CIA is a tool used by the OIG to address violations at healthcare organizations through policies and procedures designed to enforce compliance with regulations. A CIA is usually coupled with a civil settlement between the provider and the government to avoid exclusion from federal health programs.
Who is subject to a CIA?
CIAs have been issued for all types of healthcare entities ranging from hospitals and health systems to physician practice groups, individual physicians, post-acute facilities, dialysis companies, pharmaceutical manufacturers, durable medical equipment suppliers, and many more.
Historically, the OIG always issued a CIA when violations occurred. However, in recent cases where the OIG is confident that the violation(s) will not reoccur, a CIA has not been put into place. Because the OIG can assess a violators’ capacity to change noncompliant behaviors, they can identify organizations who are low risk for repeat violations. To determine whether or not an organization should enter into a CIA, the OIG looks at many factors, including how long ago the violations occurred, whether there was a pattern of misconduct, the compliance procedures in place, and other elements. If an organization self discloses their violations, the OIG may not require a CIA because self disclosure is evidence of an effective compliance program.
What’s in a CIA?
CIAs generally focus on one or more categories of violations: claims review, focus arrangements, quality of care, and covered functions review. CIAs are fairly uniform; however, most include specific requirements tailored to the violation(s) that led to the settlement. CIAs typically run 3-5 years.
All CIAs require:
- Establishment of a compliance officer and compliance committee
- Imposition of compliance duties for the Board of Directors
- Adoption of a code of conduct and applicable policies and procedures
- Training and education on the code of conduct, policies, and procedures within the first 90 to 120 days as well as annually thereafter
- Internal reviews in addition to reviews by an Independent Review Organization (IRO) that organizations hire as a third party opinion
- Screening for ineligible persons, i.e. those excluded from federal health programs and those who have convictions that entail mandatory exclusion
- Reporting to the OIG of ongoing investigations or legal proceedings, any alleged fraudulent behavior, repayment of overpayments in accordance with the ACA, as well as any other compliance breach or any change in the location or structure of the organization
The OIG publishes all of the CIAs it issues on its website.
Why would an organization accept a CIA?
Typically, an organization enters into a CIA in order to continue participation in Medicare and Medicaid. The OIG will only offer a CIA as an alternative to exclusion if the situation merits it.
In “An Open Letter to Health Care Providers” written in November 2001, the OIG sought to clarify how they determine if a CIA is a good alternative to exclusion. They outlined eight factors:
- Whether the provider self-discloses the alleged misconduct
- The amount of monetary damage to Federal programs
- Whether the case involves a merger or acquisition where the buying entity is liable for the selling entity’s past and future liabilities
- Whether the provider is still participating in Federal health care programs or whether they are still in the line of business that gave rise to the fraudulent conduct
- Whether the alleged conduct is capable of repetition
- The age of the conduct
- Whether the provider has an effective compliance program and would agree to limited compliance or integrity measures, and if they would agree to annually certify such compliance to the OIG
- Other circumstances, as appropriate. 1
Who enforces CIAs?
Once an organization is under a CIA, the OIG assigns a Monitor. The Monitor has a collaborative role, and works primarily with the organization’s Compliance Officer. The team ensures the compliance program is preventing violations by identifying problems and correcting them. Even organizations under CIAs have compliance challenges; in fact, the OIG has been suspicious if they don’t hear of problems in organizations under a CIA.
What happens if an organization fails to comply with a CIA?
Failure to meet CIA obligations can result in a fine, often of $2,500 per day after the missed deadline outlined in the CIA. While it is rare, a “material breach” of the CIA can lead to a five-year exclusion from federal programs. CIAs define a “material breach” as:
- Repeated or flagrant violations of the CIA’s requirements
- Failing to report a reportable event, take corrective action, and make the appropriate refunds
- Failing to engage and use the required Independent Review Organization or Monitor
- Failing to meet a deadline or request for information from the OIG
1_An Open Letter to Health Care Providers written in November 2001: https://oig.hhs.gov/fraud/docs/openletters/openletter111901.htm
.svg)
.svg)
.svg)
.svg)