So, You're Being Faced with a CIA...

Posted on
December 13, 2016

CIAs are designed to improve processes so that violations don’t occur again.

Submit your email below to receive this post directly in your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

It happens, organizations do things wrong and the government issues at CIA. Remember, CIAs are designed to improve processes so that violations don’t occur again.

Why would an organization accept a CIA?

Typically, an organization enters into a CIA in order to continue participation in Medicare and Medicaid. The OIG will only offer a CIA as an alternative to exclusion if the situation merits it.

In “An Open Letter to Health Care Providers” written in November 2001, the OIG sought to clarify how they determine if a CIA is a good alternative to exclusion. They outlined eight factors:

  1. Whether the provider self-discloses the alleged misconduct
  2. The amount of monetary damage to Federal programs
  3. Whether the case involves a merger or acquisition where the buying entity is liable for the selling entity’s past and future liabilities
  4. Whether the provider is still participating in Federal health care programs or whether they are still in the line of business that gave rise to the fraudulent conduct
  5. Whether the alleged conduct is capable of repetition
  6. The age of the conduct
  7. Whether the provider has an effective compliance program and would agree to limited compliance or integrity measures, and if they would agree to annually certify such compliance to the OIG
  8. Other circumstances, as appropriate. 1

Who enforces CIAs?

Once an organization is under a CIA, the OIG assigns a Monitor. The Monitor has a collaborative role, and works primarily with the organization’s Compliance Officer. The team ensures the compliance program is preventing violations by identifying problems and correcting them. Even organizations under CIAs have compliance challenges; in fact, the OIG has been suspicious if they don’t hear of problems in organizations under a CIA.

What happens if an organization fails to comply with a CIA?

Failure to meet CIA obligations can result in a fine, often of $2,500 per day after the missed deadline outlined in the CIA. While it is rare, a “material breach” of the CIA can lead to a five-year exclusion from federal programs. CIAs define a “material breach” as:

  • Repeated or flagrant violations of the CIA’s requirements
  • Failing to report a reportable event, take corrective action, and make the appropriate refunds
  • Failing to engage and use the required Independent Review Organization or Monitor
  • Failing to meet a deadline or request for information from the OIG

What can a healthcare entity do to prevent violations? Stay tuned for Part Two in this series, available in November.

1An Open Letter to Health Care Providers written in November 2001: https://oig.hhs.gov/fraud/docs/openletters/openletter111901.htm

BACK TO BLOGS