As our society’s health needs change, our healthcare system continues to evolve based on applicable laws, regulations, and available resources. Healthcare providers also need to adapt accordingly. In this process, violations—whether inadvertent or intentional—have also taken place, negatively affecting healthcare programs and the well-being of the people who truly need them.
Fraud and abuse have been among the biggest culprits of the waste of federal healthcare programs funded by taxpayers. To fight against fraud and abuse in healthcare, Congress created the Office of Inspector General (OIG) in the 1970s and gave it the authority to implement measures and actions to protect the public interest and tax dollars. In addition, the government also has strengthened interdepartmental collaboration to enforce laws and regulations, including the False Claims Act (FCA), Anti-Kickback Statute (AKS), Stark Law, etc., in an effort to stop unlawful and/or unethical practices and save tax dollars and resources.
When the government determines the existence of unlawful practices or finds actual wrongdoing (e.g., defrauding a federal healthcare program), a civil settlement may be entered into between the US government and a provider to resolve any allegations of fraud and abuse or other offenses arising from the applicable laws. A government settlement generally comes with a civil monetary penalty and a set of terms and conditions that stipulate the specific legal obligation and requirements that the provider must meet. Depending on the nature of the allegations and investigative findings, the OIG, in its sole discretion, may choose to settle with a provider that has been accused of wrongdoing and to negotiate a set of legal obligations by which the provider must abide, such as a corporate integrity agreement (CIA) or integrity agreement (IA).
A CIA is basically a contract that sets forth all obligations and requirements with which a provider agrees to comply, as part of the civil settlement with the government in exchange for its continual participation in federal healthcare programs (meaning the OIG will not exclude such provider from the programs).
An IA is similar to a CIA in that it is also a contract between the government and a provider, and it outlines all the obligations and requirements. The unique part is that an IA is designed to settle matters with an individual practitioner, small practice groups, or small providers.
The following will explain the major components of a government settlement, its framework, and its implications.
Corporate Integrity Agreements
Corporate integrity agreements (CIAs) were introduced by the OIG within the U.S. Department of Health & Human Services (HHS) in the 1990s. CIAs are used as part of the civil settlement arrangement to resolve the allegations of fraud and abuse faced by healthcare providers. In exchange for the OIG’s agreement not to seek an exclusion of the healthcare provider from participation in Medicare, Medicaid, and other federal healthcare programs, the provider consents to the obligations as part of the civil settlement. The objectives of these CIAs are to improve the quality of the care that healthcare organizations provide to patients and residents and to promote compliance with laws and regulations.
A comprehensive CIA typically lasts five years and includes requirements to do the following:
Hire a compliance officer/appoint a compliance committee.
Develop written standards and policies.
Implement a comprehensive employee training program.
Retain an independent review organization to conduct annual reviews.
Establish a confidential disclosure program.
Restrict employment of ineligible persons.
Report overpayments, reportable events, and ongoing investigations/legal proceedings.
Provide an implementation report and annual reports to OIG on the status of the entity’s compliance activities.
Whether your organization entered into a CIA with the OIG directly, or it was inherited through the acquisition of an entity that has one, you are required to comply with the obligations set forth therein, unless specified otherwise. Other than the key elements of the compliance program, the specific requirements and obligations may vary slightly because CIAs are tailored to address certain issues identified in a particular setting, such as long-term care (LTC) providers, physician groups, laboratories, pharmacies, etc. When an FCA settlement resolves allegations of fraud that impact the quality of patient care, the OIG may enter into a CIA with the provider.
CIAs require practitioners to implement certain compliance program elements; retain an independent third party, known as an IRO, or independent review organization, to conduct quarterly reviews; and submit periodic reports in accordance with agreement terms. CIAs also contain breach and default provisions under which the OIG may impose penalties for noncompliance with the terms of the CIA.
Compliance Program Elements
The requirements set forth in CIAs are not completely new to healthcare providers. In fact, they mirror the seven basic elements outlined in the U.S. Sentencing Guidelines and various guidance and recommendations issued by the government. CIAs have simply formalized the items and placed them in a structured legal format.
The OIG is a governmental agency that monitors and oversees the implementation of the organizations that are under a CIA. Generally, there is an OIG monitor appointed to each individual organization. As the point of contact at the OIG, organizations should submit reports to their respective OIG monitors, as well as seek guidance from them.
Ineligible persons include any individual or entity who is currently excluded from participation in any federal healthcare program or who has been convicted of a criminal offense but has not yet been excluded. Organizations must ensure no ineligible person is employed to provide any care or services reimbursed by federal healthcare programs. To meet this requirement, organizations shall implement proper screening procedures to check all prospective and current employees. Specifically, all prospective employees must be checked against the HHS OIG List of Excluded Individuals/Entities prior to engaging their services, and on a monthly basis thereafter, along with all other current employees.
Claims Review Requirements
First of all, an organization under a CIA must engage an independent review organization (IRO) that possesses the appropriate qualifications, necessary expertise, and proper knowledge set forth in its CIA. Organizations must engage an IRO to perform claims reviews in accordance with the procedures and specifications as specified in their CIAs. The IRO shall include in its reports a certification to attest to its objectivity, impartiality, and independence.
The IRO must conduct the review in a professionally independent and objective fashion. The organization must submit the IRO information to OIG for review. In addition, organizations under a CIA must ensure the IRO has access to all records and personnel necessary to complete the reviews and that all records furnished to the IRO are accurate and complete.
Common Claims Review Issues
There are some common claims review issues that healthcare providers should be aware of and avoid while operating under a CIA: timelines, data access, and error rates. From the preparation of the audits, document production, to corrective actions following the audits, all due dates must be met, as time is of the essence. In addition, data access is another issue. The records and materials, including all work papers, supporting documentation, correspondence, and draft reports relating to the reviews, must be retained and made available to the OIG upon request. Also, when the error rate exceeds certain thresholds, additional reviews or corrective actions may be needed.
Different sets of reporting obligations are often stipulated in CIAs. For example, when an organization identified a substantial overpayment, a violation of any criminal, civil, or administrative laws, or an employment of an excluded individual or entity, it must self-report such incident to the OIG, which is the governmental agency overseeing the CIA’s implementation.
In addition, other incidents or circumstances may mandate self-reporting. For instance, if an organization files for bankruptcy or becomes aware of any ongoing investigation or legal proceeding conducted or brought by a governmental entity or its agents, then the organization is mandated to notify the OIG of such governmental investigation or legal proceeding. The notification shall include a description of any allegations involved, the identity of the investigating or prosecuting agency, and the case status. After the investigation concludes, the organization shall also provide written notice to the OIG with an update on the resolution, findings, and outcomes of the investigation or proceeding, if any.
Moreover, an organization is generally required to submit a written report to the OIG shortly after the execution of a CIA to update the OIG on the status of its implementation of the requirements of the CIA. That report is often referred to as the implementation report. Then on an annual basis thereafter, the organization must submit to the OIG a report on its compliance with the CIA requirements for each reporting period.
Breach and Default Provisions
Organizations under a CIA are expected to fully and timely comply with all of the CIA obligations. In the event that an organization fails to do so, CIAs stipulate penalties for different types of violations, ranging from $1,000 to $50,000 per occurrence, depending on the scope and severity of the offense. In the OIG’s sole discretion, the organization may be given the opportunity to cure its breach of the CIA obligation(s) and must inform the OIG in writing to demonstrate the breach has been cured.
The OIG may take enforcement actions against an organization that is in material breach of the CIA obligations. Upon finding such violation or breach, the OIG will notify the organization in its demand letter. The organization is given a period of time within which it must respond by either curing the breach to the OIG’s satisfaction or request a hearing before an HHS administrative law judge to dispute the OIG’s determination of noncompliance. Any material breach of CIA obligations may constitute a basis for the organization’s exclusion from participation in federal healthcare programs, and the OIG will notify the organization of its intent to exercise its right to impose exclusion upon its determination that the organization has materially breached the CIA obligation(s).