Printer Friendly, PDF & Email

Leveraging CIAs as a compliance tool: Analyzing trends to identify and mitigate hospital compliance risks

Samantha L. Groden ( is a Senior Managing Associate in the San Francisco office; Talia Linneman ( is a Managing Associate in the Washington, DC, office; and Rebecca J. Merrill ( is a Partner in the Atlanta office of Dentons US.

This is the first in a series of articles reviewing corporate integrity agreements and related materials to identify trends in compliance risk. This article’s focus is on hospitals. Future articles on this topic will focus on medical practices, individual healthcare practitioners, and other types of healthcare providers and suppliers.

Recent government enforcement activity serves as an excellent tool for identifying potential risk areas with respect to federal healthcare program compliance and devising strategies to assess and manage those potential risk areas.

Identifying, monitoring, and addressing potential risk areas is a critical component of an effective compliance program. Indeed, the U.S. Department of Health & Human Services Office of Inspector General (OIG) recommends that healthcare organizations participating in federal healthcare programs will, on at least an annual basis, conduct a risk assessment and internal review process pursuant to which the organization will (i) identify and prioritize risks, (ii) develop and implement internal audit work plans related to identified risk areas, and (iii) develop and implement corrective action plans in response to the results of any internal audits performed.[1]

To identify potential risk areas, healthcare organizations can and should consider a variety of sources. Common sources include internal compliance reports, quality evaluations and metrics, the OIG’s annual work plans, and agency-directed audits and inquiries. A robust risk assessment also should include consideration of recent corporate integrity agreements (CIAs) imposed by the OIG, and related materials (e.g., settlement agreements, complaints, and news releases), as these sources provide a wealth of information regarding the agency’s priorities, areas of focus, and compliance programming and performance expectations.[2]

By understanding the circumstances under which the OIG has imposed a CIA, members of the healthcare industry can better understand the agency’s enforcement priorities and identify practices that may require closer scrutiny within their own organization. Unfortunately, while the OIG maintains a publicly available database of its active CIAs, which includes a list of the parties subject to the CIA, copies of each CIA, and, in most instances, corresponding news releases issued by the U.S. Department of Justice in instances where the CIA was part of a settlement,[3] the data is not organized in a way that easily allows for quantitative and qualitative analysis.

This article is the first in a series designed to equip healthcare organizations with actionable data on recent CIA enforcement activity, including identification of trends in the type of covered conduct and compliance activities that may be considered based on those trends. Because compliance risks and business priorities vary by provider type, each article in the series will focus on a particular type of provider or supplier. This article focuses on CIAs recently imposed on hospitals.

This document is only available to members. Please log in or become a member.

This document is only available to subscribers. Please log in or register for complimentary access.

* required field