Cornelia Dorfschmid (cdorfschmid@strategicm.com) is Executive Vice President at Strategic Management Services, LLC in Alexandria, VA.
Nicole Caucci (nicole.caucci@oig.hhs.gov) is Deputy Chief, Administrative and Civil Remedies Branch, Office of Counsel to the Inspector General, Department of Health and Human Services, Salt Lake City, UT.
Not every healthcare fraud settlement involves a large corporation with the structure and resources necessary to implement a corporate integrity agreement (CIA). As a result, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) developed the integrity agreement (IA) for settlements with individual practitioners. In order to be successful under an IA, it is essential that the practitioner take the time to read and understand thoroughly the specific requirements and deadlines of the agreement, in particular the requirements relating to the quarterly claims review. Practitioners who make a concerted effort to (1) read, understand, and implement the IA requirements, and (2) work closely with the assigned OIG monitor and their independent reviewer during the implementation period of the agreement, will increase their chances of being successful and avoiding the imposition of penalties for noncompliance. The tips provided in this article may be helpful in reducing the learning curve.
Background on integrity agreements and subject types
There are two versions of the IA: one designed for individual physicians or small group physician practices, and another designed for a business entity that has a small number of employees, a single location or only a couple of locations, and a limited management structure. IAs typically have a term of three years (as opposed to the five-year CIA term) but require more frequent independent reviews than CIAs. The OIG currently monitors approximately 52 IAs. As reflected in Figure 1, the majority are with individual practitioners and small group practices. This article focuses on IAs with physicians and small group practices.
Integrity agreement requirements
IAs require practitioners to implement certain compliance program elements, retain an independent third party to conduct quarterly reviews, and to submit an initial and annual reports. IAs also contain breach and default provisions under which the OIG may impose penalties for non-compliance with the terms of the IA.
Compliance program elements
IAs require that the practitioner establish and maintain a compliance program that includes certain specified elements, including those outlined below.
Compliance notice
The practitioner must post in a prominent place accessible to both employees and patients a compliance notice that provides the HHS OIG Fraud Hotline Telephone number (1-800-HHS-TIPS, 1-800-447-8477) as a confidential means by which suspected fraud or abuse in the federal healthcare programs may be reported.
Training
The practitioner’s employees and contractors must receive at least three hours of training, during the first year of the IA, on topics such as the federal healthcare program billing, coding, and claim submission statutes; regulations; and program requirements relating to the types of items and services furnished by the practitioner and medical record documentation requirements. The IA also gives the OIG discretion to require additional hours of training in later years of the IA if, for example, the result of the independent reviews suggest that additional training is warranted.
Claims review
The practitioner must retain an independent review organization (IRO) to conduct a review of the practitioner’s claims to the Medicare and Medicaid programs on a quarterly basis.
Screening for exclusion
Practitioners must ensure that they are not employing or contracting with any individuals or entities that have been excluded from participation in the federal healthcare programs by the OIG, by screening all prospective new hires against the OIG’s List of Excluded Individuals/Entities (LEIE)[1] as part of the hiring process, as well as requiring applicants to disclose whether they are excluded, and screening all existing employees and contractors within 30 days after the effective date of the IA. All current employees and contractors must be screened against the LEIE on a monthly basis. The monthly screening requirement is based on the recommendation in the OIG’s Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs.[2] Because the LEIE is updated monthly, screening on a monthly basis is the best way to minimize potential overpayment and Civil Monetary Penalties Law (CMPL) liability for the employment of an excluded individual.
Notifications to OIG
Practitioners must make certain notifications to the OIG about ongoing government investigations or legal proceedings involving allegations of criminal conduct or fraud and of “reportable events,” which include substantial overpayments, probable violations of law, the employment of an excluded individual, or the filing of a bankruptcy petition.
Overpayments
If a practitioner identifies an overpayment, they must refund that overpayment to the appropriate payer in accordance with the requirements of the Centers for Medicare & Medicaid Services (CMS) overpayment rule. Note that the requirements of 42 U.S.C. § 1320a-7k(d) and 42 C.F.R. §§ 401.301-305 (and any applicable CMS guidance) are referred to as the “CMS overpayment rule.”
Third-party compliance
If the practitioner uses a third-party billing company, certain additional requirements apply. For example, the practitioner must certify to the OIG that they do not have any ownership or control interest in the third-party billing company, and are not employed by, or act as a consultant to, the company. In addition, the third-party billing company must make annual certifications relating to training provided to its employees and that it has policies and a screening process in place to prevent the employment of excluded individuals.
Reporting requirements
Implementation report and annual report
The practitioner is required to submit an initial report summarizing the status of the implementation of the requirements of the agreement, typically within 90 days after the effective date. In addition, each year during the term of the IA, the practitioner must submit a report on its compliance with the agreement during the preceding year. The initial report and annual reports require a certification by the practitioner that they have reviewed the IA and understand the requirements, that the practitioner is in compliance with the IA, and that the practitioner has reviewed the report and believes the information is accurate and truthful. The IA and the reports should be reviewed carefully by the practitioner prior to making the certification; a false certification may result in the OIG imposing a monetary penalty of $50,000.
Breach and default provisions
In addition to the false certification penalty, the IA includes breach and default provisions that allow the OIG to impose daily penalties (typically, $1,500 per day) for the practitioner’s failure to comply with the obligations of the IA, including (among other things) the failure to implement the various compliance program requirements, the failure to timely submit the required reports, and the failure to grant the OIG access to the books, records, and personnel necessary to verify the practitioner’s compliance with the IA. In addition, the OIG may find a practitioner in material breach of the IA for certain specified violations, including the failure to report a “reportable event,” repeated violations or a flagrant violation of the IA obligations, and the failure to engage and use an IRO. The consequences of material breach are severe—exclusion of the practitioner from participation in the federal healthcare programs. The IA includes appeal rights relating to any penalties that are imposed and any finding of a material breach, which include the right to request a hearing before an administrative law judge.
Claims review requirements
As noted above, IAs require the practitioner to retain an IRO to perform quarterly reviews of claims submitted to the Medicare and Medicaid programs. Although CIAs provide for annual claims reviews, the OIG requires quarterly claims reviews in its IAs, so the practitioners subject to the IA have the opportunity to identify issues with their claims throughout the year. This puts them in a better position to correct those issues, rather than waiting for the end of the annual reporting period with the potential for a much larger overpayment to accrue.
Role of the IRO
The IRO’s review typically consists of a review of 30 paid claims that are randomly selected by the IRO from a list of all claims submitted by the practitioner and reimbursed by federal healthcare programs during the preceding three-month period. The IRO uses RAT-STATS, the OIG’s statistical software (available through the OIG’s website), to select the 30 paid claims.[3] The paid claims are reviewed by the IRO to determine whether the items or services were medically necessary and appropriately documented and whether the claim was correctly coded, submitted, and reimbursed.
The IRO must prepare a report of its findings for each quarterly claims review that includes the information specified in an appendix to the IA. For the initial claims review, the report must include a description of the practitioner’s billing and coding systems, including the personnel involved in the coding and billing process, and describe the controls in place to ensure that all items and services billed to Medicare or a state Medicaid program are medically necessary and appropriately documented. The claims review report also must include the quantitative results of the review (i.e., the number and percentage of claims billed in error) and a narrative of the IRO’s findings (i.e., reasons for the identified errors, patterns, and recommendations for improvements to systems or controls). The IA requires that any overpayments identified by the IRO in its claims review must be refunded to the appropriate payors within 60 days, consistent with the requirements of the CMS overpayment rule.
Because the claims review performed by the IRO includes a review of the medical necessity of the items and services billed, the IRO retained by the practitioner must be able to assign licensed nurses, physicians, or other licensed healthcare professionals who have the relevant education, training, and specialized expertise to make the medical necessity determinations. IRO personnel also must have expertise in the Medicare and state Medicaid program requirements applicable to the claims being reviewed. IRO personnel who conduct the coding review must have a nationally recognized coding certification. The IRO also must be able to certify that it can perform an independent and objective claims review. For purposes of the IA, “independence” and “objectivity” are defined in the Government Auditing Standards issued by the U.S. Government Accountability Office (the Yellow Book).[4]
With practitioners, the role of the IRO is not always well understood. It is quite different from the monitor assigned to the IA by the OIG. IROs are auditors. They must comply with the most recent Government Auditing Standards in the Yellow Book.[5] IROs must be and remain independent and objective in their reviews. They are neither an agent of the government nor an advocate, consultant, or advisor for a practitioner under an IA. The scope of the IRO’s work is outlined in the appendices to the IA. An IRO’s scope of work does not include the preparation or assistance with the implementation report or annual report or managing the IA integrity obligations for the practitioner. The IRO also does not send its reports to the OIG directly but provides them to the practitioner for submission. Practitioners may face several common issues and challenges, especially during the first quarter of the first IA reporting period. Being aware of those can make the difference between just surviving or thriving under an IA.
