Navigating an integrity agreement with the OIG: A resource for practitioners

By Cornelia Dorfschmid and Nicole Caucci

Cornelia Dorfschmid (cdorfschmid@strategicm.com) is Executive Vice President at Strategic Management Services, LLC in Alexandria, VA.

Nicole Caucci (nicole.caucci@oig.hhs.gov) is Deputy Chief, Administrative and Civil Remedies Branch, Office of Counsel to the Inspector General, Department of Health and Human Services, Salt Lake City, UT.

Not every healthcare fraud settlement involves a large corporation with the structure and resources necessary to implement a corporate integrity agreement (CIA). As a result, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) developed the integrity agreement (IA) for settlements with individual practitioners. In order to be successful under an IA, it is essential that the practitioner take the time to read and understand thoroughly the specific requirements and deadlines of the agreement, in particular the requirements relating to the quarterly claims review. Practitioners who make a concerted effort to (1) read, understand, and implement the IA requirements, and (2) work closely with the assigned OIG monitor and their independent reviewer during the implementation period of the agreement, will increase their chances of being successful and avoiding the imposition of penalties for noncompliance. The tips provided in this article may be helpful in reducing the learning curve.

Background on integrity agreements and subject types

There are two versions of the IA: one designed for individual physicians or small group physician practices, and another designed for a business entity that has a small number of employees, a single location or only a couple of locations, and a limited management structure. IAs typically have a term of three years (as opposed to the five-year CIA term) but require more frequent independent reviews than CIAs. The OIG currently monitors approximately 52 IAs. As reflected in Figure 1, the majority are with individual practitioners and small group practices. This article focuses on IAs with physicians and small group practices.

Figure 1: Types of practices subject to integrity agreements

Integrity agreement requirements

IAs require practitioners to implement certain compliance program elements, retain an independent third party to conduct quarterly reviews, and to submit an initial and annual reports. IAs also contain breach and default provisions under which the OIG may impose penalties for non-compliance with the terms of the IA.

Compliance program elements

IAs require that the practitioner establish and maintain a compliance program that includes certain specified elements, including those outlined below.

Compliance notice

The practitioner must post in a prominent place accessible to both employees and patients a compliance notice that provides the HHS OIG Fraud Hotline Telephone number (1-800-HHS-TIPS, 1-800-447-8477) as a confidential means by which suspected fraud or abuse in the federal healthcare programs may be reported.

Training

The practitioner’s employees and contractors must receive at least three hours of training, during the first year of the IA, on topics such as the federal healthcare program billing, coding, and claim submission statutes; regulations; and program requirements relating to the types of items and services furnished by the practitioner and medical record documentation requirements. The IA also gives the OIG discretion to require additional hours of training in later years of the IA if, for example, the result of the independent reviews suggest that additional training is warranted.

Claims review

The practitioner must retain an independent review organization (IRO) to conduct a review of the practitioner’s claims to the Medicare and Medicaid programs on a quarterly basis.

Screening for exclusion

Practitioners must ensure that they are not employing or contracting with any individuals or entities that have been excluded from participation in the federal healthcare programs by the OIG, by screening all prospective new hires against the OIG’s List of Excluded Individuals/Entities (LEIE)[1] as part of the hiring process, as well as requiring applicants to disclose whether they are excluded, and screening all existing employees and contractors within 30 days after the effective date of the IA. All current employees and contractors must be screened against the LEIE on a monthly basis. The monthly screening requirement is based on the recommendation in the OIG’s Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs.[2] Because the LEIE is updated monthly, screening on a monthly basis is the best way to minimize potential overpayment and Civil Monetary Penalties Law (CMPL) liability for the employment of an excluded individual.

Notifications to OIG

Practitioners must make certain notifications to the OIG about ongoing government investigations or legal proceedings involving allegations of criminal conduct or fraud and of “reportable events,” which include substantial overpayments, probable violations of law, the employment of an excluded individual, or the filing of a bankruptcy petition.

Overpayments

If a practitioner identifies an overpayment, they must refund that overpayment to the appropriate payer in accordance with the requirements of the Centers for Medicare & Medicaid Services (CMS) overpayment rule. Note that the requirements of 42 U.S.C. § 1320a-7k(d) and 42 C.F.R. §§ 401.301-305 (and any applicable CMS guidance) are referred to as the “CMS overpayment rule.”

Third-party compliance

If the practitioner uses a third-party billing company, certain additional requirements apply. For example, the practitioner must certify to the OIG that they do not have any ownership or control interest in the third-party billing company, and are not employed by, or act as a consultant to, the company. In addition, the third-party billing company must make annual certifications relating to training provided to its employees and that it has policies and a screening process in place to prevent the employment of excluded individuals.

Reporting requirements

Implementation report and annual report

The practitioner is required to submit an initial report summarizing the status of the implementation of the requirements of the agreement, typically within 90 days after the effective date. In addition, each year during the term of the IA, the practitioner must submit a report on its compliance with the agreement during the preceding year. The initial report and annual reports require a certification by the practitioner that they have reviewed the IA and understand the requirements, that the practitioner is in compliance with the IA, and that the practitioner has reviewed the report and believes the information is accurate and truthful. The IA and the reports should be reviewed carefully by the practitioner prior to making the certification; a false certification may result in the OIG imposing a monetary penalty of $50,000.

Breach and default provisions

In addition to the false certification penalty, the IA includes breach and default provisions that allow the OIG to impose daily penalties (typically, $1,500 per day) for the practitioner’s failure to comply with the obligations of the IA, including (among other things) the failure to implement the various compliance program requirements, the failure to timely submit the required reports, and the failure to grant the OIG access to the books, records, and personnel necessary to verify the practitioner’s compliance with the IA. In addition, the OIG may find a practitioner in material breach of the IA for certain specified violations, including the failure to report a “reportable event,” repeated violations or a flagrant violation of the IA obligations, and the failure to engage and use an IRO. The consequences of material breach are severe—exclusion of the practitioner from participation in the federal healthcare programs. The IA includes appeal rights relating to any penalties that are imposed and any finding of a material breach, which include the right to request a hearing before an administrative law judge.

Claims review requirements

As noted above, IAs require the practitioner to retain an IRO to perform quarterly reviews of claims submitted to the Medicare and Medicaid programs. Although CIAs provide for annual claims reviews, the OIG requires quarterly claims reviews in its IAs, so the practitioners subject to the IA have the opportunity to identify issues with their claims throughout the year. This puts them in a better position to correct those issues, rather than waiting for the end of the annual reporting period with the potential for a much larger overpayment to accrue.

Role of the IRO

The IRO’s review typically consists of a review of 30 paid claims that are randomly selected by the IRO from a list of all claims submitted by the practitioner and reimbursed by federal healthcare programs during the preceding three-month period. The IRO uses RAT-STATS, the OIG’s statistical software (available through the OIG’s website), to select the 30 paid claims.[3] The paid claims are reviewed by the IRO to determine whether the items or services were medically necessary and appropriately documented and whether the claim was correctly coded, submitted, and reimbursed.

The IRO must prepare a report of its findings for each quarterly claims review that includes the information specified in an appendix to the IA. For the initial claims review, the report must include a description of the practitioner’s billing and coding systems, including the personnel involved in the coding and billing process, and describe the controls in place to ensure that all items and services billed to Medicare or a state Medicaid program are medically necessary and appropriately documented. The claims review report also must include the quantitative results of the review (i.e., the number and percentage of claims billed in error) and a narrative of the IRO’s findings (i.e., reasons for the identified errors, patterns, and recommendations for improvements to systems or controls). The IA requires that any overpayments identified by the IRO in its claims review must be refunded to the appropriate payors within 60 days, consistent with the requirements of the CMS overpayment rule.

Because the claims review performed by the IRO includes a review of the medical necessity of the items and services billed, the IRO retained by the practitioner must be able to assign licensed nurses, physicians, or other licensed healthcare professionals who have the relevant education, training, and specialized expertise to make the medical necessity determinations. IRO personnel also must have expertise in the Medicare and state Medicaid program requirements applicable to the claims being reviewed. IRO personnel who conduct the coding review must have a nationally recognized coding certification. The IRO also must be able to certify that it can perform an independent and objective claims review. For purposes of the IA, “independence” and “objectivity” are defined in the Government Auditing Standards issued by the U.S. Government Accountability Office (the Yellow Book).[4]

With practitioners, the role of the IRO is not always well understood. It is quite different from the monitor assigned to the IA by the OIG. IROs are auditors. They must comply with the most recent Government Auditing Standards in the Yellow Book.[5] IROs must be and remain independent and objective in their reviews. They are neither an agent of the government nor an advocate, consultant, or advisor for a practitioner under an IA. The scope of the IRO’s work is outlined in the appendices to the IA. An IRO’s scope of work does not include the preparation or assistance with the implementation report or annual report or managing the IA integrity obligations for the practitioner. The IRO also does not send its reports to the OIG directly but provides them to the practitioner for submission. Practitioners may face several common issues and challenges, especially during the first quarter of the first IA reporting period. Being aware of those can make the difference between just surviving or thriving under an IA.

Common claims review issues

Timelines

IAs have various due dates and timelines for reports. From an IRO perspective, planning, developing, and communicating a schedule are critical. It is important to watch the timeline. This is not only true for the IRO but equally, if not even more so, important for the practitioner.

The clock for compliance with the IA by the practitioner starts with the Effective Date (i.e., the date of the last signature on the IA). However, the clock for the claims review starts 30 days following the Effective Date. The following is a sample timeline:

  • IA Effective Date: January 1, 2019

  • Implementation Report due date : April 1, 2019

  • End of first three-month claims review period: May 1, 2019

  • IRO selection of claims review sample: May 16, 2019

  • IRO’s first quarterly claims review report due date: June 30, 2019

The IRO may provide additional deadlines to the practitioner based on the IRO’s work plan. If a deadline (whether set by the IRO or one established in the IA) cannot reasonably be met, the practitioner should request an extension as soon as possible. It is a good idea to review IRO record requests and initial submissions of claims materials very carefully to avoid unneeded delays. The initial submission should be as complete and accurate as possible, and unnecessary supplemental material requests be avoided. Staff changes at the practice can have a major impact and cause delays. It is important to designate a main contact (e.g., practice administrator) to deal with the IRO’s requests but also have a backup for that person in case of illness, turnover, temporary leave, etc. Furthermore, good record keeping at the practice about all IA-related documents and requests is a must. Both the primary contact and the backup need to know how all documents and information can be accessed, if needed.

Data issues

The IRO will ask for a data set of paid claims for purposes of selecting the random sample of claims to be reviewed. The practitioner may not have readily available extraction processes or the capability to present the claims data in an appropriate format and with all needed data fields (e.g., dates of service, dates of payment, CPT code, paid amount, patient name, and payor). In the first three-month review period, it is wise to test the claims data extraction process and assess if assistance from the software vendor of the electronic health record or billing system is needed. Due to the independence and objectivity requirements, the IRO cannot perform a test review of sampled claims with the practitioner and provide an assessment of the test. The IRO can, however, conduct a test of data set extraction with the practitioner to assess if meaningful and appropriately formatted claims data extraction is possible and if source data for a claims population can be made available in a timely manner. If not, additional programming and application back-end work is needed, and the practitioner needs to work on getting the extraction process ready.

Estimates

The IRO reviews a random sample of paid claims for the quarterly claims review and calculates two important claims statistics: (1) the error rate and (2) the mean point estimate. The error rate is a financial error rate and is calculated by dividing the overpayment identified in the quarterly claims review sample by the total dollar amount associated with the paid claims in the sample. Underpayments may not be netted out in the calculation of the error rate (i.e., a gross financial error rate is applicable). The mean point estimate expands the average overpayment in the sample to the population of paid claims. Practitioners must determine whether to refund the identified overpayments from the claims review sample or an extrapolated overpayment (i.e., the mean point estimate). In past IAs, the OIG had provided a threshold financial error rate (5%) that mandated specific further action, such as sample expansion and extrapolation. There is no longer a 5% threshold to trigger certain follow-up action steps. Instead, the practitioner must consider whether the CMS overpayment rule requires the repayment of an extrapolated overpayment or other corrective steps, such as additional auditing or education. It is important to note that the IRO does not and should not determine if the sample overpayment or an extrapolated overpayment should be refunded.

The IRO just calculates the estimates. However, information included in the IRO’s claims review report, such as the confidence interval and precision of the estimate, the error rate, and any systemic patterns noted, may factor into the practitioner’s decision-making.

If the practitioner is not familiar with the details of the CMS overpayment rule, then after the first quarterly claims review is completed, the practitioner may not be prepared to determine the amount of the overpayment that has been identified and therefore should be refunded. As a result, practitioners should be proactive and engage with attorneys or other advisors prior to or in connection with the signing of the IA to understand the requirements of the CMS overpayment rule.

Document requests/supplemental materials

The IRO must request all documentation and materials required for its review of claims in each quarterly claims review sample, and the practitioner must furnish such documentation and materials to the IRO, prior to the IRO initiating its review of the sample. The IRO may request and accept supplemental documentation or materials. However, which supplemental materials are accepted, and the weight given them, must be documented and part of the IRO’s claims review report.

Supplemental materials should be the exception and not a means to provide what should have been made available in the first place and with the initial submission to the IRO. The need for supplemental materials may indicate a document management and retention issue. It is in the IRO’s discretion to accept supplemental materials or not. On the one hand, the practitioner should pay careful attention to the assembly of the initial submission to ensure it is complete and neatly organized. On the other hand, the IRO should be specific enough with its request for the information needed to perform the claims review and the manner in which such information should be submitted to the IRO. Communication with the IRO on how this document submission process should work is important.

Tips for working with the IRO

The practice owner, administrator, billers, and coders should:

  • Read the IA and understand its contents.

  • Make a schedule and plan tasks for the initial reporting period.

  • Ensure transmissions are HIPAA compliant; don’t hesitate to ask the IRO for communication protocols for protected health information.

  • Cross-train staff, because the quarterly reviews come fast, and three years is a long time.

  • Retain good records for each and every quarter. Back them up.

  • Know where to go (i.e., which agency, method of refunding, forms to complete) in case extrapolation is required under the CMS overpayment rule. Think about that ahead of time.

Role of OIG monitor

Every IA is assigned to an OIG attorney or program analyst who serves as the monitor of the agreement for the term of the IA. The role of the OIG monitor is to review the implementation report, annual reports, and the IRO’s quarterly claims review reports to verify the practitioner’s compliance with the terms of the IA. The IA monitor also reviews notifications of reportable events and other correspondence and notifications submitted under the IA. The monitor may conduct an on-site visit to the practitioner’s location as an additional means to verify compliance with the IA and as an opportunity to meet with practitioner personnel and learn more about the practitioner’s day-to-day business operations. The IA monitor is available to answer questions regarding the implementation of the IA and provide feedback on the practitioner’s compliance program. The OIG encourages open communication between the practitioner and the IA monitor to help ensure the practitioner has a clear understanding of its obligations under the IA and OIG’s expectations.

Tips for working with OIG monitor

  • Counsel involved in the settlement should ensure that all terms of the IA are reviewed and understood by the practitioner.

  • The practitioner should develop a plan to successfully implement the agreement, working with counsel/consultants as needed.

  • The practitioner should communicate with OIG monitor and the IRO, and seek guidance as necessary.

  • The practitioner should track deadlines to ensure timeliness of reports.

Integrity Agreement enforcement actions

As discussed above, IAs include breach and default provisions that allow the OIG to impose monetary penalties, or find the practitioner in material breach, for a practitioner’s failure to comply with the IA’s requirements. The OIG does not impose penalties for every failure to comply with an IA requirement. The OIG’s primary goal with its IAs is to help the practitioner successfully develop and implement a compliance program. The monitor will work with the practitioner as much as possible to help ensure the practitioner understands and is able to comply with the various IA requirements. However, sometimes penalties are imposed if the practitioner is not making a sincere effort to comply with the IA or if, despite being provided with guidance regarding the OIG’s expectations, the practitioner fails to fully implement the requirements of the IA. The OIG posts summaries of IA enforcement actions on its website, so practitioners are aware of the types of violations that may result in penalties being imposed or a practitioner being found in material breach.[6]

Conclusion

It may seem daunting for a practitioner to successfully implement an IA following the resolution of a healthcare fraud settlement with the government. However, taking the time to thoroughly read and understand the requirements of the IA, including the detailed claims review requirements, will aid the practitioner in starting off on the right foot with the OIG and being prepared for the tasks ahead. A timeline and implementation plan are important tools to ensuring a clear understanding of what is required and completing each task by the identified deadline. In addition, early and frequent communication with both the OIG monitor and the practitioner’s IRO will ensure that potential problems are identified and addressed more quickly and allow for time to request extensions of deadlines that might be needed. Finally, the practitioner would be well-advised to consult with the various compliance resources made available on the OIG’s website for information and guidance.[7]

Takeaways

  • Reading and understanding the Integrity Agreement (IA) and working closely with the OIG monitor and the IRO will increase the likelihood of success.

  • IROs are neither an agent of the government nor an advocate, consultant, or advisor for the practitioner.

  • Practitioners should engage with attorneys or other advisors prior to signing the IA to understand the requirements of the CMS overpayment rule.

  • A timeline and implementation plan are important tools to ensuring a clear understanding of what is required and completing each task by the identified deadline.

  • The OIG encourages open communication between the practitioner and the monitor so that the practitioner has a clear understanding of its obligations and OIG’s expectations.

 
1 “LEIE Downloadable Databases,” U.S. Department of Health and Human Services Office of Inspector General (HHS OIG), October 10, 2019, http://bit.ly/33rrPXd.
3 “RAT-STATS-Statistical Software,” HHS OIG, accessed October 14, 2019, https://bit.ly/2u0Ep2y.
4 U.S. Government Accountability Office (GAO), Government Auditing Standards: 2018 Revision, GAO-18-568G, July 2018, https://bit.ly/2VGC07G.
5 “About The Yellow Book,” GAO, accessed October 14, 2019, https://bit.ly/2FMreXv.
6 “Corporate Integrity Agreement Enforcement,” HHS OIG, last updated September 18, 2019, https://bit.ly/2ozvlzY.
7 “Compliance,” HHS OIG, accessed October 14, 2019, https://bit.ly/2M96r3d.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings