When health care organizations enter into corporate integrity agreements (CIAs) with the HHS Office of Inspector General (OIG), they’re required to appoint a compliance officer—if they don’t already have one—and give that person the authority and independence they need to help accomplish the goals of the CIA, which is a mandatory compliance program.
“Compliance officers should be part of senior management and not subordinate to senior management,” said OIG Senior Counsel Adam Ribner. “It’s a requirement in CIAs that the compliance officer can’t report to the legal or financial branches of the organization. We always got a little pushback from organizations not under CIAs. They said, ‘That may be optimal but if we are not under a CIA, it’s not something we want to do.’”
But the idea that it’s just a suggestion was corrected in OIG’s November 2023 General Compliance Program Guidance, Ribner said at the HCCA Compliance Institute April 15.[1]
“We made very clear our expectation for an effective compliance program” included having a compliance officer who doesn’t report to the general counsel or CEO, Ribner said. “The reason for that is the duties of the legal and financial departments, when push comes to shove, can sometimes conflict with doing the right thing, which is supposed to be the mandate of the compliance officer.” While not reporting to legal or finance is a CIA requirement, “we strongly recommend” voluntary compliance programs follow suit, Ribner said.