Fraud and abuse settlements in the healthcare industry are continuing to be reached at a record pace, and there are no signs that things will be slowing down in the near future. A critical role of healthcare compliance officers is to educate their organizations’ leadership and boards on the risks of not being compliant with all of the confusing rules and regulations in today’s marketplace. Non-compliance can lead to fines and penalties associated with the STARK II regulations, the federal Anti-Kickback Statute, the False Claims Act, and other mandates. Another aspect of the government’s reaction to an identified provider’s non-compliant behavior and action is the establishment of a corporate integrity agreement (CIA) between the provider and the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) as the framework for a probationary period.
The OIG negotiates CIAs with healthcare providers as part of its settlement of federal healthcare program investigations. Providers or entities agree to the obligations, and in exchange, OIG agrees not to seek their exclusion from participation in Medicare, Medicaid, or other federal healthcare programs.
As a chief compliance officer who has taken two organizations through the process of arranging CIAs, I thought it would be valuable to outline the standard obligations required and suggest how a compliance officer might use them to benefit his or her educational efforts.
CIAs have many components that follow closely the elements of a model voluntary compliance program. In addition, there are specific obligations that may be associated with the particular violation(s) that led to the settlement of the investigation. A typical CIA lasts five years and usually includes the following requirements that a provider:
- Hire a compliance officer/appoint a compliance committee;
- Develop written standards and policies;
- Implement a comprehensive employee training program;
- Retain an independent review organization to conduct annual reviews;
- Establish a confidential disclosure program;
- Restrict employment of ineligible persons;
- Report overpayments, reportable events, and ongoing investigations/legal proceedings; and
- Provide an implementation report and annual reports to OIG on the status of the entity's compliance activities.
Compliance officers should be aware of and consistently communicating to their colleagues the significant expense and time commitment that is usually associated with the implementation of a CIA, and the ongoing management required. For example, the retention of an independent review organization can carry with it a surprisingly high price tag.
Keep in mind also that many recent CIAs require numerous individuals to certify to the OIG the accuracy and completeness of the content of implementation and annual reports. Traditionally, this potentially stressful obligation was placed only upon the compliance officer and the CEO, but today many CIAs require certification statements from the CFO, senior leadership, all board members, billing leadership, physician leadership, etc. This change marks a great opportunity for compliance officers to educate their audiences on the importance of avoiding a CIA. Here is an example of the type of content included in a CIA certification:
“I have been trained on and understand the compliance requirements and responsibilities as they relate to (insert name of department), an area under my supervision. My job responsibilities include ensuring compliance with regard to the (insert name of department) with all applicable federal healthcare program requirements, obligations of the corporate integrity agreement, and xxxx policies, and I have taken steps to promote such compliance. To the best of my knowledge, except as otherwise described herein, the (insert name of department) of xxxx is in compliance with all applicable federal healthcare program requirements and the obligations of the corporate integrity agreement. I understand that this certification is being provided to and relied upon by the United States.”
Sharing this information probably will get the attention of those who are not very interested in your compliance program.
I would also advise that organizations consider utilizing elements of the standard CIA, such as how to manage physician arrangements and focus arrangements, as an opportunity to establish best practices. Most CIAs that include an obligation to oversee contract arrangements provide very prescriptive steps to help assure compliance with STARK II and the Anti-Kickback Statute.
Many organizations are rightfully fearful of the expense and time associated with a CIA. Today’s compliance officers should continually utilize the threat of a CIA as a major component of their ongoing compliance education efforts to validate that their compliance program has all necessary resources to protect their organization from risk of fraud and abuse.