CIAs: What Health Care Providers Can and Should Learn About Them

A corporate integrity agreement (CIA) can provide valuable information to health care providers on the elements of an effective compliance program. A CIA is part of a civil settlement between the Department of Health and Human Services (HHS),  the Department of Justice (DOJ) and a health care entity that outlines commitments the health care entity agrees to in exchange for not being excluded from participation in federal health care programs. By reviewing a CIA, providers can learn what the Office of Inspector General (OIG) and the DOJ think an effective compliance program should have in place to address particular  issues, as Alice Martin, Esq., Martin Compliance Consulting  (MC2) explained at a Health Care Compliance Association (HCCA) webinar on April 8, 2013. According to Martin, no healthcare entity is immune from the possibility of  a CIA, including medical device companies, ambulance suppliers, physicians and physician groups, pharmaceutical companies, hospitals, and others.

What to Look for in the CIA

Health care providers must be proactive in identifying problem areas, Martin said. Reviewing CIAs to determine how OIG and DOJ are analyzing problem areas and who is held accountable within organizations can help health care providers be more proactive in areas of concern. Health care providers should note how OIG and DOJ will track performance and accountability, including but not limited to entity reporting and independent review organizations (IROs) oversight activities. In addition, they should look at the elements of the compliance program that the OIG and DOJ require the entity to establish. In addition to providing valuable information for improving the organization’s compliance program, the CIA includes specific elements of a compliance program that address identified issues such as physician contracts, quality of care, improper referrals, inadequate documentation, and improper billing and coding. One area included in more recent CIAs is Board of Directors participation and training, including individual director certification that the entity is complying with the terms of the CIA. Martin said that compliance officers should stress the importance of  directors’ participation  in and support of the compliance program, noting that they could be held accountable under the Responsible Corporate Officer Doctrine. Quality of care  is another more recent area being addressed in CIAs by the OIG and DOJ. In addition to requirements found in other CIAs, quality of care CIAs have quality-related elements, including the creation of a quality assurance compliance committee, a Board-level quality assurance monitoring committee, an internal audit program for quality, special tracking of temporary staff, and special reporting to the OIG/Monitor.

Mitigating Factors

Typical enforcement actions come under the False Claims Act (FCA) and can be brought either as a civil or criminal FCA, the Anti-kickback Statute, and False Statement, which is a federal crime. An effective compliance program, however, can help mitigate the effects of an enforcement action taken by the DOJ and move a false claim to a simple overpayment, Martin said. Martin recommended that health care providers have arrangement databases with a robust system to track physician contracts and leases of space and equipment that would help prevent anti-kickback and Stark violations. In addition, she recommended strong internal controls, including monitoring and data analytics to identify patterns of billing errors and prevent unintentional improper payments.

Advice for Negotiating and Implementing a CIA

Organizations that have been under CIAs have had issues dealing with implementation, Martin noted. For example, organizations had difficulty identifying who should be considered a “covered person.” Martin included contractors, subcontractors and vendors as covered persons. Another area of concern for such organizations was implementing policies and procedures and meeting training and education requirements. Martin suggested that if an organization will be entering into a CIA, it should include the important organizational players in its development, including lawyers, the chief financial officer, chief executive officer, and the compliance officer. According to Martin, an organization should also consider hiring a subject matter expert to develop terms and requirements and developing a folder on potential IROs to ensure that the organization hires an IRO that has experience in the subject matter area as well as experience with regulators. The organization should also check references before the IRO is hired. Even though the entity hires the IRO, the IRO is really a government agent, Martin stressed.

 Settlement May Not Be the Final Action

Health care providers may begin to see the light at the end of the tunnel once the settlement agreement and the CIA have been entered into by the parties; but that may not be the end. SouthernCare, Inc. (SouthernCare), a hospice provider, entered into a settlement with the DOJ and HHS to resolve allegations of violations of the FCA related to improperly applying eligibility requirements for the hospice benefit. The settlement  resulted in a $24.7 million settlement  and a five-year CIA. Bill Priest, Chief Compliance Officer and Rebekah Plowman, Partner, Jones Day, told SouthernCare’s story to attendees at HCCA’s Compliance Institute on April 23, 2013.  From the outset of the CIA term, SouthernCare, Inc. replaced its compliance program with one that was more aggressive, expedited training and implementation of reporting requirements, and it began to see improvements in IRO mandated annual eligibility reviews. As things improved in years three through four of the CIA, three qui tam suits were unsealed, all dealing with the same covered conduct that was the settlement and CIA. The government declined to intervene but the lawsuits were not dismissed. Plowman explained the Patient Protection and Affordable Care Act (PPACA) (P.L. 111-148) amended the public disclosure bar provisions of the FCA to limit much of the authority for courts to dismiss actions based on prior disclosure of the covered conduct. Now it is sufficient to have knowledge that is independent of, and materially adds to, the publicly disclosed allegations. The presenters noted that health care providers can protect themselves by aggressively and consistently complying with CIA provisions and applicable regulations; vigilant auditing and monitoring of claims and patient charts, hotline calls/complaints, and employee actions; taking appropriate action in a timely manner; open communication with the OIG and DOJ; and good counsel.