Kusserow on Compliance: OIG relying more on certifications in CIAs

At the recent Health Care Compliance Association (HCCA) Compliance Institute, the Office of Inspector General (OIG) excited spirited questions and comments when they announced the increase use of and reliance upon certifications in their corporate integrity agreements (CIAs). Many participants raised concerns that providing absolute certifications of the type mandated in CIAs are not possible. The terms are so strict that no one can reasonably give a categorical certification. The certifications in question include those that come from board members, executives, and compliance officers. This practice is part of the evolution of the CIA, which has progressed in the past few decades.

Certifications are designed to increase OIG oversight of CIAs and make entities and individuals more accountable. CIAs commonly now have more requirements for executives and boards that include, in addition to increased certifications: (a) the requirement that boards hire a compliance expert (CE) to assist them in meeting their obligations to provide adequate oversight of the Compliance Program; and (b) an increasing role of Independent Review Organizations (IROs).

Carrie Kusserow, with 20 years experience as a compliance officer and consultant, notes “the introduction of new certifications in CIAs is a ‘game changer’ in that they place a heavier personal burden on boards, executives, and compliance officers. These leaders will quickly note and understand that a falsely signed mandated certifications in a CIA can result in heavy penalties. Often CIAs include a provision for a stipulated penalty for each day they are out of compliance with deadlines and a $50,000 penalty for each false certification.” It is worth noting that a false certification could also violate criminal law under 18 U.S.C. §1001, which prohibits the “making or using a false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry” and which carries with it penalties of fines and up to five years imprisonment. Certifications are indeed serious business.

Many certifications are often included in CIAs. For example, the OIG now routinely requires board certifications for each reporting period. The agency also calls for a signed resolution by each member to summarize its review and oversight of CIA compliance obligations and compliance with applicable regulations. In these cases, the CIA must be signed by all members who must also adopt and sign a compliance resolution for each CIA Reporting Period. The board resolution includes a statement that the member: (1) has made a reasonable inquiry into the operations of the compliance program, including the performance of the compliance officer and the compliance committee; and (2) based on its inquiry and review, has concluded that, to the best of their knowledge, there has been an effective compliance program meeting federal health care program requirements and the obligations of the CIA implemented.

The OIG also has certification provisions targeted at top executives to hold them personally responsible for CIA compliance. These provisions refer to responsible persons as certifying employees or covered persons, such as a CEO, cited senior executives, and/or persons in charge of applicable functional areas that relate to the federal health care programs. Executives are charged to monitor and oversee activities within their areas of authority and annually certify compliance with the CIA and applicable laws. They also must certify having received specified compliance training by compliance experts.

Specifically, compliance officers and the CEO are expected to certify that: all requirements of the CIA have been met; procedures have been implemented to ensure compliance with all applicable laws; that they have reviewed the compliance program review reports of their IRO and compliance expert; and have made reasonable inquiry regarding its content. The CIAs have blanket language for a statement to be used in making the certification. CIAs also call for development and implementation of a written process for certifying employees to follow for the purpose of completing the certification required.

Depending on the factual circumstances that led to the CIA, there may also be a requirement that the chief financial officer (CFO) certify in the first compliance annual report that they: (a) have not resubmitted to any federal health care program any previously denied claims related to the covered conduct addressed in the CIA and did not to appeal any such denials of claims; (b) did not charge to or otherwise seek payment from federal or state payors for unallowable costs; and (c) did not identify and adjust any past charges or claims for unallowable costs.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.