Kusserow on Compliance: New provisions in corporate integrity agreements

Corporate integrity agreements (CIAs) continue to be used by the HHS Office of Inspector General (OIG) to ensure that past wrongdoers won’t stray from the path. Since the early days, there have been terms and conditions relating to the seven standard elements of an effective compliance program.  These were in addition to the substantive requirements related to the wrongdoing that brought the entity to the OIG.  However, the trend has been for the OIG to continue evolving and expanding the over the years.  CIAs today expect more from the independent review organization (IRO) engaged to review the substantive business side of the organization.  There are also expanded and increased reporting requirements, as well as increased compliance training requirements, particularly for executives and Board members.  There are also relatively new mandates included in CIAs.  A good example of these new and expanded mandates can be found in the recent Life Care Centers of America, Inc. (LCCA) CIA. Some highlights from that CIA follow.

Annual risk assessment and internal review process is required to identify and address compliance risks. This is the latest and biggest change in CIA requirements.  It underscores the obligations that organizations have in identifying high-risk areas and engaging in ongoing monitoring and auditing to ensure compliance.  In the LCCA CIA, this includes the directives to:

  1. identify and prioritize risks,
  2. develop internal audit work plans related to the identified risk areas,
  3. implement the internal audit work plans,
  4. develop corrective action plans as result of any internal audits performed, and
  5. Track corrective action plan implementation so as to assess plan effectiveness of such plans.

Expanded certifications by Board members, executives, and compliance officers. This has been an area undergoing expansion. Under the LCCA CIA, it has reached new levels in that certain Certifying Employees are expected to monitor and oversee activities within their areas of authority and annually certify compliance with federal health care program requirements and the CIA. The list of those in management who are certifying employees is long and includes the CEO, President, Executive Vice President (VP), Chief Medical Officer, CFO, COO, CIO, Senior VP Rehabilitation Services, Senior VP Reimbursement, Senior VP Clinical Services, VP Practice Standards, VP Clinical Systems, VP Clinical Standards and Programs, Director of Clinical Reimbursement, all Division VPs, all Division Clinical Directors, all Division Rehabilitation Directors, all Division Reimbursement Directors, all Regional Clinical Directors, all Clinical Reimbursement Specialists, all Regional Vice Presidents, all Regional Rehab Directors, and the Executive Director of every facility. These certifications are serious business. There is a stipulated penalty for each day of noncompliance, with deadlines and a $50,000 penalty for each false certification. As with any representation to the government, any false certification may implicate the False Claims Act, putting each and every certifying employee at personal risk.

Board engagement of compliance experts is mandated to assist them in meeting their obligations of oversight of compliance programs.  This has been part of a movement to hold members of governing boards more accountable for compliance program oversight.  The compliance expert must create a compliance review work plan, perform the program review, and provide a Compliance Program Review Report.  The board must review the Report and act upon any findings and recommendations. A copy of the Report must be sent to the OIG as part of each CIA Annual Report.   Board members now have the burden to adopt and sign a resolution for each CIA reporting period.  It is very important engage parties with considerable experience doing this kind of work and it is advisable to find experts who have been engaged by entities under CIAs on multiple occasions.  Those that have many years experience as compliance officers, or as health care consultants, can be critical in being effective in carrying out the duties of the position.

Stipulated non-compliance penalties have become a “real game changer” in CIAs. There are stipulated penalties for each day of noncompliance, with deadlines and a $50,000 penalty for each false certification. As with any representation to the government, any false certification may implicate the False Claims Act and place individuals at personal risk.

Disclosure program standards have long been cited in OIG compliance guidance documents, but under CIAs, the requirements have been expanded in definition. They include a mandated toll-free compliance telephone line to enable individuals to report any identified issues or questions associated with policies, conduct, practices, or procedures with respect to a federal health care program.  They require all covered persons to report suspected wrongdoing to the compliance officer (or designee), emphasizing non-retribution/retaliation for those that do this.  Potential violations are then to be reported to the OIG.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.