Kusserow on Compliance: What to look for in an independent review organization

At any given time, the HHS Office of Inspector General (OIG) has over 300 active corporate integrity agreements (CIAs) in force, resulting from settlement of a civil false claims case with the Department of Justice (DOJ). A provider or entity consents to certain defined obligations as part of “the civil settlement and in exchange for the OIG’s agreement not to seek an exclusion of that health care provider or entity from participation in Medicare, Medicaid, and other federal health care programs.” The CIAs normally are five years in duration and require an independent review organization (IRO) to act as guarantor that the organization will comply with the terms of the agreement. Financial audits are not normally part of the agreement; as such, IROs usually are firms with expert health care consultants, rather than financial auditors.  IRO selection is a critical decision process that should not be taken lightly, because the wrong IRO can prove to be very costly both in terms of what it charges and how it performs its services, but also in the credibility of its work. The OIG does not select or endorse any organizations to be the IRO; however it reserves the right to approve or deny the entity’s or provider’s choice if found deficient in meeting its guidelines. Any problems the OIG finds with an IRO will reflect badly on the organization and could aggravate matters.

Thomas Herrmann, J.D., is an expert without peer with regard to IROs, as result of having been previously responsible on behalf of the OIG for negotiating CIAs and monitoring compliance, and later serving for years as a consultant involved in more than a dozen IRO engagements. Hermann recommends selecting a firm with an established record of serving successfully as an IRO. Expecting a firm to have so served 10 or 12 times is not unreasonable. An experienced IRO will manage reporting and communicating with the entity and OIG in a clear and efficient manner. The more familiar the OIG is with an IRO entity, the better that communication will be and the more efficient the process.

Carrie Kusserow has 20 years of health care compliance consulting experience and serving as a compliance officer with organizations under a CIA. She noted that one of the added challenges is implementing mandates negotiated by attorneys, normally without much input from the compliance office. Often, there are issues requiring clarification and, in some cases, changes. The reality for compliance officers having to implement the terms of a CIA is that the organization has admitted to have engaged improperly, leaving credibility severely damaged; after months of negotiation, the government has little interest to “re-litigate” any issues, including any modifying or clarifying terms and conditions.   A solid professional relationship with the IRO is in the best interest of both the organization and the OIG. Any issues that may arise that require clarification or modification will have a much better chance of a favorable hearing from the OIG if supported by the IRO. If they are inexperienced or lack expertise, it may add confusion and problems in efforts to comply with all the terms of the Agreement. As such, it is important to ensure the firm selected has the specific qualifications, experience, and expertise to properly address the defined scope of work under the CIA. Absence of program expertise can lead to hidden costs in learning the business and may result in difficulties meeting the obligations; and possibly proper level of OIG credibility.

Steve Forman, a CPA with more than thirty years’ experience as a compliance officer, consultant, and OIG executive has worked on numerous CIAs. He believes that the more experienced the IRO, the better the result in terms of efficiency of work, cost, and credibility of results with the OIG. This should not be a learning opportunity for the firm at organization expense.   It is also important to avoid a “bait and switch” and insist on the identification of all key persons that would be assigned to the engagement.   Only engage an IRO that will attest to meeting the OIG required Government Accountability Office (GAO) “Generally Accepted Government Auditing Standards” for operational reviews. Operational reviews and financial reviews are dealt with separately in those standards. The OIG requires IROs meeting certain of these standards. Always require references that speak to the level of professionalism, competence, reasonableness, and if there were unreasonable up-charging over their estimate.

Dr. Cornelia Dorfschmid has 25 years’ experience as a compliance officer and consultant. She has worked on more than a dozen IRO engagements. Dorfschmid noted that one of the criteria upon which the OIG insists is absence of conflicts of interest, which has grown in importance and sensitivity over the last year. As such, it is very advisable to require written attestation of a prospective IRO that it has no conflicts of interest problem. It is best it not have done any work for the organization for the past three years, or have prospective work with the organization that would overlap the IRO engagement. Even the appearance of conflict can be a serious problem. Fee rates and charges can range considerably and it is important to consider that cost right alongside of experience, professionalism, and industry knowledge.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.