What is a Corporate Integrity Agreement?

Books, medical stethoscope, and Gavel representing an OIG corporate integrity agreement.

It seems these days the Office of Inspector General (OIG) of the Health and Human Services (HHS) Department is always busy with settlements or enforcements with healthcare providers. When the settlement relates to civil fraud cases involving claims to federal healthcare programs, the OIG has a few options. It can move to exclude the provider from participating in a federal healthcare program or programs, like Medicare and/or Medicaid. It can require the provider to enter into a Corporate Integrity Agreement (CIA). Or it can simply allow the provider to pay the financial settlement but not require monitoring through a CIA.

In this Article …


Exclusions vs. Corporate Integrity Agreements

For some issues, the OIG simply enforces the provider’s exclusion from federal healthcare programs. This is the action when the offenses involve criminal activities like felony fraud or kickbacks, or patient abuse or neglect. In these cases, the provider’s exclusion is not necessarily permanent, but typically for five or more years depending on the infractions.

When the issue involves civil false claims statutes, civil monetary penalties along with a CIA constitute the usual approach. Civil false claims statutes are federal and state laws that provide stipulated penalties and damages for persons and entities who knowingly submit, or cause the submission of, false or fraudulent claims to the government.

Sometimes, the OIG enters into a Corporate Integrity Agreement vs. excluding the healthcare organization because the organization offers some service or product that would not be available to program beneficiaries if the organization was excluded. Big Pharma manufacturers are an example of this kind of decision.


What type of Healthcare Organizations get CIAs?

CIAs are usually one of three types that are related to the activities of the healthcare organization.

  • A majority of CIAs involve claims reviews via a sample of those submitted to federal healthcare programs.
  • A second large category is CIAs that involve arrangements, usually between a designated health care service and a referring physician.
  • A third category involves healthcare organizations that have had significant patient care issues.


What terms are usually in a CIA?

We often refer to CIAs as Compliance Programs on steroids. They typically require the same seven elements in most compliance program guidance. The OIG has published compliance program guidance for hospitals, clinical laboratories, physician practices, home health agencies, and other healthcare provider organizations.

CIAs have a number of common elements, and always include requirements to:

Hire a compliance officer/appoint a compliance committee. The compliance officer is responsible for developing and implementing plans to comply with the terms of the corporate integrity agreement. This may include creating policies and procedures, training staff, and auditing compliance. The compliance officer is typically also responsible for investigating compliance issues and taking corrective action when necessary.

A compliance committee is a group of individuals who are responsible for ensuring that an organization complies with all applicable laws and regulations. They are typically chaired by an independent member of the organization, and their members may include representatives from different departments. The compliance committee typically meets on a regular basis to review organizational compliance risks and to develop and implement compliance policies and procedures.

Develop written standards and policies. These are intended to cover all aspects of an effective compliance program. Sample high-level topics for inclusion are …

  • the commitment
  • roles and responsibilities
  • the risk areas
  • periodic training
  • lines of communication
  • enforcing policies
  • auditing and monitoring
  • responding to detected offenses
  • code of conduct
Implement a comprehensive employee training program. To help drive compliant behavior among the staff of organizations wishing to comply with their own compliance programs, having a comprehensive employee training program is key. This is typically included in all new-hire training, as well as periodically updated training annually or more often.
Retain an independent review organization to conduct annual (or more frequent) reviews. This is an outside organization that will conduct annual reviews (or of some other frequency as directed in the CIA) of the provider’s work and adherence to applicable laws and regulations. This is discussed at more length below.
Establish a confidential disclosure program. This is a mechanism put in place to encourage employees and other stakeholders to report potential wrongdoing within an organization.
Restrict employment of ineligible persons. This refers to sanctions screening of individuals who may be excluded by federal or state agencies.
Report overpayments, reportable events, and ongoing investigations/legal proceedings. This is pretty much what it sounds like—essentially complying with existing law and disclosing any reportable events as required. According to the OIG, reportable events include “… a substantial overpayment, a matter that a reasonable person would consider a probable violation of criminal, civil, or administrative laws applicable to any Federal health care program for which penalties or exclusion may be authorized; and the employment of or contracting with an excluded individual. Matters disclosed to the OIG as a Reportable Event may implicate OIG’s Civil Monetary Penalty authorities.”
Provide an implementation report and annual reports to OIG on the status of the healthcare provider’s compliance activities. CIAs often, but not always, have a term of five years. Providers must make an initial report to the OIG on implementation and training within ninety days after the start date of the CIA. They must also make annual reports on the activities required by the CIA. The annual reports must include reports based on annual reviews from other entities the provider must hire, such as an Independent Review Oganization (IRO).

A subset of CIAs involving claims issues are called Integrity Agreements (IA). These agreements have often a term of three years and involve quarterly reports from the IRO instead of annual reports.


Your OIG Corporate Integrity Agreement and an Independent Review Organization

All Corporate Integrity Agreements (CIA or IA) require the healthcare provider to find and retain an IRO.

  • An IRO (Independent Review Organization) for a claims review must have staff members qualified in medical record coding and billing. The IRO for a physician practice may also be required to have the expertise of a physician or other licensed provider of the same specialty. The physician from the IRO then reviews claims and medical records to establish the medical necessity of the service provided.
  • An IRO for an arrangements review must have expertise in areas like the Stark Law and the Anti-kickback Statute.
  • The IRO staff does not have to be an attorney but must have relevant experience in physician compensation arrangements and designated health services.
  • An IRO for a clinical services issue must have staff who have experience and expertise in the clinical area specified for review.


Selecting the Required IRO

The healthcare provider must find and retain an Independent Review Organization (IRO) within 60 to 90 days after the execution of the CIA. The actual services of the IRO may not be needed for at least three months after the execution of the CIA (in the case of an Integrity Agreement) or for twelve months for a CIA. However,  The IRO must have the qualifications listed in the CIA. The IRO must also be truly independent. Your IRO cannot be currently employed or contracted with the healthcare provider. It cannot have a current or previous relationship with the healthcare provider or any of its owners, officers, or board members.

For more information on how to select an IRO, please download a free copy of our checklist. It will answer often-asked questions and more, making it a helpful resource while contemplating this important decision which will have a significant impact on your organization for many years.

When you need proven expertise and performance

Jim Hook, MPH

Mr. James D. Hook has over 30 years of healthcare executive management and consulting experience in medical groups, hospitals, IPA’s, MSO’s, and other healthcare organizations.