I. INTRODUCTION

A. The Office of Inspector General (OIG) began to include Corporate Integrity Agreements (CIAs) in the government’s civil settlements of healthcare fraud cases about five or six years ago.

B. Today such agreements have become the norm in the settlement of cases involving allegations of false claims or other wrongdoing for which the OIG has authority to exclude.

C. In fact, the legal basis relied upon by the OIG for imposing a CIA is that it is a substitute for exclusion. The theory is that without the CIA, the OIG would not be able to trust the provider to participate in the federal healthcare programs, and, but for the CIA, the OIG’s only recourse under such circumstances is exclusion.

D. The OIG has now entered over 400 corporate integrity agreements with virtually all types of healthcare providers. The overwhelming majority of these have been executed within the past couple of years.

E. These CIAs cover virtually every type of provider, including hospitals, ambulance services, clinical laboratories, home healthcare agencies, hospices, pharmacies, physician offices, billing services, and nursing homes.

II. DIFFERENCES BETWEEN COMPLIANCE PROGRAMS AND CORPORATE INTEGRITY AGREEMENTS

A. One is Voluntary/The other is Mandatory

1. Compliance Program

a. There is no law that requires health care providers to have a compliance program, although the idea of such a requirement has been considered.

b. However, HCFA has begun to impose requirement by regulation. For example, the Medicare + Choice regulations published in 1998 specify that to be a Medicare + Choice contractor, the organization must have a compliance plan.

2. CIA

a. Obviously, where the OIG conditions a settlement and release from exclusion on a CIA, a health care provider really does not have the option to say no.

B. Structure

1. Compliance Program

a. Other than the need to meet U.S. Sentencing Guidelines, the heathcare provider has discretion.

2. CIA

a. Imposed by the OIG following negotiation with the health care provider.

b. Although the U.S. Sentencing Guidelines are the foundation for CIA’s, the trend has been for them to grow longer, more expansive and more detailed as the OIG has developed experience with them.

C. Training

1. Compliance Program

a. There must be training; but how much and how often is left to the discretion of provider.

2. CIA

a. Must meet standards imposed by OIG regarding topics to be covered and number of hours.

b. The OIG may then specify different types of training and subject matter to cover for different categories of employees. The training obligation may even extend beyond employees to certain independent contractors such as medical directors.

D. Policies

1. Compliance Program

a. There must be written policies and procedures, but their content is in the discretion of the provider.

2. CIA

a. The OIG prescribes certain specific policies and procedures – they are getting increasingly detailed and inclusive. At a minimum they address the conduct that was investigated and was the basis for the settlement.

E. Auditing

1. Compliance Program

a. There must be auditing, which can be conducted by internal staff auditors or an independent contractor.

2. CIA

a. Must be performed by an independent review organization (IRO) based upon auditing protocols and plans established by the OIG.

F. Reporting to OIG

1. Compliance Program

a. Generally, the only implicit or explicit requirement is to refund overpayments and make voluntary disclosures of fraud.

b. Note that the Medicare + Choice regulations require plans to provide for reporting credible information of violations of law by the organization to HCFA and the OIG.

2. CIA

a. Requires an annual IRO report and an annual compliance report; site visits by OIG to review efficacy of the CIA program and confirm the integrity of the annual reports. When there is any doubt regarding the reliability of the IRO audits, the OIG can require additional auditing at company expense.

b. CIAs often contain a variety of other items of information that must be conveyed to the OIG. There must also be reports of substantial overpayments and potential violations of law. The OIG may also require reports of new acquisitions or new business sites.

G. Penalties

1. Compliance Program

a. Obvious, there are no penalties for failure to adhere to one’s compliance plan.

2. CIA

a. Penalties for healthcare provider that fails to adhere to CIA: a series of “per diem” fines typically ranging from $1,000 to $2,500 per day, depending upon seriousness of deficiency. Ultimately, exclusion.

III. NEGOTIATING A CIA

A. Negotiate from a position of strength – that means have a well-established corporate compliance program with a proven track record.

1. Have a compliance officer with clout among senior management.

a. This is not a clerical or entry level position.

b. This person must be able to deal effectively with the CEO, CFO, and General Counsel, as well as the billing office staff and sales staff.

2. Have a well-thought-through Code of Conduct; with evidence that it is properly disseminated to all employees and the company emphasizes the importance of compliance.

3. Have a structured training program with written evidence that every employee receives initial training and annual retraining.

4. Have written policies and procedures compiled in a way so that they can easily be shared with the OIG.

5. Have evidence of an annual self-auditing plan and evidence that overpayments are routinely refunded.

B. Know the issues that lend themselves to a negotiated resolution

1. The content of the training program the company will be required to conduct for all employees and the deadline for conducting that training.

a. Negotiate the minimum number of hours that make sense for all employees, or for classes of employees.

b. Ask the OIG to be realistic. Medical directors of a nursing home chain will not sit through the same length or type of program as billing staff.

c. You should also be realistic. While short basic training with respect to compliance and the CIA may be sufficient for certain employees, the OIG will insist that those who work in vulnerable areas, such as billing, marketing or medical documentation require more.

2. The organizational location within the company of the compliance function and the identification of the personnel who will be responsible, including matters such as who the Compliance Officer reports to, who sits on the Compliance Committee, whether there is a separate Auditing Committee, and how frequently reports are generated for company management on compliance issues.

a. This is an area where the OIG will likely be flexible as long as the Compliance Officer is a senior executive, senior managers are part of the compliance process and there is an infrastructure in place to support the activities required under the CIA.

3. The regulatory standards and company practices that will be memorialized in the CIA.

a. Needless to say, the OIG is most concerned with accurate coding, medical necessity and aggressive marketing that either generates unnecessary care or includes conduct prohibited by the kickback law.

b. Accept these concerns and work with the OIG to develop standards:

(1) Make sure that the standards parallel laws and regulations, but do not impose additional requirements significantly more burdensome than the rules that apply to your competitors in the industry;

(2) Make sure that the standards are realistic. For example, the OIG may rightfully be concerned about allowing Medicare to pay for unnecessary care. But if you are a supplier and do not control the ordering physicians, you should not permit yourself to become the guarantor of what they order. If you do, their ordering patterns may result in you being excluded under the CIA.

4. Actions that must be taken by the company to make systemic changes in areas that the OIG believes led to the wrongdoing.

a. The OIG has a right to expect that anything that led to the wrongdoing be addressed.

b. However, as I already indicated, the standards should be consistent with laws and regulations and should not be based on unrealistic expectations, since any failure to conform to the requirements in the CIA can result in fines and exclusion based on the OIG’s contractual remedies in the CIA.

5. The topics or issues that will be addressed by periodic auditing; and the standards for auditing.

a. The OIG is guided by its perception of the wrongdoing that occurred and by areas of potential fraud, waste and abuse it learned about from its experiences with the industry.

b. Obviously, the OIG would be most reassured if everything was audited, while an organization needs to be concerned with cost.

c. There is room for negotiation to find the comfortable middle ground.

d. It is good to retain a potential or prospective IRO to work with you on this part of the CIA negotiation. Including an auditor on your side during negotiations helps the OIG to focus on cost and how to get the most auditing value for the dollar.

e. Furthermore, a detailed audit workplan, included as part of the CIA, avoids disagreements about auditing methodologies when the IRO results are submitted to the OIG following the first year of the CIA.

6. Whether an independent review organization must be hired to perform audits.

a. The requirement of auditing by an outside entity has become the norm. However, this is another way to save auditing dollars and build an internal auditing team to take over when the CIA expires. You should try to build into the CIA a gradual transfer of responsibility from the outside IRO to inside staff.

7. The extent to which records must be maintained documenting various activities under the CIA.

8. The length of time during which each type of compliance-related document must be maintained.

9. The types of information generated by the company that must be reported to the OIG and time frames for submitting this information.

10. The types of failings by the company that will trigger application of
the stipulated penalties and the size of the penalties.

11. The dispute resolution process.

12. Agreements may also address:

a. issues relating to the liability under the CIA of successors in interest;

b. the extent to which the OIG must be notified in advance regarding the sale or closing of a company facility;

c. the extent to which the CIA explicitly protects the attorney-client privilege and how that privilege relates to information and disclosures that must be provided to the OIG under the CIA;

d. the extent to which information provided to the OIG, such as confidential business information, is explicitly protected from subsequent disclosure by the OIG, and;

e. the extent to which the CIA, or parts of it, will be applicable to affiliates and contractors.

C. A corollary to the above is to know what is not negotiable, and don’t waste your time with it.

1. The non-negotiables are likely to vary somewhat from case-to-case. So I would be doing a disservice to list specific items, because you never know.

2. It is important to test the OIG’s flexibility early in the process regarding issues important to you to determine where you can make the most progress.

3. Some overarching principles do seem beyond negotiation:

a. The requirements relating to the basic structure of a compliance plan – a compliance officer, a training program with specific requirements, a hotline or other form of employee whistleblowing mechanism; written policies and procedures that include standards relating to the conduct that is the basis of the settlement.

b. An independent review organization to perform or oversee the auditing responsibility.

c. Reports to the OIG.

d. Per diem penalty for violations of the CIA.

II. Finally consider CIAs as a partnership with the OIG.

A. The degree of involvement of the OIG regarding how you comply with federal program regulations and with the CIA essentially makes the OIG a partner in your business.

1. In fact, the OIG is a fairly significant partner, with an array of penalty provisions to prove its point.

2. As with any partnership, the organization runs more smoothly when partners cooperate and trust each other, rather than feud and be suspicious.

B. The emphasis, therefore, even during the negotiation process should be on building trust.

1. Bring the Compliance Officer to CIA negotiation sessions.

2. Volunteer documents to the OIG to show the effectiveness of the current compliance program.

3. If you don’t like an OIG provision, try to figure out or find out from the OIG what their objective is, and see if there is another way to achieve it.

4. Make sure that whoever represents the company in the CIA negotiation process is familiar with the company infrastructure; its current policies and procedures; the rules and regulations that apply to the company’s business; and how the industry of which the company is a part does business.

a. This is extremely important, as the CIA provisions relating to policies and procedures become more elaborate.

b. Not only does a knowledgeable person help to keep the OIG’s expectations realistic, but it is also an opportunity to educate the OIG representative regarding the industry and the detailed regulations that already apply.

c. I personally believe this educational process not only results in a better CIA, but contributes to the building of trust.

5. In other words, the negotiation process should be an opportunity for you to learn first hand what are the OIG’s concerns and to educate the OIG regarding how those concerns can be addressed most efficiently and effectively.

C. Remember – The relationship with the OIG does not end with a signed CIA. Rather the CIA is merely the foundation, now in a formal contract, on which a long-term relationship with the OIG will be built.

I. INTRODUCTION

A. The Office of Inspector General (OIG) began to include Corporate Integrity Agreements (CIAs) in the government’s civil settlements of healthcare fraud cases about five or six years ago.

B. Today such agreements have become the norm in the settlement of cases involving allegations of false claims or other wrongdoing for which the OIG has authority to exclude.

D. The OIG has now entered over 400 corporate integrity agreements with virtually all types of healthcare providers. The overwhelming majority of these have been executed within the past couple of years.

E. These CIAs cover virtually every type of provider, including hospitals, ambulance services, clinical laboratories, home healthcare agencies, hospices, pharmacies, physician offices, billing services, and nursing homes.

II. DIFFERENCES BETWEEN COMPLIANCE PROGRAMS AND CORPORATE INTEGRITY AGREEMENTS

A. One is Voluntary/The other is Mandatory

III. NEGOTIATING A CIA

A. Negotiate from a position of strength – that means have a well-established corporate compliance program with a proven track record.

1. Have a compliance officer with clout among senior management.

a. This is not a clerical or entry level position.

b. This person must be able to deal effectively with the CEO, CFO, and General Counsel, as well as the billing office staff and sales staff.

2. Have a well-thought-through Code of Conduct; with evidence that it is properly disseminated to all employees and the company emphasizes the importance of compliance.

3. Have a structured training program with written evidence that every employee receives initial training and annual retraining.

4. Have written policies and procedures compiled in a way so that they can easily be shared with the OIG.

5. Have evidence of an annual self-auditing plan and evidence that overpayments are routinely refunded.

B. Know the issues that lend themselves to a negotiated resolution

1. The content of the training program the company will be required to conduct for all employees and the deadline for conducting that training.

a. Negotiate the minimum number of hours that make sense for all employees, or for classes of employees.

b. Ask the OIG to be realistic. Medical directors of a nursing home chain will not sit through the same length or type of program as billing staff.

c. You should also be realistic. While short basic training with respect to compliance and the CIA may be sufficient for certain employees, the OIG will insist that those who work in vulnerable areas, such as billing, marketing or medical documentation require more.

a. This is an area where the OIG will likely be flexible as long as the Compliance Officer is a senior executive, senior managers are part of the compliance process and there is an infrastructure in place to support the activities required under the CIA.

3. The regulatory standards and company practices that will be memorialized in the CIA.

a. Needless to say, the OIG is most concerned with accurate coding, medical necessity and aggressive marketing that either generates unnecessary care or includes conduct prohibited by the kickback law.

b. Accept these concerns and work with the OIG to develop standards:

(1) Make sure that the standards parallel laws and regulations, but do not impose additional requirements significantly more burdensome than the rules that apply to your competitors in the industry;

4. Actions that must be taken by the company to make systemic changes in areas that the OIG believes led to the wrongdoing.

a. The OIG has a right to expect that anything that led to the wrongdoing be addressed.

b. However, as I already indicated, the standards should be consistent with laws and regulations and should not be based on unrealistic expectations, since any failure to conform to the requirements in the CIA can result in fines and exclusion based on the OIG’s contractual remedies in the CIA.

5. The topics or issues that will be addressed by periodic auditing; and the standards for auditing.

a. The OIG is guided by its perception of the wrongdoing that occurred and by areas of potential fraud, waste and abuse it learned about from its experiences with the industry.

b. Obviously, the OIG would be most reassured if everything was audited, while an organization needs to be concerned with cost.

c. There is room for negotiation to find the comfortable middle ground.

d. It is good to retain a potential or prospective IRO to work with you on this part of the CIA negotiation. Including an auditor on your side during negotiations helps the OIG to focus on cost and how to get the most auditing value for the dollar.

e. Furthermore, a detailed audit workplan, included as part of the CIA, avoids disagreements about auditing methodologies when the IRO results are submitted to the OIG following the first year of the CIA.

6. Whether an independent review organization must be hired to perform audits.

7. The extent to which records must be maintained documenting various activities under the CIA.

8. The length of time during which each type of compliance-related document must be maintained.

9. The types of information generated by the company that must be reported to the OIG and time frames for submitting this information.

10. The types of failings by the company that will trigger application of the stipulated penalties and the size of the penalties.

11. The dispute resolution process.

12. Agreements may also address:

a. issues relating to the liability under the CIA of successors in interest;

b. the extent to which the OIG must be notified in advance regarding the sale or closing of a company facility;

c. the extent to which the CIA explicitly protects the attorney-client privilege and how that privilege relates to information and disclosures that must be provided to the OIG under the CIA;

d. the extent to which information provided to the OIG, such as confidential business information, is explicitly protected from subsequent disclosure by the OIG, and;

e. the extent to which the CIA, or parts of it, will be applicable to affiliates and contractors.

C. A corollary to the above is to know what is not negotiable, and don’t waste your time with it.

1. The non-negotiables are likely to vary somewhat from case-to-case. So I would be doing a disservice to list specific items, because you never know.

2. It is important to test the OIG’s flexibility early in the process regarding issues important to you to determine where you can make the most progress.

3. Some overarching principles do seem beyond negotiation:

b. An independent review organization to perform or oversee the auditing responsibility.

c. Reports to the OIG.

d. Per diem penalty for violations of the CIA.

II. Finally consider CIAs as a partnership with the OIG.

A. The degree of involvement of the OIG regarding how you comply with federal program regulations and with the CIA essentially makes the OIG a partner in your business.

1. In fact, the OIG is a fairly significant partner, with an array of penalty provisions to prove its point.

2. As with any partnership, the organization runs more smoothly when partners cooperate and trust each other, rather than feud and be suspicious.

B. The emphasis, therefore, even during the negotiation process should be on building trust.

1. Bring the Compliance Officer to CIA negotiation sessions.

2. Volunteer documents to the OIG to show the effectiveness of the current compliance program.

3. If you don’t like an OIG provision, try to figure out or find out from the OIG what their objective is, and see if there is another way to achieve it.

4. Make sure that whoever represents the company in the CIA negotiation process is familiar with the company infrastructure; its current policies and procedures; the rules and regulations that apply to the company’s business; and how the industry of which the company is a part does business.

a. This is extremely important, as the CIA provisions relating to policies and procedures become more elaborate.

b. Not only does a knowledgeable person help to keep the OIG’s expectations realistic, but it is also an opportunity to educate the OIG representative regarding the industry and the detailed regulations that already apply.

c. I personally believe this educational process not only results in a better CIA, but contributes to the building of trust.

5. In other words, the negotiation process should be an opportunity for you to learn first hand what are the OIG’s concerns and to educate the OIG regarding how those concerns can be addressed most efficiently and effectively.

C. Remember – The relationship with the OIG does not end with a signed CIA. Rather the CIA is merely the foundation, now in a formal contract, on which a long-term relationship with the OIG will be built.

10. The types of failings by the company that will trigger application of
the stipulated penalties and the size of the penalties.