Frequently Asked Questions: Corporate Integrity Agreements

An Integrity Agreement (IA) is like a Corporate Integrity Agreement (CIA) but with fewer requirements.  It outlines obligations to which an individual practitioner, small group practice, or small provider agree as part of a civil settlement.  

The DHHS OIG sometimes negotiates a CCA with health care entities, in lieu of a comprehensive CIA. The terms of a CCA includes agreeing to a Declaration related to their compliance program.  

The OIG includes breach and default provisions in the CIA for imposing monetary penalties (referred to as stipulated penalties) for the failure to comply with certain obligations set forth in the CIA. In addition, a material breach of the CIA constitutes an independent basis for the provider’s exclusion from participation in the Federal health care programs. 

In recent years, OIG CIAs include requirements that governing board members to certify and attest to compliance with the terms, including that the Compliance Program is operating effectively.  To ensure that they attend to the responsibility, board are required to engage an external compliance expert to review the effectiveness of the compliance program.  

An IRO is an essential component of a Corporate Integrity Agreement (CIA) with the OIG that require engagement that annual review of compliance with the terms of the settlement by a qualified, outside third-party, known as an Independent Review Organization (IRO).  

IROs can be a consulting, accounting, or law firm.  Determining the type of organization needed for an IRO depends on the scope of work inclusive in the CIA, such as having various qualified specialists (e.g., certification in billing and coding, physicians, dentists, compliance officers, etc.). 

Experience counts!  Those entering an OIG CIA are trying to settle past violations of law and regulation and can ill afford making a misstep on selection of their IRO, as the consequences of a bad selection can be extremely costly.  As such, the more successful engagements the IRO has had in conducting acceptable work to the OIG, the better.

The entity makes the selection and has 90 days to select a qualified IRO. The appendix attached to the CIA will often specify the qualifications of an IRO. Selecting the wrong IRO can lead to a very painful five years, requiring the entity to expend even more money on personnel dedicated to CIA compliance.  If the OIG has concerns about the quality of the review or the qualifications or independence of the IRO, they may call for retaining a new one. In some cases, substandard IRO result have led to extension of the term of the CIA.  

IROs may be consultants, accounting firms, or law firms that meet the requirement for independence, objectivity and qualifications. This means (a) avoiding any firms that is providing other services that can be viewed as a conflict of interest; (b) decide upon any needed specialized credentials (e.g., certified coders, doctors, statisticians; (c) identifying organizations with extensive experience in conducting this type of work that has been approved by the OIG; (d) checking references with others IRO engagement; (e) conducting interviews with those who would be actually doing  the work (avoid bait and switch) to assess whether they would be a good fit. 

Where a CIA requires an IRO, there are specified duties defined that may include reviewing (a) arrangements with referral sources, (c) claims, (d) cost reports, (e) marketing practices, etc. The IRO would conducti a verification review to ensure compliance by the entity.   

The IRO selected must meet both independent and objective standards published by the Government Accounting Office known as the Yellow Book.  IROs must not perform other work for the organization that interfere with independence and objectivity. 

The OIG not only reviews and questions the reports submitted to them on the work of the IROs, but they will also often verify the entity’s compliance with the CIA term, including site visits.   

The Corporate Integrity Agreement (CIA) will specify the amount of time granted to selecting and reporting the IRO to the OIG.  Most agreements call for this to be done within 60-90 days of the effective date of the CIA. 

An entity under a Corporate Integrity Agreement may change an IRO, however they must notify the Office of the Inspector General (OIG) within 30 days of the change with an explanation as to the reasons for the change.  The OIG can reject the selection of the new IRO within 30 days of the provider’s notice. 

The HHS OIG CIAs to ensure the entity complies with the agreement terms.  The IRO must meet the General Accepted Government Audit Standards (GAGAS) of the General Accountability Office for independence and objectivity.  Those considered for IRO should possess the credentials and experience defined in the DIA.  For example, where claims statistical sampling is involved, the IRO should be qualified and experienced in employing the OIG RAT-STATS methodology.  It is important to select a firm extensively experienced in meeting the requirements of the CIA.  

The GAO call for independence and objectivity in conducting operational reviews. CIAs provides call for Independent Review Organization (IRO) to must meet these standards.  In determining what firm should be their IRO, the entity should seek written attestation from prospective firms that they have no conflicts of interest (including other work for the entity) and meet these standards.