Get answers to the most frequently asked questions about Corporate Integrity Agreements (CIAs), an essential component of many healthcare compliance programs.

WHAT IS A CORPORATE INTEGRITY AGREEMENT (CIA)?

A CIA is an agreement executed by a healthcare entity with the HHS OIG, that outlines obligations that must be met in exchange for the OIG not seeking their exclusion from participation in Medicare, Medicaid or other Federal health care programs.  

WHAT ARE AN INTEGRITY AGREEMENTS (IA)?

An Integrity Agreement (IA) is like a Corporate Integrity Agreement (CIA) but with fewer requirements.  It outlines obligations to which an individual practitioner, small group practice, or small provider agree as part of a civil settlement.  

WHAT IS A CERTIFICATON OF COMPLIANCE AGREEMENT (CCA)? 

The DHHS OIG sometimes negotiates a CCA with health care entities, in lieu of a comprehensive CIA. The terms of a CCA includes agreeing to a Declaration related to their compliance program.  

WHAT ARE THE CONSEQUENCES OF NOT MEETING CORPORATE INTEGRITY AGREEMENT TERMS?

The OIG includes breach and default provisions in the CIA for imposing monetary penalties (referred to as stipulated penalties) for the failure to comply with certain obligations set forth in the CIA. In addition, a material breach of the CIA constitutes an independent basis for the provider’s exclusion from participation in the Federal health care programs. 

WHAT ARE BOARD COMPLIANCE MONITORS UNDER A CORPORATE INTEGRITY AGREEMENT (CIA)?

In recent years, OIG CIAs include requirements that governing board members to certify and attest to compliance with the terms, including that the Compliance Program is operating effectively.  To ensure that they attend to the responsibility, board are required to engage an external compliance expert to review the effectiveness of the compliance program.  

WHAT IS AN INDEPENDENT REVIEW ORGANIZATION (IRO)?

An IRO is an essential component of a Corporate Integrity Agreement (CIA) with the OIG that require engagement that annual review of compliance with the terms of the settlement by a qualified, outside third-party, known as an Independent Review Organization (IRO).  

WHO CAN BE AN INDEPENDENT REVIEW ORGANIZATION (IRO)?

IROs can be a consulting, accounting, or law firm.  Determining the type of organization needed for an IRO depends on the scope of work inclusive in the CIA, such as having various qualified specialists (e.g., certification in billing and coding, physicians, dentists, compliance officers, etc.). 

IS IT IMPORTANT TO SELECT AN INDEPENDENT REVIEW ORGANIZATION (IRO) WITH PRIOR EXPERIENCE?

Experience counts!  Those entering an OIG CIA are trying to settle past violations of law and regulation and can ill afford making a misstep on selection of their IRO, as the consequences of a bad selection can be extremely costly.  As such, the more successful engagements the IRO has had in conducting acceptable work to the OIG, the better.

HOW IS AN INDEPENDENT REVIEW ORGANIZATION (IRO) SELECTED?

The entity makes the selection and has 90 days to select a qualified IRO. The appendix attached to the CIA will often specify the qualifications of an IRO. Selecting the wrong IRO can lead to a very painful five years, requiring the entity to expend even more money on personnel dedicated to CIA compliance.  If the OIG has concerns about the quality of the review or the qualifications or independence of the IRO, they may call for retaining a new one. In some cases, substandard IRO result have led to extension of the term of the CIA.  

HOW CAN A QUALIFIED INDEPENDENT REVIEW ORGANIZATION BE IDENTIFIED?

IROs may be consultants, accounting firms, or law firms that meet the requirement for independence, objectivity and qualifications. This means (a) avoiding any firms that is providing other services that can be viewed as a conflict of interest; (b) decide upon any needed specialized credentials (e.g., certified coders, doctors, statisticians; (c) identifying organizations with extensive experience in conducting this type of work that has been approved by the OIG; (d) checking references with others IRO engagement; (e) conducting interviews with those who would be actually doing  the work (avoid bait and switch) to assess whether they would be a good fit. 

WHAT ARE THE DUTIES OF THE INDEPENDENT RERVIEW ORGANIZATION (IRO)?

Where a CIA requires an IRO, there are specified duties defined that may include reviewing (a) arrangements with referral sources, (c) claims, (d) cost reports, (e) marketing practices, etc. The IRO would conducti a verification review to ensure compliance by the entity.   

WHAT STANDARDS MUST AN INDEPENDENT REVIEW ORGANIZATION (IRO) MEET?

The IRO selected must meet both independent and objective standards published by the Government Accounting Office known as the Yellow Book.  IROs must not perform other work for the organization that interfere with independence and objectivity. 

WHAT KIND OF OVERSIGHT DOES THE OIG HAVE OF A CORPORATE INTEGRITY AGREEMENT (CIA)?

The OIG not only reviews and questions the reports submitted to them on the work of the IROs, but they will also often verify the entity’s compliance with the CIA term, including site visits.   

WHAT IS THE TIMING FOR ENGAGING AN INDEPENDENT REVIEW ORGANIZATION (IRO)?

The Corporate Integrity Agreement (CIA) will specify the amount of time granted to selecting and reporting the IRO to the OIG.  Most agreements call for this to be done within 60-90 days of the effective date of the CIA. 

CAN AN ENTITY CHANGE THEIR INDEPENDENT REVIEW ORGANIZATION (IRO)?

An entity under a Corporate Integrity Agreement may change an IRO, however they must notify the Office of the Inspector General (OIG) within 30 days of the change with an explanation as to the reasons for the change.  The OIG can reject the selection of the new IRO within 30 days of the provider’s notice. 

HOW SHOULD AN ENTITY SELECT A QUALIFIED CAN AN ENTITY CHANGE THEIR INDEPENDENT REVIEW ORGANIZATION (IRO)?

The HHS OIG CIAs to ensure the entity complies with the agreement terms.  The IRO must meet the General Accepted Government Audit Standards (GAGAS) of the General Accountability Office for independence and objectivity.  Those considered for IRO should possess the credentials and experience defined in the DIA.  For example, where claims statistical sampling is involved, the IRO should be qualified and experienced in employing the OIG RAT-STATS methodology.  It is important to select a firm extensively experienced in meeting the requirements of the CIA.  

WHAT IS THE GENERAL ACCOUNTABILITY OFFICE (GAO) STANDARDS?

The GAO call for independence and objectivity in conducting operational reviews. CIAs provides call for Independent Review Organization (IRO) to must meet these standards.  In determining what firm should be their IRO, the entity should seek written attestation from prospective firms that they have no conflicts of interest (including other work for the entity) and meet these standards.