Blog Post

Choosing The Right Independent Review Organization

Cornelia Dorfschmid | February 2022

The Department of Health and Human Services Office of Inspector General (OIG) negotiates Corporate Integrity Agreements (CIAs) with health care providers and other entities as part of settling Federal health care program investigations arising under a variety of civil false claims statutes. The Appendix of a CIA typically includes a requirement for an outside party, called an Independent Review Organization (IRO), to review certain risk areas (e.g., arrangements with providers, off-label use of drugs, inappropriate billing of claims, marketing practices, etc.) to ensure continuing compliance.

The OIG does not select the IRO for the organization.  Dr. Cornelia Dorfschmid, a consultant with over 25 years’ experience in healthcare compliance and has managed numerous IRO engagements over the past 12 years, makes the point that selecting an IRO is the organization’s responsibility. How the organization handles that selection is critical. Any problems the OIG finds with the IRO will reflect badly on the organization and could aggravate matters. 

An organization generally has 90 days to choose an IRO once an agreement is signed. An IRO can be a consulting, accounting, or law firm.  The key to determining the right party to be an IRO depends on the scope of work and requirements outlined in the CIA.

Here are twelve tips to consider in finding the IRO that best meets your specific needs:

  1. Begin the search process in advance of executing the CIA to avoid rushing the process of finding and securing one within 90-days of agreement.
  2. Ensure the IRO scope of work executed in the CIA is fully defined and clear. If it is not clear, the compliance officer should seek clarification from the assigned OIG Monitor.  
  3. Consider firms that have successfully served as an IRO on many occasions.  The more experience, the better, in that it helps to ensure meeting deadlines, solid reporting and credibility with the OIG. 
  4. Seek references of past IRO services to learn whether work was performed professionally, competently, timely, and was acceptable to the OIG. 
  5. Ensure expertise in the specific areas within the scope of work under the CIA, as lack of it can lead to difficulties meeting the obligations and create credibility problems with the OIG.
  6. Avoid a “bait and switch” wherein the individuals negotiating are quickly switched to lesser qualified individuals to perform the work.  Insist on the identity of the key persons who would be assigned to the engagement, along with their personal qualifications.  Know your engagement team up front.
  7. Fully debrief those being considered about their experience, methods, and processes for conducting their reviews.
  8. Ensure the engagement team does not have any personal or family relationship with the organization under CIA.
  9. The OIG requires the IRO to be free of any conflict of interest that could impair independence and objectivity, as a result of current or past work with the organization. Firms being considered must be able to attest to independence and objectivity standards.
  10. Have the firm certify in writing they will meet the most recent Government Auditing Standards issued by the U.S. General Accountability Office (GAO) for independence and objectivity in conducting IRO reviews, as called for by the OIG.  
  11. Ask for evidence of multi-million-dollar liability insurance.
  12. Consider costs right alongside experience, professionalism, project management and planning, and industry knowledge.  “Watch out” for up-charging. And remember, you may just get what you pay for.

For more information on this topic, contact Dr. Cornelia Dorfschmid at cdorfschmid@strategicm.com.

About the Author

Dr. Cornelia M. Dorfschmid has over 25 years of private and government sector experience in health care compliance consulting, the majority of which was in management and executive capacities. She is a recognized expert in the areas of claims auditing, overpayment analysis and risk management and corporate health care compliance.

Subscribe to blog