When Moving to a Corporate Integrity Agreement, Think Ahead to Avoid Problems Later
Recent high-profile cases involving Corporate Integrity Agreements (CIAs) such as Tuomey Healthcare System and Millennium Health (formerly Millennium Labs) remind us that the Office of Inspector General (OIG) is continuing to enter such agreements at a fairly consistent rate. With over 300 CIAs in force and dozens more added each year, it’s clear that many organizations are moving toward CIA settlements.
Unfortunately, organizations primarily focus on negotiating settlement terms and often give too little thought to what a CIA will mean once it is signed. Organizations expend a great deal of time, effort, and money prior to the settlement, leaving them ill-prepared for what happens after the settlement is signed.
After a CIA is executed, an organization has only 90 days to address any gaps in the compliance program and to engage an IRO. To avoid aggravating problems, proper preparation needs to be underway in an organization while negotiations are still underway with the OIG. First, it is critical to have a qualified Compliance Officer in place to address any deficiencies in the compliance program. Without a Compliance Officer in place, there won’t be much time to find the right person who can both assume responsibility for and bring the compliance program up to standard.
Second, the organization should look immediately for a qualified Independent Review Organization (IRO) to monitor compliance with the terms of the CIA. Finding and selecting a proper IRO is a critical decision process that takes time. Any problems the OIG finds with the IRO will reflect badly on the organization and could aggravate your relationship with the federal government. The fact the OIG has a CIA with an organization allows the OIG to question the organization’s integrity and commitment to compliance. This underlying reservation is driven home by the requirement for an IRO to act as a guarantor that the organization will comply with the terms of the Agreement.
It is entirely up to the entity or provider to determine the most appropriate organization to engage as the IRO. The OIG does not select the IRO, endorse any firms, nor provide advice on how to select one. However, the OIG reserves the right to approve or deny the organization’s choice within 30 days after the OIG receives written notice identifying the IRO. Typically, entities such as consultants, certified public accountant (CPA) firms, and/or law firms are selected.
7 TIPS FOR FINDING THE RIGHT IRO
- Ensure the prospective IRO has no conflicts of interests. This is required by the OIG.
- Look for a firm that has expertise in the specific areas that fall within the scope of work of the CIA. This should not be a learning opportunity for an IRO at the entity’s expense.
- Find a firm that has established a successful track record as an IRO. The more the experience, the better. They will know how to manage reporting effectively and will communicate with both the organization and the OIG in a clear, consistent, and efficacious manner. It is not unreasonable to expect a firm to have served as an IRO a half dozen times or more.
- Seek references from where the prospective IRO served in the past to learn whether they performed their work professionally, competently, reasonably, and charging unreasonably over their estimate.
- Be alert to a “bait and switch,” wherein the people negotiating the IRO engagement on behalf of a firm are quickly replaced with lesser qualified individuals in regards to the actual performance of work. Insist on the specific identity of the key persons assigned to the engagement along with their personal qualifications.
- Fee rates and charges can range considerably and it is important to consider the costs of experience, professionalism, and industry knowledge.
- Only engage a firm that will attest to meeting the Unites States Government Accountability Office’s “Generally Accepted Government Audit Standards” for operational reviews. Operational reviews and financial reviews are dealt with separately in those standards. The OIG requires IROs to meet certain of these standards.