To a compliance officer, the words “corporate integrity agreement” (CIA) can send a chill up and down the spine. When you look at the true meaning and goal of a CIA though, you can see that its intent is not punitive, but instead a road map to make a healthcare organization more compliant. There is no doubt that it remains one of the most powerful weapons in the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) toolkit to resolve and monitor for compliance.
Purpose and Intent of a CIA
The purpose of a CIA is to improve the quality of healthcare and promote compliance with healthcare regulations; they are not meant to instill punishment, but instead to drive compliant behavior and set minimum standards for which a healthcare provider/entity should be held accountable. An organization wishing to settle a government investigation is not guaranteed the option of a CIA and settlement; rather, it is at the discretion of the OIG whether to agree to such an arrangement.
A CIA is typically entered into in conjunction with a civil settlement between the U.S. government and a healthcare provider/entity arising under the False Claims Act, or when an organization has been found guilty of defrauding the Centers for Medicare & Medicaid Services (CMS) (Medicare, Medicaid, CHIP, TRICARE, etc.) or any other federal healthcare program. The CIA is negotiated as well as monitored through the Office of Counsel to the HHS OIG. The agreements are designed to mirror the federal sentencing guidelines established in 1995 while also reflecting the individual scope and size of the provider and the specific allegations that gave rise to the CIA.
A CIA allows such providers/entities to continue participating in federal healthcare programs. According to the OIG website, the OIG enters into CIAs and integrity agreements (IAs) with healthcare providers and other entities as part of the settlement of federal healthcare program investigations arising under a variety of civil false claims statutes. The breach of a CIA/IA and default provisions allow the OIG to impose certain monetary penalties (referred to as stipulated penalties) for failure to comply with certain obligations outlined in the CIA/IA. In addition, a material breach of the CIA/IA constitutes an independent basis for the provider’s exclusion from participation in federal healthcare programs.
Interesting facts about CIAs
The first CIA was executed by the HHS OIG in 1994. Earlier CIAs concentrated more on training and certifying attendance by employees of the OIG. Over the next decade, the OIG began to add “integrity” provisions that required the provider/entity to establish an effective compliance program that mirrored the practices outlined in the federal sentencing guidelines. The guidelines required seven steps to provide a minimum level of compliance. In addition, the OIG added requirements allowing inspection and review of compliance programs, plus requiring annual reporting from the provider/entity to the OIG regarding their CIA compliance efforts.
From 2013-2016, the OIG (according to its website) entered into 329 CIAs/IAs with providers and/or entities:
2012 – 54
2013 – 51
2014 – 87
2015 – 88
2016 – 49
In recent years, the OIG has issued quality-of-care CIAs, particularly related to long-term care companies. These types of CIAs focus on cases for which the provider was alleged to have provided essentially no care or insufficient care, resulting in what the OIG terms “worthless service.”
The OIG has also stipulated penalties for non-compliance, which includes fines/sanctions as well as excluding a provider/entity.
Typical Components of a CIA
A CIA specifically outlines compliance requirements that a provider or entity must implement, follow, and be held accountable for during the term of the CIA. The CIA is in effect for a defined term, typically five years. Although most of the CIAs contain common elements, each is tailored to address certain facts surrounding a case and may incorporate parts of a preexisting compliance program.
A CIA also contains penalties for non-compliance that can be imposed on a per-day basis if the organization fails to comply with the CIA requirements. Certain violations are considered a “material breach” of the CIA, such as failure to engage and use an independent review organization (IRO) and/or repeated violations of CIA obligations.
The core sections of a CIA typically include:
The OIG will negotiate specific and relevant sections that are unique to each situation and will make the organization more compliant going forward.
New Provisions in CIAs
In previous versions of a CIA, each organization would have to complete an annual report to the OIG that outlines numerous CIA-related activities completed throughout the year. As part of the submission, the chief compliance officer and chief executive or chief financial officer would have to attest/certify to the accuracy of the report.
In the new CIAs, there has been a drastic change in that they now require management certifications. This requirement represents a significant effort, and in my opinion, provides a clear message from the OIG that compliance isn’t just the responsibility of the compliance department. In this new element, it requires management at all levels (such as corporate, area, region, division, and district leaders) to not only certify their commitment to compliance, but to document how they have promoted compliance within their job responsibilities.
In the new model CIA, an organization is required to conduct a thorough risk assessment on an annual basis. This risk assessment is to be shared with the OIG, and if applicable, with the IRO.
If shared with the IRO, the risk areas will typically be used to determine the general focus for the IRO audit later in the year. There are also a variety of changes in recent CIAs that relate to the IRO audit process, error rates, repayment, etc.
This same risk assessment may also be used to develop a training plan under the new CIAs. This is a change from the previously mandated training element, which was based on the “covered conduct” as defined within the settlement between the organization and the OIG. Under the new CIA, the organization has the ability to recommend a training plan to the OIG for its approval. It no longer defines a set number of hours and topics of training.
Although a new requirement of a compliance expert has been added, not all CIAs will feature this new element. Such an expert comes in and conducts an initial assessment of the compliance program to set a baseline, and then completes further assessments on either an annual or every-other-year basis. This new requirement helps the OIG gather additional, unbiased information on the status of the compliance program.
The OIG’s position on CIAs
At the recent annual Health Care Compliance Association (HCCA) Compliance Institute, the OIG’s emphasis on the need for exclusion monitoring was highlighted again. In the OIG’s eyes, failure to demonstrate effective monthly exclusion monitoring and the lack of documented and effective compliance programs are hallmarks of organizations that find themselves in the OIG hot seat, or worse. The OIG reiterated the importance of having a formalized process in place to monitor pre-hire operations and continuing employment.
The second element is utilization of the self-disclosure protocol. The OIG has indicated that they believe the use of this protocol by a healthcare organization is evidence of an effective compliance program. If you are operating under a CIA, you will have numerous reporting requirements and methods with which to report to the OIG.
Summary
At the recent annual HCCA Compliance Institute, a senior member of the OIG commented that the purpose of a CIA is to protect the integrity of payment of CMS dollars as well as ensure ongoing compliance and oversight of healthcare companies that have reached the OIG radar for alleged fraud-related matters. The OIG reiterated that the goal of a CIA is to help an organization resolve a pending matter and to set in place certain minimum compliance requirements.
The CIA is not put in place just to memorialize the seven elements of an effective compliance plan, without teeth. A positive outcome of a CIA, she stated, “is to teach a provider about self-assessment and good compliance governance.” The speaker referred to this as efficient and effective oversight by the OIG and an IRO.
CIAs are a great resource to compliance officers who are not currently under a government investigation or an impending CIA settlement. A CIA is a roadmap for providers of what the OIG sees as basic requirements of a compliance program.
Take a few minutes every month to check the OIG website to see if any new CIAs may relate to your type of healthcare organization.
The Medicare Advantage (MA) program has grown significantly over the past two decades, becoming a popular alternative to traditional Medicare fee-for-service (FFS). As of 2023,
The Medicare and Medicaid provider auditing process is about to get a makeover in 2025. I am talking about artificial intelligence (AI), which may be
Please log in to your account to comment on this article.
Join Beth Wolf, MD, CPC, CCDS, for an in-depth webcast on the FY2025 spinal fusion MS-DRG updates. Discover key changes in DRG classification, understand impacts on documentation and CMI, and learn strategies to ensure compliance.
Join Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, as she presents effective strategies to strengthen collaboration between CDI, coding, and quality departments in acute care hospitals. Angela will also share guidance on implementing cross-departmental meetings, using shared KPIs, and engaging leadership to foster a culture of collaboration. Attendees will gain actionable tools to optimize documentation accuracy, elevate quality metrics, and drive a unified approach to healthcare goals, ultimately enhancing both patient outcomes and organizational performance.
Optimize your outpatient clinical documentation and gain comprehensive knowledge from foundational practices to advanced technologies, ensuring improved patient care and organizational and financial success. This webcast bundle provides a holistic approach to outpatient CDI, empowering you to implement best practices from the ground up and leverage advanced strategies for superior results. You will gain actionable insights to improve documentation quality, patient care, compliance, and financial outcomes.
Enhancing outpatient clinical documentation is crucial for maintaining accuracy, compliance, and proper reimbursement in today’s complex healthcare environment. This webcast, presented by industry expert Angela Comfort, DBA, RHIA, CDIP, CCS, CCS-P, will provide you with actionable strategies to tackle complex challenges in outpatient documentation. You’ll learn how to craft detailed clinical narratives, utilize advanced EHR features, and implement accurate risk adjustment and HCC coding. The session also covers essential regulatory updates to keep your documentation practices compliant. Join us to gain the tools you need to improve documentation quality, support better patient care, and ensure financial integrity.
Dr. Ronald Hirsch provides critical details on the new Medicare Appeal Process for Status Changes for patients whose status changes during their hospital stay. He also delves into other scenarios of hospital patients receiving custodial care or medically unnecessary services where patient notifications may be needed along with the processes necessary to ensure compliance with state and federal guidance.
Healthcare organizations face complex regulatory requirements under the No Surprises Act and Price Transparency rules. These policies mandate extensive fee disclosures across settings, and confusion is widespread—many hospitals remain unaware they must post every contracted rate. Non-compliance could lead to costly penalties, financial loss, and legal risks. Join David M. Glaser Esq. as he shows you how to navigate these regulations effectively.
Protect your facility from unwanted audits! Join Becky Jacobsen, BSN, RN, MBS, CCS-P, CPC, CPEDC, CBCS, CEMC, and take a deep dive into both the CMS and AMA guidelines for reporting post operative pain blocks. You’ll learn how to determine if the nerve block is separately codable with real life examples for better understanding. Becky will also cover how to evaluate whether documentation supports medical necessity, offer recommendations for stronger documentation practices, and provide guidance on educating providers about documentation requirements. She’ll include a discussion of appropriate modifier and diagnosis coding assignment so that you can be confident that your billing of post operative pain blocks is fully supported and compliant.
During this RACmonitor webcast Dr. Ronald Hirsch spotlights the areas of the OIG’s Work Plan and the findings of their most recent audits that impact utilization review, case management, and audit staff. He also provides his common-sense interpretation of the prevailing regulations related to those target issues. You’ll walk away better equipped with strategies to put in place immediately to reduce your risk of paybacks, increased scrutiny, and criminal penalties.
Copyright © 2024 RACmonitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
