The Chilling Effect of the New CIAs

To a compliance officer, the words “corporate integrity agreement” (CIA) can send a chill up and down the spine. When you look at the true meaning and goal of a CIA though, you can see that its intent is not punitive, but instead a road map to make a healthcare organization more compliant. There is no doubt that it remains one of the most powerful weapons in the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) toolkit to resolve and monitor for compliance.

Purpose and Intent of a CIA

The purpose of a CIA is to improve the quality of healthcare and promote compliance with healthcare regulations; they are not meant to instill punishment, but instead to drive compliant behavior and set minimum standards for which a healthcare provider/entity should be held accountable. An organization wishing to settle a government investigation is not guaranteed the option of a CIA and settlement; rather, it is at the discretion of the OIG whether to agree to such an arrangement.

A CIA is typically entered into in conjunction with a civil settlement between the U.S. government and a healthcare provider/entity arising under the False Claims Act, or when an organization has been found guilty of defrauding the Centers for Medicare & Medicaid Services (CMS) (Medicare, Medicaid, CHIP, TRICARE, etc.) or any other federal healthcare program. The CIA is negotiated as well as monitored through the Office of Counsel to the HHS OIG. The agreements are designed to mirror the federal sentencing guidelines established in 1995 while also reflecting the individual scope and size of the provider and the specific allegations that gave rise to the CIA.

A CIA allows such providers/entities to continue participating in federal healthcare programs. According to the OIG website, the OIG enters into CIAs and integrity agreements (IAs) with healthcare providers and other entities as part of the settlement of federal healthcare program investigations arising under a variety of civil false claims statutes. The breach of a CIA/IA and default provisions allow the OIG to impose certain monetary penalties (referred to as stipulated penalties) for failure to comply with certain obligations outlined in the CIA/IA. In addition, a material breach of the CIA/IA constitutes an independent basis for the provider’s exclusion from participation in federal healthcare programs.

Interesting facts about CIAs

The first CIA was executed by the HHS OIG in 1994. Earlier CIAs concentrated more on training and certifying attendance by employees of the OIG. Over the next decade, the OIG began to add “integrity” provisions that required the provider/entity to establish an effective compliance program that mirrored the practices outlined in the federal sentencing guidelines. The guidelines required seven steps to provide a minimum level of compliance. In addition, the OIG added requirements allowing inspection and review of compliance programs, plus requiring annual reporting from the provider/entity to the OIG regarding their CIA compliance efforts.

From 2013-2016, the OIG (according to its website) entered into 329 CIAs/IAs with providers and/or entities:

2012 – 54
2013 – 51
2014 – 87
2015 – 88
2016 – 49

In recent years, the OIG has issued quality-of-care CIAs, particularly related to long-term care companies. These types of CIAs focus on cases for which the provider was alleged to have provided essentially no care or insufficient care, resulting in what the OIG terms “worthless service.”

The OIG has also stipulated penalties for non-compliance, which includes fines/sanctions as well as excluding a provider/entity. 

Typical Components of a CIA

A CIA specifically outlines compliance requirements that a provider or entity must implement, follow, and be held accountable for during the term of the CIA. The CIA is in effect for a defined term, typically five years. Although most of the CIAs contain common elements, each is tailored to address certain facts surrounding a case and may incorporate parts of a preexisting compliance program.

A CIA also contains penalties for non-compliance that can be imposed on a per-day basis if the organization fails to comply with the CIA requirements. Certain violations are considered a “material breach” of the CIA, such as failure to engage and use an independent review organization (IRO) and/or repeated violations of CIA obligations.

The core sections of a CIA typically include:

  1. Term and scope
  2. Corporate integrity obligations, which outline many important requirements, such as:
  • Responsibilities of the compliance officer
  • Composition of the compliance committee
  • Board responsibilities
  • Written standards requirements
  • Training requirements
  • IRO or quality monitor requirements
  • Reporting obligations
  1. Successor liability: Changes to business units or locations
  2. Implementation and annual reports
  3. Notification and submission of reports
  4. OIG inspection, audit, and review rights
  5. Document and record retention
  6. Disclosures
  7. Breach and default provisions
  8. Effective and binding agreement

The OIG will negotiate specific and relevant sections that are unique to each situation and will make the organization more compliant going forward.

New Provisions in CIAs

      1. Management Certifications

In previous versions of a CIA, each organization would have to complete an annual report to the OIG that outlines numerous CIA-related activities completed throughout the year. As part of the submission, the chief compliance officer and chief executive or chief financial officer would have to attest/certify to the accuracy of the report.

In the new CIAs, there has been a drastic change in that they now require management certifications. This requirement represents a significant effort, and in my opinion, provides a clear message from the OIG that compliance isn’t just the responsibility of the compliance department. In this new element, it requires management at all levels (such as corporate, area, region, division, and district leaders) to not only certify their commitment to compliance, but to document how they have promoted compliance within their job responsibilities.

      1. Risk assessment process

In the new model CIA, an organization is required to conduct a thorough risk assessment on an annual basis. This risk assessment is to be shared with the OIG, and if applicable, with the IRO.

If shared with the IRO, the risk areas will typically be used to determine the general focus for the IRO audit later in the year. There are also a variety of changes in recent CIAs that relate to the IRO audit process, error rates, repayment, etc.

This same risk assessment may also be used to develop a training plan under the new CIAs. This is a change from the previously mandated training element, which was based on the “covered conduct” as defined within the settlement between the organization and the OIG. Under the new CIA, the organization has the ability to recommend a training plan to the OIG for its approval. It no longer defines a set number of hours and topics of training.

      1. Compliance experts

Although a new requirement of a compliance expert has been added, not all CIAs will feature this new element. Such an expert comes in and conducts an initial assessment of the compliance program to set a baseline, and then completes further assessments on either an annual or every-other-year basis. This new requirement helps the OIG gather additional, unbiased information on the status of the compliance program.

The OIG’s position on CIAs

At the recent annual Health Care Compliance Association (HCCA) Compliance Institute, the OIG’s emphasis on the need for exclusion monitoring was highlighted again. In the OIG’s eyes, failure to demonstrate effective monthly exclusion monitoring and the lack of documented and effective compliance programs are hallmarks of organizations that find themselves in the OIG hot seat, or worse. The OIG reiterated the importance of having a formalized process in place to monitor pre-hire operations and continuing employment.

The second element is utilization of the self-disclosure protocol. The OIG has indicated that they believe the use of this protocol by a healthcare organization is evidence of an effective compliance program. If you are operating under a CIA, you will have numerous reporting requirements and methods with which to report to the OIG.

Summary

At the recent annual HCCA Compliance Institute, a senior member of the OIG commented that the purpose of a CIA is to protect the integrity of payment of CMS dollars as well as ensure ongoing compliance and oversight of healthcare companies that have reached the OIG radar for alleged fraud-related matters. The OIG reiterated that the goal of a CIA is to help an organization resolve a pending matter and to set in place certain minimum compliance requirements.

The CIA is not put in place just to memorialize the seven elements of an effective compliance plan, without teeth. A positive outcome of a CIA, she stated, “is to teach a provider about self-assessment and good compliance governance.” The speaker referred to this as efficient and effective oversight by the OIG and an IRO.

CIAs are a great resource to compliance officers who are not currently under a government investigation or an impending CIA settlement. A CIA is a roadmap for providers of what the OIG sees as basic requirements of a compliance program.

Take a few minutes every month to check the OIG website to see if any new CIAs may relate to your type of healthcare organization.

Facebook
Twitter
LinkedIn

Michael Rosen, Esq.

Michael Rosen brings more than 20 years of experience in founding and leading service-oriented businesses. He co-founded Background America, Inc., which was acquired by Kroll Inc. He was promoted to president of the Background Screening Division, which employed 1,000 people in seven countries. He is now the co-founder of ProviderTrust, Inc. a national healthcare compliance service that helps facilities stay in compliance. He has received numerous accolades, including the Inc. Magazine 500 Award, Nashville Chamber of Commerce Small Business of the Year award, and the Music City Future 50 Award.

Related Stories

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Decoding 2025 OPPS Charge Capture and Coding Complexities: Strategies for Success

Decoding 2025 OPPS Charge Capture and Coding Complexities: Strategies for Success

Prepare your organization for the 2025 OPPS updates with expert insights from Tiffani Bouchard, CCS, CRCR, a Revenue Integrity Professional with over 30 years of experience. This webcast will address critical challenges in charge capture and coding, providing clarity on APC policies, C-APC packaging, exclusions, and payer-specific requirements. Attendees will learn actionable strategies to ensure compliance, optimize reimbursement, and mitigate risks of claim denials. Gain the knowledge needed to implement updates effectively, educate your team, and maintain seamless revenue cycle operations in the face of evolving OPPS complexities.

January 29, 2025
Enhancing Outcomes with CDI-Coding-Quality Collaboration in Acute Care Hospitals

Enhancing Outcomes with CDI-Coding-Quality Collaboration in Acute Care Hospitals

Join Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, as she presents effective strategies to strengthen collaboration between CDI, coding, and quality departments in acute care hospitals. Angela will also share guidance on implementing cross-departmental meetings, using shared KPIs, and engaging leadership to foster a culture of collaboration. Attendees will gain actionable tools to optimize documentation accuracy, elevate quality metrics, and drive a unified approach to healthcare goals, ultimately enhancing both patient outcomes and organizational performance.

November 21, 2024
Comprehensive Inpatient Clinical Documentation Integrity: From Foundations to Advanced Strategies

Comprehensive Outpatient Clinical Documentation Integrity: From Foundations to Advanced Strategies

Optimize your outpatient clinical documentation and gain comprehensive knowledge from foundational practices to advanced technologies, ensuring improved patient care and organizational and financial success. This webcast bundle provides a holistic approach to outpatient CDI, empowering you to implement best practices from the ground up and leverage advanced strategies for superior results. You will gain actionable insights to improve documentation quality, patient care, compliance, and financial outcomes.

September 5, 2024

Trending News

Featured Webcasts

Navigating the 2025 Medicare Physician Fee Schedule: Key Changes and Strategies for Success

Navigating the 2025 Medicare Physician Fee Schedule: Key Changes and Strategies for Success

The 2025 Medicare Physician Fee Schedule brings significant changes to payment rates, coverage, and coding for physician services, impacting practices nationwide. Join Stanley Nachimson, MS., as he provides a comprehensive guide to understanding these updates, offering actionable insights on new Medicare-covered services, revised coding rules, and payment policies effective January 1. Learn how to adapt your practices to maintain compliance, maximize reimbursement, and plan for revenue in 2025. Whether you’re a physician, coder, or financial staff member, this session equips you with the tools to navigate Medicare’s evolving requirements confidently and efficiently.

January 21, 2025
Patient Notifications and Rights: What You Need to Know

Patient Notifications and Rights: What You Need to Know

Dr. Ronald Hirsch provides critical details on the new Medicare Appeal Process for Status Changes for patients whose status changes during their hospital stay. He also delves into other scenarios of hospital patients receiving custodial care or medically unnecessary services where patient notifications may be needed along with the processes necessary to ensure compliance with state and federal guidance.

December 5, 2024
Navigating the No Surprises Act & Price Transparency: Essential Insights for Compliance

Navigating the No Surprises Act & Price Transparency: Essential Insights for Compliance

Healthcare organizations face complex regulatory requirements under the No Surprises Act and Price Transparency rules. These policies mandate extensive fee disclosures across settings, and confusion is widespread—many hospitals remain unaware they must post every contracted rate. Non-compliance could lead to costly penalties, financial loss, and legal risks.  Join David M. Glaser Esq. as he shows you how to navigate these regulations effectively.

November 19, 2024
Post Operative Pain Blocks: Guidelines, Documentation, and Billing to Protect Your Facility

Post Operative Pain Blocks: Guidelines, Documentation, and Billing to Protect Your Facility

Protect your facility from unwanted audits! Join Becky Jacobsen, BSN, RN, MBS, CCS-P, CPC, CPEDC, CBCS, CEMC, and take a deep dive into both the CMS and AMA guidelines for reporting post operative pain blocks. You’ll learn how to determine if the nerve block is separately codable with real life examples for better understanding. Becky will also cover how to evaluate whether documentation supports medical necessity, offer recommendations for stronger documentation practices, and provide guidance on educating providers about documentation requirements. She’ll include a discussion of appropriate modifier and diagnosis coding assignment so that you can be confident that your billing of post operative pain blocks is fully supported and compliant.

October 24, 2024

Trending News

Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →

CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24