Recently, the OIG modified the provisions and requirements of several corporate integrity agreements (CIA). In addition to having direct impact on those organizations subject to such agreements, these changes also provide insight for health care organizations regarding the OIG’s expectations when assessing whether their own compliance programs meet these enhanced standards.
Integrity Agreements in Brief
As noted on the OIG website, OIG negotiates corporate integrity agreements (CIA) with health care providers and other entities as part of the settlement of Federal health care program investigations arising under a variety of civil false claims statutes. Providers or entities agree to the obligations, and in exchange, OIG agrees not to seek their exclusion from participation in Medicare, Medicaid, or other federal health care programs.
Each CIA sets forth the underlying conduct that resulted in the integrity agreement between the OIG and the healthcare entity. There are also standard requirements typically present in CIA which describe meeting the requirements of a compliance program. As set forth on the OIG website, a comprehensive CIA routinely lasts 5 years and includes requirements to:
- hire a compliance officer/appoint a compliance committee;
- develop written standards and policies;
- implement a comprehensive employee training program;
- retain an independent review organization to conduct annual reviews;
- establish a confidential disclosure program;
- restrict employment of ineligible persons;
- report overpayments, reportable events, and ongoing investigations/legal proceedings; and
- provide an implementation report and annual reports to OIG on the status of the entity’s compliance activities.
CIAs also set forth the consequences for failure to comply with the terms of the agreement, including monetary penalties and exclusion from participation in federal health care programs.
Revised Language in Recent CIAs and IAs
Recently, changes have been noted in some CIAs and IAs that reflect the OIG’s evolving expectations related to compliance program accountability and effectiveness of health care organizations under settlement agreements, as well as giving the OIG additional leverage to assure compliance with these agreements.
- OIG discretion in determining role conflicts for compliance officers. To avoid conflicts between compliance and operational roles, CIAs have historically stated that a compliance officer’s noncompliance responsibilities “shall be limited and must not interfere with the compliance officer’s ability to perform the duties outlined” in the CIA. Some recent CIAs added an element of OIG discretion, instead stating that a “compliance officer shall not have any noncompliance job responsibilities that, in OIG’s discretion, may interfere or conflict” with their ability to perform the duties outlined in the CIA. (Emphasis added).
- Retaining Permissive Exclusion Authority. The OIG will typically release its right to exclude a health care entity (under the OIG’s permissive exclusion authority) in exchange for entering into an IA or CIA. However under a recent case, the OIG took a different approach by instead requiring that the provider satisfactorily complete their IA obligations before providing any release:
Exclusion Liability. In consideration of the obligations of [Provider] in the Civil Settlement Agreement and this IA, and conditioned upon [Provider’s] full payment of the Settlement Amount in the Civil Settlement Agreement, OIG has agreed to permit [Provider] to enter into this IA with OIG in lieu of OIG permissively excluding [Provider] under 42 U.S.C. § 1320a-7(b)(7) based on the conduct described in the Civil Settlement Agreement and the OIG’s Statement of Facts. In the event that OIG determines [Provider] is in Material Breach of this IA, OIG reserves the right to exclude [Provider] under 42 U.S.C. § 1320a-7(b)(7). OIG expressly reserves all rights to comply with any statutory obligations to exclude [Provider] from Medicare, Medicaid, and other Federal health care programs under 42 U.S.C. § 1320a-7(a) (mandatory exclusion)
This same approach – making exclusion release conditional upon meeting the terms of an IA or CIA – has been noted in other recent settlement agreements and represents an enhanced protection against releasing a provider prematurely from the risk of exclusion. - Enhanced Compliance Committee Oversight Responsibilities. CIAs have typically required an entity’s compliance committee to just support the work of the organization’s Compliance Officer in fulfilling the terms of the CIA. However, some recent settlement agreements have shifted direct oversight for certain compliance functions to the compliance committees, including review and oversight of training, policy and procedure reviews and risk assessments. One example of this new language is found in a 2022 CIA:
The Compliance Committee shall be responsible for, among other things, reviewing the policies and procedures at least annually, reviewing the training required at least annually, implementation and oversight of the risk assessment and internal review process, and the development and implementation of the Transition Plan required.
The creation and implementation of a “Transition Plan” is also a recent addition to these agreements. “Transition Plan” means a plan to address whether and how an organization’s compliance program will continue to include the compliance program requirements set forth in the CIA, following the end of the CIA’s term. - Specific Reference to State Medicaid Exclusion Lists. Screening requirements against exclusion lists have been present in CIAs and IAs for some time. However, the definition of “Exclusion Lists” has recently been amended to specifically include publicly available State Medicaid Exclusion lists as well:
Screening Requirements. [Health Care Entity] shall screen all prospective Covered Persons against the Exclusion Lists prior to engaging their services and, as part of the hiring or contracting process, shall require such Covered Persons to disclose whether they are Ineligible Persons.
“Exclusion Lists” means the HHS/OIG List of Excluded Individuals/Entities (LEIE) (available at http://www.oig.hhs.gov) and State Medicaid program exclusion lists that are publicly available.
This amendment supports the requirement created by the ACA section 6501 in 2010 that exclusion by one State Medicaid program requires States to terminate the participation of any individual or entity if such individual or entity is terminated under Medicare or any other Medicaid State plan.
Conclusion
CIAs and IAs will continue to evolve to include both clarifications, such as the exclusion list definition expansion, and significant changes intended to enhance accountability and ownership of compliance effectiveness beyond the compliance department. Therefore, it remains important that compliance and legal professionals should monitor how changes in these agreements should drive changes in corporate compliance practices and policies to remain aligned with OIG expectations.