Health Care Compliance and the Corporate Integrity Agreement

A compliance plan on steroids to keep FCA violators in business

Posted by Dawn Lomer in Healthcare on June 20th, 2013

When a service provider becomes the subject of a health care fraud investigation there can be a lot at stake. Health care fraud cases can result in settlements and restitution orders in the millions of dollars. Take for instance a neurosurgeon under scrutiny for Stark Law violations. Any billing found to be unlawful can be subject to clawback, resulting in substantial recoveries.

But even more debilitating for a service provider is the threat of being excluded, meaning the provider would be no longer be eligible for Medicare and Medicaid billing. The OIG (Office of the Inspector General) has the authority to exclude [providers] based on certain conduct,” says S. Craig Holden, President and Chief Operating Officer of law firm Ober| Kaler. “Conduct that would violate the false claims act would be one of the bases for exclusion. If you’re a health care provider you’re dead if you’re excluded.”

Avoiding Exclusion

In order to avoid sending False Claims Act violators into automatic bankruptcy, the OIG created what’s known as the Corporate Integrity Agreement, a contract between the service provider and the OIG to ensure that, going forward, the provider mends its ways. It’s the ‘quid pro quo’ for the OIG agreeing not to exclude you,” explains Holden. “It’s kind of a compliance plan on steroids.”

Although a False Claims Act settlement is still typical in the case of a violation and there’s still a monetary liability to the government, a CIA can help to avoid disaster for a company that has simply made an error or been victimized by a dishonest employee.

What’s Involved in a CIA

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

A Corporate Integrity Agreement typically covers a three to five year term, explains Holden, and contains mandatory reporting requirements.

“Depending on the underlying conduct, it will often have a requirement that you have what’s known as an ‘IRO’,” says Holden. This is an independent review organization, often an accounting firm, which is required to audit the company’s business. “This can include auditing a sampling of billings or audit physical relationships. Then they submit that to the OIG as a separate work,” he says. Although CIAs have common elements, each agreement is tailored to the case and tries to incorporate any preexisting voluntary compliance programs.

According to the website for the Office of the Inspector General, a Corporate Integrity Agreement may include requirements to carry out the following:

  • hire a compliance officer or appoint a compliance committee
  • develop written standards and policies
  • implement a comprehensive employee training program
  • retain an independent review organization to conduct annual reviews
  • establish a confidential disclosure program
  • restrict employment of ineligible persons
  • report overpayments, reportable events, and ongoing investigations/legal proceedings
  • provide an implementation report and annual reports to OIG on the status of the entity’s compliance activities

CIA vs Corporate Monitors

If this all sounds a bit familiar, it might be because the CIA works in a similar fashion to corporate monitors, which we’ve discussed before on this blog. “Basically it’s the same sort of thing but in a different context,” says Holden.

CIAs are typically used in civil settlements, sometimes in criminal cases and the practice varies from jurisdiction to jurisdiction, he explains. But they are considerably less expensive than using corporate monitors who are assigned to oversee the company’s compliance efforts on an ongoing basis for a set amount of time.


Dawn Lomer
Dawn Lomer

Managing Editor

Dawn Lomer is the managing editor at i-Sight Software and a Certified Fraud Examiner (CFE). She writes about topics related to workplace investigations, ethics and compliance, data security and e-discovery, and hosts i-Sight webinars.