Share This Post

Facility & Claims Risk Assessment Basics: For Those With CIAs or Who Wish to Avoid Them

August 08, 2019
Compliance By Harriett Wall, Chief Operating Officer, Chief Compliance Officer, Principal

LW Consulting, Inc. (LWCI) currently acts as an Independent Review Organization (IRO) for thirteen provider and medical device organizations and served additional clients who were released from their Corporate Integrity Agreement (CIA). Over the years we served as an IRO, we have seen changes in typical CIA terms and conditions, moving from requirements for evidence of “check-the-box” compliance infrastructure and planning  requirements for evidence of an effective, adequately resourced compliance plan for which management is accountable via attestation but for which ultimate authority resides with the Board of Directors.




Those with CIAs are assigned Monitors by the Office of Inspector General (OIG). These are OIG lawyers, who oversee multiple CIAs among other responsibilities. Over the last couple of years, we have experienced increased Monitor involvement in risk assessments. This includes risk assessments for facility selection where providers have multiple facilities. In addition, there has been increased Monitor involved in the refinement of claims selection.

Providers and their IROs are typically afforded the opportunities to make recommendations for facilities to audit each year. As the IRO, we work closely with our provider clients to develop an analytical approach to assessing risk based on operational characteristics, external data – with PEPPER data (Program for Evaluating Payment Patterns Electronic Report) often featured prominently, and internal audit and other compliance-related data. Working together, we determine which risk factors to include in the analytic model. We then develop and assign weights for each risk factor selected. This analysis is typically refined from year to year as better data sets become available, or weighting is changed to address emerging pockets of risk.

 LWCI uses this same approach in assessment of risk in transactions involving organizations with multiple facilities where buyers want to assess risk, but audit resources are limited, and timeframe is compressed. The point in this scenario is to identify the highest risk facilities and focus audit resources on them to inform buyers of “worst case” compliance risks.

In addition to facility selection recommendations, the Provider and IRO can also make recommendations for limiting the subset of claims to a narrower set of claims than is specified in the CIA. We have seen Monitors request that IROs and Providers conduct an analysis and make recommendations, however we have also seen others who are silent on the issue. 

Most typically, the request will focus on narrowing the claims to be reviewed by payor. For example, a provider may wish to limit claims to Medicare Fee-For-Service. This type of claim would typically be supported by a payor mix analysis. 

The OIG sometimes bring in their own consultant to weigh in on the limitation of claims. In one case, the OIG specified claims for review based on diagnosis coding. In this particular case, the OIG seemed to be looking to identify over-coding of diagnoses that drove to a higher inappropriate payment through identification and selection of cases where a single diagnosis drove a complication or comorbidity (CC) or major complication or comorbidity (MCC).

Should you need an IRO to work with you for reporting obligations under a CIA, LWCI’s experience might be just what you are looking for. We can walk you through the process and help you fulfill your audit and other special obligations. Let our expertise help put your mind at ease in a stressful time. 


For more information about risk assessment or IRO services, call Harriett Wall at 207-613-2992
or email

Contact Us


Entering into a Corporate Integrity Agreement?
Download our ebook, “Choosing the Right Independent Review Organization.”


Download Our Ebook: Choosing the Right Independent Review Organization