It happens. A Corporate Integrity Agreement (CIA) is announced as part of a settlement with the Office of Inspector General (OIG). Although settling parties do not admit liability, it is clear that mistakes have been made. Providers may have received over payments from federal payors through violations of false claims statutes. Sometimes the errors occurred over a long period of time resulting in multimillionaire dollar obligations.
The Corporate Integrity Agreement
Very often, there is a whistle-blower filing a Qui Tam action which is joined by the attorney general and that case results in a settlement that includes a CIA. A CIA can require an organization to hire an Independent Review Organization (IRO) to conduct annual audits—typically over a five-year period.
CIAs happen in prominent national healthcare provider organizations as well as smaller community-based providers and even solo practitioners and healthcare suppliers. When a CIA is in place, there has typically been a failure of culture, internal controls, implementation of information systems, policies and procedures or under investment in compliance and/or ongoing education regarding regulatory changes. These infrastructure issues have generally been compounded by people issues including hiring, on-boarding, unprepared or indifferent chain of command/infrastructure for reporting compliance concerns, and/or fear of retaliation.
As negotiations begin in earnest with the OIG, prior to the actual settlement, the organization often enlists the Chief Compliance Officer (CCO) to identify and suggest organizations that might be retained in the capacity of an IRO. The “Independent” requirement generally precludes turning to existing vendors.
Once the ink is dry on the settlement agreement, there is typically a very limited time frame for the organization to retain an IRO, usually 90 days from the last signature on the CIA. For that reason, many CCO's begin the process of identifying an IRO prior to the finalization of the settlement.
How to Identify a Qualified IRO
What first steps should the CCO take to identify a qualified IRO? Very often networking is one of the first, and most fruitful, steps to identify a qualified organization. Compliance Officers (CO)may make discreet inquiries with their counterparts in similar organizations. COs can identify providers under a CIA by researching the OIG's website.
Compliance professional organizations such as Health Care Compliance Association (HCCA) may provide fertile grounds for networking. American Health Lawyers Association (AHLA) is another professional organization that has community bulletin boards, conferences, and other activities/opportunities that would support CCOs in identifying an IRO. CCOs may also want to network with outside counsel who may have suggestions.
IROs may be consultants, accounting firms, or law firms. Keep in mind, the requirement for independence. Very often, a law firm acting as an IRO will outsource the audit work as law firms do not generally employ audit staff and statisticians.
Once the CCO has assembled a short list, the CCO should conduct an initial screen to make sure that the IRO has the experience and capacity to undertake the work if selected. Consider using a confidentiality agreement to protect negotiations while soliciting pricing and input from qualified organizations.
For the organizations passing the first hurdle, a proposal should be solicited from the short-listed organizations. The CIA, even if still in draft, should be shared with organizations on the short list. Remember, time is of the essence. If audit requirements change, there should be an opportunity to revise proposals.
The proposal responses may allow you to further narrow the field. Make sure that the respondents have the resources including a statistician on staff. For more information, read our ebook titled “Choosing the Right Independent Review Organization.”
Next, arrange either a phone or in person interview with 2-3 firms. Again, timing is critical and may limit the opportunity for in person meetings. Others from your organization may wish to participate. This meeting will help to identify the best cultural fit and establish rapport which is essential for this five-year relationship. This also means that checking references is a must. Understand how the potential IRO works with their current clients under a CIA.
It can be very helpful to identify peers who are going through the CIA process. Your IRO should be able to connect you with CCOs that they work with. These CCOs can also serve as references for the IRO.
Make Your Selection and Let the Work Begin!
Your IRO should provide you with a timeline based on the CIA. Confirm time frames with your monitor in writing to be sure everyone is on the same page.
Know your CIA. There is generally an opportunity to provide recommendations to the OIG relative to population or sample configurations in subsequent reporting periods. Ensure that your IRO understands the opportunities and can provide data to support you in making these requests. Work with your IRO to develop appropriate recommendations for limitations in order to maximize the value of the audit results for institutional learning and compliance development. For example, a review of case-mix may indicate that Medicaid could be excluded from the first year universe if Medicaid is not a significant payor for the provider. Excluding Medicaid could significantly reduce the complexity of the audit, especially where there are multiple states involved in the audit population. Carefully watch the time frames as there is generally a limited window in which the OIG will accept recommendations for limitations from the Provider and the IRO.
Entering into a Corporate Integrity Agreement?
Download our ebook, “Choosing the Right Independent Review Organization.”