Medical Practice Corporate Integrity Agreement Standards

In a False Claims Act (FCA) settlement, the HHS Office of the Inspector General (OIG) may enter into a corporate integrity agreement (CIA) with a settling provider in exchange for the OIG’s agreement that it will not seek to exclude the physician or the practice from participation in Medicare, Medicaid, or other federal healthcare programs. The FCA is a title for a series of statutes that prohibit fraudulent activity against the government and prescribe the processes and the consequences for those found to have violated the prohibition.

A CIA typically imposes a number of requirements on participants including: (1) a compliance officer; (2) developing and implementing policies and procedures; (3) retaining an Independent Review Organization (IRO); (4) internal audit and review processes; (5) developing and implementing a code of conduct; and (6) developing and implementing training. Regardless of industry changes and company standards, the practice must strictly follow CIA terms for the entire period, typically three years to seven years.

In August 2012, OIG met with 32 CIA participants (called “Roundtable Participants”), including physician practices, to discuss these restrictive requirements. As a guide to all providers, OIG published a paper on October 9, 2012, to summarize the meeting and note additional points for negotiating a future CIA. Some of those suggestions are discussed below.

The compliance officer monitors daily activities. As a member of senior management, he reports directly to the governing board. Because he is appointed to ensure the practice avoids further fraud and abuse, he should not be subordinate to a practice’s executives, such as their general counsel or chief financial officer.

The compliance officer develops and implements the practice’s compliance policies and procedures, which cover the code of conduct, hotline procedures for employees wanting to raise an anonymous concern, restrictions against contracting with excluded persons or entities and operations of the compliance program. When negotiating the CIA, he should also allocate resources to investigate and resolve the practice’s compliance issues.

Retain an IRO to help evaluate and analyze coding, billing, and claim submissions and reimbursements. The IRO should conduct a discovery sample of paid Medicare claims (i.e., 50 claims) randomly selected from a 12-month period. If the net financial error rate for the discovery sample is 5 percent or greater, conduct a full sample and systems review to identify the underlying causes of the claims errors.

Practices should regularly audit claims, coding and billing reports internally and have results verified by the IRO to identify issues more quickly and keep down the costs of external review. Roundtable Participants also suggested increasing the sample size and focusing claims review on particular types of claims.

The internal audit process maintains quality of care. The process internally examines whether policies and procedures are followed, staff are trained and CIA terms are met. When conducting an internal audit, the practice should conduct quarterly billing audits using external entities, internal reviews of contracts, certification reviews, and as-needed audits when problems arise.

Roundtable Participants found it helpful to rely on the OIG Work Plan - an annual report outlining initiatives that OIG will investigate over the year - and to investigate issues raised in hotline calls. They also found internal audits more valuable than IRO results - in part because issues reviewed in internal audits are set by the practice, using identified and changing risk areas.

The code of conduct reflects a practice’s commitment to comply with federal healthcare program requirements, outlines employee obligations to report concerns with noncompliance to the compliance officer as well as anonymously and without fear of retaliation.

The CIA should be tailored and limited to those employees and contractors involved in the type of conduct that led to the CIA. OIG relies on a one-size-fits-all model. Therefore, an in-depth discussion of the policies and procedures specific to the practice during negotiations would make implementation easier. Roundtable Participants found it more efficient to also make revisions and obtain certifications during annual general trainings instead of distributing the conduct code and obtaining certifications each time revisions are made.

Training on agreement requirements, the compliance program and on issues that led to the agreement is provided generally to all signatories of the CIA (employees and management). Vendors and contractors are trained on specific aspects of the CIA related to their direct patient activities at the practice.

It is difficult to annually create modules relevant to all employees. Therefore, to better inform employees and contractors the practice should identify its own annual training topics and annually target separate employee groups. . Scenarios should be drawn from complaints or audit results to make training more real and to facilitate discussions of subtler topics with employees. Focus should be less on providing a minimum number of hours of annual training and more on thoroughly addressing CIA topics. Roundtable Participants also suggested that additional training be provided for employees that fail to pass an annual competency test.

CIAs are particularly rigorous if management lacks understanding about the internal operations of the practice. However, installing a self-imposed compliance program reduce instances of FCA investigation. A practice should educate staff on compliance policies and procedures, internally evaluate coding, claim submissions and reimbursement, and screen and monitor employees to proactively identify and fix potential problems.

The information contained within this blog posting on this website, is made available by the attorney authoring the posting for educational purposes only, and to give you general information and a general understanding of the law. It is not intended to provide specific legal advice to your individual circumstances or legal questions. By using this blog site you understand that your reading of this blog posting does not establish an attorney-client relationship between you and the authoring attorney or his law firm.  This blog posting should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Readers of this information should not act upon any information contained in this blog posting on this website without seeking professional counsel.