evolving corporate integrity agreements: compliance experts, iros, monitors & certifications
TRANSCRIPT
I. OVERVIEW OF EVOLVING CIAs
II. BOARD RESPONSIBILITIES UNDER CIAs
III. CIA MANDATES FOR OUTSIDE EXPERTS
IV. MANDATORY CERTIFICATIONS
Office of Investigations: Conducts investigations
Office of Audit Services: Conducts audits
Office of Evaluations and Inspections: Conducts reviews
Office of Counsel: Negotiates settlements, develops CIAs, monitors CIA compliance, imposes administrative sanctions
Office of Public Affairs: posts CIAs on OIG web sitehttp://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp
5
Often part of a global settlement with DOJ & DHHS
Contract with OIG to ensure future integrity
Negotiated by the OIG Counsel's Office
Monitored by the OIG Counsel's Office
Usually in effect for five years
Commits entity to compliance obligations in lieu of exclusion
Approximately 350 CIAs currently in effect
New CIAs being added at average of about 3 per month
Standard terms/conditions + “case specific” requirements
Intended to prevent recurrence of misconduct (e.g. false claims, improper arrangements, misleading marketing)
Focus areas:
- Arrangements with potential referral sources
- Claims to Federal health care programs
- Quality of Care (e.g. long term care)
- MCO enrollment/marketing
Hospitals and health systems
Physician practices
Long term care facilities (e.g. SNFs)
Pharmaceutical/device companies
DME suppliers
Therapy providers
Emergency transportation companies
Laboratories
Establish (or enhance) Compliance Program
Appoint Compliance Officer
Bar employment/contracting with excluded parties
Notify OIG of investigations and/or legal proceedings
Identify, report, and repay overpayments
Disclose “reportable events”
Submit an Annual Report on status of CIA compliance
Report change of business location or status
OIG right to inspection, audit, and review
Penalties for non-compliance with terms of CIA
Take steps to meet CIA obligations
Meet deadlines
Search for a qualified Independent Review Organization (IRO)
Search for a qualified Compliance Expert (CE)
Enhance Compliance Program to meet CIA standards
Engage expert to conduct a “mock” review”
Take corrective action on identified deficiencies/problems
OIG increasing oversight and accountability of CIAs
Adding more requirements for executives and boards
More Certifications by Boards, CEOs, executives, COs
Boards hire Compliance Expert (CE) to assist with CP review
Increased focus on effectiveness of the CPs
Increasing role of Independent Review Organization (IRO)
Entire CP infrastructure built and functioning
Code developed & distributed to all Covered Persons
CP Policies and Procedure
Training on CP, policies, applicable laws, and CIA
Hotline
Sanction Screening
Disclosures
Use of outside experts to ensure compliance
Certifications by Board, CEO, CFO, Compliance Officer
“Corporate Responsibility and Corporate Compliance”
“An Integrated Approach to Corporate Compliance”
“A Toolkit for Health Care Boards”
“Practical Guidance for Health Care Governing Boards on Compliance Oversight?
“Board involvement and commitment is critical for a successful compliance program – top down approach.”
“The best boards are active, questioning, even skeptical”
“Boards should receive candid, timely, and comprehensive information on how organization’s compliance program is operating.”
“Boards shouldn’t make assumptions, or view their job narrowly, or shy away from tough questions.”
Members must undergo at least two hours of training annually
Responsibility for meeting CIA requirements
Responsibility for compliance program
Responsibility for risks assessment and conducting oversight
Members must certify to receiving the required training
Certification shall specify training received and the date
Copies of Certifications and course materials shall be retained
Have at least one independent member
Review/oversight of compliance with laws/regulations
Ensure CIA requirements are met
Meet at least quarterly to review and oversee the CP
Meet in Executive Session with the Compliance Officer (CO)
Review CO and Compliance Committee performance
Report to OIG on steps taken under the CIA
Inform OIG of documents and other materials reviewed
Retain a Compliance Expert (CE) to perform a CP Review
CE prepares CP Report with findings/recommendations
Review CE Report and include it in Annual Report to OIG
Prepare and maintain Minutes of meetings with the CE
Certify to meeting mandated obligations
OIG emphasis on Board responsibility/oversight of compliance (See “Practical Guidance for Health Care Governing Boards on Compliance Oversight” – 2015)
OIG view on Board engagement of an independent CE to assist in fulfilling compliance responsibilities
OIG mandate in recent CIAs that a Board retain an independent CE
INDEPENDENT REVIEW ORGANIZATION (IRO):Selected by an entity (subject to OIG approval) to conduct CIAmandated reviews of identified risk area to make independentand objective determination of compliance.
INDEPENDENT MONITOR: OIG selected expert to assessquality of care furnished by entity and Compliance Program.
COMPLIANCE EXPERT (CE): OIG requirement that aBoard engage a CE to provide independent basis and supportfor entity certification of CP compliance effectiveness. Alsocalled Compliance Advisor
OIG consistently mandated retention of an IRO to assess
entity CIA compliance in risk area
Initially, IROs perform both operational (e.g. claims,
arrangements) and CP reviews
OIG eliminated IRO CP reviews to rely on Board
certification
Evaluates Systems, Transactions, Admissions, Marketing
IRO reviews may be annual or quarterly
IROs were subject of discussion at OIG sessions
OIG found cases of sub-standard IRO work
Led to appointing Monitors to oversee compliance
Media raised questions re Novartis moving to 3rd CIA
Why didn’t IRO prevent same offenses
IRO was also their Auditor: Question of Independence
OIG said reviewing practices of better screening IRO
Selected occasionally by the OIG to provide independent oversight of the quality of care furnished by an entity, or the CP and CIA compliance
Not common, but required in unusual cases (e.g. Extendicare and DaVita CIAs)
Board must engage an independent CE to assist meetingtheir compliance oversight obligations
Required to create a review work plan and conduct review
Must prepare a Compliance Program Review Report
Board must review Report as part of its oversight of the CP
Entity shall send Report to OIG along with Annual Report
Materials provided to the Board + Minutes of meetingswith CE are available for OIG review
Entity selects an IRO and CE
OIG does not endorse any companies or individuals
OIG reserves the right to deny approval of the IRO or CE
OIG has access to IRO/CE work papers & correspondence
OIG has the right to review and question IRO and CE work
OIG has right to request the replacement of an IRO or CE
Federal health care program expertise
Knowledge of statistical sampling (often necessary)
Independent - no conflicts of interest
Objective - not an advocate
Engage a firm with program and technical expertise
Review CIA experience (the more, the better)
Determine number and type of reviews conducted
Record important (shouldn’t learn at your expense)
Knowledge/ experience increases efficiency & lowers costs
Seek recommendations from others
Select individual with a positive track record with the OIG
Seek identity/credentials of those who will actually
conduct the review(s)
Have expertise to conduct reviews
Program reviews (systems/transactions), not financial audits
Can be consulting, audit, or law firm
CIA may require several different types of reviews with
different expertise
Must warrant independence and objectivity
Must warrant not having any conflict of interest
Must follow GAO GAGAS operational review standards
Must certify to meeting OIG required standards
Did the firm met its obligations satisfactory?
Were there any problems?
Did the OIG find the firm’s work satisfactory?
Did the firm perform services economically and efficiently?
Was the firm sensitive to the entity’s operations and needs?
Was the firm’s work professional, competent, and timely?
OIG now routinely requires Board certifications for eachreporting period
A Resolution is signed by each Board Member is required toconfirm its review and oversight of CIA complianceobligations and compliance with applicable regulations
All Board Members are required to adopt and sign aResolution for each CIA Reporting Period
"The Board of Directors has made a reasonable inquiryinto the operations of the Compliance Programincluding the performance of the Compliance Officerand the Compliance Committee. Based on its inquiryand review, the Board has concluded that, to the best ofits knowledge, XXXX has implemented an effectiveCompliance Program to meet Federal health careprogram requirements and the obligations of the CIA."
Top executives held personally responsible for CIA compliance
Certifying Employees (Covered Persons) include CEO, SVPs,and/or persons in charge of applicable functional areas
Must monitor/oversee activities within their areas of authorityand annually certify compliance with CIA and applicable laws
Must certify receiving specified compliance training by experts
All requirements of the CIA have been met
Procedures have been implemented ensuring compliance withall applicable laws
Reviewed the review reports of the IRO and CE and madereasonable inquiry regarding its content
Based upon making reasonable inquiry and review, hasdetermined that information in Report is accurate/truthful
"I have been trained on and understand the compliancerequirements and responsibilities as they relate to [insertname of department], an area under my supervision. Myjob responsibilities include ensuring compliance withregard to the [insert name of department] with allapplicable Federal health care program requirements,obligations of the CIA, and policies, and I have taken stepsto promote such compliance. To the best of my knowledge,the [insert name of department] is in compliance with allapplicable Federal health care program requirements andthe obligations of the CIA. I understand that thiscertification is being provided to and relied upon by theUnited States."
“Within 120 days after the Effective Date, shall develop andimplement a written process for Certifying Employees tofollow for the purpose of completing the certificationrequired by this section (e.g., reports that must bereviewed, assessments that must be completed, sub-certifications that must be obtained, etc. prior to theCertifying Employee making the required certification).”
Certifies in the first Annual Report under the CIA to the extent applicable:
(a) Not to resubmit to any Federal health care program payorsany previously denied claims related to the Covered Conduct addressed in the Settlement Agreement, and not to appeal any such denials of claims;
(b) Not to charge to or otherwise seek payment from federal or state payers for unallowable costs (as defined in the Settlement Agreement); and
(c) To identify and adjust any past charges or claims for unallowable costs.
Ensure the CP has been implemented and can be evidenced
Select promptly mandated experts (90 or 120 days)
Need time to find and check credentials of outside experts
OIG expects outside experts to be independent
OIG relies on the reviews and reports of the experts
IROs/CEs must have credible CIA record (more the merrier)
Experts need to have specific health care sector expertise
Experts must be free of any COI or appearances of conflicts
Experts must use qualified staff for specified reviews
Poorly prepared expert reports may trigger OIG review
Certifying parties will rely upon the experts
False certifications could result in criminal prosecution
Expect CIAs to continue to evolve and change
CIAs signal OIG changing expectations in CPs
OIG “White Papers” telegraph new changes
General movement to more personal accountability of executives, compliance officers, and boards
Increase supportable evidence of CP effectiveness
Remember ACA requires CMS development of mandated CP standards