As the Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) continues to ramp up its enforcement efforts, SunHawk Consulting had prepared a summary report to help organizations stay informed of the latest trends in Corporate Integrity Agreements (CIAs) and how to mitigate burgeoning risks. Our team performed an analysis of CIA settlements published from January 2021 to present. Here are some key insights:
Trends in CIAs:
- Increased focus on data analytics and risk assessment
The OIG is increasingly emphasizing the importance of using data analytics to identify, assess, and mitigate risks within health care organizations. CIAs are more frequently requiring providers to develop and implement data-driven risk assessment methodologies, demonstrating the ability to proactively detect and resolve risk and compliance issues.
- Heightened scrutiny on individual accountability
Recent CIAs have increasingly focused on individual responsibility, including board members and executives, for compliance failures. This trend highlights the importance of fostering a culture of compliance, transparency, and developing a compliance program supported from the top down in actions, not just words.
- Expanded use of Independent Review Organizations (IROs)
More and more, terms of CIAs and non-prosecution agreements require engaging an IRO to independently oversee and assess compliance with federal program requirements, objectively evaluate the organization, and report its findings directly to the OIG. Organizations required to engage an external oversight entity may find the reporting activities to be heavily resource-intensive in an era when many providers are struggling to recover financially in a post-pandemic environment. Depending on the circumstances, providers may be successful in avoiding a CIA but may still have an IRO requirement included as part of the settlement.
- Emphasis on compliance program effectiveness
Organizations subject to CIAs must demonstrate an increased effectiveness of their compliance programs through measurable outcomes and continuous improvement during the course of the settlement period. Expect to be scrutinized on elements including ongoing monitoring, auditing, reporting, and corrective action implementation.
Of 50 published OIG settlements, the average length of CIA oversight is five years. Sixteen of these matters resulted in three-year CIA agreements. Of these, sanctions of $1 million or more were imposed in 13 matters. There are some demonstrated common denominators that help successfully mitigate proposed OIG sanctions. Compliance Officers can make a compelling case within their organizations to further develop a strong compliance program, training and awareness, and regular internal and periodic independent assessment activities to demonstrate program effectiveness. These actions, in conjunction with the wise use of outside counsel skilled in handling relationships with regulators, can make all the difference to organizations during negotiations and ultimately, whether a CIA is imposed.
If your organization is in need of assistance to proactively assess your compliance program, conduct an investigation of a potential compliance issue, or provide recommendations to reduce your enterprise risk, please contact our experts at SunHawk Consulting.
SunHawk Consulting, LLC
Nancy Roht, is a Director with SunHawk Consulting, LLC, has over 20 years of experience in governance, compliance, ethics, and research. Ms. Roht holds a Master’s in Health Administration and a Graduate Certificate in Healthcare Compliance. She is also Certified in Healthcare Compliance (CHC) by the Healthcare Compliance Certification Board. She has served in academic settings, multistate integrated healthcare systems, and non-profit and for-profit environments, having held compliance, privacy, and governance roles both inside organizations and as a consultant.
Ms. Roht specializes in consulting with health systems and major academic programs providing Board and Governance training, compliance and ethics program assessments, program design and implementation, enterprise risk assessments, HIPAA risk and privacy assessments, annual and targeted workforce training, policy and program development, billing and coding reviews, mergers and acquisitions due diligence, investigations and corrective action plans, and interim leadership.