Understanding the Ins and Outs of Corporate Integrity Agreements

Posted on 17 Jul, 2018 |comments_icon 0|By Elizabeth

The Office of Inspector General (OIG) plays an important role in negotiating, developing, and enforcing corporate integrity agreements (CIAs). As a condition of settlement in a variety of civil and false claim cases, OIG will require an organization to incorporate a CIA in exchange for not excluding a practice, organization, or provider from participating in Federal healthcare programs.

CIAs usually last for five years and all have common elements that incorporate preexisting voluntary compliance programs.

Below are the common requirements of a comprehensive CIA:

  1. A compliance officer or compliance committee must be hired or utilized to oversee this process.
    • Responsibilities of the officer or committee would include developing and implementing compliance policies and procedures to guarantee compliance with the CIA as well as Federal healthcare program requirements.
  2. Written standards and policies must be developed.
  3. A comprehensive employee training program must be implemented.
  4. An Independent review organization must be retained to conduct annual reviews (e.g., The Coding Institute or other third-party external audit company).
    • OIG may reject an organization’s choice within 30 days after the OIG has been notified in writing of the identity of the third-party audit company.
  5. A confidential disclosure program must be established.
    • The program must consist of a reporting policy, a hotline, or any other method of non-retaliatory disclosure.
  6. Employment of ineligible persons must be restricted.
    • CIAs outline the definition of an ineligible person.
  7. Overpayments, reportable events, and current investigations or legal proceedings must be reported.
    • These may include a large overpayment, a criminal or legal violation, or possibly a bankruptcy petition.
  8. An implementation report and annual report must be provided to OIG detailing the status of compliance activities.
    • OIG has the right to inspect the individual or organization at any time.

OIG also provides a list of the current CIAs, including the name of the organization, location, and the effective date of the agreement. Other helpful resources are posted to the OIG’s website to provide more information on CIA compliance.

Watch out: Monetary penalties are enforced by OIG for failure to comply with the obligations in the CIA. In addition to monetary penalties, OIG can exclude a provider or organization from participating in Federal healthcare programs, since the CIA was agreed to in exchange for non-exclusion. OIG publishes a list of the organizations and providers that have breached their CIAs and have been penalized as a result.

Report Overpayments

At risk of Monetary penalties and exclusions, it is therefore imperative to report overpayments.

Under CIAs, Providers must promptly notify the appropriate payor of all identified overpayments and must promptly repay the overpayment amount in a manner consistent with the payor’s policies. In addition, providers are expected to develop and implement written policies and procedures to ensure that overpayments are identified, quantified, and repaid in accordance with the CMS overpayment rule and other applicable Federal health care program requirements.

Although all identified overpayments should be refunded to the appropriate payor, a provider under a CIA does not need to report to OIG all identified overpayments at the time it reports such amounts to the payor. However, the provider must report to OIG within 30 days all “reportable events” as defined by the CIA. A “reportable event” generally means anything that involves:

  • A substantial overpayment
  • A matter that a reasonable person would consider a potential violation of criminal, civil, or administrative laws applicable to any Federal health care program for which penalties or exclusion may be authorized
  • The employment of or contracting with an ineligible person (as defined in the CIA)
  • The filing of a bankruptcy petition

Select an Independent Review Organization (IRO)

Since a part of the CIA involves hiring a third-party, auditors must understand the importance of a CIA and how the agreement may affect how audits are handled. The auditor must provide impartial, neutral reviews and reporting.

OIG does not maintain a list of recommended or approved IROs. It is up to the provider to determine the most appropriate accounting firm, law firm, or consultant to engage as its IRO. However, most CIAs include language that gives OIG the opportunity to notify a provider that its choice of IRO is unacceptable. If during the term of the CIA, OIG has concerns about the quality of the review or the qualifications or independence of the IRO, OIG will make those concerns known to the provider and may request that the provider terminate its agreement with the existing IRO and retain a new one.

The CIA requires that a discovery sample of 50 samples are selected for review at random. This determines the net error rate. If the financial error rate exceeds five percent, a full sample must be reviewed.

RAT-STATS is a tool promoted by OIG, which aids auditors in selecting statistical samples. The 50 cases in the discovery sample can be included in the full sample.

Learn More

TCI’s Master Auditing Basics 2018 lays out in-depth guidance for effective review of medical documentation. The experts at TCI show you how to conduct internal and external reviews of coding accuracy, policies, and procedures to ensure you’re running an efficient and liability-free practice.



Elizabeth works on an array of projects at TCI, researching and writing about modern reimbursement challenges. Since joining TCI in 2017, she has also covered the nuts and bolts of cybersecurity, compliance with federal laws, and how to tap into the advantages of telehealth services.

More from this author

View More

Leave a Reply

Newsletter Signup