Richard Kusserow, CEO Strategic Management

Tom Herrmann, JD, SVP Strategic Management

June 9, 2016

I. OVERVIEW OF EVOLVING CIAs

II. BOARD RESPONSIBILITIES UNDER CIAs

III. CIA MANDATES FOR OUTSIDE EXPERTS

IV. MANDATORY CERTIFICATIONS

•Purpose and character

•Number and types

•Standard provisions

•Evolving terms and conditions

As of June 1, 2016. All numbers are approximate.

Distribution of Active CIAs by HHS OIG Categories

Office of Investigations: Conducts investigations

Office of Audit Services: Conducts audits

Office of Evaluations and Inspections: Conducts reviews

Office of Counsel: Negotiates settlements, develops CIAs, monitors CIA compliance, imposes administrative sanctions

Office of Public Affairs: posts CIAs on OIG web sitehttp://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp

5

Often part of a global settlement with DOJ & DHHS

Contract with OIG to ensure future integrity

Negotiated by the OIG Counsel's Office

Monitored by the OIG Counsel's Office

Usually in effect for five years

Commits entity to compliance obligations in lieu of exclusion

Approximately 350 CIAs currently in effect

New CIAs being added at average of about 3 per month

Standard terms/conditions + “case specific” requirements

Intended to prevent recurrence of misconduct (e.g. false claims, improper arrangements, misleading marketing)

Focus areas:

- Arrangements with potential referral sources

- Claims to Federal health care programs

- Quality of Care (e.g. long term care)

- MCO enrollment/marketing

Hospitals and health systems

Physician practices

Long term care facilities (e.g. SNFs)

Pharmaceutical/device companies

DME suppliers

Therapy providers

Emergency transportation companies

Laboratories

Establish (or enhance) Compliance Program

Appoint Compliance Officer

Bar employment/contracting with excluded parties

Notify OIG of investigations and/or legal proceedings

Identify, report, and repay overpayments

Disclose “reportable events”

Submit an Annual Report on status of CIA compliance

Report change of business location or status

OIG right to inspection, audit, and review

Penalties for non-compliance with terms of CIA

Take steps to meet CIA obligations

Meet deadlines

Search for a qualified Independent Review Organization (IRO)

Search for a qualified Compliance Expert (CE)

Enhance Compliance Program to meet CIA standards

Engage expert to conduct a “mock” review”

Take corrective action on identified deficiencies/problems

OIG increasing oversight and accountability of CIAs

Adding more requirements for executives and boards

More Certifications by Boards, CEOs, executives, COs

Boards hire Compliance Expert (CE) to assist with CP review

Increased focus on effectiveness of the CPs

Increasing role of Independent Review Organization (IRO)

Entire CP infrastructure built and functioning

Code developed & distributed to all Covered Persons

CP Policies and Procedure

Training on CP, policies, applicable laws, and CIA

Hotline

Sanction Screening

Disclosures

Use of outside experts to ensure compliance

Certifications by Board, CEO, CFO, Compliance Officer

“Corporate Responsibility and Corporate Compliance”

“An Integrated Approach to Corporate Compliance”

“A Toolkit for Health Care Boards”

“Practical Guidance for Health Care Governing Boards on Compliance Oversight?

“Board involvement and commitment is critical for a successful compliance program – top down approach.”

“The best boards are active, questioning, even skeptical”

“Boards should receive candid, timely, and comprehensive information on how organization’s compliance program is operating.”

“Boards shouldn’t make assumptions, or view their job narrowly, or shy away from tough questions.”

CIAs place greater responsibility on a Board of Directors, which now has enumerated duties

Members must undergo at least two hours of training annually

Responsibility for meeting CIA requirements

Responsibility for compliance program

Responsibility for risks assessment and conducting oversight

Members must certify to receiving the required training

Certification shall specify training received and the date

Copies of Certifications and course materials shall be retained

Have at least one independent member

Review/oversight of compliance with laws/regulations

Ensure CIA requirements are met

Meet at least quarterly to review and oversee the CP

Meet in Executive Session with the Compliance Officer (CO)

Review CO and Compliance Committee performance

Report to OIG on steps taken under the CIA

Inform OIG of documents and other materials reviewed

Retain a Compliance Expert (CE) to perform a CP Review

CE prepares CP Report with findings/recommendations

Review CE Report and include it in Annual Report to OIG

Prepare and maintain Minutes of meetings with the CE

Certify to meeting mandated obligations

•Independent Review Organizations (IROs)

•Compliance Experts (CEs)

•Compliance Monitors

OIG emphasis on Board responsibility/oversight of compliance (See “Practical Guidance for Health Care Governing Boards on Compliance Oversight” – 2015)

OIG view on Board engagement of an independent CE to assist in fulfilling compliance responsibilities

OIG mandate in recent CIAs that a Board retain an independent CE

INDEPENDENT REVIEW ORGANIZATION (IRO):Selected by an entity (subject to OIG approval) to conduct CIAmandated reviews of identified risk area to make independentand objective determination of compliance.

INDEPENDENT MONITOR: OIG selected expert to assessquality of care furnished by entity and Compliance Program.

COMPLIANCE EXPERT (CE): OIG requirement that aBoard engage a CE to provide independent basis and supportfor entity certification of CP compliance effectiveness. Alsocalled Compliance Advisor

OIG consistently mandated retention of an IRO to assess

entity CIA compliance in risk area

Initially, IROs perform both operational (e.g. claims,

arrangements) and CP reviews

OIG eliminated IRO CP reviews to rely on Board

certification

Evaluates Systems, Transactions, Admissions, Marketing

IRO reviews may be annual or quarterly

IROs were subject of discussion at OIG sessions

OIG found cases of sub-standard IRO work

Led to appointing Monitors to oversee compliance

Media raised questions re Novartis moving to 3rd CIA

Why didn’t IRO prevent same offenses

IRO was also their Auditor: Question of Independence

OIG said reviewing practices of better screening IRO

Selected occasionally by the OIG to provide independent oversight of the quality of care furnished by an entity, or the CP and CIA compliance

Not common, but required in unusual cases (e.g. Extendicare and DaVita CIAs)

Board must engage an independent CE to assist meetingtheir compliance oversight obligations

Required to create a review work plan and conduct review

Must prepare a Compliance Program Review Report

Board must review Report as part of its oversight of the CP

Entity shall send Report to OIG along with Annual Report

Materials provided to the Board + Minutes of meetingswith CE are available for OIG review

Entity selects an IRO and CE

OIG does not endorse any companies or individuals

OIG reserves the right to deny approval of the IRO or CE

OIG has access to IRO/CE work papers & correspondence

OIG has the right to review and question IRO and CE work

OIG has right to request the replacement of an IRO or CE

Federal health care program expertise

Knowledge of statistical sampling (often necessary)

Independent - no conflicts of interest

Objective - not an advocate

Engage a firm with program and technical expertise

Review CIA experience (the more, the better)

Determine number and type of reviews conducted

Record important (shouldn’t learn at your expense)

Knowledge/ experience increases efficiency & lowers costs

Seek recommendations from others

Select individual with a positive track record with the OIG

Seek identity/credentials of those who will actually

conduct the review(s)

Have expertise to conduct reviews

Program reviews (systems/transactions), not financial audits

Can be consulting, audit, or law firm

CIA may require several different types of reviews with

different expertise

Must warrant independence and objectivity

Must warrant not having any conflict of interest

Must follow GAO GAGAS operational review standards

Must certify to meeting OIG required standards

Did the firm met its obligations satisfactory?

Were there any problems?

Did the OIG find the firm’s work satisfactory?

Did the firm perform services economically and efficiently?

Was the firm sensitive to the entity’s operations and needs?

Was the firm’s work professional, competent, and timely?

Required certifications by the Board, CEO, CFO, CO, Program Managers

OIG now routinely requires Board certifications for eachreporting period

A Resolution is signed by each Board Member is required toconfirm its review and oversight of CIA complianceobligations and compliance with applicable regulations

All Board Members are required to adopt and sign aResolution for each CIA Reporting Period

"The Board of Directors has made a reasonable inquiryinto the operations of the Compliance Programincluding the performance of the Compliance Officerand the Compliance Committee. Based on its inquiryand review, the Board has concluded that, to the best ofits knowledge, XXXX has implemented an effectiveCompliance Program to meet Federal health careprogram requirements and the obligations of the CIA."

Top executives held personally responsible for CIA compliance

Certifying Employees (Covered Persons) include CEO, SVPs,and/or persons in charge of applicable functional areas

Must monitor/oversee activities within their areas of authorityand annually certify compliance with CIA and applicable laws

Must certify receiving specified compliance training by experts

All requirements of the CIA have been met

Procedures have been implemented ensuring compliance withall applicable laws

Reviewed the review reports of the IRO and CE and madereasonable inquiry regarding its content

Based upon making reasonable inquiry and review, hasdetermined that information in Report is accurate/truthful

"I have been trained on and understand the compliancerequirements and responsibilities as they relate to [insertname of department], an area under my supervision. Myjob responsibilities include ensuring compliance withregard to the [insert name of department] with allapplicable Federal health care program requirements,obligations of the CIA, and policies, and I have taken stepsto promote such compliance. To the best of my knowledge,the [insert name of department] is in compliance with allapplicable Federal health care program requirements andthe obligations of the CIA. I understand that thiscertification is being provided to and relied upon by theUnited States."

“Within 120 days after the Effective Date, shall develop andimplement a written process for Certifying Employees tofollow for the purpose of completing the certificationrequired by this section (e.g., reports that must bereviewed, assessments that must be completed, sub-certifications that must be obtained, etc. prior to theCertifying Employee making the required certification).”

Certifies in the first Annual Report under the CIA to the extent applicable:

(a) Not to resubmit to any Federal health care program payorsany previously denied claims related to the Covered Conduct addressed in the Settlement Agreement, and not to appeal any such denials of claims;

(b) Not to charge to or otherwise seek payment from federal or state payers for unallowable costs (as defined in the Settlement Agreement); and

(c) To identify and adjust any past charges or claims for unallowable costs.

Ensure the CP has been implemented and can be evidenced

Select promptly mandated experts (90 or 120 days)

Need time to find and check credentials of outside experts

OIG expects outside experts to be independent

OIG relies on the reviews and reports of the experts

IROs/CEs must have credible CIA record (more the merrier)

Experts need to have specific health care sector expertise

Experts must be free of any COI or appearances of conflicts

Experts must use qualified staff for specified reviews

Poorly prepared expert reports may trigger OIG review

Certifying parties will rely upon the experts

False certifications could result in criminal prosecution

Expect CIAs to continue to evolve and change

CIAs signal OIG changing expectations in CPs

OIG “White Papers” telegraph new changes

General movement to more personal accountability of executives, compliance officers, and boards

Increase supportable evidence of CP effectiveness

Remember ACA requires CMS development of mandated CP standards

Copyright 2016. Strategic Management Services, LLC. All Rights Reserved