"OIG: COMPLIANCE AUDITING IS KEY FACTOR FOR CCAs;
HUGE SETTLEMENTS DIMINISH CHANCES"
When crafting settlements concerning false claims or other alleged violations committed by a health care provider, the HHS Office of Inspector General is frequently faced with the decision whether to grant the entity a certificate of compliance agreement (CCA) or the more expensive and onerous corporate integrity agreement (CIA). In such instances, the OIG gives careful consideration to the quality of the provider's compliance auditing function.
According to Heidi Sorensen, branch chief of the administrative and civil remedies branch in the Office of Counsel to the Inspector General, agency officials are looking for several items when they review an organization's compliance auditing function. These items include an assessment of how well the compliance auditing process appears to be working, the experience of those handling the process and the auditors' criteria for their selection of topics designated for review, along with the kind of follow-up, such as appropriate corrective action or the repayment of Medicare overpayments, which generally ensues as a result of the compliance auditing. Ms. Sorensen warns that, even if other aspects of a provider's compliance program are effective, the OIG is not likely to grant a CCA if the organization has a weak or non-existent compliance auditing process. Similarly, a provider saddled with a large monetary amount of fraud might face an uphill battle in securing a CCA.
Certificates of compliance agreement came into existence in 2001, when former IG Jane Rehnquist addressed the concept in an open letter to health care providers. They were presented as an alternative to CIAs for those organizations facing the consequences of alleged compliance violations. In her letter, Ms. Rehnquist enumerated the factors which would be considered by OIG officials when deciding whether to issue a CCA or a CIA. Included among them were the following: (1) an assessment of whether the provider itself disclosed its alleged violations; (2) the amount of monetary damage inflicted upon federal health care programs; (3) whether successor liability is involved; (4) whether the organization is still an active participant in government health care programs or is still engaged in the same line of business; (5) whether the alleged misconduct could, in fact, be repeated; (6) how far in the past the incident(s) may have occurred; (7) whether an acceptable compliance program is in place, and the willingness of a provider to certify its compliance, annually, to the OIG; and (8) any other pertinent circumstances.
The concept of a CCA is in itself an interesting one. Though one would only be issued in the aftermath of a violation committed by a provider, the OIG, in doing so, would be inferring that the rest of an organization's compliance program is operating efficiently enough so that a CIA would not be necessary. As a result, federal officials attempt to be very specific in their requests for documentation from providers who are seeking a CCA instead of a CIA. The most important materials which the OIG requires, according to Ms. Sorensen, are audit reports and documents which detail an organization's efforts to follow up and take corrective action when a violation has occurred. The agency also looks for descriptions of a provider's efforts to voluntarily disclose its violations. In addition, it is often beneficial for the health care entity to review each of the items enumerated in the 2001 "open letter" and describe how they apply to its particular H situation.
As Walter & Haverfield health care attorney Amy Leopard notes, Sorensen's remarks "expound upon the 2001 Open Letter to Health Care Providers by providing some specifics on the OIG's view of what constitutes an effective compliance program, especially regarding the internal monitoring and auditing element. Basically, they are saying that providers need to practice what they preach and ensure that the organizational capability exists to root out hidden weaknesses and deficiencies." Furthermore, concludes Ms. Leopard, the branch chief's statements encourage organizations to place an emphasis on monitoring and "assess systems for identifying risks and the root cause of errors. Coupled with the recent OIG emphasis on quality measurement, providers that have an organizational commitment to compliance will want to consider the convergence of quality, compliance, and performance indicators in their annual evaluations."
(In order to read the entire article, please see the July 30, 2007 issue of the Report on Medicare Compliance, Vol. 16, No. 27, published by Atlantic Information Services, Inc., Washington, D.C.)
