Meeting the Training Requirements of Corporate Integrity Agreements

April 1, 2021
April 1, 2021

This blog post excerpts an article by Debbie Newsholme CCEP, CHC, Director, Content Development, HCCS–a HealthStream Company, in the Q3 2015 issue of PX Advisor, our quarterly magazine designed to bring you thought leadership and best practices for improving the patient experience.

Even the most seasoned compliance officer cringes upon hearing or reading the words Corporate Integrity Agreement (CIA), because that officer knows that a CIA will be disruptive to the organization. A CIA requires significant attention, data collection, legal defense, negotiation, new systems, new policies, oversight, and enforcement, possibly for many years. Healthcare facilities of all types,  including hospitals, pharmaceutical manufacturers, long-term care, physician groups, and more have all seen  increases in CIAs. Yet, these organizations often struggle with what to do if a recipient of one.   

What Is a Corporate Integrity Agreement? 

A CIA, according to the Department of Health and Human Services (HHS) Office of Inspector General (OIG), is a “document that outlines the obligations an entity agrees to as part of a civil settlement with the Federal government. A healthcare entity agrees to the CIA obligations in exchange for the OIG’s agreement that it won’t seek to exclude the entity from participation in Medicare, Medicaid, or other Federal health care programs.” CIAs have many common features, but each one contains facts specific to the individual case. 

How Does an Organization Receive a Corporate Integrity Agreement?

CIAs can have numerous causes. For example, an entity or provider may have a pattern in its billing processes that raises a red flag with an auditor, either internal or external. Issues are also identified through data mining or data analytics. Auditors look for claims or other types of billing that fall outside the norm (i.e., “outliers”). An occasional anomaly could be explained as a simple error, but continued trends may signal fraudulent activity. If abnormalities are found in the billing or claims submission processes, investigations must be called in to detect the cause and fix the broken steps immediately. Other types of problems (e.g., Anti-Kickback or Stark violations) may be reported to the OIG or the Centers for Medicare and Medicaid Services (CMS) through the appropriate self-disclosure protocol if they are discovered internally. Reporting violations that are discovered internally can be an advantage in negotiating whether or not a CIA is appropriate. Whether a violation is discovered internally or externally, the result of an OIG investigation may be a CIA. Healthcare organizations or providers can also end up with a CIA through Qui Tam, or whistleblower lawsuits. The whistleblower (who may be someone within the organization, a former employee, or a patient) files suit on behalf of the United States government under the False Claims Act. Under the False Claims Act, the attorney general or Department of Justice attorney investigates the allegations and determines whether the U.S. government will join the lawsuit. If fraud is uncovered, the OIG may enter into a CIA with the organization. “Quality of Care” CIAs occur when a False Claims Act settlement resolves allegations of fraud that emanate from the quality of patient care. These CIAs usually require providers to engage an independent monitor, who evaluates the provider’s ability to discover, assess, and improve patient care. 

Training – A CIA Mandatory Requirement

CIA settlement agreements include money that must be paid to the government, as well as training. The CIA contains a section that defines which group(s) within the organization must be trained and the types of training that must occur. Often, staff must complete initial CIA training within 90 to 120 days after the CIA is signed. This does not leave much time for organizations to select or produce training to meet the requirements. The organization must identify the individuals, groups, or departments requiring training and the types and length of training required. “General” training typically requires two to three hours and applies to all members of the workforce, including board members and volunteers. “Specific” training may also be required for individuals within a business unit or function where the issues occurred. It may target individuals performing functions related to billing and coding, documentation of services, patient access to care or care-management activities, patient care, etc. The total time requirement for learners to spend in training is typically four to six hours annually.

This article also includes two case studies explaining the organizational training required by two CIAs.