CYA to Prevent CIA

CYA to Prevent CIA

At first when you read CIA in the title of this article, you may have asked yourself why in the world we would write about the Central Intelligence Agency (CIA). And you may be wondering why you would need to cover your assets (CYA) from the CIA in the healthcare industry.

Well, the CIA we are referencing here actually stands for a Corporate Integrity Agreement. Here, we will discuss how to CYA your practice or organization by being proactive so that you can prevent a U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) Corporate Integrity Agreement (CIA).

What is a Corporate Integrity Agreement?

According to the OIG, Corporate Integrity Agreements (CIA) are negotiated with healthcare providers and other entities as part of the settlement of Federal healthcare program investigations due to a variety of civil false claims statutes. Additionally, CIAs can be used to address quality of care and program integrity issues. If the provider or entity agrees to the CIA, the OIG agrees not to seek their exclusion from participation in Medicare, Medicaid, or other Federal healthcare programs.

CIAs usually last 5 years and include the following common elements:

  • hire a compliance officer/appoint a compliance committee;
  • develop written standards and policies;
  • implement a comprehensive employee training program;
  • retain an independent review organization to conduct annual reviews;
  • establish a confidential disclosure program;
  • restrict employment of ineligible persons;
  • report overpayments, reportable events, and ongoing investigations/legal proceedings; and
  • provide an implementation report and annual reports to OIG on the status of the entity's compliance activities.

How to prevent a CIA?

In our conversations with medical practices and other entities, we often hear a belief that self-reporting puts an "X" on their back and brings unnecessary attention to their organization subjecting them to future investigations or audits. Actually, self-reporting or self-disclosures are a good thing because they allow the opportunity to avoid potential costs and disruptions associated with an investigation and civil or administrative litigation. In other words, it is your practice or organization proactively addressing any issues as they may arise.

If your organization shares a similar belief, you should be doing anything possible to prevent incidents that result in investigations before they happen. For starters, your organization should be willing to establish a culture of compliance in your practice and/or organization. You should have a comprehensive compliance plan in place. Here are some of the most common CIA elements to include in your compliance plan, along with a few others:

  1. Your compliance program should have commitment from the top and you should have sufficient compliance resources (e.g. budget, staffing, etc.).
  2. Hire or assign compliance officer(s).
  3. Establish a compliance committee consisting of employees with different roles.
  4. Develop and implement policies and procedures
  5. Employees should be trained at the time of hire and at least annually thereafter or whenever there are updates. Communications of changes is critical.
  6. Have an independent review organization (such as HCP) perform reviews on an annual basis.
  7. Complete or review a Security Risk Analysis (SRA).
  8. Privacy and security of use and disclosure of patient information must be a focus.
  9. Thoroughly verify eligibility of all employees through reference checks and/or background checks.
  10. At the time of hire and monthly thereafter all employees should be screened against exclusion list(s).
  11. Report overpayments, reportable events, and ongoing investigations/legal proceedings.
  12. Ensure you auditing documentation and claims for accuracy.
  13. Discipline forNonCompliance.

This is by no means a complete list and the list is not necessarily in order of importance; however, these are tried and true elements to help your practice or organization CYA to prevent a CIA. That being said, a CIA really isn't necessarily a bad thing. And if your organization agrees to an actual OIG CIA, it could be good medicine.

Have questions? Contact us by phone: 855-427-0427 or by email [email protected]