There are many misunderstandings in the compliance world on how CIAs are used and whether or not the OIG is obligated to enter into one. The OIG does not have to enter into a Corporate Integrity Agreement, nor does a provider have an automatic right to one.The notion of a CIA is to resolve an allegation of fraud and abuse in a manner that avoids a protracted government investigation.  A healthcare organization wishing to settle a government investigation is not guaranteed the option of a CIA and settlement; rather it is at the discretion of the OIG whether to agree to a settlement with a provider or entity and negotiate a CIA.

cia_rightblog (1).jpgThe purpose of a Corporate Integrity Agreement (CIA) is to improve the quality of health care and promote compliance with health care regulations. The CIA may feel punitive to the provider, but in actuality is not designed nor meant to be punitive. 
Instead, the purpose of a CIA is to drive compliant behavior and set minimum standards for which a health care provider/entity should be held accountable, and become a more compliant organization. So, what can we learn from previous CIA’s about when the OIG may enter into one?

Parameters of the OIG Entering a CIA

Have a Compliance Program

It appears that CIA’s are utilized when the OIG feels that a compliance program was in place, but needs to be shored up or even enhanced. The OIG has been clear in its multiple guidances over the years about the need for an effective compliance program. They have issued several guidances geared to educating the healthcare market ranging from doctors to long-term and acute care. The OIG has even issued guidance on educating the Board on its duties in compliance. Not having a compliance program is unlikely to bode well in the OIG’s mind when considering whether to issue a CIA to resolve the fraud matter.

Always Cooperate with the OIG

Cooperating with an OIG investigation is an obvious way to demonstrate your willingness to work with the government to resolve the matter.  After all, the goal of a CIA is to put into place a working document to outline and act as a check and balance to ensure continued improvement and compliance in the future. If your organization is not willing to work with the OIG, then do not expect to resolve the matter through a CIA. If you hinder or refuse to cooperate with an OIG investigation, you should expect to be excluded.

Your Past Can Haunt You

Prior bad acts can weigh in the decision making process of the OIG. If your organization has a past and continued pattern of fraud and/or investigations, the OIG may not be willing to enter into a CIA. Prior bad acts that have been remediated and demonstrate your commitment to doing the right thing and increasing your compliance is certainly a positive factor. The OIG realizes that sometimes even the well intended and otherwise compliant organizations can unintentionally run afoul of the regulations. A commitment from the CEO and the Board to find it and deal with it goes a long way.

Dept. of Justice Involvement

If the matter is being investigated by the Dept. of Justice, the OIG may have limitations on entering into a CIA. For example, if the matter involves a False Claim Act investigation, the Dept. of Justice will have a say in whether the matter can be resolved in a CIA. Certainly, if the provider or organization has been convicted or plead guilty of a False Claim, then the matter is not appropriate for a CIA.  

The Whistleblower

If the matter is brought by a whistleblower and they do not consent to enter into a CIA settlement, it can negate a CIA from being entered. Once the case is brought by a whistleblower, there are additional voices and consents that must be in concert for a CIA to be entered into.

A CIA is a powerful tool available to the OIG to resolve a fraud matter and agreement by the OIG not to exclude the provider or entity, as long as certain minimally required compliance foundations are created, adhered to and an independent review officer has conducted an audit.  In addition, management and Board members may be required to certify compliance with the mandates of the CIA and can incur personal liability for falsely certifying to such.  The CIA, however, is not an automatic right of a provider. It must be something that the OIG and sometimes the DOJ consents to enter.  


Written by Michael Rosen, ESQ

Michael_Rosen.pngProviderTrust Co-Founder, mrosen@providertrust.com

Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as: Inc Magazine’s Inc 500 Award and Nashville Chamber of Commerce Small Business of the Year.

Connect with Michael on Linkedin