What’s New in Corporate Integrity Agreements from the OIG?

What’s New in Corporate Integrity Agreements from the OIG?

As we all know, Corporate Integrity Agreements (CIA’s) are an excellent resource to a compliance officer when trying to stay ahead of the ever-changing compliance landscape. CIA’s provide a wealth of information as to what the Office of Inspector General (OIG) believes should be elements of an effective compliance program. They can also help clarify roles and responsibilities of the board or senior leadership in a healthcare organization. It is highly recommended that you monitor CIAs posted on the OIG site on a periodic basis to see if the model CIA has been updated or changed.

Here is what we know about today’s CIA’s:

After studying the latest CIA’s, we will save you a little time by highlighting a few changes that have been made in recent CIAs and share some of the background or information communicated by members of the OIG during previous HCCA conferences.

Management Certifications

There have been multiple changes, but let’s start with one that impacts the senior leadership of the organization. Specifically, a new requirement called “management certifications.” In previous versions of a CIA, each organization would have to complete an annual report to the OIG that outlines numerous CIA activities completed throughout the year. As part of the submission, the Chief Compliance Officer and Chief Executive or Chief Financial Officer would have to attest/certify to the accuracy of the report.

In the new CIAs, there has been a drastic change by now requiring management certifications. This requirement requires a significant effort and in my opinion, provides a clear message from the OIG that compliance isn’t just the responsibility of the compliance department. In this new element, it requires management at all levels such as; corporate, area, region, division, and district leaders to not only certify their commitment to compliance but document how they have promoted compliance within their job responsibilities.

Risk Assessment Process

Another interesting update was the addition of a risk assessment process, not included in previous CIAs. In the new model CIA, an organization is required to conduct a thorough risk assessment on an annual basis. This risk assessment will be shared with the OIG and if applicable with the Independent Review Organization (IRO).

If shared with the IRO the risk areas will typically be used to determine the general focus for the IRO audit later in the year. There are a variety of changes in recent CIAs that relate to the IRO audit process, error rates, repayment, etc. These are relatively complicated, so we will not address those in this blog.

(If you would like more detail on those changes, contact me at and we can discuss.)

This same risk assessment may also be used to develop a training plan under the new CIAs. This is a change from the previously mandated training element which was based on the “covered conduct” as defined within the settlement between the organization and the OIG. Under the new CIA, the organization has the ability to recommend a training plan to the OIG for their approval. It no longer defines a set number of hours and topics of training.
(Note: This is not true for all CIAs, some quality of care CIAs may still mandate topics and hours, but generally speaking- many of the new CIAs have a much more manageable training requirement).

Compliance Experts

The last area I would like to highlight is the new requirement of a Compliance Expert. Not all CIAs will require this new element but many are now requiring the engagement of a Compliance Expert from outside the organization. The expert comes in and conducts an initial assessment of the compliance program to set a baseline, and then completes further assessments on either an annual or every other year basis. This new requirement helps the OIG gather additional, unbiased information on the status of the Compliance Program.

Important Message from the OIG

I also want to just briefly touch on a couple of areas that the OIG emphasized during recent HCCA presentations as having not changed, but remain crucial components of an effective compliance program. The first is the importance of monitoring and screening for exclusions and sanctions. The OIG indicated that this has not changed as a requirement of the CIA and reiterated the importance of having a formalized process in place to monitor pre-hire and throughout employment.

The second element is that of utilization of the Self-Disclosure Protocol. Over the last several months, I have noticed that in many OIG presentations or communications the OIG is mentioning the importance of using the Self-Disclosure Protocol. The OIG has indicated that they believe the use of the Self-Disclosure Protocol by a healthcare organization is evidence of an effective compliance program. If you are under a CIA, you will have numerous reporting requirements and methods to report so this message may be a bit late for you but for those of you who don’t, I want to be sure you are aware of this message from the OIG. I think there is a clear signal from the OIG that as we are internally monitoring and investigating compliance events, it is important to understand how we are to report findings and when it is appropriate to self-disclose.


As you can see, the CIA “template” is ever changing and a valuable resource to compliance officers. If you haven’t already done so, join the OIG listserve so you can be notified of any new CIAs as they are happening. Doing so will make sure you are finding out about the latest and most relevant CIAs to your organization.

And remember, the ProviderTrust team is always here to help you with your compliance needs. Whether it is assistance with improving your compliance program, auditing your current compliance program or implementing exclusion and sanctioning monitoring, we are here to help!

donna.pngWritten by Donna Thiel, Director of Compliance Integrity Team
Connect with Donna on LinkedIn

Donna Thiel is the Director of our Compliance Integrity team, a consulting division of ProviderTrust. Donna works with compliance officers across the country to help reduce the stress and anxiety of this very difficult role.


Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.