Corporate Integrity Agreements: making them work for you

CIAs can be costly and burdensome agreements. The length of a CIA is typically five years, but can go as high as seven or eight. A CIA typically includes seven core elements designed to ensure that violations don’t happen again, including:

1. Hiring a compliance officer and appointing a compliance committee
2. Developing written standards and policies
   
3. Implementing a comprehensive employee training program
   
4. Performing monitoring and review procedures
   
5. Establishing a confidential disclosure program
   
6. Restricting employment of ineligible persons
   
7. Reporting to the Office of the Inspector General [2]

In addition to these seven general core elements, most CIAs also include specific steps related to the conduct that led to the settlement.

While the Office of the Inspector General (OIG) of the Department of Health and Human Services, which oversees CIAs, bases the agreements on a standard set of predetermined compliance measures, each agreement is tailored to the specific circumstances of the provider. As CIAs have evolved over the past 10 to 15 years, OIG has become more flexible in working with providers to negotiate their compliance obligations.

Under the right circumstances, you may be able to shorten the length of a CIA or secure the less stringent certification of compliance agreement (CCA). An expert advisor can provide valuable assistance throughout the CIA process. Your advisor can guide you through interactions and negotiations with relevant government agencies, including the Department of Justice, OIG, and the Centers for Medicare and Medicaid Services (CMS), as well as assist you with follow-up testing of internal controls and compliance to help ensure favorable resolution of the matter. In this article we will look at the evolution of corporate integrity agreements and discuss how you can proactively negotiate CIAs to reduce their costs and burdens.

The evolution of Corporate Integrity Agreements

Corporate Integrity Agreements (CIAs) have been common since the mid-1990s when the government began strengthening its efforts to enforce federal health care statutes and recoup funds lost as a result of fraud and abuse. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) significantly enhanced the resources and capabilities of federal agencies involved in these efforts, including the OIG. Since that time, OIG has entered into more than 1000 CIAs and similar agreements. [3]

CIAs were originally structured around the core elements of the Federal Sentencing Guidelines of 1995. Initially taking a rigid approach to the agreements, OIG began recognizing over time that there was a need for greater awareness about compliance and potential sanctions as well as for specific guidance to help eliminate misinterpretation of the guidelines and encourage self-regulation through the adoption of ongoing compliance programs. OIG also sought to create an atmosphere conducive to self-disclosure by offering concessions to those who came forward.

In 1997 OIG announced that in determining the level of sanctions, penalties and exclusions, it would take into account any reasonable efforts made by a company’s management to avoid and detect any misbehavior within their operations. In 1998 it published a detailed self-disclosure protocol. By 2000, seven segment-specific compliance program guidance documents were issued, providing suggestions on how providers could design internal controls to monitor adherence to applicable statutes, regulations and program requirements. OIG also began issuing fraud alerts, advisory opinions, advisory bulletins and work plans to make its concerns and expectations more transparent. [4]

In 2001, OIG released criteria it would consider when deciding whether a company would be required to enter into a CIA. The criteria included:

1. Whether the provider self-disclosed the alleged misconduct
   
2. The monetary damage to the federal health care programs
   
3. Whether the case involved successor liability
   
4. Whether the provider was still participating in the federal health care programs or in the line of business that gave rise to the fraudulent conduct
   
5. Whether the alleged conduct was capable of repetition
   
6. The age of the conduct
   
7. Whether the provider had an effective compliance program and would agree to limited compliance or integrity measures and would annually certify such compliance to the OIG
   
8. Other circumstances, as appropriate [5]

OIG also sought to relieve the financial burden of compliance reviews and the use of independent review organizations by exploring ways to increase reliance on providers’ internal audit capabilities and by offering flexibility on other requirements such as employee training. In some cases, OIG began reducing the obligation on providers by entering into Certification of Compliance Agreements (CCAs) rather than the more extensive CIAs. CCAs typically have a term of only three years and require providers to certify that they will continue to operate their existing compliance programs for that period. Self-disclosure as the result of an effective compliance program is a key factor in securing a CCA over a CIA. [6]

Understanding expectations

The goal of any CIA from the government’s perspective is to ensure that measures and controls are in place to prevent future incidents of misconduct. For pharmaceutical companies this means monitoring compliance with all laws and regulations governing both price reporting and the sales and marketing of their products.

The Medicaid Drug Rebate Program (MDRP), created by the Omnibus Budget Reconciliation Act of 1990 (OBRA'90), requires a drug manufacturer to enter into and have in effect a national rebate agreement with the Secretary of the Department of Health and Human Services (HHS) for states to receive Federal funding for outpatient drugs dispensed to Medicaid patients. The MDRP requires that the manufacturer perform and report certain calculations to the Center for Medicare and Medicaid Services (CMS) including Average Manufacturer Price (AMP) and Best Price (BP). The Deficit Reduction Act of 2005, (specifically) sections 6001, 6002, and 6003, made significant changes to the MDRP including changes to the calculation of AMP and BP.

The Medicare Modernization Act of 2003 (MMA), in particular section 303(c) of the MMA, mandated the shift from AWP to Average Sales Price (ASP) in calculating reimbursement for drugs and biologicals covered under Medicare Part B. This change in reimbursement went into effect January 1, 2005.

Scrutiny of ASP, AMP and BP calculations has been intense and will likely continue. The government is expected to be vigilant in ensuring that current statutes are closely followed.

The government is also scrutinizing pharmaceutical manufacturers’ relationships with sales agents, purchasers, physicians, and other health care professionals for violations of the federal Anti-Kickback Statute. This includes discounting and other financial arrangements with purchasers; switching arrangements, gifts, gratuities and other benefits for physicians; and undue incentives for sales agents to engage in aggressive marketing or promotional practices.

Improper promotion of drugs for off-label use and the associated claims submitted to federal health care programs for such use also have been targeted in recent government crackdowns.

Negotiating a Corporate Integrity Agreement

The first thing to understand about corporate integrity agreements is that while they are “imposed” on providers as part of settlements for alleged wrongdoing, they are also negotiable contracts. Although the government does not have to accept changes to the terms of the agreement, its primary concern is that compliance measures are successful in preventing further incidents. It is therefore interested in finding workable solutions that both increase the chances of success and promote ongoing cooperation and self-disclosure. The CIA is essentially a relationship with the Office of the Inspector General. Establishing mutual understanding, open communication and commitment to effectively addressing the government’s concerns can go a long way in gaining more flexible arrangements. OIG has expressed an interest in ensuring that CIAs are value-added and not just punitive. They generally are receptive to arguments about how to make CIAs more effective (and more cost-effective) and will make changes on that basis.

Before entering into negotiations on a CIA, it is important to have full knowledge not only of OIG’s own guidance for pharmaceutical companies, which provides the backdrop of expectations for complying with federal statutes, but other corporate integrity agreements. These agreements are available on the OIG web site and provide valuable guidance on what measures OIG expects of a pharmaceutical to protect against violations and what specific accommodations have been made with other companies. Knowledge of the agreements can help you in developing a strategy for the negotiations. Also keep in mind that you are not bound by any historical CIAs and may be able to secure even better terms than other companies, depending on your circumstances and your relationship with OIG.

Once you begin working with OIG, scrutinize the OIG’s draft agreement carefully to determine its full financial impact and identify areas where you might propose an alternative. Again, do not assume that the OIG’s standard language cannot be changed. Work with OIG to explain your organization’s unique circumstances. In proposing alternative language, be sure that you are addressing the government’s original concerns so you can agree on terms acceptable to both sides.

Since most organizations have compliance programs and work plans already in place, try to align the agreement with these programs to avoid the costs of implementing completely different measures. In some cases, compliance programs may have been implemented or changed since the alleged misconduct took place and would now prevent such a problem. Provide OIG with all details of currently existing and proposed programs to demonstrate your commitment to following the statutes and preventing violations.

Also make sure that the agreement is not overly broad. If possible, keep the agreement focused on remedies to the problems that gave rise to the alleged misconduct and avoid general, sweeping measures. This includes keeping external audits and reviews limited specifically to the problem area.

If possible, you should try to avoid external audits altogether. Pharmaceuticals generally do a good job of testing and validating internal controls. By negotiating internal monitoring over outside reviews, you can substantially reduce the costs associated with the agreement. You may also be able to negotiate less stringent reviews over time in exchange for positive results in the earlier years of the agreement.

It is perhaps most critical that you never to agree to terms you cannot achieve. For example, if specific timetables are too aggressive for your organization, be sure to work with OIG to explain your situation and come up with requirements that can be met. Otherwise you set yourself up for a potential breach of the agreement, which can result in an even longer agreement period or possible exclusion from federal programs if the breach is determined to be “material.”

Ensuring compliance

Once terms are negotiated and a final agreement is in place, organizations must ensure that the controls, policies and procedures required under the CIA function as expected. Having an effective auditing and monitoring system in place to test and validate internal controls can not only help you demonstrate that you have a quality compliance program, but provides you with valuable information about your risk exposure. Prior to the start of formal testing, as required by the CIA, consider a separate test of your controls and policies and procedures noting any weaknesses or gaps identified during your review and make modifications to your controls and policies and procedures as necessary.

Corporate integrity agreements may seem like daunting obligations. Yet with the right information, the right approach, and the right advisor, CIAs can be workable agreements that provide the impetus for better internal controls and a better ongoing compliance program.

References:

1. In some cases, CIAs are imposed in addition to an exclusion and other penalties in order for a provider to qualify for participation in federal programs once the exclusion period has ended.
2. http://oig.hhs.gov/fraud/cias.html.
3. Department of Health and Human Services Office of the Inspector General, Protecting Public Health and Human Services Programs: A 30-Year Retrospective, 2006, http://oig.hhs.gov/publications/retrospective.html.
4. Information in this paragraph based on OIG Open Letters to Health Care Providers from February 1997; March 9, 2000; November 20, 2001. http://oig.hhs.gov/fraud/openletters.html.
5. Office of the Inspector General, Open Letter to Health Care Providers, November 20, 2001, http://oig.hhs.gov/fraud/openletters.html.
6. Office of the Inspector General, Open Letter to Health Care Providers, April 24, 2006, http://oig.hhs.gov/fraud/openletters.html.