Leveraging Corporate Integrity Agreements for Healthcare Compliance

Polsinelli PC. In California, Polsinelli LLP

Leveraging Corporate Integrity Agreements for Healthcare Compliance

Presented by: Brian Bewley, ShareholderJennifer Evans, Shareholder

real challenges. real answers. sm

Back to the Basics

� CIAs are an enforcement tool and the result of negotiation.– A part of fraud and abuse case settlements.– Provider agrees to comply with CIA requirements.– OIG agrees not to exclude provider from participation in

Federal health care programs.

� Duration is usually 5 years.� Currently, there are around 210 CIAs in effect.

– 10 are Quality of Care CIAs.

� There are common elements among CIAs, with specific requirements tailored to each case.


Back to the Basics

� CIAs typically include requirements to: – Hire a compliance officer/appoint a compliance committee;

– Develop written standards and policies;

– Implement a comprehensive employee training program;

– Retain an independent review organization to conduct annual reviews;

– Establish a confidential disclosure program;

– Restrict employment of ineligible persons;

– Report overpayments, reportable events, and ongoing investigations/legal proceedings; and

– Provide an implementation report and annual reports to OIG on the status of the entity's compliance activities.


� CIAs provide timely, valuable insight into the government’s point of view.

Why do CIAs Matter?

So, this is what compliance looks like??


Why do CIAs Matter?

� CIAs are the “Holy Grail” of all compliance programs– OIG views CIAs as a way to educate providers on acceptable

compliance activities.

� The Affordable Care Act requires compliance programs, yet gives no specific requirements….

� Providers may use CIAs as a guide to developing compliance programs and structuring operations accordingly.– Useful for all providers but particularly so for at-risk providers.

– Note that because CIAs are tailored to specific providers and situations, providers must assess each provision’s appropriateness.


Lessons Learned: Recent Trends in CIAs

Emphasis on:� Board engagement� Senior management engagement� Organizational and individual

accountability� Effective, meaningful monitoring


Emphasis on Engagement

Board of Directors Obligations. CIAs may require the Board to:– Actively oversee compliance programs and compliance officers

� May include documenting those documents/materials reviewed and additional steps taken by the Board

– Assess compliance programs (quarterly)

– Maintain an audit committee, in addition to a compliance committee

Senior Management and Other Obligations. CIAs may also require that:

– Senior management employees oversee compliance within their area of authority

– Board members, senior management, and other employees receive general and specific compliance training� May list specific areas of training related to legal requirements or

obligations


Emphasis on Accountability

Board Certifications� CIAs often require Board Members adopt resolutions

certifying the organization’s compliance and Board oversight.� Example: CIA for CVS Caremark (Mar. 2014)

� CIAs may require Annual Reports to describe Board activity (what was reviewed, what actions taken, etc.).

“The Audit Committee [or other authorized subcommittee] of the Board of Directors has made a reasonable inquiry into the operations of CVS Caremark’s Compliance Program including the performance of the Compliance Officer and the Compliance Committee. Based on its inquiry and review, the Audit Committee [or other authorized subcommittee] has concluded that, to the best of its knowledge, CVS Caremark has implemented an effective Compliance Program to meet Federal health care program requirements and the obligations of the CIA.”



Senior Management Certifications� Some CIAs require senior management (“certifying

employees”) to individually certify that:1. They have been trained on and understand the

compliance requirements.2. They have promoted compliance.3. Their respective departments are in compliance

with the CIA and Federal Health care program requirements.



Senior Management Certifications� Example: CIA for Dignity Health (Oct. 2014)

“I have been trained on and understand the compliance requirements and responsibilities as they relate to [insert name of department], an area under my supervision. My job responsibilities include ensuring compliance with regard to the [insert name of department] with all applicable Federal health care program requirements, obligations of the Corporate Integrity Agreement, and Dignity Health policies, and I have taken steps to promote such compliance. To the best of my knowledge, except as otherwise described herein, the [insert name of department] of Dignity Health is in compliance with all applicable Federal health care program requirements and the obligations of the Corporate Integrity Agreement. I understand that this certification is being provided to and relied upon by the United States.”



Senior Management Certifications� Definition of “Certifying employees” may be specific:

– CIA for CareAll, Inc. (Oct. 2014)� Includes “at a minimum, the following: the Government

Relations Officer, the Controller, Human Resources Manager, Medicare Accounts Receivable and Billing Manager.”

– CIA for Dignity Health (Oct. 2014)� Lists 24 different positions, including even executives like the

VP for Sponsorship, Mission Integration, & Philanthropy

� Or the definition may be broad:– CIA for DaVita HealthCare Partners Inc. (Oct. 2014)

� Includes “each Covered Person who is an officer, president, general manager, vice president, group senior vice president, division vice president, or other Covered person whose position is equivalent to or above a division vice president.”



Individualcertifications

Individual must take an active

role in compliance

Emphasis is not just on the organization’s compliance.

Emphasis is also on the individuals that make or break compliance.



� Some CIAs further address accountability and encourage compliance through restrictions on employee compensation.

� Potential compensation requirements:– Utilize appropriate compensation structures– Consider an individual’s compliance efforts when

determining incentive compensation� Restrict compensation accordingly

– Recoup incentive compensation in situations of employee misconduct


Emphasis on Monitoring

� Now, typically a standard CIA provision to engage an internal review organization (IRO) or other independent monitor.– Review activities may vary widely.– Recent reviews include:

The list goes on…

• General systems review• General transactions review• Review of drug restocking

practices• Inpatient medical necessity

and appropriateness review• Unallowable cost review

• Claims review• Eligibility review• Review of arrangements for

AKS/Stark purposes• Review processing of third-

party liability claims• Review of other items, as

later determined by the OIG



� Claims review = assessing and evaluating claims submissions� Claims review process:

– Select sample of paid claims (e.g. 100) – Review sample to determine if claim was correctly submitted/ reimbursed

� Includes verifying there is documentation to support the claim– Determine error rate (% of net overpayments) for the sample

� < 5%, no additional sampling required but analyze the errors� > 5%, additional sampling needed

� Additional review process (if needed)– Select additional sample using commonly accepted statistical sampling

methods– Review for proper coding, submission, reimbursement– Estimate actual overpayment in claims population with 90%% confidence

level & max relative precision of 25% of point estimate� Example: CIA for CareMed Pharmaceuticals



� Systems review = assessing systems, processes, policies, and procedures relating to specified actions

� Systems review related to claims submissions – Involves review of:

� Operation of billing system� Process by which provider prepares and submits claims requiring

authorization� Process by which provider maintains documentation� Safeguards to ensure proper claims submission and billing� Procedures to identify and correct inaccurate billing

– OIG suggests performing systems review if initial claims review sample is > 5%� For each claim in the claims review sample, review systems and

processes that generated the claim and identify and problems or weaknesses that may have caused identified overpayments

� Example: CIA for CareMed Pharmaceuticals


� Systems review for off-label marketing is extensive. Involves review of, for example:– How sales representatives and medical affairs personnel: 1) handle

requests/inquiries relating to information about uses of drugs, including off-label uses and 2) distribute materials related to uses

– Form and content of disseminated materials– How organization tracks requests for information about off-label uses– Processes/procedures for identifying, investigating, documenting, resolving,

and taking disciplinary action for potential improper promotion– Manner and circumstances under which medical affairs personnel

participate in meeting or events with HCPs or HCIs– Plans for distributing samples – Incentive compensation of sales representatives – Speaker programs, speaker training programs, and related expenses– Funding of third party educational activities– Research and publication practices

� Example: CIA for Johnson & Johnson




� Arrangements review = review of arrangements or transactions involving the offer, payment, solicitation or receipt of anything of value between the organization and any source or recipient of health care business/referrals

� Arrangement systems review involves review of systems, policies, processes, and procedures for:– Creation and maintenance of centralized tracking system for existing, new, and

renewed arrangements involving offer, payment, or provision of anything of value– Tracking remuneration to and from parties in arrangements– Tracking and monitoring various terms of the arrangement services and

activities to ensure parties to arrangements are performing services required under the arrangement

– Monitoring the use of leased space, medical supplies, medical devices, equipment, or other patient care items to ensure use is consistent with arrangements

– Initiating arrangements– Internal review and approval of arrangements– Implementing responses when suspected violations of AKS are discovered– Ensuring arrangement is written, signed, requires AKS training, provides AKS

policies and procedures, includes certification that parties shall not violate AKS



� Arrangement transactions review involves review of randomly selected arrangements entered into or renewed in a specified period to verify:– Involved parties to the arrangement were properly selected– Organization maintains the arrangement in its centralized tracking system in a

manner that allows identification of the parties and terms– Organization appropriately valued remuneration– Arrangement was subject to internal review and approval and such is

documented– Organization properly tracked remuneration– Organization properly tracks and reviews services and activities to the

arrangement– Parties are performing required services under the arrangement– Organization properly monitors the use of leased space, medical supplies,

medical devices, equipment, and other patient care items– Use of leased space, etc. is consistent with terms of the arrangement– Specifics of the arrangement: written, signed; requires AKS training and provides

organization’s AKS policies and procedures; includes certification that parties shall not violate AKS

� Example: CIA for DaVita HealthCare Partners; CIA for Orthofix International



� Eligibility reviews = review of organization’s Medicare & Medicaid beneficiaries to determine if they meet hospice eligibility requirement

� Eligibility review process:– List all Medicare/Medicaid patients admitted to hospice and randomly

select number of patients– List all Medicare/Medicaid patients who received uninterrupted services

for 180 days or more and randomly select number of patients– Combine selected patients and review sample to determine percentage

of patients ineligible for hospice benefit– Analyze identified errors

� If error rate is > 10%, OIG suggests performing a systems review of the systems and processes that generated the certification of hospice eligibility any paid claim associated with the ineligible patients

� Example: CIA for Three Rivers Hospice, Inc.



� Recent CIAs also emphasize effective, meaningful monitoring within the organization:– May require an Audit Committee– May require auditing of certain risk areas

� May further require that audits not be performed under attorney-client privilege

– May allow monitoring requirements to be modified throughout the CIA

– May require legal counsel to identify and assess risks associate with compliance and steps to mitigate the risk


Practical Considerations to the Lessons Learned

Engagement and Accountability: Board of Directors� The depth and breadth of required Board oversight in

CIAs has grown. � Boards have increased sensitivity to compliance issues.

� � may be more receptive to audit, compliance, quality committees and other tools

� Actions to take:– Identify those committees that have oversight

responsibilities and what those responsibilities are– Document Board and Committee compliance activities



Engagement and Accountability: Senior Management� Given the certification requirements in CIAs, the OIG is

holding senior management more responsible for more compliance activities and oversight. . .

… Organizations should prepare to do the same

� Actions to take:– Give senior management the training and tools

necessary to carry out effective compliance roles.– Identify and review existing policies and procedures, or

create additional ones, that support management compliance activities.



Monitoring.

� Outside monitoring vs. internal monitoring—which is appropriate?

Identify compliance

risk

Assess risk

Fix and mitigate

risk

Continue monitoring

for riskRepeat


Current Enforcement Environment

� Amount Federal government audits and investigations returned in FY 2013:

Four Billion Dollars

� Number of criminal and civil actions in FY 2013 resulting from OIG investigations:

849 criminal, 458 civil

� Number of individuals/entities excluded from participation in Federal health programs in FY 2013:

3,214 excluded

� Avoid contributing to these numbers —How?


Effective Compliance Programs

Mandatory compliance programs.� Affordable Care Act:

– Mandatory for nursing facilities and new enrollees. � Require reasonable design, implementation, and

enforcement.� Must be generally effective in preventing and

detecting violations and promoting quality of care.– More to come?



� May prevent altogether:– OIG investigations– Government audits– DOJ investigations

� Proactive prevention is much better than reactive correction!!!

Effective compliance

program

Increased prevention



� Provide value during government audits– Assess � Overall compliance

– Management/board oversight � Issues/findings

– Audit findings � Be cautious of 60-day rule

– Corrective action � ensure that issue is not replicated� Educate� Determine scope



� Civil investigations:– May be a defense to “knowingly”

standard in fraud and abuse cases.

– May help convince the government not to investigate further.

– May help persuade the OIG to abandon a CIA or lessen CIA requirements.

� Criminal investigations– Lessens ultimate punishment for

organizations, per U.S. Sentencing Guidelines.

– Factor U.S. Attorney’s consider in determining whether to criminally charge an organization.

– Demonstrates good-faith and transparency.

Effective compliance

program

Mitigating factor in government investigations


Questions?


Contact Information

� Brian Bewley, Shareholder– [email protected]

� Jennifer Evans, Shareholder– [email protected]

Polsinelli PCwww.polsinelli.com


About Polsinelli

Polsinelli provides this material for informational purposes only. The material provided herein is general and is not intended to be legal advice. Nothing herein should be relied upon or used without consulting a lawyer to consider your specific circumstances, possible changes to applicable laws, rules and regulations and other legal issues. Receipt of this material does not establish an attorney-client relationship.

Polsinelli is very proud of the results we obtain for our clients, but you should know that past results do not guarantee futureresults; that every case is different and must be judged on its own merits; and that the choice of a lawyer is an important decision and should not be based solely upon advertisements. © 2015 Polsinelli PC. In California, Polsinelli LLP.

Polsinelli is a registered mark of Polsinelli PC

Polsinelli, a national law firm ranked among the Am Law 100 with over 740 attorneys located in 19 offices, deliberately seeks constant improvement in all that we do. At its inception more than forty years ago, the firm established a culture of openness and entrepreneurship that still pervades today. As the fastest growing U.S. law firm for the past six years as ranked by The American Lawyer*, the firm’s growth has been fueled by the recruitment of like-minded attorneys from top law firms across the country.

Polsinelli attorneys successfully build enduring client relationships by providing practical legal counsel infused with business insight, and with a passion for assisting General Counsel and CEOs in achieving their objectives. The firm focuses on healthcare, financial services, real estate, life sciences and technology, and energy and business litigation, and has depth of experience in100 service areas and 70 industries.

*The American Lawyer 2013 and 2014 reports