Healthcare Compliance Solutions and News

Overview of a Corporate Integrity Agreement (CIA)

Health care fraud recoveries for fiscal years 2009- 2014 exceeded previous records with five straight years of more than $2 billion in annual recovery from cases involving fraud and false claims against federal health care programs such as Medicare and Medicaid.  Most healthcare providers are aware of significant civil liability due to recent enforcement. However, many remain unfamiliar with an important acronym as it relates to the world of healthcare.

A Corporate Integrity Agreement (CIA) is negotiated with a healthcare provider or entity. This type of agreement is part of a settlement of federal healthcare program investigations arising under false claims statutes. In exchange for the agreement the OIG agrees not to exclude the provider or entity from participation in the federal healthcare programs.  Implementation and oversight of CIAs require significant personnel and financial resources. 
All types of organizations and providers may be impacted including pharmaceutical companies, medical device companies, hospitals, nursing homes and long term care facilities, and medical practices.

Corporate Integrity Agreements may be helpful in providing insight into what might be required of certain types of providers or organizations. If evaluating a current compliance program, it is good practice to learn about CIAs and review those recently imposed in a particular industry.

What does a typical CIA look like? The standard CIA negotiated by the OIG generally includes provisions pertaining to the seven elements of an effective compliance program. 
Each CIA addresses specific facts, but there are many common elements of CIAs. A comprehensive CIA typically lasts 5 years and includes the following requirements:

  • Hire a compliance officer/appoint a compliance committee;
  • Develop written standards and policies;
  • Implement a comprehensive employee training program;
  • Retain an independent review organization to conduct annual reviews;
  • Establish a confidential disclosure program;
  • Restrict employment of ineligible persons;
  • Report overpayments, reportable events, and ongoing investigations/legal proceedings; and
  • Provide an implementation report and annual reports to OIG on the status of the entity’s compliance activities.

What happens if a CIA is violated?

CIAs contain provisions allowing the OIG to penalize entities for failing to comply with the terms of the agreement. CIAs typically contain a stipulated penalty provision of up to $2,500 for each day the entity fails to follow the requirements.

The OIG can also exclude the applicable entity for a “material breach” of the CIA, typically defined as: (1) repeated or flagrant violation of CIA obligations; (2) failure to report a reportable event and take corrective action; (3) failure to engage and use an IRO; (4) failure to respond to a demand letter concerning the payment of stipulated penalties; and (5) failure of an entity’s board of directors to issue a resolution regarding compliance with the CIA. ( May, Marilyn. “A Wake Up Call for Cos. With Corporate Integrity Agreements.” Legal360,np, 27, May 2014. Web. 4 November 2015)

Some good advice

The best way to avoid a CIA is to have a proactive, comprehensive compliance program in place. The standards for an effective compliance program are modeled on the seven elements of an effective compliance program provided in Chapter 8 of the Federal Sentencing Guidelines. There are Compliance Program Guidelines available for particular areas of healthcare.

According to the OIG the following seven components provide a solid basis upon which a physician practice can create a voluntary compliance program:


  1. Conduct internal monitoring and auditing
  2. Implement compliance and practice standards
  3. Designate a compliance officer or contact
  4. Conduct appropriate training and education
  5. Respond appropriately to detected offenses and develop corrective action
  6. Develop open lines of communication with employees
  7. Enforce disciplinary standards through well-publicized guidelines