Corporate integrity agreements or the consent agreements which are reached between the government (HHS) and Covered Entities and Business Associates can be extremely detailed, comprehensive and costly.

In my last post (http://bit.ly/1RsCwLP )  I went so far as to say that these agreements and their implementation are often more expensive than the actual fines, and that I would discuss one of the most far reaching consent agreements I had ever seen, namely, the corporate integrity agreement between OIG-HHS and Nason Medical Center.

While I cannot incorporate the totality of an agreement that is over 50 pages long into a few paragraphs, I think that I can convey the spirit of this agreement.

1. The length of the agreement is five years.
2. The people covered by the agreement include all owners, officers, directors, managers (which include members of the mandated “Management Committee”) and all employees, contractors, subcontractors, agents and other persons who provide patient care items or services or who perform billing or coding functions on behalf of Nason, as well as all physicians or other non-physician practitioners who work within one or more of Nason’s facilities.
3. Establishment of a Compliance Officer and Compliance Committee – and with respect to the Compliance Officer, that individual must be a member of senior management, report directly to the CEO, cannot be subordinate to the General Counsel or CFO, and must be required to visit each location where Nason provides patient services at least every two weeks.

Responsibilities include developing and implementing policies, procedures and practices designed to ensure compliance, making periodic (at least quarterly) reports regarding compliance matters directly to the “Management Committee” with written reports to the “Management Committee” made available to OIG on request, as well as monitoring the day-to-day compliance activities engaged in by Nason.

Not surprisingly, Nason must report to OIG in writing any changes in the identity or description of the compliance officer.

4. Compliance committee, which at a minimum must include the Compliance Officer and other members of senior management, including senior executives of relevant departments such as billing, clinical, human resources, audit, and operations as well as at least one employee who works at least 20 hours per week at each building where Nason sees patients. The Compliance Officer chairs the Compliance Committee. The Compliance Committee must support the Compliance Officer in fulfilling his/her responsibilities.
5. Management Committee’s compliance obligations include meeting at least quarterly to review and oversee Nason’s compliance program, the performance of the Compliance Officer and the Compliance Committee, submitting to OIG a description of the documents and other materials reviewed as well as any additional steps taken in its oversight of the compliance program. In addition, each reporting period, the committee must adopt a resolution signed by each “manager” of the “Management Committee” summarizing its review and oversight of Nason’s compliance with Federal Health Care program requirements and the obligations of the agreement.

This resolution at a minimum must certify that the Management Committee” has made reasonable inquiry into the operations of Nason’s compliance program including the performance of the Compliance Officer and the Compliance Committee. Based on its inquiry and review, the Management Committee must be able to conclude that, to the best of its knowledge, Nason has implemented an effective compliance program to meet Federal Health Care program requirements and the obligations of this agreement. Conversely, if they are unable to provide the required conclusion, they must provide an explanation to OIG explaining why.

6. In addition, managers (people with management responsibilities) are specifically expected to monitor and oversee activities within their areas of authority and annually certify that the applicable Nason department is in compliance with applicable Federal Health Care requirements and with the obligations of this agreement. These employees include but are not limited to the billing manager; director of Human Resources; medical director; Nason medical center manager and CEO; laboratory director; radiology director; business administration manager; accounting director; director of business analysis; and parent company CEO.

The certification must include language that “I have been trained on and understand the compliance requirements and responsibilities as they relate to my department, and/or facility, an area under my supervision” ensuring that the department complies with all applicable Federal Health Care program requirements, obligations of the agreement, and Nason policies, and that they have taken steps to promote such compliance. To the best of their knowledge, except as specifically stated in the certification, they must attest that Nason is in compliance with all applicable Federal Health Care program requirements and the obligations of this agreement.

The list goes on and on, and in fact I have just turned to page six of the agreement. At this point, you could probably imagine that the cost of compliance, and the responsibility placed on the majority of the organizational chart (including new positions that were created based on this agreement) will have a heavy impact on the operations of the organization.

7. An independent monitor selected by OIG must be retained. The monitor may retain additional personnel including independent consultants to help meet the monitor’s obligation under the agreement. The monitor may confer and correspond with Nason, OIG, or both. The monitor is not an agent of OIG; the monitor, however, may be removed by OIG at its sole discretion. If the monitor resigns or is removed, Nason must retain another monitor selected by OIG within 60 days. The monitor is granted virtually unlimited access to all of Nason’s records and documents. The length and breadth of the reports that the monitor must prepare is extensive. Nason is responsible for all reasonable costs incurred by the monitor in connection with the engagement, including labor costs, indirect labor costs, consultant and subcontractor costs, material costs and other direct costs such as travel, etc.

Nason must pay the monitor’s bills within 30 days of receipt. Failure to timely pay the bills constitutes a default under the agreement with OIG, unless said bills are contested and taken up with OIG.

In case you thought that this was not oppressive enough, the agreement also requires engaging an independent review organization.

8. The independent review organization, such as an accounting, auditing or consulting firm, must perform various reviews on Nason. This organization is charged with the responsibility of reviewing Nason’s coding, billing and claims submission to Medicare and state Medicaid programs and the reimbursement received. Of course, OIG reserves the right to do its own independent reviews. The independent review organization must certify its independence and objectivity.

I could go on and “get into the weeds” regarding the highly detailed requirements (both in terms of staff compliance, report generation, and resulting certifications) but I am concerned that I will lose the readers’ attention and distract them from the point I am trying to make.

Noncompliance with HHS-OIG may result in a corporate integrity agreement or consent agreement which is set forth in news releases. The cost of the actual fine, however, does not necessarily begin to give the reader the picture of the burdens, costs, and potential liability that these agreements create.

HIPAA, HITECH and the Omnibus Rule place specific requirements on covered entities and their business associates. Audits can be triggered randomly (as HHS is ramping up audits) or can be triggered by a reported breach by the entity or by an individual whose privacy was violated. In addition, audits have been triggered by media reports and/or reports brought by members of the public at large.

The bottom line is that an ounce of prevention is worth a pound of cure. What do you think?