OIG Overhauls Corporate Integrity Agreements: What Healthcare Organizations Must Do Now

The OIG recently unveiled a modernized framework for CIAs. These updates represent a shift toward more rigorous governance, technological accountability and alignment with the OIG’s GCPG.

New OIG Requirement: Independent Board Compliance Expert Now Mandatory in CIAs

The most critical update for parties negotiating a CIA is the required appointment of a board compliance expert:

• OIG now requires an independent expert with experience in compliance with federal healthcare program requirements in all CIAs. The expert must review the effectiveness of the entity’s compliance program and prepare a report regarding the expert’s review and findings. 
• Boards must respond to the expert’s findings and include the expert report and response in each annual report to OIG. 
• Standardizing this requirement shows OIG is moving beyond passive reporting to active engagement and board oversight of compliance functions.

OIG Aligns CIAs with General Compliance Program Guidance: Key Changes to Compliance Officer Role and Disclosure Programs

OIG made these changes to codify the principles it introduced in the GCPG, focusing on the “why” behind compliance rather than just the “what.” Key enhancements include: 

• Elevated Compliance Officer Role: CIAs now mandate increased independence, access and stature for the compliance officer, alongside an expanded list of responsibilities.
• Expanded “Disclosure Program” Definition: OIG has broadened this definition to encompass any report made to the compliance department through any modality, not just those coming through a dedicated hotline.

OIG Adds Generative AI Definition and Reporting Requirements to CIAs

In a nod to the rapidly evolving tech landscape, OIG introduced specific CIA provisions regarding generative AI: 

• Information Technology (IT) Expertise: Compliance committees must now include IT expertise.
• Generative AI Oversight: New CIAs include a formal definition of generative AI and specific reporting requirements regarding its use within the organization.

For healthcare organizations, these changes necessitate a review of current board oversight mechanisms and a readiness to integrate high-level technical and compliance expertise into the core of corporate governance.

Organizations under government investigation should identify the compliance expertise necessary to fulfill these obligations early on to implement these requirements smoothly upon settlement.