Bert F. Lacativo (blacativo@glassratner.com) is a former FBI Special Agent and a Senior Managing Director and National Head of Investigations for GlassRatner in Dallas, TX. He is currently leading an IRO engagement. Adam Lampert (alampert@glassratner.com) is an associate for GlassRatner in Dallas, TX.
The Health and Human Services Office of Inspector General (OIG) has accused your company of improprieties, and after careful negotiation by your counsel, there is an agreement to settle under the auspices of a Corporate Integrity Agreement (CIA). Now that your company has entered into a CIA, it can get back to business as usual, right? Not so fast. As part of the CIA, the OIG has required that the company engage (at its expense) an Independent Review Organization (IRO). Let’s explore what an IRO is and what this might mean for your company.
IRO history
According to the OIG publication, “Protecting Public Health and Human Services Programs: A 30-Year Retrospective,” the first CIAs were signed in 1994. CIAs were originally constructed around the core elements of the Federal Sentencing Guidelines as follows:
-
Implementation of compliance measures
-
Appointment of a compliance officer
-
Developing compliance-specific policies and procedures
-
Developing and delivering compliance-related training programs
-
Developing and implementing compliance-related reporting mechanisms
The first CIAs did not include the requirement for a company to engage an IRO, and it is not clear when the first CIAs contained that requirement. Nevertheless, the concept of an IRO emerged due to an ever-increasing number of settlements calling for oversight to ensure that the settling company did not violate the auspices of their CIA. The OIG found that this stretched their resources, causing the OIG to create an alternative means to monitor each company who entered into a CIA. The IRO concept was born with the IRO acting on behalf of the OIG to ensure that the settling company adhered to the CIA settlement terms.
IRO qualifications
The selection of the IRO is left up to the settling company. It is advisable for a company to begin identifying and interviewing IRO candidates as it negotiates its CIA and becomes aware that one will be required. This is important, because the CIA will likely allow for a 90-day timeframe after the CIA is executed to engage an IRO without incurring agreed-upon daily monetary penalties as stipulated in the CIA. Although the company has responsibility for selecting the IRO, within 30 days of selection, the OIG has the opportunity to block the selection based upon the IRO’s qualifications (or lack thereof) or the belief that the IRO cannot carry out the duties as outlined in the CIA (more on those duties later).
Typically, an IRO must possess the technical capability to conduct the required review (usually a detailed claims analysis), must demonstrate their independence (as defined by Government Auditing Standards issued by the Government Accountability Office), and should have a history of being an IRO or performing in a similar function. Once the company selects an IRO, an engagement letter that details the IRO’s activities, responsibilities, and fees should be executed. Additionally, the IRO should sign a business associate agreement, which details the IRO’s responsibilities regarding protection of personally identifiable information (PII) and other information protected under the Health Insurance Portability Accountability Act (HIPAA).
