News & Resources

Publications & Media

The GAO Provides Congress Inside Look at OIG Integrity Obligations

OIG Monitor David Blank

In May, the U.S. Government Accountability Office (GAO) released a report analyzing the U.S. Department of Health and Human Services (HHS) Office of Inspector General's (OIG) practice of entering into Integrity Agreements as consideration for a permissive exclusion release. The report was initiated in response to growing concerns about the limited amount of publicly available information regarding the OIG’s implementation and use of the agency created agreements. In particular, the GAO sought to shine light on the total number of Integrity Agreements, the circumstances that lead to the entry of an agreement, the standard provisions and general characteristics of an agreement, and the OIG’s oversight of the agreements and efforts to address noncompliance.

The OIG's Exclusion Authority

Congress, through the Secretary of HHS, conferred broad authority on the OIG to exclude individuals and entities from participating in the federal health care programs. The effect of an exclusion is that no federal health care program payment may be made for any item or service furnished: (1) by an excluded individual or entity; or (2) at the medical direction or on the prescription of an excluded individual or entity. The purpose of exclusion is remedial and is intended to protect both the public fisc and federal health care program beneficiaries from untrustworthy individuals or entities.

The majority of exclusions are derivative, meaning the OIG’s authority is triggered by the occurrence of another event, such as a criminal conviction, loss of professional license, or the failure to pay back certain loan obligations. Exclusions are classified by two broad categories: mandatory and permissive. The four mandatory exclusion authorities all relate to criminal offenses and require the OIG to impose exclusion on any individual or entity convicted of an offense related to: 1) a federal health care program; 2) patient abuse or neglect; 3) the delivery of a health care item or service; or 4) a controlled substance. Under the statute, the OIG has no discretion regarding the imposition of exclusion and the minimum term is no less than five years.

The OIG has 16 permissive exclusion authorities covering certain misdemeanor convictions, adverse state licensing actions or exclusion, and other various prohibited conduct. Within the permissive exclusion authority lies section 1128(b)(7) of the Social Security Act (Act), which covers a wide range of prohibited acts, including conduct that forms the basis of a False Claims Act (FCA) settlement. Unlike most exclusions, this authority is not based on any condition precedent, and requires the OIG to prove a violation through the administrative hearing process.

Unlike the mandatory provisions, section 1128(b)(7) of the Act allows the OIG discretion in imposing exclusion. This discretion affords the OIG several options when assessing conduct that implicates the authority including: (1) the imposition of exclusion; (2) subjecting the individual or entity to unilateral monitoring; (3) a reservation of the authority; (4) an outright release of the authority; or (5) subjecting the party to integrity and oversight obligations in exchange for a statutory release and agency commitment to forego an administrative hearing. The OIG’s specific course of action is dictated by the agency’s assessment of the future risk the individual or entity poses to the federal health care programs at the time of settlement.

These integrity and oversight obligations are memorialized in agreements known as Corporate Integrity Agreements (CIA) or Integrity Agreements (IA) (collectively “Agreements”). The Agreements focus on promoting adherence to applicable laws and program requirements. The OIG is responsible for negotiating and monitoring the Agreements, as well as imposing penalties in the event of a party’s noncompliance. CIAs are designed for large entities and impose a 5-year oversight period. IAs are tailored for small business, physician practice groups, and individuals and impose a 3-year oversight period.

The Number of Integrity Obligations and Their General Characteristics

From July 2005 to July 2017, the OIG entered into 652 Agreements. Approximately 95% were based on a contemporaneous FCA settlement. The remaining 5% were based on OIG-led affirmative civil monetary penalty law (CMP) investigations. Of the 619 FCA-related Agreements, 52% were based on qui tam, or whistleblower, initiated enforcement actions.

The GAO identified the most frequent allegations giving rise to FCA or CMP liability resulting in an Agreement. The allegations included: (1) billing for services not rendered; (2) providing medically unnecessary services; (3) engaging in kickback conduct; and (4) misrepresenting the services and/or products provided. The GAO noted that: 63% of the Agreements included one of the four most common allegations; 23% included two of the most common allegations; and 15% included three or more of the most common allegations.

The GAO also examined the provider types that most commonly entered into the Agreements. The study found that over half of the Agreements related to: (1) individual/small group practices; (2) hospitals; and (3) skilled nursing facilities. The remaining quarter of the agreements were comprised mostly of medical group practices, pharmaceutical manufacturers, clinics, medical device manufacturers, and ambulance companies.

Of the 652 total Agreements, the GAO found that only 15 entities entered into subsequent Agreements. The OIG explained that the few entities with multiple Agreements typically were large corporations with multiple divisions, and that the Agreements applied to different areas of the corporation's business. Further, the OIG extended the integrity obligations of five entities beyond the traditional five years to reflect new settlements with the Department of Justice.

What Leads to an Agreement?

The GAO also reviewed the criteria the OIG uses to decide whether an Agreement is imposed on a settling party. As a threshold matter, the OIG has created a rebuttable presumption based on the settlement amount to serve as an initial filter in determining whether integrity obligations are appropriate or necessary. In 2014, the rebuttable presumption was set at a single damages figure in the amount of $500,000 for small entities and $1 million for larger entities. The OIG believes the rebuttable presumption allows the agency to better allocate resources to focus on entities that present the greatest future risk to the federal health care programs. It is important to note that this presumption can be overcome if the OIG believes the underlying conduct warrants future oversight.

In determining the future risk an entity poses to the federal government, the OIG evaluates four categories, including: (1) the nature and circumstances of the conduct; (2) the conduct identified during the investigation; (3) the entity’s ameliorative efforts; and (4) the entity's history of compliance. A more comprehensive look at the OIG’s non-binding exclusion factors can be found here.

What is Included in An Agreement?

In general, the majority of Agreements have a similar structure and common elements. The GAO noted that the OIG utilizes an Agreement template that includes many standard non-negotiable provisions. The OIG almost always includes provisions requiring an entity to hire a compliance officer, complete education and training obligations, submit annual reports, provide agency access upon request, and hire an independent review organization to review claims or arrangements. There are four CIA templates and two IA templates that are used as a starting point in negotiations. The initial template selection is based on the underlying conduct giving rise to the contemporaneous FCA or CMP settlement.

Of the 652 Agreements studied, 95% required the entity to perform at least one review. The most common types of reviews involved health care claims, unallowable costs, and arrangements. Many CIAs also impose board of director obligations, and requirements that an executive certify the organization complied with federal health care program requirements and obligations imposed under the Agreement.

The Compliance Monitor and Imposition of Penalties

After a party enters into an integrity obligation, the OIG assigns an attorney to monitor the Agreement to oversee adherence to its terms. The monitor’s primary duties include reviewing the entity’s implementation and annual reports, providing assistance in understanding the obligations imposed under the Agreement, maintaining communication with the entity, drafting noncompliance letters, and occasionally conducting a site visit. Site visits are conducted by multiple OIG officials, announced in advance, and typically last one or two days. During the site visit, officials review training records, policies, and procedures; hold meetings with the compliance officer or board members; and tour the facility. Between July 2005 and July 2017, the OIG conducted 211 site visits under 155 Agreements. Based on the OIG’s historical use of the site visit, only 24% of entities entering into an Agreement will be visited by the OIG.

The Agreements also allow the OIG to address specific acts of noncompliance through the imposition of penalties. The applicable penalties do not flow from any statutory or regulatory authority, but rather, the Agreement itself. Under the Agreement, the OIG may impose penalties ranging from fines to program exclusion depending on the underlying noncompliance.

In most cases, the OIG will work with entities to addresses the noncompliance before any official action is taken. In the event the individual or entity fails to cure the problem, the OIG may seek to enforce stipulated penalties. Between July 2005 and July 2017, the OIG issued 41 letters demanding stipulated penalties, ranging from $1,000 to $3 million. The most common reason a stipulated penalty was imposed related to the party’s failure to timely submit a required report. If the OIG considers the noncompliance to rise to the level of a material breach of the Agreement, the agency may seek exclusion. The GAO identified 10 instances where the OIG issued a notice of material breach intending to exclude the entity. Notably, five of the 10 material breach letters were sent to the same entity. A total of four entities have been excluded for violating the terms an Agreement. Based on the OIG’s historical application of the penalty provisions, approximately 6% of entities have received a demand for stipulated penalties and less than 1% have received a material breach letter.


The evolution of the Integrity Agreement as a tool to require the creation and implementation of a compliance program into an instrument tailored to address specific problematic conduct and evaluate the true effectiveness of a compliance program is remarkable. This GAO analysis provides some historical context on Integrity Agreements, but more importantly, contains useful insight and valuable data on the OIG’s use, implementation, evaluation, and enforcement under these Agreements.

The Integrity Agreement will remain an OIG tool in FCA and CMP settlements. The insight provided by the GAO should be used to determine whether entering into an integrity obligation is right for an organization, and allows for a better understanding of the likelihood of enforcement in the event of noncompliance. Before entering into an Agreement, entities should analyze the real risk of exclusion, and in the event an Agreement is entered into, ensure the necessary resources are allocated to ensure compliance with all terms. Lastly, health care entities should periodically review new Agreements to better develop and improve their own compliance programs to proactively identify vulnerabilities and prevent fraud, waste and abuse.

For additional information on Integrity Agreements, compliance programs, or OIG enforcement, please contact David Blank at (202) 780-2643/[email protected], Laura Pone at (312) 715-5090/[email protected], or your Quarles & Brady attorney.

Read more OIG Monitor insights from April-June 2018:

OIG by the Numbers – June, 2018

OIG Testimony Focuses on Longstanding 340B Program Vulnerabilities

Can You Hear Me Now? OIG Examines Improper Telehealth Payments