Blog: GAO Releases Report Analyzing HHS-OIG Integrity Agreements Since 2005

by Cooley LLP

The U.S. Government Accountability Office (GAO) released a report on May 10th characterizing over 10 years of corporate integrity agreements and integrity agreements (collectively, “Agreements”) entered into by the U.S. Department of Health and Human Services Office of Inspector General (“HHS-OIG”) with entities subject to HHS-OIG’s permissive exclusion authority. The report was requested by the Senate Committee of Finance due to concern that there was a lack of public information regarding HHS-OIG’s use of Agreements in enforcement.

The GAO report reviewed over 652 Agreements entered into between July 2005 and July 2017, and describes, among other things: 1) the circumstances leading to the use of Agreements; 2) standard provisions included in Agreements; 3) HHS-OIG’s methods for monitoring compliance with Agreements; and 4) enforcement by HHS-OIG in the case of noncompliance with the terms of Agreements.

Circumstances Leading to the Use of Agreements

When HHS-OIG is permitted to exercise its permissive exclusion authority, requiring the entity to enter an Agreement is one alternative to excluding the entity from participation in federal health care programs. In deciding what action to take, HHS-OIG considers the future risk posed by the entity to federal health care programs based on four broad criteria:

  • the nature and circumstances of the conduct;
  • the entity’s conduct during the government’s investigation;
  • whether the entity has made efforts to improve its conduct; and
  • the entity’s history of compliance.

The GAO found four main initial allegations that resulted in an entity entering into an Agreement with HHS-OIG:

  • billing for services not rendered;
  • provision of medically unnecessary services;
  • acts prohibited by the federal Anti-Kickback Statute (42 U.S.C. 1320a-7b); and
  • misrepresentation of services/products.

The fourth category encompasses a wide range of conduct, such as one case that included allegations that the entity provided improper remuneration and falsified a physician’s signature on laboratory requisition forms. Sixty-three percent of Agreements were based on only one initial allegation.

The GAO found that the number of new Agreements entered into each year decreased between July 2005 and July 2017, reflecting HHS-OIG’s effort to focus its enforcement resources on entities that present the highest risk of fraud. Since 2014, HHS-OIG’s monetary threshold for damages to federal health care programs that must be exceeded before it will pursue an Agreement has been $500,000 for small entities and $1,000,000 for large entities. Though this dollar value is referred to as a threshold, the GAO report points out that the value of damages is only one factor HHS-OIG considers, and the risk of beneficiary harm may also cause HHS-OIG to require an Agreement.

Standard Provisions Included in Agreements

The GAO evaluated six Agreement templates and a sample of 32 Agreements entered into after January 2010 to assess current trends in standard Agreement terms. The GAO found that Agreements contained:

  • Non-negotiable terms that HHS-OIG officials indicated are always included in all Agreements, including requiring the entity to hire a compliance officer, submit annual reports, and permit HHS-OIG access to the entity upon request;
  • Provisions common among all types of Agreements, including requiring the entity to engage an independent organization for certain reviews, or conduct education and training;
  • Terms unique to the type of Agreement. For example, corporate integrity agreements with large entities typically contained specific responsibilities for the entity’s board of directors and requirements for certain high-level employees to annually certify compliance with federal health care program requirements and the Agreement;
  • Terms that varied based on the nature of the conduct. For example, Agreements with entities whose alleged conduct involved impermissible kickbacks contained specific provisions to ensure compliance with the federal Anti-Kickback Statute; and
  • Provisions relevant to the industry of the entity subject to the Agreement. For example, Agreements with pharmaceutical manufacturers have required the manufacturer to submit any correspondence with the U.S. Food and Drug Administration that materially discussed the actual or potential unlawful or improper promotion of the manufacturer’s product.

HHS-OIG’s methods for monitoring compliance with Agreements

HHS-OIG assigns a monitor to each Agreement who oversees the entity’s compliance with the terms of the Agreement. Monitors may be a staff attorney or program analyst at HHS-OIG. Monitoring responsibilities include:

  • Reviewing the information provided in any required reports;
  • Providing assistance to help entities understand their integrity obligations;
  • Reviewing and responding to periodic correspondence regarding reportable events, required notifications, and other communications;
  • Drafting letters regarding identified non-compliance, including stipulated penalty demand letters that require the entity to pay a penalty for non-compliance; and
  • Conducting site visits to ensure compliance.

HHS-OIG conducted 211 site visits in connection with 155 Agreements entered into after 2010. Eighty-seven percent of site visits were to entities with CIAs, and the typical site visit lasted one to one-and-half days. Monitors select site visit locations based primarily on their concerns about a specific entity, as well as additional factors, like the type of provider, the size and complexity of the entity, length of the Agreement, and severity and complexity of the offenses that resulted in the Agreement. A site visit may consist of document review, meetings with certain personnel, and facility tours, among other activities.

Enforcement by HHS-OIG in the case of noncompliance with terms of Agreements

According to HHS-OIG, most entities comply with their Agreements. When there is non-compliance, HHS-OIG takes escalating steps to address the issue, including working with the entity to request additional information regarding the non-compliance and potentially excluding the entity from participation in federal health care programs. HHS-OIG also has the option to demand an entity pay stipulated penalties as set forth in the Agreement and/or send the entity a letter of material breach of the Agreement for, among other things, failure to respond to a stipulated penalties demand letter, repeated and flagrant violations of the Agreement, or failure to notify HHS-OIG of reportable events.

From July 2005 to July 2017, HHS-OIG sent out 10 material breach letters. In addition, HHS-OIG sent out 5 exclusion letters associated with Agreements with 4 entities, including 3 entities that had already received material breach letters. In the same time period, HHS-OIG sent out 41 stipulated penalty demand letters and collected $5.4 million in stipulated penalties. Demanded penalties ranged from $1,000 to over $3 million with a median of $18,000.

The GAO found that HHS-OIG entered into Agreements with 30 different types of entities in the period included in the review, but more than half of the Agreements were with individual and small group practices, hospitals, and skilled nursing facilities. Of the 652 Agreements included in the review, 619 also included a settlement agreement with the U.S. Department of Justice (DOJ). Though pharmaceutical manufacturers represented only 6 percent of the entities who entered into an Agreement with HHS-OIG, they accounted for 62 percent of the settlement amounts owed to the DOJ by those entities ($11.8 million of $19.2 million).

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cooley LLP | Attorney Advertising

Written by:

Cooley LLP

Cooley LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.