HHS-OIG Year in Review: Pharma and Medical Device CIAs Increase, Include Novel Provisions

Skadden Publication

Maya P. Florence

Corporate integrity agreements (CIAs) continued to be an important tool for the Office of Inspector General, U.S. Department of Health and Human Services (HHS-OIG) in 2019. Notably, pharmaceutical and device manufacturers saw a substantial uptick in the overall number of CIAs, including novel and generally enhanced provisions tailored to address a wide range of alleged (and, in some cases, admitted) misconduct. It remains to be seen whether some of these novel provisions will become standard terms in future CIAs, or remain one-offs that are unique to the related settlements.

Key Takeaways

The overall number of new CIAs and integrity agreements (IAs) remained the same in 2019 as 2018, but was below the five-year average.

  • There was a substantial uptick in 2019 in the number of CIAs that involved pharmaceutical and device manufacturers, increasing from two CIAs in 2018 to eight CIAs in 2019.
  • CIAs in 2019 continued to include provisions requiring companies to perform risk evaluations to identify and address risks associated with participation in federal health care programs.
  • The HHS-OIG broadened its traditional areas of CIA oversight, in one case imposing heightened reporting requirements for postmarket surveillance.
  • Although most CIAs involve health care providers or pharmaceutical or device manufacturers, the HHS-OIG also entered into IAs with three charitable copay foundations,1 and entered into one state agency compliance agreement.2
  • OIG excluded an ambulance provider for a period of five years based on a material breach of the CIA, namely failing to pay stipulated penalties and cure the underlying breach by submitting an annual report.

The Year in Numbers: CIA Statistics

The HHS-OIG entered into 37 new CIAs and IAs in 2019,3 matching the number of CIAs in 2018. As of January 6, 2020, there were 234 open CIAs according to the HHS-OIG’s website. Of the 39 agreements in 2019, two were amendments to a prior CIA, 21 were new CIAs, 15 were IAs and one was a state agency compliance agreement.Sector Breakdown

While, as in previous years, a high number of IAs were with individuals, small group practices or small providers, an unusually high number of CIAs were with drug and device makers followed closely by hospitals and health systems. A substantial number of CIAs did not neatly fall into any sector, but fell into the “Other” category. This included, for example, an electronic health records vendor, a laboratory, a state agency and a holding company.

As in previous years, most federal health care settlements that did not result in a CIA had a settlement amount of less than $20 million. Although the settlement amount is not the primary reason HHS-OIG might decline to require a CIA, since 2015, 28 of 32 drug- and device-maker settlements under $20 million have not resulted in the imposition of a CIA. In 2019, there were eight such settlements with drug and device makers.

Notable CIAs and Trends

Copay Assistance. Continuing a trend that began in 2017, the HHS-OIG entered into eight CIAs related to the provision of charitable foundation copay assistance to low-income beneficiaries. Three of the eight CIAs were with charitable organizations, and required that the organizations “implement measures designed to ensure that they operate independently” from pharmaceutical manufacturers.4 Notably, the settlements with drug makers prohibit the companies from even suggesting how a foundation identifies, establishes or modifies any disease state fund to which a company donates.5

FDA Requirements. While CIAs with drug and device makers routinely require adherence to FDA promotional rules, the ACell, Inc. CIA included provisions relating to product “recalls, corrections and removals procedures, risk management and nonconforming product procedures, product complaint handling, and … [corrective action plans]” as covered activities that are within the ambit of the CIA’s requirements.6 Recalls are also defined as “reportable events” under the CIA. Because such postmarket surveillance activities are often in the province of a company’s regulatory – rather than compliance – group, inclusion of these requirements in the CIA will likely require enhanced coordination between those two groups to ensure FDA and HHS-OIG reporting obligations are met.7

Insys. The CIA with Insys Therapeutics (Insys) included entirely novel provisions that, according to the HHS-OIG, reflected the seriousness of the underlying conduct that gave rise to the company’s $225 million criminal and civil settlement and the prosecution of multiple company executives. The most noteworthy provisions of the 99-page CIA included:

  • An obligation to cease promotion of the company’s leading product (Subsys) within 90 days of the agreement’s effective date;
  • An obligation to divest the company’s two opioid products (Subsys and a buprenorphine candidate) within 12 months of the effective date;
  • An agreement that the release of the HHS-OIG’s exclusion and civil money penalty authorities is conditional and takes effect only after the company satisfies its obligations under the CIA;
  • An agreed-upon statement of facts requiring that the company not contest the HHS-OIG’s findings if the agency finds the company in material breach of the agreement; and
  • A requirement to cease payments to all speakers except those who are company employees.

Greater Transparency for When CIAs Are Not Imposed

This year, the HHS-OIG departed from its general practice of not commenting on its decision to not impose a CIA in a particular case when it elected to explain its decision not to require a CIA in connection with Alexion Pharmaceutical’s DOJ settlement. The HHS-OIG explained that it did not require a CIA because the company made “sweeping and fundamental organizational changes” following the conduct at issue, noting that the company hired a new executive leadership team and changed half of the members of the board of directors.8

OIG Enforcement Activity for CIA Violations

In 2019, the HHS-OIG imposed 12 sanctions against companies for failing to comply with CIA obligations. Eleven companies were assessed stipulated penalties between $5,000, for failing to timely repay overpayments, and $690,000, for failing to implement written policies, provide employees training, comply with disclosure program requirements, and otherwise implement and comply with arrangements procedures and requirements. In total, the HHS-OIG imposed stipulated penalties of $936,000. Additionally, the HHS-OIG excluded one company for a period of five years after it failed to pay stipulated penalties demanded by the HHS-OIG in 2018 based upon a failure to submit an annual report.9 Although the now-excluded company had 25 days to request a hearing after the HHS-OIG issued a notice of material breach and intent to exclude, the company did not request a hearing.


CIAs remain a powerful tool for the HHS-OIG to foster compliance in companies settling health care fraud investigations and provide sub-regulatory guidance for other companies in the relevant industry sector. As companies continue to evolve their commercial practices and business models, CIA provisions also evolve to address the risks associated with such activities. While companies are well advised to look at CIA provisions relevant to their industry sector, it is also important to keep in mind that DOJ and HHS-OIG settlements are backward looking and may not provide a useful roadmap for controlling novel activities that lack accepted best practices. The bottom line is that health care companies must evolve their compliance programs and risk assessment strategies to address their own current and emerging business activities. The risks of not doing so can be seen in each year’s list of health care fraud settlements and CIAs.


1 See Press Release, Department of Justice, “Foundations Resolve Allegations of Enabling Pharmaceutical Companies To Pay Kickbacks to Medicare Patients” (Oct. 25, 2019), available here.

2 See Louisiana Department of Health, HHS State Agency Compliance Agreement (Nov. 4, 2019).

3 Unless otherwise noted, the term corporate integrity agreement or CIA refers to both corporate integrity agreements and integrity agreements.

4 See Press Release, Department of Justice, “Foundations Resolve Allegations of Enabling Pharmaceutical Companies To Pay Kickbacks to Medicare Patients” (Oct. 25, 2019), available here.

5 See, e.g., US WorldMeds, LLC and Solstice Neurosciences, LLC, HHS CIA (Apr. 3, 2019) (§ III.N.3.a, Criteria Relating to Donations to Independent Charity PAPs).

6 See ACell, Inc., HHS CIA (May 13, 2019) (§ III.B.n, Written Standards).

7 See Press Release, Department of Justice, “Medical Device Maker ACell Inc. Pleads Guilty and Will Pay $15 Million To Resolve Criminal Charges and Civil False Claims Allegations” (June 11, 2019) (ACell pleaded guilty to one misdemeanor count of failure and refusal to report a medical device removal in violation of the Food, Drug and Cosmetic Act and paid a $3 million fine, and resolved civil allegations that it caused false claims to be submitted and paid $12 million), available here.

8 See Press Release, Department of Justice, “Three Pharmaceutical Companies Agree To Pay a Total of Over $122 Million To Resolve Allegations That They Paid Kickbacks Through Co-Pay Assistance Foundations” (Apr. 4, 2019), available here.

9 See “Stipulated Penalties and Exclusion for Material Breach: OIG Excludes Indiana Ambulance Provider for Material Breach,” HHS-OIG (Apr. 3, 2019), available here.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.