1. Over the past few years, dental practice management (DPM) companies have come under
increasing governmental scrutiny. This is highlighted by the U.S. Department of Health and
Human Services (HHS) Office of the Inspector General’s (OIG’s) exclusion of CSHM LLC earlier
this year from participation in Medicare and Medicaid.
2. The need for DPM companies to build a culture of compliance in their companies is more
immediate in light of this heightened scrutiny.
3. An effective compliance program begins by implementing policies and procedures that focus on
both quality of care and adherence to federal and local laws and regulations.
4. Each DPM company should have a chief compliance officer who maintains independence and has
authority to effectively implement policies through compliance liaisons at each facility.
5. DPM companies should conduct thorough training of staff on policies and procedures, as well as
continually review their training and compliance programs to ensure effectiveness.
6. DPM companies should respond to and correct compliance issues timely and completely.
7. Compliance programs should be designed to ensure the quality and medical necessity of care, in
addition to billing accuracy.
In March 2014, OIG excluded CSHM, which manages and operates the national chain of Small
Smiles Dental Centers, from Medicare, Medicaid and all other federal healthcare programs for at least
five years because of its alleged material breaches of its corporate integrity agreement (CIA) with OIG.
This case exemplifies the government’s increasing scrutiny of DPM companies, which otherwise have
grown substantially in popularity in recent years, thanks largely to increased private equity investment.
Private equity firms have bought or backed at least 25 DPM companies in the past decade, and these
companies now account for over 8 percent of U.S. dentists. The increased interest in DPM results
partly from a large upswing in Medicaid spending for dentistry, which rose 63 percent between 2007
and 2010, to $7.4 billion. Indeed, CSHM primarily served children on Medicaid.1
CSHM’s corporate predecessor, FORBA Holdings, entered into the CIA in 2010 as part of the
resolution to a False Claims Act case involving allegations that the company had provided medically
unnecessary and substandard dental services to its patients.2 FORBA also paid $24 million, plus
interest, as part of its settlement with the government.3 In a different case in 2012, the government
investigated All Smiles Dental Centers Inc. for alleged fraud in its Medicaid billing and claims. All
Smiles settled with the government for $1.2 million and entered into a CIA with OIG in March of that
1 Sydney P. Freedberg, “Dental Abuse Seen Driven by Private Equity Investments,” Bloomberg, (May 16,
2012), available at http://www.bloomberg.com/news/2012-05-17/dental-abuse-seen-driven-by-privateequity-
2 Press Release, Office of Inspector General, OIG Excludes Pediatric Dental Management Chain from
Participation in Federal Health Care Programs, available at https://oig.hhs.gov/newsroom/newsreleases/
3 Press Release, Department of Justice, National Dental Management Company Pays $24 Million to
Resolve Fraud Allegations, (Jan. 30, 2010), available at http://www.justice.gov/opa/pr/2010/January/10-
4 Press Release, Department of Justice, Texas Orthodontic Office and Former Owner Resolve Allegations
of False Medicaid Claims, (Mar. 21, 2012), available at
7 Key Lessons for Dental Practice Management Companies from Corporate Integrity Agreements | Page 3
This article will discuss what DPM companies can learn from government enforcement to
strengthen their own compliance efforts and avoid similar issues in the future. Specifically, it will
focus on lessons to be gained from OIG’s CIAs with CSHM and All Smiles, along with OIG’s
Compliance Program Guidance for Individual and Small Group Physician Practices and Third Party
Seven Lessons for Compliance
While exclusion usually is not OIG’s first response to reported abuses (CSHM was given multiple
opportunities to correct the breaches in the CIA), DPM companies should be wary of continued
scrutiny on DPM structures along with the heightened suspicion of fraud and abuse in the industry.
Over the past year, Congress has expressed concerns about DPM companies, calling on HHS to
exclude from Medicaid participation any corporate-owned dental clinics using deceptive practices that
result in unnecessary or substandard care.5
OIG’s CIAs tend to follow similar structures6 and, along with OIG’s Compliance Guidance, can
provide helpful tips and insight into maintaining an effective compliance program. Here are seven
lessons to be gained from the CSHM case and a similar CIA involving All Smiles:
1. Establish effective compliance policies and procedures.
The CIAs with CSHM and All Smiles both required the companies to implement written policies
and procedures regarding the operations of their compliance programs.7 The CIAs required the
policies to contain measures designed to promote patient safety and appropriate treatment
planning, appropriate documentation of dental records, and periodic audits of clinical quality.
They also stressed that the policies and procedures should be designed to prevent financial
incentives from motivating any staff to engage in improper conduct or to provide excessive or
substandard services or items.8
While compliance programs are not yet mandatory, DPM companies should strongly consider
implementing these programs due to the government’s increased scrutiny on DPM companies.
DPM companies should develop, implement and maintain written policies, procedures and
standards of conduct designed to ensure the quality of dental care provided to patients. These
policies and procedures should include measures to ensure compliance with all Medicaid rules and
regulations regarding the provision of and billing for dental and orthodontic services. DPM
companies also should regularly assess the effectiveness of these policies and procedures and
update them accordingly.
2. Designate an independent compliance officer and compliance committee.
The CIA between OIG and CSHM tasked CSHM’s compliance officer with ensuring that CSHM
appropriately identifies and corrects quality-of-care problems. The CIA also required that
5 Joint Staff Report on the Corporate Practice of Dentistry in the Medicaid Program, S. Rep. No. 113-16;
Letter from Michael C. Burgess, Member of Congress and Diane DeGette, Member of Congress to Daniel
Levinson, Inspector General, U.S. Dep’t of Health and Human Servs., (Feb. 3, 2014).
6 OIG Press Release (2014), supra note 2; OIG Corporate Integrity Agreement with FORBA Holdings,
LLC (2010); OIG Corporate Integrity Agreement with All Smiles Dental Centers, Inc. (2012).
7 FORBA CIA, pg. 12-13; All Smiles CIA, pg. 6.
8 FORBA CIA, pg. 12-17.
7 Key Lessons for Dental Practice Management Companies from Corporate Integrity Agreements | Page 4
CSHM’s compliance officer not be subordinate to the general counsel or chief financial officer,
and that any job responsibilities of the compliance officer not related to compliance activities be
limited and not interfere with the ability to perform compliance duties.9 Finally, the CIA required
compliance liaisons at each facility to assist the compliance officer with implementing policies
and procedures and to serve as compliance contacts for the designated facilities.10
While each DPM company should tailor its compliance program to its own specific needs,
companies should consider the emphasis that OIG places on independence and the amount of
responsibilities given to compliance officers. OIG sees independence as giving the compliance
officer the flexibility to conduct investigations and take appropriate action, as well as the authority
to review all relevant documents, including billing and patient records (where appropriate). DPM
companies that manage larger numbers of clinics also should consider designating compliance
liaisons or regional compliance officers who report to the chief compliance officer to improve the
effectiveness of day-to-day review of quality of care at their facilities, as this kind of oversight can
be difficult without constant communication with each clinic.
3. Train and educate staff on compliance.
OIG’s CIA with CSHM required CSHM to conduct specific training related to billing and
reimbursement as well as clinical quality.11 OIG also cited a failure to perform adequate training
as a significant reason for excluding CSHM.12
DPM companies should conduct effective training and education on compliance policies and
procedures for all staff, including all managers and dentists, where appropriate. DPM companies
also should provide regular compliance reminders to their staffs, regularly review and assess the
effectiveness of training, and correct the training accordingly. Further, retraining staff periodically
is important to ensuring consistent compliance. Such training could help eliminate risks of False
Claims Act and Fraud and Abuse violations by preventing improper billing or the provision of
medically unnecessary treatment. DPM companies should make every effort to foster a culture of
compliance, and training is an effective way of accomplishing this.
4. Continually review the compliance program.
The CIA required CSHM to create an internal audit program for performing quality audits and
reviews. This program included reviewing quality of care, evaluating the implementation of
compliance policies and procedures, assessing the training of staff, and monitoring whether
complaints are properly investigated and violations are reported and corrected.13
DPM companies should conduct internal monitoring and audits of compliance with policies and
procedures. Where the policies and procedures are understood and being followed, DPM
companies should evaluate the effectiveness of these policies on compliance. If they are not
achieving their goals, changes should be made. While DPM companies might not necessarily
have a formal program like the one OIG requires in its CIAs, larger DPM companies should have
9 FORBA CIA, pg. 3.
10 FORBA CIA, pg. 4.
11 FORBA CIA, pg. 17-18.
12 OIG Press Release (2014), supra note 2.
13 FORBA CIA , pg. 10-11.
7 Key Lessons for Dental Practice Management Companies from Corporate Integrity Agreements | Page 5
effective systems in place to make sure their compliance policies and procedures are being
implemented in each clinic as the compliance officers intended.
5. Report and respond to issues effectively and completely.
CSHM’s and All Smiles’ CIAs focused on reportable events such as substantial overpayments and
probable violations of criminal, civil or administrative laws applicable to federal healthcare
programs.14 CSHM had the opportunity to cure breaches of the CIA in December 2013 and
January 2014 and did not do so. While CSHM was in a unique situation because it had entered
into a CIA with OIG, its failure to respond appropriately to OIG requests was a driving factor
behind its exclusion. Other DPM companies should thus understand the need to respond to the
DPM companies’ compliance officers should identify reportable quality-of-care events and have
systems in place whereby any reports of possible improper practices are investigated properly.
Compliance officers also should ensure that appropriate corrective action is taken where needed.16
Finally, DPM companies should respond accurately and completely to all government inquiries
and certifications. This may mean requiring staff in larger companies to pass along all
government inquiries to the appropriate compliance officers or legal in-house counsel.
6. Monitor and correct any quality of care or medical necessity issues.
CSHM’s alleged practices of providing patients with services that were either medically
unnecessary or performed in a manner that failed to meet professionally recognized standards of
care led CSHM to settle with the government and enter into the CIA.17 In the CIA, OIG required
CSHM to perform a review of claims documentation to identify any dentists that had high “pulpto-
crown” utilization.18 OIG also cited CSHM’s failure to take corrective action in qualitydeficient
events as a main driver for excluding CSHM from participation in federal healthcare
programs.19 Meanwhile, All Smiles was part of a Texas state Medicaid audit finding that 90
percent of Medicaid claims for orthodontic braces were medically unnecessary and thus invalid.
Texas’ reduction of payments to some of All Smiles’ clinics led in part to All Smiles filing for
bankruptcy in May 2012.20
In both its guidance and its CIA with CSHM, OIG has identified the necessity and reasonableness
of services as primary risk areas for dental practices.21 Therefore, DPM companies should
continually monitor and assess the medical necessity and quality of dental treatments provided to
patients. Such efforts should include identifying and investigating specific risk areas for
noncompliance. DPM companies also should monitor pulp-to-crown ratios as OIG uses these as
indicators of the medical necessity of treatments, as seen with CSHM.
7. Ensure accurate billing and coding for services rendered.
14 FORBA CIA, pg. 33-34; All Smiles CIA, pg. 15.
15 OIG Press Release (2014), supra note 2.
16 OIG Compliance Guidance for Individual and Small Group Physician Practices, 65 Fed. Reg. 59434,
59442 (Oct. 5, 2000).
17 DoJ Press Release (2010), supra note 3.
18 Amendment to FORBA CIA, pg. 5 (Mar. 13, 2012).
19 OIG Press Release (2014), supra note 2.
20 Freedberg, supra note 2.
21 65 Fed. Reg. at 59439; FORBA CIA, pg. 12-13, 15-16.
7 Key Lessons for Dental Practice Management Companies from Corporate Integrity Agreements | Page 6
Prior to All Smiles entering into a CIA with OIG in 2012, the government alleged that the DPM
company submitted improper claims for services that were not furnished or rendered, were
unbundled, or were not properly documented.22 In its Compliance Program Guidance for Third-
Party Medical Billing Companies, OIG emphasized the need for proper documentation of services
rendered in order to ensure they are billed appropriately.23
DPM companies need to monitor to ensure services are billed accurately and properly. DPM
companies also should ensure the services are coded correctly, as OIG has focused on practices
such as unbundling and upcoding in its investigations.24 Obtaining proper and timely
documentation of all services prior to billing can help DPM companies ensure they are in
22 Press Release, United States Attorney’s Office, Northern District of Texas, Texas Orthodontic Clinic and
Former Owner Resolve Allegations of False Medicaid Claims, available at
23 OIG Compliance Guidance for Third-Party Medical Billing Companies 63 Fed. Reg. 70138, 70144.
24 63 Fed. Reg. at 70142.