skip to Main Content

2016 Program Audit and Enforcement Report Shows Continued Drive Toward Rigorous Compliance Regime

2016 Program Audit And Enforcement Report Shows Continued Drive Toward Rigorous Compliance Regime

On September 6, 2016, the Centers for Medicare and Medicaid Services (CMS) released their annual Part C and Part D Program Audit and Enforcement Report, showing the healthcare regulator’s continued passion for compliance and audit.

CMS calculates audit scores in the following manner: 0 points for observations, 1 point for each corrective action required (CAR), and 2 points for each immediate corrective action required (ICAR). An overall audit score is created by dividing the sum of points by the number of audit elements tested. The lower the score, the better the audit result.

In 2015, 22 plans went through program audits, resulting in a range of scores from 0.47 to 3.35, with an average of 1.76. Here are some of the key findings:

  • Overall audit performance was roughly the same year over year (slightly worse in 2015).
  • On the flip side, there was rather marked improvement from 2012 (when the hammer started coming down) to 2015, with the average number of conditions cited per sponsor falling from 38 in 2012 to 27 in 2015.
  • There were continued common findings in major areas for Medicare Advantage plans and standalone Part D plans (see the list later in the blog).
  • The Compliance Program area saw improvement with a 33% average score reduction from 2014.
  • Audit scores for the program areas of Formulary Administration, Organization Determination/Appeals/Grievances (ODAG), and Coverage Determinations/Appeals/Grievances (CDAG) were about flat compared to previous years; the Special Needs Plan Model of Care (SNP MOC) program area was demonstrably worse, from 1.83 to 2.61 year over year.
  • CMS imposed $10.3 million in Civil Monetary Penalties (CMPs), with an average of $516,163 per CMP. There were 20 CMPs imposed for 83 violations. The highest CMP amount imposed was $3,100,000, and the lowest was $30,000. It is important to note that CMPs do not result just from the annual program audit. They can be levied at any time. Indeed, major CMPs were levied in 2015 for inaccurate Annual Notices of Change (ANOCs) and inaccurate pharmacy and provider network information. Also, five of the most egregious offenders received suspensions of enrollment or marketing.

The report also sought to ascertain reasons for better performance. Plan size, plan demographics, program experience, Star achievement, and profit status were all examined.

  • Plan size and plan demographics did not seem to measurably impact audit performance.
  • Plan experience and audit performance did correlate, with those in the program five years or longer performing better.
  • 4 and 4.5 Star plans tended to have better audit scores, but the relationship to Star does not seem to be terribly demonstrable.
  • Profit status had the strongest correlation; non-profit plans had better audit scores (1.07 average), while for-profit plans scored 2.0 on average. (Remember, in this case lower is better.)

CMS also outlined how plan sponsors are selected for audit. It cites a number of sources, with the primary one being the risk assessment conducted each year. The risk assessment takes into account the following: Medicare Advantage and Part D Star ratings data, past performance data, plan reported data, and other operational information (e.g., large enrollment growth in a short period of time, large-scale formulary changes, changing Pharmacy Benefit Managers (PBMs), etc.). While those are rather data-driven criteria, more discretionary ones include audit referrals (from Regional Offices and/or Central Office), the low-performing list, and plans not audited in the last three years.

During the 2015 audits, plans had to adjust to a few major changes in the audit regime:

  • Conditions for inaccurate universe submissions were introduced if a plan misses in three attempts. This policy is sure to become more rigorous as years pass and the kinks are worked out.
  • Program Audit Consistency Teams (PACTs) were established to bring more discipline to the audit process. The teams are comprised of representation from throughout CMS and the team assesses each audit and classifies results to ensure consistency across regions and auditors.
  • A much greater and more refined set of audit universes was created. This has helped move CMS’ case sampling in the audit from a more random approach to using suspect algorithms (i.e., honing in on possible non-compliant cases and choosing those cases to be audited).

In the report, CMS also laid out the common findings across the program areas audited. We have written often about these in the past and none of them are terribly new. Here is a summary of the common audit findings.

Common Audit Findings 2015

Compliance Program Effectiveness:

  • Delegated oversight was lacking or insufficient
  • Communication of compliance information to plan personnel was lacking
  • Barred providers/exclusion reviews were not performed on delegated subcontractors
  • Lack of updating of senior leadership on compliance monitoring and findings
  • Risk assessment and monitoring was insufficient

Formulary Administration: CMP violations down from average of 2.4 in 2014 to 2.1 in 2015

  • Plan had unapproved quality limits
  • Plan did not abide by the transition policy
  • Improper effectuation
  • Unapproved PA edits
  • No or wrong formulary on website

Coverage Determinations, Appeals and Grievances: CMP violations down from average of 3.0 in 2014 to 2.25 in 2015

  • Denial notice/letter was missing or insufficient; lack of clear and concise verbiage and denial rationale
  • Lack of auto-forwards to Independent Review Entity (IRE)
  • Insufficient outreach to providers for lack of clinical information before authorization or appeal denied
  • Case timeliness violations
  • Misclassifications of cases (e.g., Appeals classified again as Coverage Determinations)

Organization Determinations, Appeals and Grievances: CMP violations down from average of 1.9 in 2014 to 1.7 in 2015

  • Case timeliness violations
  • Denial notice/letter was missing or insufficient; lack of clear and concise verbiage and denial rationale
  • Inappropriate denial of services or payments
  • Insufficient outreach to providers for lack of clinical information before authorization or appeal denied

Special Needs Plan Model of Care: findings generally much more common in this category

  • Lack of annual reassessments
  • Lack of Individualized Care Plans
  • Lack of revisions to Individualized Care Plans consistent with the Model of Care or as needed when health conditions change
  • Late initial assessments
  • Individualized Care Plans do not match findings in Health Risk Assessments

With an eye on 2016, we believe it will be important for plans also to focus on Provider Network Adequacy and Medication Therapy Management Program (MTMP) performance. These are two new pilot audit areas for 2016 that are sure to be added to the program audit in the future. As noted above, accuracy of provider networks are being closely scrutinized. And CMS is terribly concerned about poor performance overall in MTMP, as well as the Comprehensive Medication review (CMR measure). CMS is paying particular attention to medication adherence and roughly one-third of all Medicare Advantage Part D Star measures are now pharmacy focused.

In conclusion a few key recommendations to ensure your plan is audit ready:

  • The business unit of the program area – not the compliance department – should own the compliance responsibility. As the business subject matter expert, he or she knows the most about his or her area and therefore would know the most about how compliant the plan really is in this department.
  • Keep detailed issue logs of issues and remediation of issues. Report to compliance as necessary.
  • Ensure you conduct your own Beneficiary Impact Analyses and remediate as often as necessary. Make sure these are well thought out, whether prior or during audit.
  • Be transparent with CMS. Disclosed and self-identified issues can help tremendously on audit findings, both formally under the regulations and informally with your auditor.
  • Get the team together to self-assess your weaknesses, especially regarding the common findings mentioned in this blog. Review the multitude of information CMS publishes for you to perform well on audits:
    • Annual audit guidance
    • Best practice memos
    • Audit results
    • Corrective action plans
    • Civil monetary penalty letters
    • Frequent webinars/conferences on the topics
  • Get in the habit of running your universes monthly or twice monthly so you have a thorough understanding of the fields, values, and what makes sense when the universe is populated.
  • Undertake frequent mock audits – at least monthly – as the business owner of the program area.
  • Compliance should run an independent quarterly audit or review of their own.
  • Use the Job Aids published by CMS and keep an eye out for new ones that should come out soon. These help correct for the major deficiency areas found by CMS.
  • Delegated oversight is where plans seem to struggle the most. Remember your downstream vendors are “the plan” in CMS’ eyes. Numerous findings can be linked to poor performance on the part of these entities. Have a superior delegated oversight process that includes:
    • A formal oversight structure and regularly planned meetings covering all topics related to the delegation.
    • Include the delegated entity in your universe mock drills and mock audits and closely scrutinize the accuracy of the information.
    • Demand engagement from all areas of your delegated vendors (e.g., clinical, quality, claims, compliance, and leadership).
    • Have audit penalties and other processes in your contracts.
    • Perform formalized reporting.
    • Disseminate your Policies and Procedures as well as CMS memos to contractors and demand their insights and ways they will comply.

Lastly, whatever one thinks of CMS’ audit regime, it is hard to argue that the regulator hasn’t telegraphed every punch. Use that to your advantage. Plan, plan, and plan.

Marc Ryan

Marc S. Ryan serves as MedHOK’s Chief Strategy and Compliance Officer. During his career, Marc has served a number of health plans in executive-level regulatory, compliance, business development, and operations roles. He has launched and operated plans with Medicare, Medicaid, Commercial and Exchange lines of business. Marc was the Secretary of Policy and Management and State Budget Director of Connecticut, where he oversaw all aspects of state budgeting and management. In this role, Marc created the state’s Medicaid and SCHIP managed care programs and oversaw its state employee and retiree health plans. He also created the state’s long-term care continuum program. Marc was nominated by then HHS Secretary Tommy Thompson to serve on a panel of state program experts to advise CMS on aspects of Medicare Part D implementation. He also was nominated by Florida’s Medicaid Secretary to serve on the state’s Medicaid Reform advisory panel.

Marc graduated cum laude from the Edmund A. Walsh School of Foreign Service at Georgetown University with a Bachelor of Science in Foreign Service. He received a Master of Public Administration, specializing in local government management and managed healthcare, from the University of New Haven. He was inducted into Sigma Beta Delta, a national honor society for business, management, and administration.

Back To Top