skip to Main Content

June 2017 Compliance Insights

June 2017 Compliance Insights

IMPORTANT REMINDERS

May 9, 2017 Release of the 2016 Medicare Part C and Part D Program Audit and Enforcement Report. Click to view the report on the Part C and Part D Compliance and Audits website.

Late May/Early June, 2017 Release of the CY 2018 Medicare Marketing Guidelines in HPMS

June 2017 Release of state-specific marketing guidance for MMPs

July 20, 2017 CMS’ 2017 Programs of All-Inclusive Care for the Elderly (PACE) Conference & Webcast. Click to register In-person or for Webcast.

COMPLIANCE NEWS

Audit Scrutiny at All Time High for Medicare Plans

2017 is off to a quick start when it comes to compliance in the Medicare Advantage (MA) world.

Timeliness Monitoring

This year has started off with a three-wave timeliness monitoring pilot for Coverage Determinations/Appeals/Grievances (CDAG) and Organization Determinations/Appeals/Grievances (ODAG). CMS began the initiative to ensure it is able to gain greater insight into timeliness compliance beyond the number of program audits it does each year. CMS says the results of the timeliness monitoring process may be available as early as summer and it should give CMS a robust view of the status of the entire industry on one of the key focuses of program audits. It could also lead to additional program audits for problematic plans as well Civil Monetary Penalties (CMPs).

CMP Announcement

In March, we found out that CMPs will be announced once per year and that 17 sponsors received penalties for 2016. The move to a once-per-year announcement gives CMS the ability to more closely assess plans and levy bigger penalties on the poorest performers. While audit scores are improving markedly, but CMPs continue to remain high (with almost 50% of sponsors in 2016 receiving them). The long and short of it is that plans seem to be amassing better compliance records overall but still struggle with key areas that are member facing. CMS focuses CMPs on areas that cause the greatest beneficiary harm.

Spring Conference

The CMS 2017 Medicare Advantage & Prescription Drug Plan Spring Conference focused some time on the major conditions cited across the 2016 audits. In addition, the CDAG and ODAG Audit Data Request record layouts were discussed, and several questions were asked by the audience. MedHOK has reviewed the information and ensured that the CDAG and ODAG audit report logic matches what was presented at the conference. Click to view the presentations and videos on the CMS Event Archives webpage.

Additional Audits

Given investments in additional resources the number of audits performed over the past years and moving forward should be much greater. CMS is currently in cycle 2 (which began in 2015) of its audits and by the end of 2017 almost half of all plans will have been audited. Almost 80 percent of enrollees were in contracts audited in 2015 and 2016. MedHOK has already worked with our plan clients on numerous audits this year. While many focus areas are similar to previous years, there are some new emerging trends which include:

  • The focus on case timeliness continues.
  • Outreach for needed medical documentation is a keen focus as well.
  • Continued concern about clear and concise verbiage is apparent.
  • Plans are being told that extensions for ODAG requests should not be taken for contracted providers, unless there are truly extenuating circumstances.
  • As noted above, CMS is turning major attention to the SNP MOC area. While it has yet to issue CMPs in this program area, the increased focus and findings leads us to believe that CMPs could be on the horizon in the near future.
  • Formulary administration by PBM remains a major problem for plans, including PA edits and length of effectuation period.
  • Auditors want to see correct use of criteria in decisioning both ODAG and CDAG.
  • In the case of the pilot MTM audit, CMS is very focused on ensuring that all eligible participants are indeed given an opportunity to participate in MTM.
  • We also note the new non-discrimination notification mandate, Section 1557 of the Patient Protection and Affordable Care Act, went into effect late last year.

This is summary of a recently posted MedHOK blog. Click to see the full blog post.

CalDuals – Coordinated Care Initiative Updates

The Department of Health Care Services (DHCS) has announced an updated and improved website for the Coordinated Care Initiative (CCI), www.CalDuals.org. The revised website has a more user-friendly design and navigation features for beneficiaries as well as Health Care Providers, with an emphasis on ease of use for beneficiaries. The updated website will continue to be a source of educational resources about the CCI, outreach events and a way for stakeholders to provide feedback.

DHCS has also developed and released the Cal MediConnect Beneficiary Toolkit to support beneficiaries as well as act as a resource for health plans, advocates, and community organizations that engage directly with beneficiaries. This reader-friendly toolkit, “What you need to know about Cal Medi-Connect” is available in the thirteen threshold languages and a printed copy can be requested.

Enrollment by county has also been released as of May 1, and is now available here.

2017 PACE Operational Audit Information

Following the release of the 2017 Programs of All-Inclusive Care for the Elderly (PACE) Audit Protocol on April 11, 2017, the CMS Medicare Parts C and D Oversight and Enforcement Group (MOEG) provided reminders and resource tool updates related to the 2017 PACE audits. A summary of the May 3, 2017 HPMS memo is below:

  • Health Plan Management System (HPMS) Access and Contacts: For 2017, PACE audits will be conducted with the use of the Health Plan Management System (HPMS) audit module. In order to access this module, PACE Organizations should ensure the appropriate staff at their organization have HPMS access (active User IDs and passwords).
  • Universe Templates for Data Submissions: In order to assist PACE Organizations with compiling and submitting the data described in Appendix A of the 2017 PACE Audit Protocol, CMS has developed seven universe template tools based on the protocol record layouts. These templates are macro-enabled and allow PACE Organizations to validate their own data prior to submitting the information to CMS. These resource tools will be available to all PACE organizations in HPMS; however, organizations are not required to use them for audit data submissions.
  • The PACE Audit Consistency Team (PACT): In an effort to ensure consistency in PACE audits, CMS has implemented a PACE Audit Consistency Team for 2017 audits. This team consists of staff from CMS central office and the regional offices. Auditors will hold an exit conference to discuss preliminary conditions with the PACE Organization while onsite. The PACT then meets after each audit to review all identified conditions of non-compliance, determine which conditions should be cited in the audit report, and determine the final classification for each condition (i.e., Observation, Immediate Corrective Action Required (ICAR), or Corrective Action Required (CAR)).
  • Audit Related Questions: In an effort to provide consistent and timely information, CMS has created a resource mailbox that may be used for audit related questions from PACE organizations or other stakeholders, including audit process and data request clarifications. PACE Organizations should copy their account manager on any communications sent to the mailbox. Please note that if an audit is underway (i.e., an audit engagement letter has been sent) all audit related questions must go to the Audit Lead who will remain the primary point of contact throughout the audit process. The new PACE audit mailbox address is: PACEAuditQs@cms.hhs.gov

SECURITY NEWS

A website created by a physician at Children’s Mercy Hospital in Kansas City, MO has recently been discovered to lack appropriate security protections, potentially allowing the protected health information of 5,511 patients to be viewed by unauthorized individuals.

The physician created the website with good intentions and used the site as an educational resource. Data uploaded to the website was protected with a password to prevent unauthorized access. However, the protections in place to prevent unauthorized ePHI access did not meet the hospital’s security standards. The lack of security controls on the website meant information uploaded to the website could have been accessed by unauthorized individuals.

Contact information (addresses and telephone numbers), Social Security numbers, financial information, health insurance details, photos and other images were not uploaded to the site. However, the website did contain information such as patients’ first and last names, gender, age, medical record number, encounter number, dates of service, admission and discharge dates, birthdates, procedure dates, procedure and diagnostic codes, brief notes on the patient and their height, weight and body mass index.

The types of information uploaded to the website would not typically allow unauthorized individuals to defraud patients or commit identity theft, but as a precaution, all patients impacted by the incident have been offered identity theft protection services free of charge through AllClear.

The physician who created the website believed the information uploaded to the website had been appropriately secured and was inaccessible by unauthorized individuals. Children’s Mercy Hospital said the website was unauthorized, was not owned by the hospital, and that the creation of the website and uploading of ePHI was a violation of hospital policies. The website has now been taken down.

The incident has prompted Children’s Mercy Hospital to reeducate key staff members on compliance to prevent future incidents of this nature from occurring. Children’s Mercy Hospital has not received any reports to suggest information uploaded to the website has been misused in any way.

HIPAA Journal. “Children’s Mercy Hospital Discovers Unauthorized Website Exposed 5,500 Patients’ PHI”

Marc Ryan

Marc S. Ryan serves as MedHOK’s Chief Strategy and Compliance Officer. During his career, Marc has served a number of health plans in executive-level regulatory, compliance, business development, and operations roles. He has launched and operated plans with Medicare, Medicaid, Commercial and Exchange lines of business. Marc was the Secretary of Policy and Management and State Budget Director of Connecticut, where he oversaw all aspects of state budgeting and management. In this role, Marc created the state’s Medicaid and SCHIP managed care programs and oversaw its state employee and retiree health plans. He also created the state’s long-term care continuum program. Marc was nominated by then HHS Secretary Tommy Thompson to serve on a panel of state program experts to advise CMS on aspects of Medicare Part D implementation. He also was nominated by Florida’s Medicaid Secretary to serve on the state’s Medicaid Reform advisory panel.

Marc graduated cum laude from the Edmund A. Walsh School of Foreign Service at Georgetown University with a Bachelor of Science in Foreign Service. He received a Master of Public Administration, specializing in local government management and managed healthcare, from the University of New Haven. He was inducted into Sigma Beta Delta, a national honor society for business, management, and administration.

Back To Top