Publication

Are You Prepared to Pass a CMS Managed Care Audit?

The creation of the Medicare Parts C & D programs carried with it requirements to develop and implement an effective compliance program[1]. These programs must be designed to protect the integrity of Medicare funds by preventing fraud, waste, and abuse.  However until recently very little was done by CMS to ensure participating Prescription Drug Plans (PDPs) had all of the required elements in place to comply with government regulations. The OIG has repeatedly raised concerns about the non-compliance of the Plans and reported none reviewed by them had adequately addressed the compliance program requirements.[2]   In a second evaluation of the issue OIG[3] stated that CMS oversight has been lacking and recommended CMS to conduct audits to ensure that they meet all applicable Federal requirements.  The GAO also has noted a failure of PDP compliance in a March 3, 2010[4] report that was critical of CMS for not conducting the necessary oversight audits.

During 2010, CMS undertook aggressive actions to conduct audits of 30 Plans that included the core compliance areas identified by them.  They employed Medicare Drug Integrity Contractors or MEDICs to lead the effort.   The deficiencies were so great as it led to the termination and sanction actions against several Plans across the country.  Going forward, CMS has stated these audits will continue in 2011.  Thus, if your Plan was not audited last year, you should strongly consider making sure your compliance Plan is covering all of the required elements.

For those Plans audited this year, the process was standardized.  An engagement letter was sent with an attached document request to be submitted to CMS within five working days.  The audits focused on whether the Plans developed a comprehensive stand-alone fraud, waste, and abuse compliance program that included CMS’s core requirements.  The following summarizes the core compliance areas published by CMS that have been the subject of the audits:

  1. Enrollment/Disenrollment and Premium Billing
  2. Marketing/Agent Broker
  3. Beneficiary Communications – ANOCs and EOBs
  4. Appeals and Grievances
  5. Part D Formulary Administration
  6. Compliance Plans/Programs

For each of the core areas there are specific set of requirements that must be met.  The following provides summary information as to the factors considered for each area. In order to meet the Enrollment/Disenrollment and Premium Billing Requirements the Plan must provide evidence and demonstrate they:

  • Are processing beneficiary enrollment elections correctly and timely
  • Are communicating correctly and timely with beneficiaries concerning their enrollment elections
  • Are disenrolling beneficiaries correctly and timely
  • Have timely and appropriate disenrollment communication with beneficiaries
  • Comply correctly and timely with beneficiary premium requirements

To meet the Marketing/Agent Broker Requirements, the Plan must demonstrate that Agents/Brokers:

  • Are licensed and successfully passed background checks
  • Have received training and passed tests on the Plan material
  • Are subject to oversight that includes the data verifying appropriate compensation being paid

For the Appeals/Grievances and Coverage Determination Requirements the Plan must demonstrate they are processing:

  • Beneficiary Part D grievances correctly and timely
  • Requests for coverage determinations correctly and timely
  • Processing requests for re-determinations correctly and timely

In order to meet Part D Formulary Requirements, the Plans must demonstrate they are:

  • Applying the transition process in accordance with CMS requirements
  • Administering the CMS-approved Part D formulary benefits properly
  • Including all protected class drugs in their administration of the formulary
  • In compliance with CMS requirements for the Pharmacy and Therapeutics Committee and they are appropriately involved in formulary management decisions

A considerable focus has been place on the Compliance Plan Requirements.  The audits examined whether the Plans adopted and implemented an effective compliance program that included measures that prevent, detect, and correct noncompliance with CMS’ program requirements, as well as measures that prevent, detect, and correct fraud, waste, and abuse. The audits included determining whether they can evidence having:

  • Written policies, procedures and standards of conduct articulating the organization’s commitment to comply with all applicable Federal and State standards
  • Designated a Compliance Officer and Compliance Committee accountable to senior management
  • An effective compliance education and training program for employees, contractors, agents and directors
  • Effective lines of communication between the Compliance Officer and the organization’s employees, contractors, agents, directors and members of the Compliance Committee
  • Enforced the standards of conduct following well-publicized disciplinary guidelines
  • Effective internal monitoring and auditing process and conducted risk assessments that include an assessment related to fraud, waste and abuse
  • Procedures for ensuring prompt response to detected offenses and development of corrective action initiatives, and has a process in place to identify individuals and entities excluded to participate in federal health care programs

The key to all the CMS reviews is sufficient evidencing of meeting the requirements.  Adopting some standardized Plan and calling it your own will not suffice.  In fact, any “painting by the numbers” compliance program won’t pass muster.  There must be a real program to addresses all the core areas established by CMS that can stand up to outside testing.

If your Plan Is able to meet all of these requirements, then you are prepared to meet the challenge of any CMS audit.  However, if you are lacking in any of these required areas, you need to address them immediately.  The timeframe between the receipt of the engagement letter and the beginning of the on-site audit will not allow you enough time to correct any deficiencies.  The audit time period will end prior to the date of the engagement letter.  Therefore, any new changes in policies or processes implemented after receipt of the engagement letter will not satisfy the CMS requirements and will be considered a finding for the audit.


[1] 42 CFR 423.504(b)(4)(vi)

[2] Prescription Drug Plan Sponsors’ Compliance Plans, December 2006, OEI-03-06-00100.

[3] Oversight of Prescriptions Drug Plan Sponsors’ Compliance Plans, October 2008, OEI-03-08-00230.

[4]   Medicare Part D, CMS Oversight of Part D Sponsor’s Fraud and Abuse Programs Has Been Limited, but CMS Plans Oversight Expansion.