Looking Ahead: Proposed Rule, CBI Conference

CMS-4190-P is scheduled to be published on February 18, 2020. It is published for public inspection now, giving the industry an early start in reviewing and drafting comments prior to the April 6, 2020 submission deadline. There are 895 pages of proposed rulemaking, and although the Centers for Medicare & Medicaid Services (CMS) released a fact sheet about the rule, the summary is just the tip of the iceberg. There are other important aspects of the proposal meriting consideration, not only for operational impact but also beneficiary impact. Think Star Ratings, past performance evaluation, and supplemental benefit eligibility, criteria, and documentation. 

This month I will be speaking with John Wells and Scott Ptacek at the CBI Medicare Pricing and Contracting Congress. This proposed rule could not have come at a better time for presenters. Speakers include representatives of the U.S. Government Accountability Office, Milliman, and NORC at the University of Chicago. If you happen to be in the Alexandria, VA area at the end of the month, this should be an information-packed event, so please join us!

Also approaching is the CMS deadline for Medicare Advantage and Part D new applications and expansions. I wrote about the application process in October. CMS also released their annual calendar of key dates last week. 

For compliance professionals out there, February should be an intense month of reading, partnering with your operational areas, and though it seems unreal, planning for 2021 and 2022. This is especially important for those managing D-SNPs. As always, feel free to contact me to discuss any of these topics. 

2020 HCCA Managed Care Compliance Conference

I am just back from the Health Care Compliance Association’s annual managed care compliance conference, which was held from January 26-29. All presenters I heard were really prepared and delivered timely and valuable information. Here are some of my favorite points from the conference.

Data is now more valuable than oil as a resource.

Michael Gray, Eliza Jennings

One of my favorite sessions pertained to cyber threats and compliance challenges. Learning how ransomware is on the rise will help me educate clients on the importance of following their own internal security policies, and connecting with their Security Officer if they are unsure of the risks. Thieves appear to be getting more savvy in tailoring emails that you or your employees will tend to click. Another wise lesson for everyone pertained to credential theft. As people use the same passwords across different platforms, theft of credentials is common and can wreak havoc on your other accounts. Unique passwords, everyone!

Another fantastic session pertained to dual products and Medicare Medicaid Plans, and how to navigate state and federal oversight. Sponsors face a tough hurdle especially if they are multi-state plans, because if you know one Medicaid program, you know one Medicaid program. With continued push for integration, maintaining effective communication between you, the state and CMS is imperative.

Hallway chats and networking breaks are the best ways to connect with others to see what is on their minds. What’s on their minds today? 2021 draft program audit protocols; RADV audits; risk assessments, and doing more about fraud, waste and abuse. The common concern of those I talked to was staying on top of everything with expansion of business, increase in regulatory changes, and the constant stream of audits to which their organizations are subject. More than once was the phrase “Wild West” used to describe this current era of compliance management.

A number of sessions (including my own) addressed first tier entity, delegate or subcontractor oversight and relationships. Sponsors manage these relationships in a variety of ways, and with new partners entering the market to work with plans, establishing proper oversight is imperative now more than ever. Contact me if you would like to chat about my session, Compliance in the New Age of Supplemental Benefits, or any other aspects of the conference.

Last Call: CMS Program Audit Protocol 30 Day Comment

Since this is one of the most restful times for compliance professionals (insert sarcasm face here), you may all have plenty of time to review the most recent release of the Centers for Medicare & Medicaid Services (CMS) program audit protocol package. On Friday, CMS released a memo announcing the opportunity for the industry to provide comment.


  • Audit letters are to be sent between March and July 2020. There are 25 parent organizations set to undergo routine audit in 2020.
  • In response to the August release, the agency received 109 unique comments and adopted many suggestions, such as removing columns no longer needed.
  • Guidance on the process for reviewing the Employee and Compliance Team and first tier entity samples was provided in the CPE audit process and data request document. This methodology has continued to evolve over the years, and certainly the industry should be pleased with this clarification.
  • Every audit area has been updated with refined data requests and/or revised instructions. CDAG and ODAG specifically have been updated to align with the Part C and D Enrollee Grievances, Organization/Coverage Determination, and Appeals guidance. For example, edits were made to accommodate revised notification requirements and exclusion of withdrawn cases.
  • CMS is accelerating the timing of scheduling of universe integrity testing. The worst-case scenario mailing policy has also been removed from their guidance.
  • The agency also removed reference to Tracer Case Summary Evaluations during Phase II, Audit Field Work, although reference to the onsite review remains. They did not provide clarification in the data request as to whether sponsor has a choice to provide only the tracers or also the supporting documentation ahead of time.
  • Additional detail is provided relating to an audit’s impact on Past Performance Reviews. This clarification should be evaluated for those organizations considering new applications or expansions.

There are also a number of requests and comments not addressed. For example, one sponsor requested CMS provide Excel versions of the universe tables. Another sponsor suggested changing a dismissal column to a streamlined, numerical field to indicate type of request dismissed (such as 1 for grievance, 2 for pre-service organization determination, and so on).

Make sure you send this revised draft package to your key business partners who typically participate in the audit process, including anyone involved in data preparation in the organization and at your delegates. Now is the time to request additional clarification or changes.  Feedback is due on January 27. Happy reading!


Stop, Just Stop: A Prevention Control

I do not know one compliance professional who considers this time of year a restful one. There are budget meetings, audits, new product launches, and readiness activities filling their bag of worries, when so many others are counting down the hours to taking the week off. Even if these folks are taking vacation time, the ones I know will succumb to the bad habit of checking email while at family luncheons or while shopping the post-holiday sales.

While conducting an audit recently using the Centers for Medicare & Medicaid Services (CMS) program audit methodology, it dawned on me that leadership does not get a sense of what a plan gets right in an audit report, outside of the rare best practice identified. Many requirements roll up to the three Compliance Program Effectiveness elements of Prevention Controls and Activities, Detection Controls and Activities, and Correction Controls and Activities. It can be disheartening to just receive the bad news, but it’s the way it is.

There will always be something that needs improvement or refinement. As we close 2019, take a moment to do the following:

  • Reflect on the controls you have in place that are working well. If you have not taken stock in what those are, take the opportunity to do so.
  • Express gratitude to the people around you in compliance and operations who collaborate and partner with you even during the most trying situations, whether it’s launching a new product or on-boarding a vendor who does not know what protected health information is.
  • Apply the compliance controls to your life. Take a day off, including from your email. This prevention control is an important one to avoid burnout and stress-related health issues.

There is so much to be excited about in 2020. Be well for it, and I will see you then!

CMS Fall Conference: Looking Ahead to 2020

The Centers for Medicare & Medicaid Services held their Medicare Advantage and Prescription Drug Plan Fall Conference & Webcast yesterday in the pleasantly comfortable city of Baltimore, MD. Collaboration and transparency seemed to be themes in the various sessions, covering topics such as the enhancement of Independent Review Entity data reporting, integration policies for 2021 Dual Eligible Special Needs Plans, and one-third financial audits. Currently, all session information is in the Upcoming/Current Events section of CMS’ website but it is anticipated it will move to Event Archives, along with video recordings of each session to follow in the future.

A blended panel of CMS and health plan representatives provided advice and specific practices on accessible communications. The speakers were well-prepared and provided many suggestions and examples during their allotted time, such as: interpreters via video, centralized database for member communications preferences, listening to live calls to ensure call center representatives are capturing communication requests, quarterly regression testing on websites, and hosting an inclusion and diversity week. One panelist effectively summed up the spirit of the session suggesting not to only think about the requirement, but to put the consumer first.

While not explicitly stated, accessible communications practices can and should be leveraged by sponsor partners such as delegates, providers, and community agencies participating in the MA-PD program. As I mentioned in a previous post, CMS released best practices regarding communications accessibility. No, these requirements may not be in the ever-present program audit protocol, but this is just as important of a focus area. If a member is not able to interact with their plan, how can they effectively access their benefits and services? My advice: assign one of your most creative employees to think of innovative ways to ensure equal access regardless of abilities.

The keynote delivered by Demetrios Kouzoukas, Principal Deputy Administrator and Director of the Center for Medicare, included glowing statistics regarding the state of Medicare Advantage and Part D. He acknowledged even with the many improvements completed (such as broadening benefits, streamlining the materials process, and implementing new legislation), the agency is not resting on laurels. He said the administration will continue to protect the program and build on elements that work well. Based on the messaging, this next year looks to be a continuation of collaboration and transparency for CMS.