Proposed Rule CMS-4190-P: Appeal Escalation

Today the Centers for Medicare & Medicaid Services (CMS) published their proposed rule CMS-4190-P. This post focuses on the automatic appeal escalation to external review for Medicare Part D drugs under the Drug Management Program, or DMP.

Background: Under DMPs, a plan engages in case management by contacting prescribers to determine whether a beneficiary is at-risk for misuse or abuse of frequently abused drugs. If a determination is made that the beneficiary is at-risk, the beneficiary is notified in writing and the plan may limit their access to coverage of opioids and/or benzodiazepines to a certain prescriber and/or certain pharmacies. (CMS is proposing to make DMPs mandatory effective January 1, 2022, noting the majority of Part D sponsors have already voluntarily implemented DMPs.)

CMS is also proposing to require the automatic forwarding of redeterminations of a DMP appeal to the independent review entity (IRE) responsible for conducting Part D reconsiderations (Part D level 2 appeals). Medicare Advantage plans have been familiar with the auto-forward requirement for years, as affirmed reconsiderations (Part C level 1 appeals) must be forwarded by the expiration of the adjudication timeframe. However, this process would be new for Part D-only plans such as standalone Prescription Drug Plans, or PDPs, as today only untimely decisions are auto-forwarded to the IRE.

What would this finalized provision mean for a beneficiary? For members who receive an affirmed denial of a DMP appeal, this means their appeal will automatically be forwarded to the IRE. Currently, other affirmed Part D redeterminations are not auto-forwarded. The appellant must make an additional request for an independent review. If this proposal moves forward, those who have been denied their medications due to a DMP decision will be guaranteed that “outside look” to either affirm or overturn the plan’s decision. This streamlines the steps the appellant has to take in this special circumstance. 

What would this finalized provision mean for a plan? If this moves forward, the plan will need to ensure procedures are changed and training is conducted, not only for the appeals department, but also for member services and the case management team working on the DMP decisions. It would be anticipated that member notices would change should this proposed rule become final. Plan and delegate parties to the process must understand how the member’s rights will change. 

Is the volume going to be high? CMS thinks not. The agency expects there will be approximately 28,600 appeals per year, of which 0.08 percent (or 23 cases) will be subject to this auto-forward. Based on this estimate, some plans might never process one of these appeals. However, even if one is received and denied, it is going to be important to auto-forward the case correctly and timely. CMS has been reviewing appeals in their program audit protocol for years, and if this provision is finalized, it could be anticipated DMP appeals may be targeted for sample selection to ensure adherence to the new rule. 

Looking Ahead: Proposed Rule, CBI Conference

CMS-4190-P is scheduled to be published on February 18, 2020. It is published for public inspection now, giving the industry an early start in reviewing and drafting comments prior to the April 6, 2020 submission deadline. There are 895 pages of proposed rulemaking, and although the Centers for Medicare & Medicaid Services (CMS) released a fact sheet about the rule, the summary is just the tip of the iceberg. There are other important aspects of the proposal meriting consideration, not only for operational impact but also beneficiary impact. Think Star Ratings, past performance evaluation, and supplemental benefit eligibility, criteria, and documentation. 

This month I will be speaking with John Wells and Scott Ptacek at the CBI Medicare Pricing and Contracting Congress. This proposed rule could not have come at a better time for presenters. Speakers include representatives of the U.S. Government Accountability Office, Milliman, and NORC at the University of Chicago. If you happen to be in the Alexandria, VA area at the end of the month, this should be an information-packed event, so please join us!

Also approaching is the CMS deadline for Medicare Advantage and Part D new applications and expansions. I wrote about the application process in October. CMS also released their annual calendar of key dates last week. 

For compliance professionals out there, February should be an intense month of reading, partnering with your operational areas, and though it seems unreal, planning for 2021 and 2022. This is especially important for those managing D-SNPs. As always, feel free to contact me to discuss any of these topics. 

2020 HCCA Managed Care Compliance Conference

I am just back from the Health Care Compliance Association’s annual managed care compliance conference, which was held from January 26-29. All presenters I heard were really prepared and delivered timely and valuable information. Here are some of my favorite points from the conference.

Data is now more valuable than oil as a resource.

Michael Gray, Eliza Jennings

One of my favorite sessions pertained to cyber threats and compliance challenges. Learning how ransomware is on the rise will help me educate clients on the importance of following their own internal security policies, and connecting with their Security Officer if they are unsure of the risks. Thieves appear to be getting more savvy in tailoring emails that you or your employees will tend to click. Another wise lesson for everyone pertained to credential theft. As people use the same passwords across different platforms, theft of credentials is common and can wreak havoc on your other accounts. Unique passwords, everyone!

Another fantastic session pertained to dual products and Medicare Medicaid Plans, and how to navigate state and federal oversight. Sponsors face a tough hurdle especially if they are multi-state plans, because if you know one Medicaid program, you know one Medicaid program. With continued push for integration, maintaining effective communication between you, the state and CMS is imperative.

Hallway chats and networking breaks are the best ways to connect with others to see what is on their minds. What’s on their minds today? 2021 draft program audit protocols; RADV audits; risk assessments, and doing more about fraud, waste and abuse. The common concern of those I talked to was staying on top of everything with expansion of business, increase in regulatory changes, and the constant stream of audits to which their organizations are subject. More than once was the phrase “Wild West” used to describe this current era of compliance management.

A number of sessions (including my own) addressed first tier entity, delegate or subcontractor oversight and relationships. Sponsors manage these relationships in a variety of ways, and with new partners entering the market to work with plans, establishing proper oversight is imperative now more than ever. Contact me if you would like to chat about my session, Compliance in the New Age of Supplemental Benefits, or any other aspects of the conference.

Last Call: CMS Program Audit Protocol 30 Day Comment

Since this is one of the most restful times for compliance professionals (insert sarcasm face here), you may all have plenty of time to review the most recent release of the Centers for Medicare & Medicaid Services (CMS) program audit protocol package. On Friday, CMS released a memo announcing the opportunity for the industry to provide comment.


  • Audit letters are to be sent between March and July 2020. There are 25 parent organizations set to undergo routine audit in 2020.
  • In response to the August release, the agency received 109 unique comments and adopted many suggestions, such as removing columns no longer needed.
  • Guidance on the process for reviewing the Employee and Compliance Team and first tier entity samples was provided in the CPE audit process and data request document. This methodology has continued to evolve over the years, and certainly the industry should be pleased with this clarification.
  • Every audit area has been updated with refined data requests and/or revised instructions. CDAG and ODAG specifically have been updated to align with the Part C and D Enrollee Grievances, Organization/Coverage Determination, and Appeals guidance. For example, edits were made to accommodate revised notification requirements and exclusion of withdrawn cases.
  • CMS is accelerating the timing of scheduling of universe integrity testing. The worst-case scenario mailing policy has also been removed from their guidance.
  • The agency also removed reference to Tracer Case Summary Evaluations during Phase II, Audit Field Work, although reference to the onsite review remains. They did not provide clarification in the data request as to whether sponsor has a choice to provide only the tracers or also the supporting documentation ahead of time.
  • Additional detail is provided relating to an audit’s impact on Past Performance Reviews. This clarification should be evaluated for those organizations considering new applications or expansions.

There are also a number of requests and comments not addressed. For example, one sponsor requested CMS provide Excel versions of the universe tables. Another sponsor suggested changing a dismissal column to a streamlined, numerical field to indicate type of request dismissed (such as 1 for grievance, 2 for pre-service organization determination, and so on).

Make sure you send this revised draft package to your key business partners who typically participate in the audit process, including anyone involved in data preparation in the organization and at your delegates. Now is the time to request additional clarification or changes.  Feedback is due on January 27. Happy reading!


Stop, Just Stop: A Prevention Control

I do not know one compliance professional who considers this time of year a restful one. There are budget meetings, audits, new product launches, and readiness activities filling their bag of worries, when so many others are counting down the hours to taking the week off. Even if these folks are taking vacation time, the ones I know will succumb to the bad habit of checking email while at family luncheons or while shopping the post-holiday sales.

While conducting an audit recently using the Centers for Medicare & Medicaid Services (CMS) program audit methodology, it dawned on me that leadership does not get a sense of what a plan gets right in an audit report, outside of the rare best practice identified. Many requirements roll up to the three Compliance Program Effectiveness elements of Prevention Controls and Activities, Detection Controls and Activities, and Correction Controls and Activities. It can be disheartening to just receive the bad news, but it’s the way it is.

There will always be something that needs improvement or refinement. As we close 2019, take a moment to do the following:

  • Reflect on the controls you have in place that are working well. If you have not taken stock in what those are, take the opportunity to do so.
  • Express gratitude to the people around you in compliance and operations who collaborate and partner with you even during the most trying situations, whether it’s launching a new product or on-boarding a vendor who does not know what protected health information is.
  • Apply the compliance controls to your life. Take a day off, including from your email. This prevention control is an important one to avoid burnout and stress-related health issues.

There is so much to be excited about in 2020. Be well for it, and I will see you then!