2020 Part C and Part D Program Audit and Enforcement Report

In record time, the Centers for Medicare & Medicaid Services (CMS) released its 2020 Part C and Part D Program Audit and Enforcement Report.

CMS cautioned readers not to draw conclusions about the overall performance of audited sponsors in 2020 (covering a record low 1.4% enrollment) compared to those that were audited in previous years. Likely for this reason, as well as the fact they considered CMS flexibilities, they removed trending charts where they compared results from past years. Therefore, don’t assume if sponsors did far better in a particular audit area that it is indicative of industry performance or CMS’ auditing. To date, CMS has already exceeded the number of audit notices sent in 2020, so a different picture is surely being painted. Within a three-year period, the sponsors CMS audits represent around 95% of the enrollment of the Medicare Advantage and Part D program, so count on them working to close that gap. 

CMS mentioned that lovely package of overhauled audit protocolCMS-10717, indicating they are still waiting for Office of Management and Budget approval. Delaying implementation of this package, they noted, will give stakeholders sufficient lead-time to apply and test them prior to CMS’ implementation. If you were hoping they would take these back to the drawing board, you may need to re-think your conclusion. If the 95 pages of responses to comments received didn’t make their intent to move forward clear, then this report language should. 

As a result of reviewing enforcement action referrals, CMS provided important recommendations hidden under the description of lessons learned. Get cracking on these! By that, I mean make sure these major themes are incorporated into your next compliance risk assessment. 

  • Sponsors should improve internal processes for monitoring and refunding (when appropriate) overcharges to beneficiaries by contracted and non-contracted providers. Plan sponsors often focus on the test and methodology, reviewing timeliness and clinical decision-making, and benefit adjudication errors may at times fall to the wayside. Incorporate cost-sharing accuracy review into your retrospective processes, and test those benefits in a meaningful way prior to implementation. Mistakes happen in systems, so keep in mind the cost sharing might be accurate in January but fail in April because of something completely unexpected. 
  • Prepare for large enrollment increases in AEP. Most plans do this already – some of the harbingers of an enrollment boost include entering a new service area, offering a new product type, or competitors leaving your market. CMS includes several recommendations to ensure smooth enrollment. 
  • Do not let state requirements fall by the wayside. Yes, D-SNPs and Medicare-Medicaid Plans have quite a bit more interaction with the state than a standard MA-PD or PDP. However, you do not have to offer a D-SNP to miss a state financial licensure requirement. When sponsors fall out of state licensure and fiscal solvency requirements, they fall out of CMS contracting requirements. If your license is renewed annually, make sure you have the right people preparing the renewal, and that the organization stays current on what those state requirements are. 

Stress Testing your Compliance Program

Image of track numbers for a road race

Is there anything like a good workout to get that heart rate up, blood flowing? It’s always better in groups, where you can cheer one another on to keep up the good work. Two examples of this come to mind: on the road, my dear colleague Charro would always be an inspiration to get down to the gym. Another example was when I entered the Tour De Patrick, three 5k races in March, and while my cousin had already finished, it was fantastic to hear “Keep it up, 1308!” from an encouraging stranger in the crowd. Nothing like a good push to get you over the finish line.

During one of my courses at Fordham Law, our professor placed us into groups for a number of assignments. The five of us, from a variety of industries, had to count on each other for our individual grades. In the end, our distinct experiences in compliance ended up serving our assignments very well. (I also came away with glimpses into financial and customs compliance, including examples of reverse false claims!)

I recommend you stress test your compliance controls by asking a trusted colleague to look under the covers. The program is not something you can touch and hold, so it should be in place whether everyone is onsite or you are working remotely. Don’t sit paralyzed waiting for your program audit notice; it is always a good time to put elements of the program through the paces, and document this monitoring effort. Are corrective actions being validated? Has it been a while since your last compliance risk assessment? Have you communicated recent compliance trends? When is the last time a “top-down” message about the commitment to compliance was issued? Perhaps they test the hotline, or they review the delegation oversight committee minutes. You don’t need to buy a Peloton or a wacky mirror with a personal trainer in it to get the blood flowing in your compliance program. As the saying goes: just do it!

You Don’t Need to Drink the Sea: 2021 Program Audit Protocols 30-day Comment

On June 4, 2020, the Centers for Medicare & Medicaid Services released 95 ever-loving pages of industry comments received for the draft 2021 Program Audit protocol. The document includes their responses and actions taken, including what edits they have made to the 60-day package released a few months ago. In my opinion, there is a general feeling of streamlining and simplification to focus on the agency’s areas of priority. 

As I was pulling out clarifications that I am unsure will end up in any FAQ, methodology, or audit process document, I realized the entire responses document should have a proper place on the shelf along with the finalized protocols. Why? Because not all clarifications provided resulted in changes to instructions or data request information. This document can be helpful in communicating expectations to employees and first tier entities alike. 

While it seems like a lot to digest, there was no sign of eliminating an entire review area, or creating a new care delivery branch of review, which is the current focus at the moment due to the public health emergency. If you reviewed the 60-day package thoroughly, the 74-page crosswalk posted with the 30-day package could be your best friend. Therefore, take the comments, hold a meeting, divide and conquer to make sure your business partners and colleagues understand the changes. Comments on this collection must be received by July 6, 2020.

Compliance is the Conscience

I’ve been struggling to consider what might be helpful, applicable information to apply during this health crisis. The questions abound: Should we still do credentialing? Do I need to send written appeal responses? When will program audits start up again? How long do waivers last?

After weeks of reading updates, guidance, the new law signed on Friday, and emails from just about every retail store I’ve patronized, I’ve returned to the foundation to offer advice for my buried audience. It is the first principle as outlined in the Code of Ethics for Health Care Compliance Professionals published by the Health Care Compliance Association

Principle I, Obligations to the Public: “Health care compliance professionals should embrace the spirit and the letter of the law governing their employing organization’s conduct and exemplify the highest ethical standards in their conduct in order to contribute to the public good.”

It is incredibly difficult for even the most astute to read through the CMS Current Emergencies guidance. Who is keeping track of the changes and business decisions your organization and vendors are considering? As CMS said on a recent industry call for PACE and states, they understand the desire for everyone to get more guidance for every specific scenario, but this is a rapidly evolving circumstance. The bottom line: you need to evaluate how to meet your obligations with consideration to health and safety needs. 

The compliance officer is the conscience of the organization. And right now, public health is paramount like I’ve never seen, and like our parents have never seen. Therefore, when reviewing memos, waivers, and fact sheets, please let your obligations to the public, now more than ever, drive your decision-making. The public includes not only your members, but also your employees, contractors, and your surrounding community. Document any modifications and rationale with start and end dates. This is not the time to stop the presses: CMS reminded us on March 10 that business continuity plan requirements are codified. This is the time to get creative.