Embed Size (px)
Citation preview
3/28/2016
1
When the Auditors Get Audited
Lisa Jensen, MHBL, FACMPE,
CPC
April 11, 2016
Disclaimer
• These educational materials were current at the time they were
published and created. They were prepared as tools to assist in
teaching; they are not intended to create any rights, privileges,
or benefits. Although every reasonable effort has been made to
assure the accuracy of the information within these materials,
the ultimate responsibility for complying with the Federal fraud
and abuse laws lies with the organization.
• Providence Health Plans agents, and staff make no
representation, warranty, or guarantee that these compilations
of information are error free and will bear no responsibility or
liability for the results or consequences of the use of these
materials. These educational materials are not legal documents.
The official information is contained in the relevant laws and
regulations.
3/28/2016
2
Agenda
• CMS Audit
• Elements of the Audit Plan
• Best Practices
• Lessons Learned
Providence Health Plans
• Providence Health Plans is a part of the integrated
delivery system of the five state Providence Health &
Services. Provide or administer health coverage to
more than 500,000 members nationwide. Offer
insurance for commercial groups, ASO, Medicare,
Medicaid, individuals and State Sponsored Exchange
products.
– Geography – Oregon, Southwest Washington
– Partners – Health Republic Insurance, Premera Blue Cross
Blue Shield, Providence Health Network, Intel
– 5-star rating by Medicare for our HMO and HMO-POS plans
in 2014 and 2015
– Over 24,000 Medicare Advantage members, plan since 1985
3/28/2016
3
PHP External Audit/Payment
Integrity Department/ SIU
Medicare C and D Oversight
• The Medicare Parts C and D Oversight and
Enforcement Group (MOEG), Part C and Part D
program audits.
• Confirm sponsors deliver benefits in accordance with
the terms of their contract and plan benefit package.
• Evaluate sponsors’ compliance program
requirements, especially those that safeguard
beneficiaries’ access to medically necessary services
and prescription drugs.
• This ensures the integrity of the Part C and Part D
programs and protects the health and safety of
Medicare beneficiaries.
3/28/2016
4
CMS Audit
• In May 2014, CMS conducted both remote and On-
Site Audits of PHP’s Medicare Advantage and Part D
Compliance Program. As a result of the audit, PHP’s
Medicare Compliance Department made a number of
learnings.
• This presentation has been prepared in an effort to
assist other SIUs with meeting CMS compliance
requirements in the event that CMS Audits the
Auditors
CMS Audit
• All organizations offering a Medicare Advantage (Part
C) and/or Medicare Prescription Drug Plan (Part D)
must have an effective compliance program
• CMS provides copious guidance on the content and
requirements of compliance programs
• CMS guidance concerning the FWA function has
been available since 2006
• CMS draft of updated guidance released Feb 2012
• New CMS Medicare Advantage and Part D Fraud
Handbook added March 2014
3/28/2016
5
Audit Timeline
Start Notice/Engagement Letter –The Auditor-in-Charge (AIC) contacts the
SO (sponsor’s) compliance officer via
phone and then sends an audit engagement
letter
Follow-Up Call – The AIC conducts a
follow-up call with the SO
and the audit team 1-2 days
after the date of the
engagement letter
Pre-Audit Issue
Summary and Associated
BIAs Submitted to CMS from the SO – Within 5
business
Universe Request
Conference Calls – Prior to upload of the
universe
Universe Submission to CMS from the SO – Within 15 business days of receiving the
engagement letter
Audit Timeline Cont.
Universe Validation Webinar – After the universes have been uploaded by the SO,
Send SO Audit Schedule – CMS will send the SO a schedule of audit activities for the
week of the webinar and onsite audit
Draft Audit Report Preparation and Issuance to SO –
At the conclusion of the audit, CMS prepares and
issues a draft audit report (goal is within
60 days of the conclusion of the
audit). The SO has 10 business days to
respond to the report with
comments to CMS.
Issuing the Final Audit report and Corrective Action Requirement(s) –
CMS issues the final report (the goal
is within 10 days from receiving the SO comments).
CMS provides the SO with 7 days to
submit a corrective action plan for correcting any deficiencies
3/28/2016
6
How Does It Start?
• An engagement letter will be sent 6 weeks prior to
the audit start date,
– notifying you of the date the audit will begin,
– the scope of the audit,
– the contact information for the MOEG Auditor-In-
Charge,
– information being requested from the sponsor
(e.g., universes).
• Sponsors will be expected to submit universes 3
weeks prior to the start date of the audit.
What About 2015-2016?
• 2015-2016 starts a new audit cycle.
• All sponsors, even those audited in the previous cycle (2010-2014), will
be considered for audit selection.
• For 2014 audits, CMS audited plans that provide 96% of Medicare
Advantage and Prescription Drug enrollees services, began auditing
with outcome-based audit protocols.
• They will continue to utilize a risk-based approach to selecting
sponsors for audit (both high and low risk), while also taking into
account other key factors like: the sponsor has never previously been
audited; the sponsor is new to the program (i.e., is in their first 2 years
of operation and has no previous affiliation with the Medicare program);
or the sponsor represents a large percentage of MA or Part D
enrollment.
3/28/2016
7
BTW: Did You Know, You
Should Already Know This!
• Many were not audited in this first cycle,
the publishing of audit related
performance data and information of
external websites (e.g., best practices
and common findings memos, audit
protocols, audit scores, etc.) should
have improved the level of compliance
of all sponsors throughout the industry.
Universe Selection 2015-2016
• Sponsors are expected to provide accurate and
timely universe submissions.
• In 2016, sponsors will have a maximum of 3 attempts
to provide each universe requested:
– If the sponsor fails to provide accurate and timely universe
submissions twice, CMS will document this as an
observation in the plan’s program audit report.
– After the third failed attempt the sponsor will be cited
Immediate Corrective Action Required (ICARs) for every
condition that cannot be tested due to the inaccurate
universe (i.e., if there are 11 audit conditions that could have
been tested in a given universe, we will automatically cite 11
ICARs, one for each possible condition that could have been
tested).
3/28/2016
8
Self Disclosed vs. Self Identified
• A disclosed issue reported to CMS prior to the date of the audit
start notice.
• A self-identified discovered by the sponsor but notification was
not made to CMS until after the date of the audit start notice.
– Sponsors asked to provide a list of all previously disclosed and self-
identified issues of non-compliance, from January 1, 2016 through the date
of the audit start notice.
– Sponsors must provide a description of each issue as well as the
remediation status using the Pre-Audit Issue Summary template.
• Each disclosed and self-identified issue require a Beneficiary
Impact Analysis (BIA). The BIA should include every impacted
beneficiary across all of the sponsor’s contracts for the time
period January 1, 2016 through the date of the audit start notice.
– Both the issue summary and the associated BIA(s) are due within 5
business days after receipt of the engagement letter.
FWAM 2015-2016
• 2.1. Did the sponsor establish, maintain and
implement effective compliance and FWA
training?
– CMS will test each of the 6 tracers by reviewing
the data and documentation provided by the
sponsor while onsite. CMS will also conduct
interviews while onsite to provide additional
information on the sponsor’s compliance program.
If CMS requirements are not met, a condition
(finding) will be documented. If CMS requirements
are met, no conditions (findings) are documented.
3/28/2016
9
Tracer Documentation 2015-
2016
• CMS will review all tracer documentation to determine that the
compliance program elements were effectively met.
– An explanation/ evidence risk assessment indicating how issues
are identified.
– Copies of monitoring reports showing the outcomes of monitoring
– Copies of trending reports showing the trend of the issue (i.e., the
issue is being or has been remediated over time or the issue is still
occurring).
– Copies of audit reports showing the results of any audits conducted
for the identified issue.
– Evidence/ explanation of any follow up done
– For employees involved in the tracers, evidence that the employees
were checked against the OIG/GSA exclusion lists.
– For FDRs, evidence that the FDRs were checked against the
OIG/GSA exclusion lists.
Fraud Waste and Abuse
Monitoring (FWAM)
• Monitoring:
– predictive analytics,
– data mining,
– outlier analysis,
– comparison of claim information
against other data,
– prescribing and dispensing
practices of providers,
– fraudulent activities of plan
members,
– aberrant pharmacy billing,
– medical claims,
– PLATO,
– Medicare waste by identifying
overpayments, etc
• Investigations: – employee misconduct,
– fraudulent provider or pharmacy claims,
fraudulent vendor (FDR) invoices,
– misuse of Medicare beneficiary information,
– overpayments,
– complaints or tips received through hotlines,
– referrals,
– internal operational areas,
– FDRs/contractors,
– fraud alerts from CMS, providers, members,
MEDIC, law enforcement, etc.
Include: all monitoring activities and investigations performed to identify and
address potential or suspected FWA at both the sponsor and FDR levels
Exclude: non-Medicare Parts C and/or D FWA
monitoring, investigations or actions (e.g.,
commercial, Medicaid)
3/28/2016
10
FWAM Universe
Field Name Description
Name of Component, FDR or
Enrollee
Name of the sponsor component, department, FDR or
enrollee that was monitored or investigated for potential or
suspected FWA.
Was this FWA effort related
to Medicare?
Yes(Y)/No (N) indicator of whether the FWA event related to
Medicare? Or TBD
Type of FWA Activity
Indicate if the activity is related to “Monitoring” or an
“Investigation” NOTE: Monitoring is the use of data
analysis/claims information/CMS fraud alerts to identify
internal/external unusual patterns, practices, providers.
Investigation refers to case development for detected or
reported cases of noncompliance, illegal, fraudulent, or
wasteful activity.
Date FWA Activity Started
Provide the date that the monitoring or investigation activity
was initiated, started or reopened.
Date FWA Activity Completed Provide the date that the monitoring or investigation ended.
FWAM Universe Continues
Field Name Description
Frequency of FWA Activity
Frequency of the monitoring or investigation (e.g.,
weekly, monthly, quarterly, annually, ad-hoc,
incident/event-based)
Internal or External
Auditors
Who conducted the monitoring or investigation (e.g.,
operational area, compliance department, legal, SIU,
FDR).
Description of FWA
Activity
Description of what was monitored or investigated
(operational area, pharmacy claims, provider claims,
employee, enrollee or FDR misconduct).
Were FWA Risks
Identified?
Yes(Y) or No (N) indicator of whether the monitoring
effort or investigation was initiated based on being
identified through a risk analysis or assessment.
Communication &
Reporting Mechanism
Yes(Y) or No (N) indicator of whether the monitoring
effort or investigation performed based on an inquiry
submitted to the sponsor‘s compliance/FWA reporting
system? (e.g., telephone hotlines, mail drops, email,
website).
3/28/2016
11
FWAM Universe Continues
Field Name Description
Were any issues or deficiencies
discovered?
Yes(Y) or No (N) indicator of whether any issues, findings or deficiencies were
discovered during the monitoring effort or investigation? Or TBD
Number of Deficiencies
Provide the number of deficiencies, findings or issues identified. Answer NA if no
deficiencies were identified or discovered.
Description of Deficiencies
Provide a description of all deficiencies, findings or issues identified during the
monitoring activity or investigation. If the monitoring event is identified in the pre-audit
issue summary submitted to CMS, please provide the issue number. If monitoring
event or investigation is currently in progress and deficiencies have yet to be
identified, explain why this activity is still in progress with an estimated date in which
the activity will be closed and/or deficiencies will be identified.
Was corrective action taken? Yes (Y) /No (N) indicator of whether corrective action has been taken. Or TBD
Corrective Action Description
Provide a description of the corrective action(s) implemented by the sponsor in
response to potential or suspected FWA discovered during the monitoring or
investigation, including any root cause analysis for what caused the
deficiencies/problems, timeframes for specific achievements and any ramifications
for failing to implement the corrective action satisfactorily. Or NA
Were monitoring results shared with
others?
Describe how the results of the monitoring activity or investigation were
communicated or shared with sponsor’s affected components, compliance
department, senior management, and the FTE.
Distribution of Duties
• Does one department do all your FWA
work?
• HR investigate employee wrong-doing?
• Managers investigate employee issues?
• Compliance department monitor/
oversight FDR compliance?
• Compliance Department monitor/ audit
department compliance?
• Medical Quality? Informatics? IT?
3/28/2016
12
Example of an Audit Condition
• 4.1.7.2 CONDITION: Sponsor did not conduct timely, well-documented and
reasonable inquiry into a compliance incident or issue or potential FWA.
• CRITERIA: 42 CFR § 422.503(b)(4)(vi)(G)
• 42 CFR § 423.504(b)(4)(vi)(G)
• Medicare Managed Care Manual, Chapter 21, Section 50.7.1
• Prescription Drug Benefit Manual, Chapter 9, Section 50.7.1
• CAUSE: Sponsor could not provide a reason why it did not initiate an
investigation of the issues in a timely manner.
• EFFECT: Failure to conduct timely, well documented, and reasonable inquiries
into any compliance incident or issue involving potential Medicare program
noncompliance or potential FWA can allow said issues to persist and recur in
the future.
• Contracts Affected Contract Number(s) Sample Case Number(s)
• CORRECTIVE ACTION REQUIRED: Sponsor must put a system in place to
ensure all inquiries into incidents of potential noncompliance or FWA are
conducted timely, well documented, and performed reasonably.
Can You Provide Proof of
Training?
• Provide a list of all Medicare FWA
training provided to your employees,
volunteers, members of the governing
body, FDRs and/ or others during the
audit period.
3/28/2016
13
Yes – Training Happened
• Sign in sheets
• Electronic training logs
• Copies of power point or other
presentations
• Copies of handouts, cheat sheets
• Compliance, HR training or Operational
Area Training?
Can You Prove Effectiveness of
Training?
• Provide a description, including of how it
was determined that training and
education was effective in reducing
compliance and FWA risks.
3/28/2016
14
Yes – Training Effectiveness
• Pre and Post tests
• Track number of referrals from internal
and external sources
• Employee survey
• Pop Awareness Quiz/ Mock Audit
Can You Prove Monitoring FWA?
• Provide a description, including
examples, of specific monitoring
activities performance during the audit
period to prevent and detect FWA and
response to CMS Fraud Alerts.
• Current list of all potential incidents
during audit period
3/28/2016
15
Yes – Monitoring FWA
• All places in health plan where fraud
waste and abuse might be caught
• Quality control functions
– Appeals and Grievance
– SIU data mining
– Internal and External Referrals
– Clinical Edits
– Part D monitoring
– Etc.
Can You Provide a List of
Current Incidences?
• How are you tracking your incidences of
potential fraud waste and abuse?
– Spreadsheet
– Project tracking system
– Access Database
– Vendor solution
– Homegrown
3/28/2016
16
Yes - List of Potential Incidents
• Date of Incident
• Source
• Nature of Incident
• Operation area affected
• Subject ID
• Date of Resolution
• Resolution of Issue
• Geographic Area
• Zip Code
Your Own Potential Incidents
• Are your dates in compliance with
regulation?
– Reasonable inquiry completed within 14
days
– Referral to CMS of potential FWA within 30
days?
3/28/2016
17
Your Own Potential Incidents
• Date of Resolution
– Was your resolution timely?
– Can you demonstrate reasonable haste?
– Can you demonstrate reasonable actions?
– Do you have evidence of consistent
progress towards resolution?
– Do you have evidence of attempts to
address delays?
Your Own Potential Incidents
• Resolution of Issue
– Do you have a root cause analysis
documented?
– Do you have clear investigative actions
documented?
– Is there evidence of management oversight
and QA?
– Is there evidence of communication to the
compliance committee, upper level
leadership?
3/28/2016
18
Best Practices
• Does Leadership demonstrate a commitment to compliance and anti-fraud?
• Do we have written standards of conduct and policies and procedures that are updated at least annually?
• Are employees required to sign off that standards of conduct and policies and procedures are reviewed?
Best Practices
• Do we document and retain evidence of identification of and response to potential fraud waste and abuse?
• Do we have evidence that we do not tolerate retaliation against those who report fraud waste or abuse?
• Do we document referrals to law enforcement, CMS or other regulators?
3/28/2016
19
Best Practices
• Do we document all employees, FDRs, Board Members and providers are checked against the HHS OIG and GSA debarment lists?
• Can we demonstrate refunds, recovery of losses, recovery of overpayments and pre payment denials related to fraud, waste and abuse?
Best Practices
• Can we demonstrate disciplinary polices?
• Can we demonstrate appropriate actions/sanctions disciplinary actions taken?
• Can we demonstrate changes based on outcomes of audits? Policy changes, edits, revisions to process?
3/28/2016
20
Best Practices
• Can we demonstrate FWA training for new hires within 90 days of hire?
• Do employees receive general compliance training?
• Do we publicize visibly ways to report potential FWA, is at least one anonymous?
Best Practices
• Can we provide evidence that FWA is discussed with management, i.e., compliance committee, board, etc?
• Are business monitoring results tied to leaders compensation?
• Do we collaborate with Part C and D fraud work group and attend regular meetings?
3/28/2016
21
What is Evidence of Effectiveness?
For the SIU it’s all about the data
Case documentation
Monthly, quarterly, annual reports
Work load
Recoveries, savings, forfeiture
Timelines, timeliness
Corrective actions and referrals
Life Cycle of Case
Detection
Preliminary Investigation
Assignment to Investigator/
Auditor
DeterminationCorrective
Action
Prevention
Monitoring
3/28/2016
22
Case Documentation
Case Tracking Documentation
3/28/2016
23
Events for Tracking - SampleAccepted by FBI Convicted - Civil
Desk Audit
Completed
Lead denied by
Committee
New Claims Edit
Implemented Phone In
Accepted by MEDIC Convicted - Criminal Desk Audit Started
Lead submitted to
Committee
New Claims Edit
Recommended Phone Out
Accepted by OIG
Convicted - Provider
Excluded
Education Letter
Sent
Major Problems
Identified
No Problems
Identified Fax In
Acquited
Convicted-Integrity
Agreement
Extrapolating
Recovery Amount Manager Review
Onsite Audit
Completed Email In
Appeal Decision-
Fully Upheld
Convicted-
Restitution Ordered Indicted - Civil
Manager Review
Complete
Onsite Audit
Scheduled Correspondence In
Appeal Decision-
Overturned
Convicted-
Settlement
Agreement Indicted - Criminal
Manager Review
Follow Up
Refund/Education
Letter Sent Correspondence Out
Appeal Decision-
Partial Upheld
Corrective Action
Plan Info Submitted
Manager Review
Request
Overpayment Calc
Completed
Delivery Receipt
Received
Appeal Received
Data Analysis
Completed Initial Contact
Member Interviews -
Completed
Overpayment Re-Calc
Completed Reconsideration 2 In
Approved for Closure
Data Analysis
Intiated Insignificant Loss
Member Interviews -
Initiated
Performing 6 mo
Follow Up
Arbitration Request
Answered
Audit Findings
approved Denied by FBI
Insufficient Info to
Pursue
Member Survey
Completed Prepay Pend Initiated Frequent Activity
Audit Findings
denied Denied by MEDIC
Investigation
Completed Member Survey Sent
Prepay Med Recs
Release Ready Prepay Pend Initiated
Audit Findings
submitted Denied by OIG
Investigation
Initiated
Minor Problems
Identified
Prepay Med Recs
Submitted Rev
Prepay Pend
Cancelled
Complaint Research
in Progress Denied for Closure
Lead approved by
Committee
Moderate Problems
Identified
Prepay Medical
Review Complete
Refer Ins Div or
License Brd
Financial Tracking - Sample
3/28/2016
24
Monthly Reporting - Sample
Date Range: 5/1/2015 - 5/31/2015Timely Response Compliance
Did PHP meet the reasonable inquiry deadline of 2 weeks? Y
Did PHP meet the MEDIC response deadline of 30 days? Y
Did PHP meet the MEDIC referral deadline of 30 days? Y
CMS Defined Element Number of CasesPotential fraud and abuse incidents related to inappropriate billing 3
Potential fraud and abuse incidents related to providing false information 1
Potential fraud and abuse incidents related to doctor shopping/drug seeking
beneficiary 7
Potential fraud and abuse incidents related to attempting to steal identity/money 0
Potential fraud and abuse incidents related to other areas not listed above 5
Total potential fraud and abuse incidents identified 16
CMS Defined Actions Number of CasesPotential incidents identified through internal efforts 0
Potential incidents received from external sources 8
Total potential fraud and abuse incidents that were closed 8
Potential fraud and abuse incidents referred to CMS for action 5
Potential fraud and abuse incidents referred to federal law enforcement for action 0
Potential fraud and abuse incidents referred to local law enforcement for action 0
Potential fraud and abuse incidents referred to State Insurance Commissioners (SICs)
or state licensing authorities 0
CMS Defined Totals Number of CasesInquiries initiated by the Sponsor as a result of potential fraud and abuse incidents 8
Corrective actions initiated by the Sponsor as a result of potential fraud and abuse
incidents 0
Medicare Advantage SIU Regulatory Report
Leadership Reporting - Sample
3/28/2016
25
Leadership Reporting - Sample
Leadership Reporting Data Ideas
• Number of educational interventions
• Number of employees, FDRs educated
• Number of referrals to regulators
• Issues that impact various lines of
business
• Collection or denial percentages
• Sources of Lead/Allegation/Discovery
3/28/2016
26
Lessons Learned
• It’s not fun to hear your words come
back to you from a CMS auditor
• Case documentation must be easy for
someone who doesn’t work in your
department to understand
• There is some auditor interpretation in
much of what we do, and them too
• One mistake can and does hurt you
Lessons Learned
• FDR education and fraud monitoring
language is intermingled with SIU
education and fraud efforts.
• Plan wide risk assessment or SIU
specific risk assessment
• Medicare wants their own..everything!
• Regularly monitor your CMS resources
(hint - ☺see next slide)
3/28/2016
27
Your Resources
• The purpose of this web page is to increase
transparency related to the Medicare
Advantage and Prescription Drug Plan
program audits
• Information regarding the Program Audit
Process and Protocols, Frequently Asked
Questions, and HPMS Memo’s relating to the
Program Audit process are located in the
Downloads section. • https://www.cms.gov/Medicare/Compliance-and-Audits/Part-C-
and-Part-D-Compliance-and-Audits/ProgramAudits.html
Program Audits Web Page
3/28/2016
28
Your Resources
• CMS Manual Chapter 9/21
– https://www.cms.gov/Medicare/Prescription
-Drug-
Coverage/PrescriptionDrugCovContra/Dow
nloads/Chapter9.pdf
• Medicare Managed Care Manual
– https://www.cms.gov/Regulations-and-
Guidance/Guidance/Manuals/Internet-
Only-Manuals-IOMs-
Items/CMS019326.html
Your Resources
• CMS Outreach and Education MEDIC
– http://medic-
outreach.rainmakerssolutions.com/outreac
h-materials/for-plan-sponsors/
– Fraud Handbook
• http://medic-
outreach.rainmakerssolutions.com/fraud-
fighting-resources/fraud-handbook/
