AUDITS AND MONITORING
CMS requires Plans to conduct both ongoing monitoring activities and formal compliance audits. CMS defines the former as “regular reviews performed as part of normal operations to confirm ongoing compliance and to ensure that corrective actions are undertaken and effective” and the latter as “a formal review of compliance with a particular set of standards (e.g., policies and procedures, laws and regulations) used as base measures.”
MCS assists clients by creating ongoing monitoring and compliance audit programs. We also serve as an external, third-party resource to conduct compliance audits. Under the 2013 CMS audit protocol, CMS is providing Plans significantly less advance notice of their audit. The industry best practice, therefore, is to be “audit ready, all the time.”
CMS has included compliance program effectiveness audits as part of their standard audit protocol for the past several years. They are scrutinizing this area more closely than ever before, and the absence of a robust and comprehensive compliance program often signals lack of proper oversight of operations. Virtually all Plans that have demonstrated significant non-compliance in their Medicare operational areas also have a deficient Medicare compliance program. We have assisted numerous clients to create or strengthen their compliance program, including creation of appropriate policies and procedures, development of a comprehensive compliance plan, creation of a monitoring and auditing plan both for internal operations as well as first tier, downstream and related entities (FDRs), and in-depth training for compliance and operational staff.
Medicare plans have a considerable amount of data that can be used to assess whether day-to-day operations are compliant with basic requirements. Without an organized, comprehensive monitoring program in place, however, the advantage of detecting early warning signs of non-compliance is lost and often small problems escalate into serious compliance deficiencies that may not be detected until an audit is conducted, either by the Plan or by CMS. MCS experts have experience creating Medicare monitoring programs and compliance dashboards that harness the information necessary to provide compliance status at-a-glance to compliance officers and senior management.
In addition to ongoing monitoring programs, CMS requires Plans to conduct compliance audits in all Medicare operational areas. For all areas of non-compliance CMS finds in an audit, their expectation is that the Plan has already identified those deficiencies through their own compliance audit process and is on the road to correcting the deficiencies. MCS works with a client’s existing Medicare compliance audit program or creates one from the ground up to ensure that audit processes address all CMS requirements. Compliance audit programs developed by MCS include audit scheduling and preparation, tools, reports, and corrective action plans.
Mock CMS audit
Using CMS’s 2013 audit protocol, we conduct full or partial mock CMS audits for Medicare plans that want a third-party evaluation of those areas that may be out of compliance. The entire process simulates an actual CMS audit, from audit notification letters to universe listings and random selection of the samples to audit. The client becomes familiar with CMS’s complex audit process prior to an actual audit and is thus better prepared when it arrives. At the conclusion of the mock audit, we present the client with a detailed report, which provides more information than the CMS audit report, detailing the non-compliant areas, the required actions to achieve compliance in those areas, as well as industry best practices. We recommend mock audits for new MA and PDP plans that have not yet undergone a CMS audit, as well as those plans that are in the “off” years of a CMS audit, which maximizes the time the plan has to achieve compliance prior to their next CMS audit.