Deep Dive into Compliance Program Effectiveness and Risk Assessment

Transcription

1 Deep Dive into Compliance Program Effectiveness and Risk Assessment John Wells, Vice President, Medicare Compliance / Medicare Compliance Officer 2017 Bernadette Aetna Inc. Benitez, Senior Director, Medicare Compliance June 20171

2 Topics of Discussion Aetna s Background Relationship between Compliance Program Effectiveness and Risk Assessment Developing a Risk Assessment Process Risk Assessment Timeline Example Risk Assessment Development Example of Aetna Risk Assessment Measures Finalizing Risk Assessment to Determine Risk Levels Identifying Operational Issues Through Risk Assessment Process Best Practices Learned through Risk Assessment Process 2

3 Aetna s Background Aetna was founded in Aetna is one of the nation's leading providers of health care, dental, pharmacy, group life, and disability insurance. One of the nation s largest health and benefits companies with almost 50,000 employees worldwide. Aetna s Mission is to build a healthier world with healthcare centered around people using a diverse product portfolio. A range of insurance and employee benefits products Programs and services that help control rising costs while striving to improve the quality of health care Tools and information to help people make betterinformed decisions about their health care and financial well-being 3

4 Relationship Between Compliance Program Effectiveness (CPE) and Risk Assessments (RA) CMS Requirements - Chapter 9/21 Sponsors must adopt and implement policies and procedures to conduct a formal baseline assessment of the sponsor s major compliance and FWA risk areas This is done through a risk assessment to prevent, detect and correct Medicare Part C and D program non-compliance and fraud, waste and abuse (FWA) The assessment should take into account all Medicare, FDR and MMP business areas and what types/levels of risk the area presents to your organization Sponsors should use Internal/External factors as part of the risk assessment. Examples include: Audit and Enforcement Reports Common Conditions External audits reports Regulatory Changes Internal Audits/Monitors The risks identified by the risk assessment aid in determining which risk areas could have the greatest impact to sponsors. 4

5 Developing a Risk Assessment Process STEP 1 STEP 2 STEP 3 STEP 4 STEP 5 STEP 6 STEP 7 Develop Tool ---- Re-Evaluate Tool Establish Timeline Define Functional Areas to be included Communication and Education Conduct Assessment.Calibration.Develop Audit and Monitor Work Plan ---- Re-Evaluate Work Plan Risks change and evolve with changes in regulation, CMS findings, audit/monitoring results, operational issues, etc. Ongoing reviews for potential risks of noncompliance and FWA, as well as a periodic re-evaluation of the accuracy of the sponsor s baseline assessment, are crucial. 5

6 Risk Assessment Timeline Example 1.Prevetion Senior Leadership Kickoff Communication for Baseline RA Calibration session / Work Plan proposals developed Senior Leadership Kickoff Communication for Reassessment Re-Assessment Calibration session / Work Plan assessed to determine if modifications are needed Oct 2wks Nov Dec Apr 2wks May May Medicare Compliance meets with Business Partners for Baseline Medicare Compliance Committee Review Medicare Compliance meets with Business Partners for Reassessment Medicare Compliance Committee Review Note: There is always ongoing discussions with business area between formal Risk Assessment 6

7 Risk Assessment Development Chapter 9/21 states that Sponsors should use Internal/External factors as part of the risk assessment. Examples include: Audit Reports Enforcement Action External Reports Regulatory / Sub Regulatory Changes Internal Audits/Monitors Organizational Changes Audits Sanctions CMPs NONCs Department of Justice Investigations Office of Inspector General Work Plan HPMS Memos Call Letter Work Plan Audits/Monitors Internal Audit s Business Audits/Monitors Growth System Changes Significant FDR Changes 7

8 Example of Aetna Risk Assessment Measures All Functional Medicare Areas Reviewed Objective - CMS Focus Area - CMS Action (NONC, Warning letters etc.) - CMS Findings (ICAR, CAR) - Internal Audit Findings - Compliance and Audit Findings - Regulatory Changes Normative - Risk likelihood - Compliance effective 8

9 Finalizing Risk Assessment to Determine Risk Levels Aetna utilizes a risk priority scale to determine Functional Area s impact on Aetna Once the Functional risk assessments have been completed, they will be combined thru a calibration process to allow ranking of the Net Risk from highest to lowest to determine the Risk Priority of High, Medium and Low The Risk Priority drives the development of Work Plan activities to mitigate identified risk 3 = High (Net risk score in upper 1/3) 2 = Medium (Net risk score in middle 1/3) 1 = Low (Net risk score in lower 1/3) Example 9

10 Identifying Operational Issues Through Risk Assessment Process Based on Risk Assessment results, plans should prioritize their monitoring and auditing strategy accordingly through Work Plan Activities Work Plan activities will allow for evaluation of operational processes in accordance with CMS requirements While there is a defined timeline for Baseline Risk Assessment and Re-Assessment, ongoing collaboration between business and compliance should be occurring 10

11 Best Practices Learned through Risk Assessment Process - Engage Business Partners as part of the process of evaluation - Database for consistency - Training staff on Risk Assessment Tools - Review Timeframe (i.e. 12 month look back vs calendar year) - Risk Priority is based on Net Risk scores for Baseline and Reassessment - Collaboration Sessions with MCO and Compliance Leads, Operations Integrity and Internal Audit prior to finalization - Meeting with CEO/COO to share results and obtain input - Risk Assessment is based on business (Part C, Part D, MMP, FDR) 11

12 Questions? 12