2017: A YEAR IN THE TRENCHES LESSONS LEARNED, BEST PRACTICES, AND KEY TAKEAWAY STRATEGIES FOR 2018

Transcription

1 2017: A YEAR IN THE TRENCHES LESSONS LEARNED, BEST PRACTICES, AND KEY TAKEAWAY STRATEGIES FOR proved to be another big year for the Centers for Medicare & Medicaid Services (CMS) audit and enforcement activity with the rollout of the 2017 CMS Audit Protocols. Navigant has been a trusted advisor to plans in performing mock CMS Audits, Independent Validation Audits (IVAs), Compliance Program Effectiveness (CPE) audits and ongoing remediation efforts. It is out of those efforts that we offer key lessons learned, best practices, and key takeaway strategies for plans and their First Tier, Downstream, and Related Entities (FDRs) to gear up for another strong year of CMS Audits. Additionally, the Office of Inspector General (OIG) work plan revisions to combat Fraud, Waste, and Abuse (FWA), and the Department of Justice (DOJ) activity in the area of risk-adjusted payments needs to be an audit focus for plans. PROGRAM AREA LESSONS LEARNED IN 2017 BEST PRACTICES KEY TAKEAWAYS FOR 2018 Compliance Program Effectiveness (CPE) New CPE audit protocols took effect this year. The new protocols are designed to test implementation, outcome, remediation, and effectiveness. Specifically, changes include three audit elements, four compliance questionnaires, four record layouts, and tracer summaries. The new data layouts are inclusive of FWA reporting. Detection and correction of FDR noncompliance continues to be a strong focus area. Risk assessments and annual audit work plans should correlate. The annual audit work plan should be specifically designed to target the program areas with highest identified risks in your annual risk assessment. Develop risk assessments that specifically rate your FDRs and your internal operations. Then correlate annual audit work plans related to those risk assessments. When it comes time to complete your universes for your annual CPE audit, it will be more apparent which activities go into each universe. There should be a mix of compliance and FWA-related activity on Tables 1, 3 and 4. Use clear descriptions when identifying deficiencies. Tracer summaries should include all the activities that occurred with the event, starting with how the issue was detected (your internal controls), remediation activity, documented outcomes, and whether the remediation was effective (the effectiveness of your processes to respond). Well-developed tracers will help the auditor identify the three compliance elements: prevention, detection, and correction. Get to know the new universe protocols and the difference between internal audit and monitoring and FDR auditing and monitoring. The First Tier Entity Auditing and Monitoring (FTEAM) universe should only include the auditing and monitoring events related to your FDRs. Should you not have data to include in this universe, then now is the time to start your FTEAM work plan. Keep clear and up-todate documentation of all monthly and annual exclusion checks and training that includes your staff, board members, and FDRs.

2 PROGRAM AREA LESSONS LEARNED IN 2017 BEST PRACTICES KEY TAKEAWAYS FOR 2018 Medicare Risk Medicare Compliance MRA should be included The DOJ is focusing on Adjustment (MRA) must have oversight within the full scope of one-sided retrospective and monitoring in place a Medicare Compliance reviews in cases related to for MRA. (See Graves Program, including MRA. v. Plaza and Poehling v. continuous monitoring and UnitedHealth.) follow-up. MRA business processes CMS Coding guidance released in September 2017 highlights guidance should have appropriate on coding of chronic controls in place throughout conditions for Risk MRA processes to ensure Adjustment Data accuracy and appropriateness Validation audits. of the outputs of the process. MRA Accuracy Pilots Plans must have the ability should be fully vetted to identify and react to red prior to deployment and flags related to MRA. always completed. Plans should have a method to risk-assess providers related to coding accuracy, deploying education, conducting audits, and issuing corrective actions accordingly. 2

3 Independent Validation Audit (IVA) The elements contained in the IVA work plan are key to CMS approval. A complete work plan will exhibit the auditor s understanding of the root causes that gave rise to the conditions and exhibit their expertise in the validation methodology outlined in the work plan. New conditions found during a validation audit are required to be reported to CMS. Any new conditions could result in account monitoring or extended validation closure. The IVA work plan includes the specific sample and testing methodology that the auditor will use during the validation audit. This gives CMS the assurance that the auditor is correctly testing the root cause that gave rise to the condition and gives the plan a solid understanding of what to expect once they determine their clean period and turn their universes over to the auditor. A solid work plan and audit methodology limit a plan s exposure to the discovery of new conditions. A coherent project scope and project management will reduce unnecessary costs incurred to the plan by the IVA. Choose a validator that has experience with the IVA process and has had positive outcomes for plans. Have a validation audit plan across your organization so you can work with the auditor to develop a work plan that minimizes your risks and costs. 3

4 Part D Formulary Administration and Transition (FA) This area has consistently improved as the Part D program is over 12 years old. However, some plans still struggle with unapproved utilization management criteria, usually in a direct manner of being misapplied to a subset of a population (e.g., misapplied age edits, quantity over time, or smallest available package size for certain drugs). A large Medicare Part D plan has an independent auditor conduct its benefit testing and logic mapping prior to the start of the new year. Many of these issues can be caught by employing better scenario testing prior to the start of a new benefit year. Part D plans and their pharmacy benefit managers can also avoid these issues by examining rule logic utilized rather than spot audits of formulary transactions. More issues can be detected by a thorough evaluation of the population. 4

5 Part D Coverage Determinations, Appeals, and Grievances (CDAG) Part D plans struggled to find a balance between being timely in processing coverage determination and redetermination requests versus having the necessary clinical documentation to support the case and properly notify the member and the provider. Key issues included: Plans have engineered their process to make three outreach attempts to providers using various methods of outreach. A large national MA-PD and PDP conducted an end-to-end process review to determine areas of inefficiency in handling that led to untimely IRE autoforwards. CMS will continue to scrutinize plans timeliness and completeness of CDAG cases. Plans should conduct endto-end process reviews to fully understand all handoffs, data points, and any missed opportunities to improve timeliness. Lack of timely handling for direct member reimbursement, standard coverage determination, and redeterminations, and lack of timely auto-forwarding to the Independent Review Entity (IRE). CMS has extensively utilized member call log data to identify misclassified cases and have a way to better gauge issues regarding root cause. A midsize MA-PD plan incorporated the CMS call log audit protocols into an ongoing monitoring report utilized to obtain valuable information regarding case triage. A large managed care plan mines its call log data regularly to make appropriate staffing and training adjustments. CMS main concern in 2018 will continue to be member access and provision of services. To remain competitive, plans will have to review call log data in different ways to stay on top of member issues as well as make upstream adjustments to their processes. 5

6 Part C Organization Determinations, Appeals, and Grievances (ODAG) Plans must implement the CMS required Integrated Denial Notice with no modifications to the OMB form. The development of denial codes that align with CMS requirements. The use of denial rationale language that is easily understood by the member. Include member notices in your on-going monitoring of both internal and FDR operational areas. Denial rationale should strike a balance between ease of understanding, specificity to what was denied, and cultural competence. Consider purchasing member-friendly CPT and ICD-10 descriptions for use in denial rationale. Special Needs Plan (SNP), Model of Care (MOC) Implementing a successful process for enrollment verification of SNP members is challenging. Consistently verifying dual eligibility in accordance with CMS guidance and accessed state Medicaid. Eligibility systems within the enrollment area. For current enrollees, the SNP must verify continuing eligibility at least as often as the state Medicaid agency conducts re-determinations of Medicaid eligibility. Individualized Care Plan (ICP) development process The development of an ICP for new members who did not complete the Health Risk Assessment (HRA) within 90 days of enrollment. Identifying a true Interdisciplinary Care Team (ICT) meeting to develop ICP vs. an unable-to-reachcare plan when neither the member or Primary Care Physician is able to attend ICT after multiple attempts. Identify all conditions documented in the HRA and diagnoses related to the Transition of Care (TOC). ICPs must include all conditions identified in the HRA and the diagnosis related to the TOC. Goals should be prioritized based upon diagnosis related to the TOC or based upon chronic conditions identified in the HRA. Clearly define those conditions that are documented as Other. Identify goals and objectives, including measurable outcomes for each condition, as well as specific services and benefits to be provided. Complete ICPs for members who have opted out of the case management. 6

7 Fraud, Waste, and Abuse (FWA) Due to the change in FWA reporting in the CPE audit protocols, we have seen, both for Medicare and Medicaid, specific FWA due diligence as an area of opportunity for improvement for many plans. This includes both where FWA has been delegated and where it has been performed by the plans themselves. Areas such as Risk Adjustment and Deceased Members which are included on the OIG workplan should have a dedicated investigatory process, including but not limited to data analytics supporting the investigations. Other areas of high FWArelated activity in 2017 were in labs/sober homes, opioid abuse, hospice, and genetic testing, to name a few. These areas should be included in Plans FWA plans for both Medicare and Medicaid. Plans may need to revise contractual relationships with FDRs to ensure appropriate Service Level Agreements are included, as they relate to FWA expectations. Plans may need to revise their FWA plans to ensure they are inclusive of trends from Ensure all FWA risks noted have appropriate due diligence performed by Special Investigation Unit or another FWA-related department. 7

8 CONTACTS DOROTHY DEANGELIS Managing Director MICHELLE FORD Associate Director NANCY WALTERMIRE Associate Director JOHN MARSHALL Managing Consultant navigant.com About Navigant Navigant Consulting, Inc. (NYSE: NCI) is a specialized, global professional services firm that helps clients take control of their future. Navigant s professionals apply deep industry knowledge, substantive technical expertise, and an enterprising approach to help clients build, manage, and/or protect their business interests. With a focus on markets and clients facing transformational change and significant regulatory or legal pressures, the firm primarily serves clients in the healthcare, energy, and financial services industries. Across a range of advisory, consulting, outsourcing, and technology/analytics services, Navigant s practitioners bring sharp insight that pinpoints opportunities and delivers powerful results. More information about Navigant can be found at navigant.com. linkedin.com/company/navigant-healthcare twitter.com/naviganthealth 2018 Navigant Consulting, Inc. All rights reserved. W39854 Navigant Consulting, Inc. ( Navigant ) is not a certified public accounting or audit firm. Navigant does not provide audit, attest, or public accounting services. See navigant.com/about/legal for a complete listing of private investigator licenses. This publication is provided by Navigant for informational purposes only and does not constitute consulting services or tax or legal advice. This publication may be used only as expressly permitted by license from Navigant and may not otherwise be reproduced, recorded, photocopied, distributed, displayed, modified, extracted, accessed, or used without the express written permission of Navigant.