HCCA Managed Care Compliance Conference:

Transcription

1 HCCA Managed Care Compliance Conference: Making Decision Frameworks for Subjective Standards in Medicare Advantage and Medicare Part D: Proactive Audit Preparation February 13, 2012 Table of Contents I. Shift in CMS Audit Approach and Methodology 3 II. Responding to CMS Data-Driven Audits 9 III. Data Validation Audits 13 IV. CMS Formulary Administration and CDAG Audits 23 V. Summary and Ways to Avoid Common Audit Pitfalls 29 VI. Speaker Biographies

2 I. Shift in CMS Audit Approach and Methodology 3 CMS Shift to Data-Driven Audits CMS shift in focus to utilizing plan submitted data and other data sources as a means to monitor and audit plans is in full swing. This change has taken place over the last several years to manage government resources and take advantage of available plan data. That said, the approach puts the onus on plans to report accurate data and be mindful of how CMS utilizes this information to select and execute various Medicare Advantage and Part D audits. Health plan data from core functional areas (e.g., enrollment, prescription drug event data, coverage determinations, appeals, and grievances) have often been requested by CMS as the subject of intense, targeted audit activity. The failure of a plan to know how this data is gathered and what, if any, organizational deficiencies can be determined from a review of this data will result in the plan being unprepared for this new type of CMS audit. 4 2

3 CMS Revised Audit Focus Past Performance Reviews CMS multi-pronged data-driven strategy is best articulated in CMS December 2, 2011 memorandum that detailed how they would review plan performance when considering contract renewals and service area expansion requests for 2013 and the identification of extreme performance outliers. During the last two application cycles, CMS methodology has been self-described as quantitative in nature, rigorous and systematic. Using plan data, CMS can determine if a plan is a poor performer or an outlier. The impact of being a plan outlier can vary, but it will trigger enforcement beginning with CAPs or non-compliance determinations and can progress all the way to contract termination or non-renewal. Plans and their internal audit departments must be aware of any of the defined CMS indications and make all efforts to include these areas in their audit and monitoring programs. 5 CMS Oversight Activities Sources of Information CMS Oversight Activities CMS Account Management Reporting Requirements Audits Monitoring & Surveillance Source: CMS Presentation on Hot Topics at HCCA/AHLA Fraud and Compliance Forum, 9/23/

4 CMS Audit Data Sources: Plan Reported Data CMS utilizes plan reported Medicare Part C and Part D data measures to look for outliers and key differences among plans. They also integrate this plan reported data with other sources of information including but not limited to: Complaint Tracking Module ( CTM ) or MEDICARE Complaints Prescription Drug Event Data and Plan Formularies IRE data Monitoring and Surveillance data (e.g., call center, agents/brokers, etc.) Results of various audits and investigations CMS will utilize this data as well as past audit results to perform risk assessment activities to select plans for audits. This provides CMS with the ability to effectively target those plans that may be at the highest risk of non-compliance or outlier status for audit. 7 Differences Between Past CMS Audits and the New Generation of Audits These audits are the opposite of past checklist approaches or policy and procedure based audits. Rather, they focus on outcomes (i.e., timely and accurate drug access) and ongoing quality assurance. Plans have to be prepared for onsite demonstrations of how their compliance program and key operational mechanisms work, how well your staff and leadership know the program rules, and whether they are meeting key metrics in certain areas (e.g., enrollment, sales, and appeals/grievances). An important new piece of subregulatory guidance is the CMS Medicare Advantage and Prescription Drug Plan Readiness checklist. This document provides an important tool for risk assessment and audit preparation. It also mentions the revised Compliance Program Requirements. Turnaround time from notice to production of pre-site material to onsite is at best a couple of weeks. 8 4

5 II. Responding to CMS Data-Driven Audits 9 Handling the New Style of CMS Audit What to expect: CMS will contact the MA or Part D Plan Sponsor about two to three weeks before a scheduled audit. CMS will try to coordinate an acceptable date for the audit and review audit logistics. CMS will typically provide a written notification that will identify the chapter(s) that will be covered in the audit and initiate a request for documentation. Audits held onsite generally last one week. MA organizations and Part D Plan Sponsors are expected to make available key staff responsible for compliance in the selected areas. The staff required to be made available will often include staff familiar with plan systems that can provide CMS auditors on-demand visibility into how the plan processes certain transactions or performs certain functions. 10 5

6 Handling the New Style of CMS Audit (Cont d) Know your obligations Per regulatory and policy authorities The Audit Guide(s) are less frequently used and are not made readily available Consider engaging an attorney or consulting firm Independent review under privilege Be Responsive Answer the questions asked Have thorough interview preparations well in advance of audit selection Conduct dry runs of data universe pulls Include any delegated entities early in audit preparations Keep detailed records of materials requested, provided, and all follow-up 11 Handling the New Style of CMS Audit (Cont d) Operational Risk Areas Medicare Advantage Risk Adjusted Data Relationships with Providers Financial Activity Marketing (agents and brokers, marketing materials) Medicare Part D Formulary Administration (protected and non-protected class drugs) Transition Policies Grievances, Coverage Determinations, Exceptions and Appeals Marketing (agents and brokers, marketing materials) Excluded Providers (PDE) B vs. D Issues 12 6

7 III. Data Validation Audits 13 Data Validation Background One of the most important audits in the new CMS paradigm is the Data Validation Audit ( DVA ). CMS relies upon certain data provided by plans for a number of purposes and thus has made it a regulatory requirement that plans must use an outside third party auditor to validate that data reported by all plans are reliable, valid, complete, and comparable. CMS Reporting Measures have been in place since 2006 for Part D and since 2009 for Part C. The audits focus on how data is collected/stored/reported, how numerators and denominators are compiled for calculations, what factors are considered for data exclusion purposes, and accuracy of calculations and associated programming code. During the inaugural year of the program in 2011, 652 contracts underwent DVA from March May

8 Data Validation Updated Draft Guidance in 2012 CMS has recently issued a revised set of audit documentation with some improvements from lessons learned including: An Organizational Assessment Instrument ( OAI ); Revised Data Validation Contractor Manual and Training; Data Validation Standards; and A Findings Data Collection Form and Instructions The stated goals for the audit are still to determine whether: 1. The contractor has adequate processes in place to assure accurate and valid data results; and 2. The contractor has reported accurate results (i.e., whether there are any data issues that might impact accurate reporting). Plans and their internal audit staff should be working now to implement a program to address the Data Validation audit standards and arranging for the third party contractor to assist in the initial assessment phase as well as planning for the audit. 15 Data Validation Measures for 2012 Per CMS recent guidance these are the measures for validation and sample testing: Measure Sampling Required Part C Benefit Utilization Note This is Removed for 2012 DVA Procedure Frequency Serious Reportable Adverse Events (SRAEs) Provider Network Adequacy Grievances Organization Determinations/Reconsiderations Employer Group Plan Sponsors Plan Oversight of Agents Special Needs Plans (SNPs) Care Management Part D Retail, Home Infusion, and LTC Pharmacy Access Medication Therapy Management Programs (MTMP) Grievances Coverage Determinations/Exceptions Appeals Long-Term Care (LTC) Utilization Employer/Union-Sponsored Group Health Plan Sponsors Plan Oversight of Agents No No No 16 8

9 Data Validation Timing and Process for 2012 Sample CMS DVA Process as Described in DVA Procedure Manual v 2.0: Can commence prior to 4/1/12 once vendor is selected Can t begin until resubmission window is closed on 3/31/12. Done by DVA Contractor by 6/30/12 Review OAI Info, P&Ps, System Documentation Review /Testing to Determine compliance w/ DVA standards Enter results and submit via HPMS CMS: Determines Pass/Not Pass Status Done by DVA Contractor Done by CMS in Fall of Impact of 2011 DVA Lessons learned from 2011 DVA from the Auditor s perspective The program puts the onus on the plan to ensure that the data it stores, administers and submits is of the highest quality and accuracy according to CMS requirements. Large multi-contract plans can underestimate the amount of time needed to develop the OAI and supporting documentation for the auditor. If a plan has issues pulling CMS requested data universes during other audits (e.g., CPE, Formulary Administration), they will have similar issues pulling together source data sets for this audit. This is particularly true for highly manual processes (e.g., manual spreadsheet type logs of grievances or Part C organizational determinations). A plan s Internal Audit function should be involved in Data Validation Audit preparation by assessing its plan s readiness through the execution of the OAI and other internal audit measures. 18 9

10 Impact of 2011 DVA (Cont d) Lessons learned from 2011 DVA from the Auditor s perspective (Cont d) Results of the OAI review as well as findings relating to data from other relevant internal audit reviews will serve as a valuable assessment tool in determining Data Validation Audit readiness. The process required substantial IT, Operations, and Compliance involvement during other peak times (e.g., bid season). A plan s programming logic used in CMS data reporting may have been reviewed by a third party entity for the first time during last year s audit. Plans should enlist support from delegated entities early on in the process, in particular for areas where one function is delegated to multiple entities (e.g., Part C Organization Determinations). 19 Impact of 2011 DVA (Cont d) Lessons learned from 2011 DVA Per CMS Results indicated that reporting had improved between 2009 and 2010 and part of that was due to DVA. It also appeared that contracts that had a pre-assessment performed did better on DVA. Results overall were that MAOs and PDPs performed at the 95% level for Part C and 96% level for Part D. Many contracts even scored at 100%. However, important questions remained per a CMS 11/9/11 User Call related to whether DVA is an accurate reflection of plan performance and whether it correlated with actual reporting accuracy. CMS noted that for some measures where contracts were identified as outliers (e.g., Part C and Part D grievances), accuracy of DVA performance did not correlate with accuracy of reporting

11 Impact of 2011 DVA (Cont d) Lessons learned from 2011 DVA Per CMS (Cont d) CMS has separated the DVA review period from the data resubmission period in that the DVA review can not begin until the resubmission deadline has expired. DVA contractors are to enter more detailed comments directly into HPMS and only use data contained within HPMS PRDVM. CMS advised plans to take these audits seriously and is considering adding a STAR rating as well as making data available publicly. 21 Impact of DVA on Plan Departments Plan Implications and Next Steps: Internal Audit departments should work collectively with the compliance structure to gain knowledge and understanding of the data validation requirements. Consider the use of the OAI and other CMS guidance to plan internal readiness audits in advance of the 2012 program start. Establish which ongoing or completed internal audits have data components similar to those prescribed in Data Validation and leverage known deficiencies to promote corrective actions for audit preparation. Monitoring and follow-up of corrections resulting from the OAI or other internal audit reviews must be performed to ensure Data Validation Audit success. Provide all internal audit preparedness work and resulting corrective action support to the compliance structure for use in the actual audit or communication with CMS regarding Data Validation

12 IV. CMS Formulary Administration and CDAG Audits 23 Formulary Administration and CDAG Audits CMS rolled out the Compliance Program Effectiveness ( CPE ) reviews with key Part D risk areas to 33 plans in Some had compliance plan only reviews while others had reviews of operational areas. Results led to enforcement actions that included: One termination, Five Marketing/Enrollment Sanctions CMS also published a memorandum of 2011 audit findings and best practices on 1/20/12. CMS listened to industry and plan feedback (e.g., AHIP and BCBSA) and honed the protocol and provide more notice, but it is still a very onerous process that will likely continue to yield compliance action and enforcement results. The audit includes data analysis to prepare targeted sample selections and case file or sample testing of UM aspects of Formulary Administration (i.e., PA, ST, QL), transition processing and coverage determinations, appeals and grievances ( CDAG ). CMS breaks their data testing and sample selections into the categories of: Rejected Claims (Protected and Non-Protected Classes), Transition for New Member and Year-over- Year negative formulary changes and CDAG

13 Formulary Administration Audit Key Components These audits continue to have compressed timeframes and contain numerous followup requests post-onsite based on preliminary findings. Audit Announcement Document/Universe Requests Data Analysis and Onsite Testing Reporting Plans receive CMS Audit Announcement letter: Generally announce review of specific plan and PBM functional areas; Contain documentation, interview, and data requests; Specific data/universe templates are given and plans are expected to conform. Plans must submit: Rejected Claims data; PDE; Coverage Determination, Appeal, and Grievance universes in specified formats; P&T documentation in certain instances. Transaction Testing and Analysis: Since sampling is targeted, a lot of analysis is done pre-site. However, additional cases/system walkthroughs are often required during onsite; Entrance/exit meetings are still conducted. Reports/Follow-up Exit conferences give high level preview, but should not indicate overall results; Initial findings/information requests can come via ; Plans are given an opportunity to respond but deadlines are extremely tight and CMS puts the onus on plans to look for population based issues found during sampling; Numerous follow-up requests can occur until resolution of issues. 25 Formulary Administration Audit Risk Areas Adherence to CMS Approved and Published Formulary Proper adjudication of approved formulary is key. There have been concerns with application of restrictions (e.g., PA, ST, QL) not being included in the approved formulary. The Part D sponsor must be able to document that the claim rejected appropriately in accordance with the formulary and that adequate POS messaging is provided to the pharmacy. Transition Fills New Members and Year-over-Year Members impacted by a negative formulary change Review rejected claims to assess if members eligible for a transition fill inappropriately received a rejection Assess whether Part D sponsors are appropriately identifying members that are eligible for transition fills Protected Class Drugs Availability of six classes of protected drugs Included in the universe requests for Formulary Administration, Transition Fill and CDAG Impact of high cost edits preventing members from obtaining sensitive medications 26 13

14 Coverage Determination, Appeals and Grievance Audit Risk Areas Effectuation Timeliness Was timely notification provided to the enrollee (or representative) and the prescriber, if applicable? Was the decision effectuated in the sponsor s system within the applicable effectuation timeframe? Appropriateness of Clinical Decision-Making & Compliance with Coverage Determination and Appeals Processing Requirements Was timely notification provided to the enrollee (or representative) and prescriber, if applicable? Did the sponsor appropriately consider clinical information and comply with CMS coverage requirements (e.g., followed all required compendia)? For the cases where the decision making timeframe was not met, did the sponsor auto-forward the case to the IRE properly and within the required timeframe? Appropriate documentation of outreach to provider (e.g., two call, two fax approach)? Grievances Was the request properly identified as a grievance? Was the enrollee notified of the disposition timely? Did the grievance resolution appropriately address the nature of the complaint? 27 Impact on Health Plan Departments Lessons Learned from the Auditor s Perspective CMS utilizes rejected claims data as a window to the PBM s POS adjudication systems. Plans should pay close attention to rejected claims reports and data trends in key NCPDP reject codes that could be indicative of plan or formulary set-up issues. The audit protocol also can detect hand-off issues between the plan s Pharmacy departments and their PBMs. CMS pays very close attention to the synchronization between CMS approved formulary files, rejected and paid pharmacy claims data and printed and online formularies. CMS found that some plans had unapproved PA, ST, and QL edits both in and out of transition. CMS also found that drugs in the six classes of clinical concern were not correctly grandfathered (i.e., proper utilization of Type 2 PAs or Type 2 STs) Plans should also make sure that high dollar and other edits that are not part of the CMS formulary approval process are working correctly (e.g., high dollar edits and safety edits). Issues found in rejected claims samples are often also found in new member and year-over-year transition cases but the importance is amplified due to the importance during transition fills

15 V. Summary and Ways to Avoid Common Audit Pitfalls 29 Summary and Ways to Avoid Common Audit Pitfalls With the size and complexity of the MA and Part D programs, it seems there is no fool-proof way to completely prepare for the CMS audit experience. However, plans can seek to avoid some common pitfalls to reduce the sting of an audit by: Having an independent third party conduct a risk assessment or assist with a mock audit of the compliance program well in advance of a suspected audit. Utilizing CMS Regulatory and Policy guidance and internal audit and control initiatives to monitor various aspects of the Medicare program. Studying the public CMS CAPs and, just as importantly, enforcement action information to identify problem areas that plans are having and ensure that those areas are included in the plan s internal audit programs. Identifying problem areas or instances of non-compliance and having a proactive corrective action in place to share with CMS if needed. Ensuring that all relevant business processes, compliance programs, and other essential functions performed by the plan are detailed in documentation and organized in a logical manner

16 VI. Speaker Biographies 31 Speaker Bio Dorothy DeAngelis Senior Managing Director 214 N. Tryon Street Suite 1900 Charlotte, NC Tel: (704) Fax: (704) Professional Affiliations Member, Health Care Compliance Association Member, America s Health Insurance Plans Education B.A. Psychology/Statistics, Baldwin-Wallace College Dorothy DeAngelis is a senior managing director in the FTI Forensic and Litigation Consulting segment and is based in Charlotte. Ms. DeAngelis specializes in assisting legal counsel and ultimate clients with regulatory compliance and operations matters within the Managed Care and pharmaceutical industries. She has more than 18 years of experience in Managed Care and Health Insurance regulatory compliance and operations. Ms. DeAngelis has assisted many of the largest managed care plans with all aspects of regulatory and contract compliance. She has conducted numerous risk assessments and has designed and implemented Medicare Advantage and Part D (MA-PD) and Prescription Drug Program (PDP) compliance and Fraud, Waste, and Abuse programs. Ms. DeAngelis has also developed and implemented compliance manuals, tools, and training materials for all MA-PD, PDP, and Medicaid requirements. Ms. DeAngelis has assisted a large Medicaid Contractor with a government investigation which included the analysis of large volumes of MMIS claims, HEDIS, disease management, enrollment, and premium transactions or data among related and non-related entities to quantify the effect of improper acts or identify trends or biases that may indicate improper acts. Ms. DeAngelis has managed many large process/systems improvement and implementation projects for all departments of large complex insurance companies and Pharmacy Benefit Managers. Projects resulted in mitigation or avoidance of regulatory fines and millions in savings from operating efficiencies. Ms. DeAngelis has supported numerous clients in litigation and arbitration related to disputes over Medicare/Medicaid and Commercial medical and pharmacy claims processing and reimbursement practices and third party insurance operations. Prior to joining FTI, Ms. DeAngelis was a Managing Director at Huron Consulting Group and a Director at KPMG. Ms. DeAngelis began her career in the Managed Care industry as a Medicare Compliance Officer with Kaiser Permanente s corporate office

17 Speaker Bio Kevin Byerly Senior Director 214 N. Tryon Street Suite 1900 Charlotte, NC Tel: (704) Fax: (704) Kevin Byerly is a senior director in the FTI Forensic and Litigation Consulting segment and is based in Charlotte. Mr. Byerly has served clients that include health insurance plans, healthcare providers, pharmacy benefit managers, and pharmaceutical drug manufacturers. With more than 8 years of industry and consulting experience, he has worked with and provided litigation support services, assisted with corporate and regulatory compliance matters, and provided operational consulting services in the pharmaceutical industry. Mr. Byerly s work with litigation support includes assisting clients defend themselves against allegations related to drug and claims pricing issues. He has performed Fundamental Billing Unit cost analysis involving use of HCPCS codes and has experience in investigating pricing issues involving mass documentation review related to pharmacy claims in order to provide litigation support for pharmaceutical manufacturers during the discovery and trial preparation phases. Mr. Byerly has also had an active role in preparing exhibits used during trial. Mr. Byerly has worked extensively with health plans that contract with the federal government to assist them in satisfying and maintaining corporate and regulatory compliance standards for themselves and their delegates. He has focused on providing CMS mock-audit services which has included audit tool creation to standardize reviews and assist health plans in identifying and resolving compliance deficiencies. To assess compliance, Mr. Byerly has performed a wide-rage of gap analyses in different business areas within heath plans including appeals and grievances, marketing and sales, enrollment and disenrollment, and clinical programs such as quality assurance and drug utilization management. Mr. Byerly also has experience in outpatient and inpatient pharmacy operations including oversight of pharmacy financial systems including on-line and manual insurance claims processing, Charge Data Master (CDM) maintenance to maximize provider reimbursement, management of Pharmaceutical Assistance Programs (PAP) offering assistance to qualifying patients and has been engaged by drug manufacturers to conduct audits of providers that utilize PAP programs to ensure that contractual provisions were being met. Prior to joining FTI, Kevin was a Manager in Huron Consulting Group s Pharmaceutical and Health Plans practice and served as the Pharmacy Reimbursement and Compliance Manager for the University of North Carolina Health Care Systems. Mr. Byerly obtained a B.A. in Communication Studies with a concentration in interpersonal and group organization communication from the University of North Carolina at Chapel Hill and a Master of Business Administration and Master of Healthcare Administration from Pfeiffer University