The Evolving Medicare Advantage and Part D Compliance Program Guidance This roundtable discussion is brought to you by the Payors, Plans, and Managed Care (PPMC) Practice Group October 2, 2012 12:00-1:15 pm Eastern Presenters Vernisha L. Robinson Senior Technical Advisor Program Compliance and Oversight GroupCenter for Medicare, CMS, Baltimore, MD Ms. Robinson serves as a senior technical advisor and national lead on the team implementing compliance program policy and operational requirements for all aspects of the MA and Prescription Drug programs, including the development of new regulations, sub-regulatory policy, and standard operating procedures. Erin W. Skinner Health Insurance Specialist Division of Compliance Enforcement, Program Compliance and Oversight Group Center for Medicare, CMS, Baltimore, MD Ms. Skinner was part of the team that worked on revising and updating the Compliance Program Guidelines. Beth Brady Health Insurance Specialist Division of Plan Oversight and Accountability, Medicare Program Integrity Group Center for Program Integrity (CPI), CMS, Baltimore, MD Ms. Brady serves as the CPI lead for compliance and fraud, waste, and abuse audits of Medicare Advantage and Prescription Drug plan sponsors. We would like to thank MA and Part D Affinity Group Co-Chairs Janice Ziegler, Esquire (SNR Denton LLP, Washington, DC) and Lyn Amor Macaraeg, Esquire (CareMore Health Plan, Cerritos, CA), and the Health Plan Affinity Group Co-Chairs Kirk Nahra, Esquire (Wiley Rein, Washington, DC), and Linda Tiano, Esquire (Coventry Health Care, Bethesda, MD) for planning this event. 1
Compliance Program Guidance Overview of Chapters 9 & 21 Vernisha Robinson, MSM CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Erin Skinner, JD CM/Program Compliance and Oversight Group, Division of Compliance Enforcement Beth Brady, CFE, AHFI Center for Program Integrity, Division of Plan Oversight and Accountability American Health Lawyers Association Webinar October 2, 2012
Agenda Background Overview of the Revised Compliance Program Guidelines 2
Questions/Answers The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely to policy questions or inquiries: Parts_C_and_D_CP_Guidelines@cms.hhs.gov 3
Revised Guidance Chapter 9 Medicare Prescription Drug Benefit Manual * & Chapter 21 Medicare Managed Care Manual** Based on regulations that were effective on January 1, 2011 Content Identical Applicable to Medicare Part C and Part D programs Applicability to Cost Plans and PACE as stated in Section 10 Released through HPMS on Friday, July 27, 2012 Effective immediately * Internet-Only Manual (IOM), Pub. 100-16 * * IOM, Pub. 100-18 4
The Journey: Draft to Final February 8, 2012 Draft Compliance Program Guidelines issued for public comment via HPMS March 16, 2012 Comment period ended Robust review and comment process (900+ comments) DCE/CPI workgroup 68 entities (Medicare Advantage Organizations and Prescription Drug Plans, Delegated Entities, Trade Associations, consultants, etc.) Topics of interest: FDR oversight Content requirements for Policies, Procedures, Standards of Conduct Role of governing body & executive management Compliance training of deemed providers Frequency requirements for checking OIG/GSA exclusion lists July 27, 2012 Final Compliance Program Guidelines issued via HPMS 5
Section 10 - Introduction Must: Requirements created by statute or regulation vs. Should: Expectations identified in Guidelines vs. Best Practices: Recommendations 6
Section 30 - Overview of Mandatory Compliance Program Identifies 7 elements of an effective compliance program In order to be effective, the Sponsor s compliance program must be fully implemented Adequate resources are essential to an effective compliance program 7
Section 40 - Sponsor Accountability for and Oversight of FDRs Who is an FDR? Sponsor determines whether its delegated entity is an FDR subject to compliance requirements How to Determine Who is an FDR Consider functions that are related to Medicare Parts C and D contracts If an entity is performing one of these functions, it is very likely appropriate to categorize the entity as an FDR If not performing one of the listed functions, analyze all facts and circumstances, including factors listed in chapter. 8
Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Standards of Conduct (SOC) Also referred to as Code of Conduct or other similar terms Provide the overarching principles by which the Sponsor operates May be in a Medicare-specific document, or included as part of the Sponsor s commercial business Code of Conduct 9
Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Policies and Procedures (Ps & Ps) Describe operation of compliance program Detailed and specific Implement the operation of compliance program Should be updated to reflect changes in laws, regulations, other Medicare program requirements 10
Section 50.1 - Element I: Written Policies, Procedures and Standards of Conduct Distribution of SOC and Ps & Ps To Employees When? Within 90 days of hire When updated Annually How? Hard copy initially then electronic Email electronic copy Posting on intranet To FDRs When? Within 90 days of contracting When updated Annually How? Fax blast Placement on Sponsor s FDR Portal Contained as attachments to the FDR Contract 11
Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Compliance Officer Compliance reports must reach senior-most leader Must have express authority to provide unfiltered, in-person reports to senior leader/governing body Reports should not be routed through operational management (e.g. Chief Operating Officer, Chief Financial Officer, General Counsel) Compliance Officer reports may be relayed through divisional Presidents Compliance reports to governing body must be made through a Sponsor s compliance infrastructure 12
Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Compliance Committee No requirement for separate Medicare Compliance Committee Accountable to senior leadership and governing body Must provide regular compliance reports to senior leadership and governing body 13
Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Governing Body Sponsor s or parent s governing body (e.g. Board, etc.) must oversee compliance May delegate oversight to committee, but governing body as whole ultimately accountable Must be knowledgeable about compliance risks 14
Section 50.2 - Element II: Compliance Officer, Compliance Committee and High Level Oversight Senior Management Senior-most leader of contract holder must be engaged in compliance program oversight Must integrate Compliance Officer into organization Must be advised of all compliance enforcement activity, etc. 15
Section 50.3 - Element III: Effective Training and Education General Compliance Training for Employees Who? All employees (including CEO, administrators and managers) Governing body members When? Within 90 days of hire and Annually thereafter How? Classroom training Online training modules Attestations that employees have read and received the Sponsor s Standards of Conduct and/or compliance policies and procedures Sponsors must be able to demonstrate that their employees have fulfilled these training requirements 16
Section 50.3 - Element III: Effective Training and Education General Compliance Training for FDRs What? Sponsors must communicate the following to FDRs: General compliance information and Compliance expectations are communicated to FDRs How? Distribution of Sponsor s Standards of Conduct and/or compliance policies and procedures to FDRs employees through Provider Guides, Business Associated Agreements, etc. 17
Section 50.3 - Element III: Effective Training and Education Fraud, Waste, and Abuse (FWA) Training Who? All employees (including CEO, administrators and managers) Governing body members FDRs When? Within 90 days of hire and Annually thereafter FDRs? Sponsors must provide FWA training directly to FDRs or Sponsors must provide training materials or Sponsors must ensure FDRs complete the CMS FWA Training Module Specialized training may be provided based on FWA risks specific to an individual s job function 18
Section 50.3 - Element III: Effective Training and Education FWA Training (Deemed FDRs) FDRs meeting FWA certification through Parts A/B enrollment or accreditation as DMEPOS* supplier are deemed to have met FWA training requirement If a chain pharmacy, each individual location must be enrolled to be deemed *DMEPOS = Durable Medical Equipment, Prosthetics, Orthotics, and Supplies 19
Section 50.4 - Element IV: Effective Lines of Communication Compliance Officer: Communicating with Others Compliance Officer s name, location, and contact information must be shared with employees and FDRs Implement a system to communicate changes in law, regulations, subregulatory guidance, and P&Ps Information must be disseminated timely Numerous examples of methods to communicate both internally and to FDRs Sponsor must educate enrollees about identification and reporting of potential FWA. 20
Section 50.5 - Element V: Well-Publicized Disciplinary Standards Disciplinary Standards (Policies & Procedures) Must be clear and specific Must describe the Sponsor s expectations for reporting compliance issues and assisting in the resolution of reported compliance issues Must identify noncompliant, unethical, or illegal behavior through examples of violative conduct 21
Section 50.5 - Element V: Well-Publicized Disciplinary Standards Disciplinary Standards (Publicize & Enforce) Provide timely, consistent and effective enforcement of standards Numerous examples provided of how to publicize disciplinary standards Records must be maintained for 10 years for all compliance violation disciplinary actions 22
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Routine Monitoring and Auditing Must conduct monitoring and auditing to test and confirm compliance with Medicare requirements Monitoring: regular reviews of operations to ensure ongoing compliance Auditing: formal review of compliance with a set of standards Must develop an annual monitoring and auditing work plan Compliance Officer must receive regular reports from the audit department regarding results and corrective actions taken 23
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks System to Identify Compliance Risks Must conduct a formal baseline assessment of major compliance and FWA risk areas (e.g., risk assessment) Must take into account all Medicare business operational areas Examples provided of high risk areas for Medicare Parts C and D Sponsors Must audit the effectiveness of the compliance program (annually) Transfer results into a monitoring and auditing work plan 24
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Audits: Sponsor s Operations and Compliance Program Audit function may be a separate department or performed by the Compliance department Must designate adequate resources to meet the work plan goals No self-policing by operational areas; must be independent auditors; internal audit or compliance Must audit the effectiveness of the compliance program and share results with governing body 25
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Monitoring and Auditing FDRs Sponsors are responsible for compliance with CMS requirements, including work performed by their FDRs Must develop a strategy to monitor and audit first-tier entities for compliance program requirements Must ensure first-tier entities fulfill compliance program requirements Must ensure first-tier entities monitor compliance of downstream entities Examples provided of how to conduct monitoring and auditing activities of FDRs (e.g., risk assessments, utilization reports) 26
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Tracking and Documenting Compliance and Compliance Program Effectiveness Sponsors should track and document compliance efforts Dashboards, scorecards, self-assessments tools and other mechanisms help demonstrate compliance goals and achievements Issues of noncompliance and FWA identified in the assessment tools should be shared with senior management 27
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks OIG/GSA Exclusion Sponsors must review the DHHS OIG LEIE list and GSA EPLS prior to hiring or contracting, and monthly to ensure none of the persons or entities are excluded New and Temporary Employees Volunteers Consultants Governing Body members FDRs 28
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Use of Data Analysis for FWA Prevention and Detection Establish baseline data to recognize unusual trends or changes in utilization or patterns over time Identify internal problem areas such as enrollment, finance, or data submission, and problem areas with the FDRs Use findings to determine where there is a need for policy changes 29
Section 50.6 - Element VI: Effective System for Routine Monitoring, Auditing, and Identification of Compliance Risks Special Investigation Units (SIUs) SIU - An internal unit, often separate from the compliance department, responsible for investigation of potential FWA Sponsors are not expected to perform law enforcement duties and may refer FWA matters to the NBI MEDIC or to law enforcement SIUs must be accessible via phone, email, Internet and mail, and Sponsors must ensure FWA can be reported anonymously Communication and coordination between the SIU and compliance department is key in ensuring that all Medicare Parts C and D benefits are protected from FWA schemes 30
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues If Potential FWA is Detected... Sponsors must initiate a reasonable inquiry as soon as possible, but not later than 2 weeks after the date the incident is identified After a preliminary investigation, Sponsors may refer potential FWA to the NBI MEDIC if they do not have the time or resources to investigate fully Referrals should be made to the NBI MEDIC within 30 days so that the fraudulent or abusive activity does not continue Sponsors are responsible for monitoring for FWA and noncompliance within their organizations 31
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues Corrective Actions Must be designed to correct the underlying problem Must be implemented in response to FWA or noncompliance Must prevent future noncompliance (root cause analysis) Must include timeframes for achievements Must be documented and include ramifications if the corrective action was not implemented satisfactorily Sponsors must ensure FDRs have corrected their deficiencies Thorough documentation must be maintained of all deficiencies identified and corrective actions taken 32
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues Medicare Drug Integrity Contractors (MEDICs) Perform specific program integrity functions for Medicare Parts C and D The National Benefit Integrity (NBI) MEDICs Identify potential FWA Investigate referrals from sponsors and keep sponsors informed Refer to law enforcement or other entities when necessary May request additional information from the sponsors which should be provided within 30 days unless otherwise specified 33
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues CMS issues alerts about fraud schemes identified by law enforcement officials. In response, Sponsors should... Review contractual agreements with identified parties Consider terminating contracts if law enforcement has issued indictments and the terms of the contract authorizes termination in such instances Review past paid claims from entities identified in the fraud alert Identify claims that may have been part of an alleged fraud scheme and remove them from PDE submissions 34
Section 50.7 - Element VII: Procedures and System for Prompt Response to Compliance Issues To Identify Providers with a History of Complaints, Sponsors... Should maintain files for 10 years on providers who have been the subject of complaints, investigations and prosecutions Should maintain files that contain documented warnings, educational contacts, copies of complaints, and results of investigations Must comply with requests from law enforcement, CMS or CMS designee regarding monitoring of potentially abusive or fraudulent providers 35
Questions/Answers The Division of Compliance Enforcement (DCE) has a streamlined process for responding timely to policy questions or inquiries: Parts_C_and_D_CP_Guidelines@cms.hhs.gov 36
CMS Part C and Part D Compliance and Audits Website WEBSITE of the PROGRAM COMPLIANCE & OVERSIGHT GROUP (PCOG) http://www.cms.gov/medicare/compliance-and-audits/part-c-and-part- D-Compliance-and-Audits/index.html
Questions 2
The Evolving Medicare Advantage and Part D Compliance Program Guidance 2012 is published by the American Health Lawyers Association. All rights reserved. No part of this publication may be reproduced in any form except by prior written permission from the publisher. Printed in the United States of America. Any views or advice offered in this publication are those of its authors and should not be construed as the position of the American Health Lawyers Association. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought from a declaration of the American Bar Association 3