The Medicare Parts C and D Oversight and Enforcement Group (MOEG) of the Centers for Medicare and Medicaid Services (CMS) have released updates to the proposed 2017 Program Audit Protocols and Data Requests (CMS-10191) for Medicare Parts C and D that RegPulse first commented on in August 2016.
These changes have arisen, in part, because of public comments the agency received during the first 60-day comment period on the revised rules. Health plans that participate in these programs should familiarize themselves with the changes, especially the particular elements that have substantive effect, and may wish to participate in the new public comment period that ends December 5, 2016.
What should plans do, or prepare to do, in light of these changes? Among many granular calls to action, there are some common themes: rewriting and modifying internal reporting processes, creating and testing the new and amended templates and questionnaires, and identifying the shifts in talent and technology resource allocations that the new requirements may make necessary. Having a plan on paper is never a substitute for being demonstrably “audit-ready,” and that distinction may become even sharper now.
A partial list of the revisions, comprising the ones that appear to have the most significant impact, is included below. In general, the changes are consistent with CMS’ move to expand the scope and aggressiveness of the way it audits plans. The agency expects plans to be more self-examining and self-reporting with respect to the issues that come up during audits.
Because of the nature of these changes, plans may face new reporting risks – not only because the data and format requirements themselves are more exacting, but also because regulators will acquire even more data they can use to enforce standards and compare performance from one plan to another. The change also makes it more important for a plan to make sure the data it submits will match the facts auditors will find when they review actual business practices.
In addition to a careful review and possible participation in the comment period, affected plans may wish to assess what it will take to live under the proposed rules and to make preparations. For example, table completeness and accuracy is a common struggle. With requirements for this format likely to tighten, plans can start creating and testing formats now before they are needed.
The more information plans have about the specific data CMS wants to collect before audits, the better they may be able to prepare for those audits by analyzing the data themselves. While the mandate for regulators is still to conduct broad audits, data from plans can help them target specific inquiries, and plans can use the same data to anticipate areas of interest.
Key changes to the proposed Medicare audit protocols
In comparing the new version of the proposed Medicare audit protocols to the ones that were released earlier, hundreds of formal alterations emerge. But in the most significant changes, it appears that CMS has:
CMS has also added a brand-new requirement, which will have its own additional comment period: an industry-wide timeliness monitoring effort to test timeliness of all Part C organization determinations, Part D coverage determinations, and Part C and D appeals to better evaluate how well sponsors perform in the respective appeals. CMS is already evaluating sponsors on this information, but with the change, that monitoring will be ongoing instead of limited to plans under audit.