3d render, abstract layered background, paper cut hole, black red shapes

2018: A Year in the Trenches —Best Practices Learned and Key Takeaways for 2019

By Dorothy DeAngelis, Nancy Waltermire, John Marshall

January 23, 2019

2018 was marked by a year of heavy regulatory and policy guidance issued by the Centers for Medicare & Medicaid Services (CMS) and continued audit and enforcement activity. Additionally, the Office of Inspector General (OIG) report, “Medicare Advantage Appeal Outcomes and Audit Findings Raise Concerns About Service and Payment Denials,” and the Department of Justice (DOJ) activity, in the area of risk-adjusted payments, need to be an audit focus for plans.

Ankura has been a trusted advisor to plans in performing mock CMS audits, independent validation audits (IVAs), compliance program effectiveness (CPE) audits, process improvement, and ongoing remediation efforts.

It is out of those efforts that we offer lessons learned, best practices, and key takeaway strategies for plans and their first tier, downstream, and related entities (FDRs) to gear up for another strong year of CMS and US Department of Justice (DOJ) activity.

Compliance Program Effectiveness (CPE)

BEST PRACTICES LEARNED IN 2018

  • Develop an annual risk assessment that specifically rates your first tier, downstream, and related entities (FDRs) and your internal operations. This should include any risks identified by CMS in prior- year program audit reports as well as any high-risk areas identified in the OIG workplan each year. Next, correlate annual audit work plans related to those risk assessments. When it comes time to complete your universes for your annual CPE audit, it will be more apparent which activities go into each
  • There should be a mix of compliance and FWA-related activity on Tables 1, 3, and 4. Use clear descriptions when identifying
  • Tracer summaries should include all the activities that occurred with the event, starting with how the issue was detected (your internal controls), remediation activity, documented outcomes, and whether the remediation was effective (the effectiveness of your processes to respond). Well-developed tracers will help the auditor identify the three compliance elements: prevention, detection, and correction.

KEY TAKEAWAYS FOR 2019

  • Get to know the new layout of universe Tables 1 and 2.
  • Understand the difference between internal auditing and monitoring, and FDR auditing and
  • The first-tier entity auditing and monitoring (FTEAM) universe should only include the auditing and monitoring events related to your FDRs. Should you not have data to include in this universe, then now is the time to start your FTEAM work
  • Keep clear and up-to-date documentation of all monthly and annual exclusion checks and training that includes your staff, board members, and
  • Plans should also remember to conduct HIPAA, privacy, and IT security assessments of their FDRs. Last year, two plans were served with civil monetary penalties due to their delegate responsible for a HIPAA breach. Since the plan contracted with the entity, the plan was responsible for paying the monetary penalty. This breach affected electronic protected health information (ePHI), which a large national health plan maintained for its affiliated health plans and other covered entity health plans.

Medicare Risk Adjustment (MRA)

BEST PRACTICES LEARNED IN 2018

  • Medicare compliance must have oversight and monitoring in place for MRA. (See Graves
  • Plaza and Poehling v. UnitedHealth.) One plan implemented an FWA data dashboard tool to identify potential provider FWA in collaborative arrangements, and a follow up review process to react to those areas of higher risk identified in the tool.
  • One plan implemented a compliance MRA monitoring program that included review of coding accuracy results throughout the enterprise, and aggregation of those results for an enterprise view and identification of takeaways for supplemental accuracy-based programs to support areas where there are higher error rates detected.
  • Two plans completed detailed compliance- focused MRA business process reviews for appropriateness of controls in place, and corrective actions in place where those controls had improvement opportunities.
  • Two plans pursued enhanced MRA and collaborative agreement education of the Special Investigative Unit for those plans to enhance their ability to identify and react to red flags related to
  • One plan developed an MRA vendor audit and monitoring strategy that fundamentally aligned with the compliance audits conducted for delegated functions like claims and UM.

KEY TAKEAWAYS FOR 2019

  • The DOJ is focusing on providers and vendors as well as one-sided retrospective reviews in cases related to
  • CMS coding guidance released in September 2018 highlights guidance on coding of chronic conditions for risk adjustment data validation
  • A recent settlement by a health service provider highlighted codes with high potential for error rates for that plan. Plans should ensure they are aware of codes within their activity with error rates that are consistently higher than others and address those codes accordingly.
  • MRA accuracy pilots should be fully vetted prior to deployment and always completed.

Independent Validation Audit (IVA)

BEST PRACTICES LEARNED IN 2018

  • The IVA work plan includes the specific sample and testing methodology that the auditor will use during the validation audit. This gives CMS the assurance that the auditor is correctly testing the root cause that gave rise to the condition, and gives the plan a solid understanding of what to expect once they determine their “clean period” and turn their universes over to the auditor.
  • A solid work plan and audit methodology limit a plan’s exposure to the discovery of new
  • A coherent project scope and project management will reduce unnecessary costs incurred to the plan by the IVA.

KEY TAKEAWAYS FOR 2019

  • CMS will require the hiring of an independent auditor that has experience with the IVA process when there are more than five non-CPE conditions which must be tested.
  • Distribute validation audit work plan across key stakeholders to work collaboratively with auditor and minimize risk and cost.
  • Discuss with auditor adherence to the CMS basic principles when developing the audit work plan and conducting the actual audit.
  • Plans must copy the independent auditor when submitting the independent validation audit report to CMS.

Part D Formulary and Benefit Administration (FA) and Transition

BEST PRACTICES LEARNED IN 2018

  • A large Medicare Part D plan has an independent auditor conduct its benefit testing and transition logic mapping prior to the start of the new
  • Conduct on-going monitoring of approved utilization criteria to ensure criteria is applied at point of sales correctly.
  • Conduct daily rejected claims review for first 90 days of the calendar year and then weekly for the remainder of year.
  • Develop a monitoring process to ensure the proper prior authorization effectuation dates for medications with starter packs versus ongoing medication therapy.
  • Plans implemented a quality assurance process to ensure accurate coordination between processing systems for B versus D determinations and that claims process under the appropriate part of Medicare.

KEY TAKEAWAYS FOR 2019

  • FA issues can be avoided by employing better scenario and transition testing prior to the start of a new benefit
  • Part D plans and their pharmacy benefit managers can also avoid these issues by examining adjudication logic utilized rather than spot audits of formulary transactions.
  • Enhance monitoring of B versus D medications to ensure appropriate Medicare benefit claims processing
  • FA website review has been suspended from evaluation in program audits.

Part D Coverage Determinations, Appeals, and Grievances (CDAG)

BEST PRACTICES LEARNED IN 2018

  • Plans have engineered their process to make three outreach attempts to providers using various methods of
  • A large national MA-PD and PDP conducted an end-to-end process review to determine areas of inefficiency in handling that led to untimely IRE auto-forwards.
  • Implementation of a quality assurance process to ensure grievances had appropriate investigations and resolutions and that letters are accurate, complete, and understandable to enrollee.
  • Develop auditing and monitoring work plans to include a focus on denial rationales for correct and complete information which is understandable to enrollees.

KEY TAKEAWAYS FOR 2019

  • Plans should conduct end-to-end process reviews to fully understand all handoffs, data points, and any missed opportunities to improve timeliness.
  • CMS’ main concern in 2019 will continue to be member access and providing of
  • CMS will evaluate plans’ implementation of the Comprehensive Addiction and Recovery Act (CARA) through the program audit process. Part D plans can limit at-risk beneficiaries’ access to coverage or frequently abused drugs. These determinations are not defined as coverage determinations and will not be collected as part of universes. However, beneficiary at-risk redeterminations will be reported within universe submission of Table 6: Standard Redeterminations and Table 8: Expedited Redeterminations.
  • Anticipate release of final consolidation of Chapter 13 of the Medicare Managed Care Manual and Chapter 18 of the Prescription Drug Benefit Manual.

Part C Organization Determinations, Appeals, and Grievances (ODAG)

BEST PRACTICES LEARNED IN 2018

  • The development of denial codes that align with CMS requirements.
  • Conduct an end-to-end analysis of appeals process, make use of appeals committees, and take control of data to increase level of oversight.
  • Implementation of a quality assurance process for review and analysis of overturned appeals.
  • Develop auditing and monitoring work plans to include a focus on denial rationales for correct and complete information which is understandable to enrollees.

KEY TAKEAWAYS FOR 2019

  • Include member notices in your ongoing monitoring of both internal and FDR operational
  • Denial rationale should strike a balance between ease of understanding, specificity to what was denied, what would be needed to approve, and cultural competence.
  • Adequacy and accuracy of initial organization determination denials needs to have ongoing auditing and monitoring.
  • Anticipate release of final consolidation of Chapter 13 of the Medicare Managed Care Manual and Chapter 18 of the Prescription Drug Benefit Manual.

Special Needs Plan – Model of Care (SNP-MOC)

BEST PRACTICES LEARNED IN 2018

  • Consistently verifying dual eligibility in accordance with CMS guidance and accessed state Medicaid eligibility systems within the enrollment area.
  • The development of an ICP for new members who did not complete the health risk assessment (HRA) within 90 days of
  • Identifying a true interdisciplinary care team (ICT) meeting to develop ICP an unable-to-reach- care plan when neither the member or primary care physician can attend ICT after multiple attempts.
  • Identify all conditions documented in the HRA and diagnoses related to the transition of care (TOC).

KEY TAKEAWAYS FOR 2019

  • SNP-MOC Enrollment  Verification will be suspended from evaluation in CMS program audits.
  • Remember all Special Needs Plans Model of Care Plans will be approved on an annual basis beginning 2019.
  • Individual care plans must include all conditions identified in the HRA and the diagnosis related to the TOC. Goals should be prioritized based upon diagnosis related to the TOC or based upon chronic conditions identified in the HRA. Clearly define those conditions that are documented as “Other.”
  • Identify goals and objectives, including measurable outcomes for each condition, as well as specific services and benefits to be provided.
  • Complete ICPs for members who have opted out of the case management.

CMS Provider Directory Reviews

BEST PRACTICES LEARNED IN 2018

  • Compliance partnered with network operations on conducting monthly validation of all provider key contact information, including addresses, phone numbers, and availability.
  • Compliance has added provider directory accuracy as a risk on their annual risk assessments.

KEY TAKEAWAYS FOR 2019

  • Plans should be validating all provider directory information prior to submitting to CMS.
  • CMS encourages Medicare Advantage Organizations (MAOs) to look for near-term solutions to improving directory accuracy, such as performing self-audits of directory data, working with group practices to ensure that providers are only listed at locations where they accept appointments, and developing better internal processes for members to report directory errors.
  • Compliance should validate the information as they conduct their oversight and monitoring of key areas of operations.
  • CMS will continue to monitor provider directories and will add this to the plan’s compliance scoring.