Magnifying glass on top of papers.

Preparing for a CMS Program Audit in 2021

Contact: Jeffrey Low

December 10, 2020

Co-authored by Kelli Howe.

With the release of the Centers for Medicare and Medicaid Services (CMS) October 29 memorandum pertaining to the 2021 Program Audit Updates, many organizations’ awareness has been heightened with the possibility of receiving a Program Audit notification letter in the spring or summer of 2021. CMS has stated that 2020 audit protocols will continue to be used in 2021; therefore, efforts employed to prepare for an audit this year will still be applicable. However, as compliance and operational efforts may have been reprioritized due to COVID-19, Ankura is providing our recommendations to reorient your organization to 2021 audit readiness.

  • Evaluate the administration of your organization’s compliance program to determine if all deliverables have been accomplished.
    • Ensure documentation that the compliance committee performed a risk assessment.
      • Oversight and monitoring efforts were performed according to the compliance program and corrective actions were implemented when necessary.
    • Verify that Compliance, Fraud, Waste and Abuse, and Code of Conduct trainings occurred across applicable staff and vendors.
    • Determine if policies and procedures were reviewed, updated, and approved by the appropriate parties per your organization’s scheduled timeframe.
  • Review any new First Tier, Downstream, or Related Entities (FDRs) that your organization forged relationships with in 2020 that may not have been included in past monitoring or auditing programs to ensure that they are also compliant with program requirements.
    • Pharmacy benefit managers, medication therapy management, customer service, and eligibility/enrollment vendors are common examples of FDRs that could have changed from year to year.
    • Evaluate monitoring and auditing that occurred in 2020 and determine if documentation has been captured to demonstrate compliant performance by your FDR or how your organization is managing corrective action.
  • Perform a thorough review of policies and procedures to ensure that these align with updated CMS guidance and the procedural aspects in which your organization or FDR performs.
    • If your organization is a Medicare-Medicaid Plan, ensure any modifications in the three-way contract are documented in applicable policies and procedures.
    • If your organization operates a Special Needs Plan, identify any changes in the Model of Care from 2020 to 2021 that need to be documented in policies and procedures, and provide applicable training to your staff.
    • If your organization is an applicable integrated plan, implement the use of the Letter about Your Right to Make a Fast Complaint and Appeal Decision Letter.
    • Review flexibilities that your organization implemented in 2020 attributed to COVID-19 and how these changes may impact your plan benefits in 2021.
    • Implement the updated standardized Notice of Denial of Medicare Prescription Drug Coverage (CMS-10146).
  • Perform a mock audit to ensure that your organization and FDRs are prepared to comply with the 2020 CMS Program Audit protocols.
    • Undertake thorough universe validation efforts to ensure that all data is accurately populated and appropriately formatted. This is especially important if your FDR produces universes on behalf of your organization, as visibility into external systems and system modifications may not be apparent.
    • Target samples from the universes and audit samples to ensure transactions were handled in compliance with CMS guidance.
      • Additional focus should be on targeted samples to ensure that CMS waivers and guidance related to COVID-19 were followed.
    • Investigate and analyze instances of non-compliance to determine root cause, impact, and required remediation activities. Implement enhanced oversight to ensure remediation efforts are effective.
    • Ensure that all staff and your FDRs are performing functions aligned with the most current policies and procedures.
  • Create an audit playbook that outlines a plan, identifies responsible parties, and initiates specific action items across the organization when a CMS Program Audit notice is received.