There is no need to panic if your health plan receives a notification from the Centers for Medicare & Medicaid Services (CMS) that your organization has been selected for a workplace audit— that is, if you're prepared, according to Heather Metz, manager of government compliance for Gateway Health Plan, one of the country’s leading managed care organizations that currently serves Medicare and Medicaid enrollees across five states. RISE got a chance to interview Metz about her strategies for successful workplace audits, one of two topics that she will discuss at CompliancePalooza, Oct. 21-22, in Washington, D.C.

Workplace audit engagement

As far as Metz is concerned, the key to success is to always be prepared for an audit.

“All too many times in the past, we’ve gotten audit engagement notices of various types, be it a program audit or ad hoc audit from CMS, and we are completely unprepared and it’s a firefight there,” said Metz. “Everyone’s hair was on fire and is trying to get things done at the last minute, which is not good for anybody’s stress level, and it’s also not good for your audit outcomes.”  

Since its last program audit in 2016, Gateway has increased its focus on audit readiness through ongoing education, monitoring, compliance committee enhancements, and board reporting; all efforts that its new Chief Compliance Officer Bret Bissey has implemented. The organization’s recent positive annual Compliance Program Effectiveness reviews have shown that their audit readiness efforts have made a difference.

It’s vital that the organization’s leaders (including the CEO and the board) understand what the program audit involves and the resources that you will require, she said. They need to fully realize the importance of a contingency plan because most of the staff that you need for a program audit are also the people who are responsible for the everyday “business as usual” processing of claims and cases. At Gateway, Bissey mandates that the entire compliance team talk about audits on a regular basis with their business leads.

“You need to make sure you have the leadership backing, and they know resources are going to be taken away up to two to three months, maybe more, and you need to have a contingency plan in place for their day-to-day jobs while they are engaged in an audit, because an audit is really more than a full-time job after you get the engagement notice,” she said. “And once you get that notice, all hands are on the deck, boots on the ground.”  

Audit preparation tips 

Today with the implementation of an effective compliance program, preparation is year-round at Gateway. The compliance team conducts leadership awareness training so that the C-suite, vice presidents, and directors understand what a program audit entails, as well as the consequences if the health plan isn’t prepared and won’t do well. “They need to understand that there could be a monetary consequence, like civil monetary penalties, and/or the resources needed to implement corrective actions,” she said.

Program audit readiness is also on the agenda of every compliance committee meeting or ad hoc committee training for a business area at Gateway.  In addition, the organization has an established audit readiness work group made up of key business partners that meet throughout the year. The group maintains a list of individuals who would participate in an audit and their responsibilities (and makes sure to update it in real time if anything changes).

“We also do mock webinars and mock universe pulls throughout the year, not just when we think we are going to get an audit. We do it on a monthly basis to make sure we are primed and ready for an audit when that engagement notice comes and we don’t have to upset the apple cart in order to get things done,’ she said. “If we weren’t as prepared it would be a much bigger lift when we got the engagement notice.”

This year Gateway’s compliance department thought CMS would conduct a program audit because its last audit was in 2016 and the agency typically conducts audits every three to five years. To make sure it was ready, Metz and Bissey partnered on “Audit Readiness Roadshow” initiatives, which included several audit awareness and readiness presentations and communications provided to all Gateway employees, executive leadership, and board of directors. The organization contracted with a vendor to conduct a mock program audit, an end-to-end process just like CMS would do. Although it never received a notice for an audit before the July deadline, Metz said the organization is prepared for the audit whenever CMS arrives.

Her advice: Be prepared for an audit every year, not just within CMS’ audit cycle. The agency can conduct an audit at any time, even a portion of a program audit, such as a for-cause audit of an organization’s appeals and grievances process. “I always keep that in the back of my head and educate folks in the organization that there is always a potential for that, so you are never safe. You don’t ever want to leave your guard down,” she said.

Finally, she recommends compliance professionals develop relationships with everyone in the organization, especially frontline staff so they are comfortable to come to you and ask questions and report an incident so you can conduct a root-cause analysis and implement corrective actions. “That way when an audit comes, we aren’t caught off guard if they identify an issue.”

Editor’s note: CompliancePalooza will take place Oct. 21-22 at the Omni Shoreham in Washington, D.C. In addition to the workplace audit engagement session, Metz will be a panelist at a session on successful corrective action plans. Click here for the full agenda and registration information.