One of the most anticipated sessions at RISE’s upcoming CompliancePalooza is an in-depth look at recent CMS audits featuring a panel of four health plan compliance experts who will talk about their experiences. RISE interviewed two of the panelists ahead of the conference to find out what they would suggest that health plans do to improve audit preparation.

Osato Chitou, founder and principal consultant of Compli by Osato, will co-present with Anne Delomba, manager of FDR/delegation oversight, Neighborhood Health Plan of Rhode Island, during the panel discussion, Monday, Oct. 21, the first day of CompliancePalooza 2019. Chitou has worked with Neighborhood Health Plan to help facilitate change within its First Tier, Down Stream, or Related Entities (FDR) oversight program.

Neighborhood Health Plan received a program audit notice last year, its first one as an organization and as a compliance department, according to Delomba (photo, right) . The audit included a series of Webex sessions in September 2018 for operational areas and a week of onsite audits for compliance program effectiveness. Neighborhood Health got the CMS report in December and wrapped up its validation audit in August.

The year-long process wasn’t easy and was more time consuming than Delomba initially expected. “My regular work just stopped,” she recalled. “For my role, I’m responsible for our annual audit for all our FDRs. When the audit letter dropped, I was in the process of auditing our high-risk FDRs; we hired consultants to help, otherwise   we wouldn’t get the work done . . . It was the best decision we made because I have all the documentation to show that work for the compliance program continued on,” she said.

Common compliance mistakes

One of the biggest mistakes that organizations make is thinking of compliance as an isolated department, rather than an area that can significantly impact the reputation and finances of a business, according to Chitou.

“What I see CMS focus on is the beneficiary impact at the end of the day. When I look at the Medicare Advantage space, every action within a health plan has a compliance piece, and every action within a health plan ultimately impacts the end user, the beneficiary. So, if you are noncompliant, it shows up in many different ways in CMS’ data points,” she said.

Health plan leaders often forget that throughout the year CMS is collecting data, for example, through plan reporting, when plans build their benefits for the upcoming year, and when beneficiaries make phone calls. So, plans must look at their entire organization and not think of compliance as a separate department, but rather compliance should be integrated within the organization, Chitou recommends.

“Often times, you’ll see the grievance and appeals department off by themselves, member services is off by themselves, and compliance is in the basement,” said Chitou (photo, right). “So, you have this scattershot system. No one is talking to each other. Meanwhile, beneficiaries are not getting access to the things that they need, and this ultimately shows up in the data points that CMS is looking at.”

Chitou suggests that plans integrate their processes with the beneficiary in mind. They can then use data to analyze whether those processes work as intended. “The beauty of being an MA plan is that you have access to all of the information that CMS utilizes to analyze whether you are a good plan or a bad plan,” she said. “All of that information is made available on CMS.gov: the Medicare Managed Manual chapters, the audit protocols, the plan reporting requirements. It behooves plans to utilize that data to develop their own framework to demonstrate how they are good plans or quite frankly bad plans. “

Chitou said she is often called to help plans after they receive a letter from CMS about an internal issue. “Things often bubble up over the course of the year, and plans tend not to pay attention unfortunately until they get audit letter or a notice of noncompliance,” she said.

Audit preparation tips

The only way to truly have a pulse on how well your plan is doing is to prepare for audits throughout the year, according to Chitou.

She recommends having your internal team run mock audits with your third-party vendors, so you are aware of issues before CMS arrives. For example, you may find that your dental vendor is not meeting timeliness deadlines for resolving grievances. You may need to put the vendor on a correction action plan and monitor it to determine whether the issue has been corrected.

“The time to make a determination that you have a problem should not be when you receive an audit notice from CMS,” she said. For example, health plans can’t properly prepare for an audit if they’ve never pulled a universe before. It’s a difficult process and CMS only gives organizations so many tries. “The only way to pull a universe correctly is to practice and to practice regularly. That way you’ll be able to highlight issues within your organization, and you can subsequently correct them. It also demonstrates to CMS that even if you are not able to fully correct the issues, you are aware of them,” she said.

Audit preparation should also include oversight of your plan’s FDRs, Chitou said. FDRs are held to the same standards of plans and plans are charged with oversight of the FDR. “A big mistake that plans make, especially plans that are new to the Medicare Advantage space, is not developing appropriate compliance oversight protocols to make sure the FDRs are also following CMS requirements,” she said.

CMS will be able to determine whether you are providing appropriate oversight of your FDRs by looking at the data you pull in a certain universe. If you haven’t practiced pulling those universes, it will be nearly impossible to include that information in the dataset.

“I’ve worked with plans that have, excluding their actual providers, over 40 FDRs. If you’ve never pulled a universe before, to pull in 40 FDRs—it’s an insane job,” Chitou said. “But, you’ll also have no idea of the services they are providing to your beneficiaries because you’ve never looked at the data set of your third-party vendors and obviously this could have significant implications for a health plan,” she said.

Indeed, the result could be a hefty fine. “CMS doesn’t go to the third-party vendors for penalties. It goes directly to the plan because the plan is charged with oversight of that third party,” Chitou said.

Chitou said she and Delomba will walk through exactly what they did to prepare Neighborhood Health Plan for the audit during CompliancePalooza 2019. In the meantime, she stresses that organizations make mock audits part of their regular routine. “This will help facilitate integration of compliance within your business because all parts of the organization are involved in a program audit.  By continuously doing mock audits, it will allow you to integrate your operations and will force you to perform that oversight of your third-party vendors as well,” she said.

CompliancePalooza 2019 will take place Oct. 21-22 at the Omni Shoreham in Washington, D.C. Chitou and Delomba will join panelists Cindy Glennon, director of internal audit, Commonwealth Care Alliance, and James Moran, chief compliance officer, Commonwealth Care Alliance for the session, Tales from the Front Lines: The Survivor's Guide to Recent CMS Audits, at 9:55 a.m. Monday, Oct. 21  Click here for the full agenda and registration information.