CMS issued its Audit Protocols and Data Requests for Medicare Advantage and Part D plans on November 4, 2016 (the “Protocols”). The Protocols have been updated based on the over 500 comments CMS received in response to the draft released in June. The Protocols are open for comments until December 5, 2016.

A review of the crosswalk detailing the changes made to 2016’s Audit Protocols and Data Requests shows that CMS largely retained the same elements as in years past and made a few notable changes.

  • CMS is no longer asking for “self-identified issues.” Self-identified issues were issues that had been discovered by the plan but not reported to CMS prior to the audit. Practically speaking, this now means that plans only receive “credit” for reporting issues to CMS, whereas previously plans received some favorable treatment for reporting self-identified issues through the audit.
  • CMS added language to provide plans more instruction regarding what documentation and detail expected for tracer cases.
  • The Protocols added more emphasis on fraud, waste, and abuse policies and operations as applied to a plan’s first tier, downstream and related entities (“FDR”).
  • The Protocols asked plans in multiple areas to identify whether they classify actions as compliance or FWA.
  • CMS modified (edited, deleted, and added) many questions that appear in the Protocols questionnaires. Some changes include:
    • Providing more detail to plans about what should be produced when conducting a formal audit under the plan’s compliance program.
    • Asking for examples of issues the plan had to deal with that involved an FDR and impacted a significant number of enrollees.
    • Asking for an example of when communicating compliance issues to the senior management/governing body was challenging.
    • Asking for a plan to share best practices.

All plans should carefully review the Protocols, consider how they would perform under the updated structure, and consider how they would update their internal audit and monitoring activities to reflect changes that CMS is considering. As all plans know, undergoing a CMS audit requires an enormous amount of time and resources and CMS’s audit findings can greatly impact plans in many ways, including how a plan performs in the Star ratings system.