Keys to a Successful CMS Audit

For individual Americans, the prospect of an IRS audit is intimidating, stressful and life-complicating. People file their taxes each year hoping they never have to face such a reality.

For health plans, hospitals and medical groups, the prospects of a CMS audit is simply a way of life. And since it is certain to occur, progressive thinking organizations are more and more looking at an audit as a verification process to ensure that their compliance and operational procedures are in order, to strengthen the systems that they have in place, and to unearth opportunities for improvement that might lead to more effective management and the minimization of errors in the future.

Health plans, in particular, have unique challenges as it relates to CMS program audits. CMS provides audit protocols and guidelines up to two years in advance (2020 guidelines were distributed in 2018), so plans can know precisely on what they are going to be assessed. But having the guidelines and knowing how to optimally prepare for an audit are not one and the same. Fortunately, there are a number of things a health plan’s compliance department can do to provide a compass that will help assure there are no surprises when CMS comes knocking.

Here are three:

1. While it is assumed that compliance will distribute CMS protocols to company leadership and all applicable internal stakeholders, simple distribution is not enough. Compliance provides its greatest value by interpreting and providing clarification of what CMS provides so as to assure consistent knowledge among all parties within the health plan.

2. Compliance should conduct mock CMS audits department by department. These should include mock compliance program effectiveness (CPE) audits as well as mock CPE tracer audits to support readiness and familiarity with that critical part of the audit process. Ideally this is done throughout the year to create a culture of compliance and to make sure that a health plan’s processes are effective, are applied consistently and can stand up to the rigor of a CMS audit.

3. CMS conducts educational conferences throughout the year at which time new and existing CMS guidance is explained, often by the authors of the guidelines themselves. Compliance should take the lead in making sure that all health plan employees who will be involved in the audit attend these conferences—either in person or, increasingly, by webinar—and then lead internal discussions immediately thereafter to make sure that there is a common understanding of what was said and to put forth a game plan for going forward.

Beyond these tangible actions, compliance should let it be known that they are available to provide regulatory assistance to the operational team at any time and that others throughout the organization who are engaged in the audit process should feel comfortable in turning to compliance to ask questions and get clarification so as to assure audit readiness.

With these fundamentals as a foundation, here are five ways that operations can play its part to raise the likelihood of a successful CMS audit:

1. Clearly identify internal “accountable owners” who will be responsible for providing the data the auditors will need. Make sure these “owners” know upfront what will be expected of them and the critical role they will be playing before, during and even after the audit takes place.

2. Involve senior leadership throughout the prep work and during the audit. Their support, encouragement and validation send an important message throughout the organization as to the importance of this activity and the recognition that a smooth audit can contribute to operational excellence, higher Star Ratings and member satisfaction.

3. Create a central, shared location for all audit materials and submissions. As part of this, make sure to establish tracking logs to record the status of all deliverables. Although the audit may at times be disruptive and intrusive, having a system like this in place will minimize unintended consequences and will contribute greatly to the speed with which the auditors can do their work so the health plan can get back to focusing on serving its members.

4. Work with the compliance department to conduct mock audits and interviews. Doing so not only aids preparedness but helps assure that employees in all applicable departments are on the same page and speaking with one organizational voice.

5. During the audit itself, conduct daily, large-group huddles to promote internal communication. At those meetings, recap what has taken place thus far, what has worked well, what hiccups and speed bumps need to be addressed, and what can be expected next.

In the final analysis, the key to a successful audit lies in preparation and more preparation. And it relies, too, on everyone doing their part to minimize frustration and make the audit process a positive tool on which to build.

Pamela A. Cleveland, L.S.W., J.D., CHC, is chief compliance officer and vice president of compliance product strategy for Beacon Healthcare Systems, home to the healthcare industry’s leading compliance

and risk management technologies that support all lines of business including Medicare, Medicaid,

commercial, health insurance exchanges and risk-bearing entities.