Medicare Plans Face New Oversight and Scrutiny From Audit Changes

The American Journal of Pharmacy Benefits, March/April 2015, Volume 7, Issue 2

The 2015 Medicare Part D audit protocols add a layer of complexity to Part D plans and increase their probability of receiving mandatory corrective actions.

For Medicare-contracting managed care plan (known as Medicare Advantage/Prescription Drug plans [MAPDs] and drug-only Prescription Drug Plans [PDPs]), as well as the pharmacy benefit management compa-nies (PBMs) they use, federal oversight is part of the business landscape. The most significant method for oversight and the most resource-intensive and stressful is the program or performance audit. CMS is responsible for the Medicare Part C (Medicare Advantage) program and the Part D (Prescription Drug Benefit) program, and is therefore responsible for the design and conduct of the program audits.

Early each year, CMS issues its protocols for the current year’s program audits. Most years, the protocols are updated with relatively minor process improvements. However, as CMS moves to a more data-driven approach, MAPDs and PDPs are seeing significant changes in the audit protocols. Last year, the component of the audit that tested plan performance in issuing coverage decisions within mandatory time frames expanded the number of cases tested, necessitating the manipulation of large data sets for most audited plans. In addition to this timeli-ness test, CMS escalated the importance of accurate universe data and created submission standards as well as enforcement actions as leverage to ensure reliable and timely data.1

This year, CMS has again made significant changes to the program audit protocols. Specifically, the agency has:

• reset the audit cycle with respect to selection of plans for audit and audit timing;

• added questionnaires to elicit key information for certain audit areas (eg, information about certain policies and procedures, staffing, and delegations of work);

• reduced the burdensome submission requirements in the compliance performance area;

• added a Pre-Audit Issue Summary and Beneficiary Impact Analysis (BIA); and

• restructured the universe format and submission process.2

The restructuring of the universe protocol especially for Part D coverage determinations, appeals, and grievances (CDAGs), as well as Part C organization determinations, appeals, and grievances (ODAGs) is substantial, and required CMS to issue a new guidance document for each area, each more than 50 pages long. Instead of forcing all types of Part D or Part C coverage decisions into 1 universe template, as was done in previous years, CMS now breaks out the data request into multiple universes by logical types of coverage decisions.3,4 These logical breakouts should track well with how MAPDs, PDPs, and PBMs segment their operations and system functionality.

New Audit Cycle

Between 2010 and 2014, CMS completed an audit cycle that encompassed auditing parent organizations that pro-vide services to 96% of Part C and Part D enrollees. With the new audit cycle starting in 2015, all MAPDs and PDPs will again be considered for an audit, even those organiza-tions audited in the last audit cycle of 2014.2 While never revealing which contracting organizations will be selected for an audit, CMS does provide the following information regarding its 2015 audit selection strategy. Plans will be selected using a risk-based approach and other key factors such as:

• high- and low-risk plans based upon CMS’ proprietary risk assessment;

• plans that have never been audited;

• plans within their first 2 years of operation and no previous contract with Medicare; and

• plans with a high volume of Part C or Part D enrollees.2

Restructured Universes, Increased Expectations, Higher Stakes

A central theme throughout the 2015 audit protocols is the accurate and timely submission of audit universes by the plans. While not a new expectation, maintaining a com-pliant format in universe submission and data accuracy has become a persistent challenge for plans caused in large part by the need to consolidate data from multiple systems not designed with audit universe generation in mind. The struggle faced by MAPDs, PDPs, and their contracting PBMs was recognized by CMS and prompted the agency to make modifications to the audit process this year.

First, CMS increased the amount of time from 4 weeks to 6 weeks given to MAPDs and PDPs between audit notification and audit start date, and plans would be provided with an extra week (3 weeks total) to prepare and submit universes. CMS believes that “This will allow more time for [plan] sponsors to pull and quality check their universes…”2

Second, CMS developed a “3-strike” policy for the sub-mission of accurate and timely universes. For 2015, plans will have a maximum of 3 attempts to provide the request-ed universes, whether before or during the audit. Failure to provide an accurate and timely universe twice will result in the assignment of an “observation” condition, or finding (see

Table 1

), in the final audit report. Failure to provide an accurate and timely universe a third time will result in an “Immediate Corrective Action” (ICAR) finding for every condition that could not be tested in the universe.2 This has the potential to quickly increase the number of ICARs issued, creating a vicious snowball effect.

Finally, MAPDs and PDPs failing to meet the universe timeliness and accuracy expectations will expose themselves to further disciplinary action. CMS states that “[plan] sponsors are expected to abide by the universe submission deadlines and sponsors who fail to produce accurate universes or documentation required by audit could face possible enforcement action.”2

Additional Universe Demands

Although each of CMS’ 5 audit areas received some type of “universe make-over” for 2015, our focus here is on the Part D CDAG universes because of the significant deconstruction of the 3 universe templates into 15 tem-plates for data submission.

Format and Composition. Previously, the CDAG universes consisted of 3 distinct universes in Excel format: Effectuation Timeliness (which contained favorable cover-age decisions), Appropriateness of Clinical Decision Making (which contained unfavorable coverage decisions), and Grievances. Each universe included all coverage decisions for a several-month period regardless of whether the decision involved clinical pre-approval or reimbursing the member after the fact, and regardless of the urgency (eg, standard or expedited) or case level (eg, initial coverage determination or appeal).1 This format was not conducive to the setup of data for performing the timeliness tests instituted in 2014.2

Now, MAPDs, PDPs, or their PBMs will have to provide 15 individual CDAG universes in tab-delimited text (.txt) format. Other than for grievance cases, each universe will include all dispositions (ie, favorable, unfavorable, and partially unfavorable decisions), and will be differentiated by urgency, case level, and benefit type (ie, clinical pre-approval, member reimbursement).3 Plan sponsors that ex-perienced difficulties compiling 3 accurate universes in 2014 will need to prepare for the more formidable challenge of producing 15 universes in 2015.

Record Layout. Previously, MAPDs and PDPs were required to construct universes using an Excel file tem-plate provided by CMS.1 Now, plans will need to create the universes based upon the prescribed blueprint—a standardized record layout—from CMS for each of the 15 CDAG universes.3 The new record layout contains details for each field, including name, type, length, and descrip-tion. Plans must strictly adhere to the new universe format, as any additional information outside of the record layout will result in the rejection of the universe by CMS.3 For MAPDs and PDPs that have undergone CMS program audits over the last several years, the new record layouts could result in a complete overhaul of the programmed queries currently used to pull audit universes.

Data Elements. While the format and layout of the universes have changed significantly from previous years, the data elements themselves have remained fairly consistent. This year, there are a handful of new data elements, with one in particular that will likely create a challenge for plans undergoing a CDAG audit. The addition of “patient residence code” a data element PDPs and PBMs receive from the submission of a prescription claim by a pharmacy at point of sale to the CDAG universe will likely require a query of a separate system (ie, claims adjudication) and merging of the resultant data into the universe.3 While not impossible to achieve, this added step will increase the complexity of the data pull, adding yet another hazard to producing an accurate universe.

Disclosures and BIA

MAPDs and PDPs selected for audit must submit a list of any issues of noncompliance that were self-disclosed and/ or self-identified (as defined in Table 2) from the start of the calendar year, and those that could impact the universe data. For each issue, a BIA must be provided in accordance with CMS guidance and templates.6,7 The summary list and BIA must be submitted to CMS within 5 business days of receipt of the audit notice.2 MAPDs and PDPs should not overlook this critical component of the audit process, as corrected issues validated by CMS may not adversely impact the audit score. In a manner similar to the new submission parameters for universes, audited plans will have a maximum of 3 attempts to submit a Pre-Audit Issue Summary and associated BIAs. Failure to submit complete and accurate documents before the universe submission due dates will have a negative impact. CMS states that “…the [plan] sponsor will not receive credit for any disclosed or self-identified issue during the course of the audit.”2

Increased Risks and Ramifications

While the changes to the audit protocols may appear manageable on the surface, they have the potential to create quagmires for MAPDs and PDPs if selected for an audit. The sheer increase in the number of universes will make the universe submissions more susceptible to errors. For instance, the highly repetitive nature of the data elements between universes will tempt plan staff to utilize “copy and paste” mechanisms or other shortcuts during programming. Quality assurance testers may be blinded by the similarities between the data elements within the universes and miss the subtle differences, resulting in inaccurate universes that will not pass muster with CMS. If the root cause of the issues is not identified and resolved by the third allowed submis-sion, the potential for compounding ICARs is quite high.

In addition, the segmentation and detailed data of the CDAG universes, along with the new questionnaire, creates a clearer path by which CMS auditors can detect processing errors, operational noncompliance, and system issues. For example, auditors will have a better view of late cases and auto-forwarding (to CMS’ Independent Review Entity), internal processes for starting and stopping the coverage determination “clock,” and the handling of mem-ber reimbursements. And, if this enhanced scrutiny is over-laid with the requirement to submit issues self-identified before or during the audit, MAPDs and PDPs could be in the difficult position of not knowing and/or not reporting known performance issues by the end of the audit.


As with any new process, there will be kinks that need to be worked out. Various components of the current re-cord layouts (v 021015) will likely require additional CMS clarification for MAPDs and PDPs to properly populate universes, such as: potential discrepancies between field names and their corresponding field descriptions, questionable inclusion of data elements in universes that do not appear to be relevant to the universe type, and field descriptions requiring additional detail and direction for completion.3 The risk of producing an inaccurate universe should prompt MAPDs and PDPs to seek clarification on any and all unclear components from CMS before making assumptions and proceeding to submission.

As MAPDs and PDPs weigh the costs and benefits of readying themselves for a possible 2015 audit, they should consider the enforcement actions CMS may take in re-sponse to adverse audit findings, including civil monetary penalties.8 The number of civil monetary penalties (CMPs) issued by CMS has been rising as a result of MAPD and PDP noncompliance with program requirements. In 2014, CMS imposed 30 CMPs—a nearly 3-fold increase from 2013 to-taling over $4.9 million, for various contract violations.9 A significant portion of the imposed CMPs can be attributed to violations identified during program performance audits. This trend shows no signs of stopping in 2015. In reviewing data available at the time of writing, CMS had already issued 10 CMPs totaling over $2.4 million nearly half of last year’s total dollar amount in the first 2 months of this year. 9

Among all of the Part C and D areas audited, CDAG continues to be the area with the highest overall audit score indicating poorer performance and the highest frequency of violations.8,10 These audit protocol changes, the criticality of accurate universes, and the clearer insight into the compliance of plan operations will introduce additional risk for MAPDs and PDPs in what is already an area of high scrutiny. With the start of the 2015 audit cycle and the decreased room for error, MAPDs and PDPs will need to swiftly assess the changes required not only for audit readiness but in the operational procedures to be examined under CMS’ audit microscope.