Page 1 of 11
National Policy Library Document Policy Name:
Medicare Compliance: Monitoring and Auditing
HR810-84520
Policy No.:
Policy Author: Sheryl D Pessah
Author Title: Mgr Compliance & Reporting
Phone: 818/676-8767
Cost Center: 11709
Functional Owner: Gay Ann Williams
Executive Owner: Patricia T Clarey
Author Department: 4002-Medicare Compliance and C
This Policy is applicable to the following: Department(s):
All Departments
Business Unit(s):
HN Life, HNAZ, HNCA, HNCS, HNI, HNOR, HNPS
Products/LOB's:
Medicare Advantage and Medicare Part D, Dual Eligible
Date Created in NPL: 08/10/2007
Date Last Reviewed : 06/07/2012
Date Approved: 06/07/2012
Version: 4
Policy Statement:
Health Net, Inc. follows the Centers for Medicare & Medicaid Services (CMS) requirements contained in the Medicare Managed Care Manual Chapters, the Prescription Drug Benefit Manual Chapter 9 Part D Program to Control Fraud, Waste and Abuse Guidance as well as Parts 422 and 423 of Title 42 of the Code of Federal Regulations (CFR). Health Net has established protocols to ensure 1) compliance risks are identified and investigated, and 2) effective monitoring and auditing of its internal business units as well as first-tier, downstream and related entities (FDR) responsible for administering the Medicare Advantage (MA) and Medicare Prescription Drug Plan (Part D) programs. Internal Auditing and Monitoring The Internal Audit Department develops an annual audit work plan, which takes into
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 2 of 11
account identified high risk areas related to the MA and Part D program. The Medicare Compliance Department performs an annual risk assessment of the MA and Part D programs and develops an annual monitoring work plan. The work plan describes Risk Reviews to be conducted by, or on behalf of, the Medicare Compliance Department. The risk assessment and monitoring work plan are reviewed on an annual basis, or more frequently as required. The Medicare Compliance Department also conducts on-going and ad-hoc Independent Reviews of operational Business Units responsible for administration of the MA and Part D program. Audit and monitoring results are reported to the applicable Business Unit Owner(s), the Medicare Compliance Officer, the Chief Compliance Officer, the Chief Medicare Officer, the Medicare Compliance Committee and/or to the Health Net Board of Director’s Audit Committee. When appropriate, Health Net informs CMS, the MEDIC or law enforcement of aberrant findings. FDR Auditing and Monitoring Various departments within Health Net are responsible for overseeing the ongoing compliance of FDRs responsible for the administration and delivery of MA and Part D benefits. These departments include, but may not be limited to: Claims, Credentialing, Delegation Oversight, Health Net Pharmaceutical Services, Provider Network Management, Membership Accounting, Sales, and Strategic Partners. Multiple methods are used to monitor and audit FDRs including but not limited to: on-site audits, desk reviews and monitoring of self-audit reports. Health Net requires all FDRs to submit a CAP when deficiencies are identified through compliance audits, ongoing monitoring or self-reporting. Health Net will take administrative action, which may include termination of the contract, if a FDR does not comply with a CAP or does not meet its regulatory obligations as outlined in the Medicare Advantage or Part D contract. FDR auditing and monitoring results are reported to the Medicare Compliance department. Auditing by CMS or its Designee The U.S. Department of Health and Human Services (HHS), the Comptroller General, CMS, or any auditor acting on their behalf has regulatory authority to inspect and audit any pertinent contracts, books, documents, papers, and records involving transactions related to CMS‘ contract with Health Net. Health Net and its FDRs cooperate with audits conducted by HHS, the Comptroller General, CMS, or any auditor acting on their behalf and allow access to their facilities as requested. Policy Purpose:
To ensure a monitoring and auditing program is in place to test and confirm compliance
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 3 of 11
with the MA and Part D regulations, sub regulatory guidance, contractual arrangements, and all applicable State and Federal laws, as well as internal policies and procedures. Scope/Limitations:
This policy applies to all associates employed, contracted, or otherwise representing Health Net, Inc. and its subsidiaries and those of any FDRs, who participate in the administration of Health Net’s Medicare Advantage and/or Part D programs. Related Policies:
Delegation Oversight: Corrective Action Plan (GS318-114855) Internal Audit Department Policy and Procedure (IAD Charter) (MP38-75840) Health Net Medicare Compliance- Medicare Part D Delegation Oversight (EJ4483932) Medicare Compliance: Prompt Response to Detected Offenses (EJ44-83932) Medicare Compliance: Medicare Compliance Plan (HR328-1543) SIU Oversight & Monitoring (PW323-123443) References: Title 42 Code of Federal Regulations (CFR) 422.503(b)(4)(vi)(F) 423.504(b)(4)(vi)(F) CMS Medicare Managed Care Manual Chapter 11 Medicare Advantage Application Procedures and Contract Requirements (Section 20.1) Prescription Drug Benefit Manual Chapter 9 Part D Program to Control Fraud, Waste and Abuse (Section 50.2.6)
Health Net’s Medicare Compliance Plan 2012 Addendum List: A. MA and Part D Identified Risk Areas B. Risk Assessment Ranking Document Definitions:
Audit A formal review of compliance with a particular set of internal (e.g., policies and procedures) or external (e.g., laws and regulations) standards used as base measures and are performed by someone who has no vested interest in the outcomes or business area being reviewed. Audit Committee The Board of Directors of Health Net has established an Audit Committee, which is directly responsible for, among other things, the appointment, retention, compensation and oversight of the Company’s Internal Audit Officer who works directly for the Committee. This oversight extends to the internal audit function taken as a whole, the internal audit plan, audit results, and management actions to
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 4 of 11
strengthen control procedures, processes and standards. Audit Guide CMS’ performance monitoring protocol. Business Unit
Health Net plans, entities or departments with specific business functionality. Corrective Action Plan (CAP) A description of the actions to be taken to correct identified deficiencies and to ensure future compliance with the applicable requirements. A CAP usually contains accountabilities and set timelines. Centers for Medicare & Medicaid Services (CMS) The Federal agency within the Department of Health and Human Services that administers the Medicare program. Compliance Liaison A Compliance Department associate responsible for providing guidance and overseeing a wide range of compliance activities for an assigned Business Unit to assure operational and procedural compliance with legislative and regulatory requirements.
Comptroller General The director of the Government Accountability Office (GAO), a legislative branch agency established to ensure the fiscal and managerial accountability of the federal government.
Downstream Entity Any party that enters into a written arrangement, acceptable to CMS, below the level of the arrangement between Health Net and a first tier entity. These written arrangements continue down to the level of ultimate provider of health, pharmacy and/or administrative services to members. First Tier Entity Any party that enters into a written arrangement acceptable to CMS with Health Net to provide administrative services or health care or pharmacy services for a Medicare eligible individual under a MA or Part D Plan. Health Net The term Health Net for the purpose of this policy and procedure is applicable for Health Net, Inc and its various subsidiaries. The term will also include delegates, such as providers, third party administrators, or other entities who have been delegated responsibility for activities defined in this policy. Health Net Inc. is the parent company.
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 5 of 11
Independent Reviews Monitoring reviews performed on a scheduled and/or on-going basis to proactively test operational and procedural compliance with legislative and regulatory requirements independent from Business Unit self-audits. Internal Audit A department within Health Net that provides independent, objective and comprehensive reviews designed to evaluate and assess the adequacy and effectiveness of various areas of the company. Medicare The federal health insurance program for people 65 years of age or older, certain younger people with disabilities, and people with End Stage Renal Disease (ESRD). Medicare Advantage (MA) A program offered to Medicare beneficiaries by private companies that work in conjunction with Medicare and cover the full range of hospital and doctor services covered under Original Medicare. Also referred to as Medicare Part C. Medicare Compliance Officer A Health Net associate responsible, either directly or through delegation, for overseeing the MA and Part D compliance program and operations and for developing, operating, and monitoring the fraud, waste and abuse program. Medicare Drug Integrity Contractor (MEDIC) An organization that the CMS has contracted with to perform specific program integrity functions for Part D under the Medicare Integrity Program. The MEDIC is CMS’ designee to manage CMS’ audit, oversight, and anti-fraud and abuse efforts in the Part D benefit. Monitoring Surveillance activities conducted during the normal course of operations and which may not necessarily be independent of the business area being monitored (e.g., self reviews, peer reviews, etc.) Monitoring activities may occur to ensure corrective actions are being implemented and maintained effectively or when no specific problems have been identified to confirm ongoing compliance. Office of the Inspector General (OIG) The OIG conducts and supervises audits and investigations relating to programs and operations of the DHHS. Online Monitoring Tool A web-based, hosted oversight and compliance management tool
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 6 of 11
On-Going Monitoring Monitoring activities performed on a scheduled and/or routine basis. Outcome Monitoring Review A monitoring activitiy that confirms if the end result of a process or function is compliant. Part D Also referred to as Medicare prescription drug coverage, is a voluntary program offered to Medicare beneficiaries by private companies to subsidize the cost of prescription drugs. Process Monitoring Review A monitoring activity that examines one or more processing steps, providing assurance that the process is being implemented as planned. Related Entities Any entity that is related to Health Net by common ownership or control and performs some of Health Net’s management functions under contract or delegation, and furnishes services to Medicare enrollees under an oral or written agreement. Risk Assessment The identification, measurement and prioritization of likely relevant events or risks that may have material consequences on Health Net’s ability to maintain compliance with MA and/or Part D program requirements. Risk Review Monitoring activity conducted by the Medicare Compliance Department of high priority risk areas identified as part of the annual risk assessment where on-going monitoring has either not been established or is not adequate. Special Investigations Unit (SIU) A department within Health Net that responsible for detecting, investigating and deterring issues of possible Fraud, Waste and/or Abuse (FWA) in compliance with the laws, rules and regulations applicable to healthcare. U.S. Department of Health and Human Services (HHS) The United States government’s principal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. It is comprised of the Office of the Secretary and 11 operating divisions, including CMS. Policy/Procedure:
MA and Part D Risk Assessment and Monitoring Work Plan
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 7 of 11
The Medicare Compliance department: 1. Identifies risks to the MA and Part D program by reviewing, at a minimum: CMS guidance relating to regulatory risks; The OIG work plan; Audit findings from external reviewers (e.g., CMS, OIG, etc.); Enforcement notices from CMS; Complaints filed with CMS (i.e., CTMs) Audit and monitoring findings from internal reviewers (e.g., Business Units, Internal Audit department, Special Investigations Unit (SIU), etc.) Internal operational dashboards, metrics and/or scorecards; Member “touch points” such as Appeals & Grievances, Claims, Member Services, Sales, Marketing, Enrollment/Disenrollment, and Premium Billing; Self-identified issues reported by the Business Units; New regulatory requirements; New operational systems or practices; and Corrective Action Plans. 2. Adds identified potential risks to the MA and Part D Identified Risk Areas document (Attachment A); 3. Assesses the likelihood of occurrence and possible consequence of each of the identified potential risks using the Risk Assessment Ranking document (Attachment B); 4. Assists the Medicare Compliance Committee in prioritizing the high risk areas to determine which will be referred to the Internal Audit department for consideration of inclusion in their audit work plan; 5. Reviews the remaining high priority risk areas to determine which already have effective on-going monitoring processes established; 6. Determines which high priority risk areas will be included in the MA and Part D Monitoring Work Plan as Risk Reviews; Note: Risk areas not incorporated into the Monitoring Work Plan are included in future risk assessments until or unless it is confirmed there are no potential risks remaining. 7. Determines which Risk Reviews will be conducted internally by the Medicare Compliance Department and which will be outsourced to a third party contractor; 8. Uses applicable laws, regulations, and CMS guidance as well as Health Net’s policies and procedures when developing the Risk Review methodology 9. Develops the MA and Part D Monitoring Work Plan: 10. Conducts Risk Reviews in accordance with the MA and Part D Monitoring Work Plan; 11. Reports results of Risk Reviews to the applicable Business Unit owner(s), the Medicare Compliance Officer, the Medicare Compliance Officer and the Medicare Compliance Committee. On-going and Ad-hoc Independent Reviews of Operational Business Units The Medicare Compliance Department:
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 8 of 11
1. Works with individual Business Units to develop monitoring work plans specific to the functions the Business Unit performs; 2. Reviews internal operational dashboards, metrics, and/or scorecards received from Business Units to ensure compliance with CMS requirements; a. Where operational dashboards, metrics, and/or scorecards do not exist or are not adequate, the Medicare Compliance Department works with the applicable Business Unit to ensure these are developed. 3. Conducts routine or ad-hoc process and outcome monitoring reviews in situations where internal operational dashboards, metrics, and/or scorecards are not available or to validate self-monitoring results reported by Business Units; 4. Reviews new and revised policies and procedures; 5. Enters and tracks monitoring results within the Online Monitoring Tool (OMT); 6. Submits a Corrective Action Request to the Business Unit when deficiencies are identified; 7. Tracks Corrective Action Plans to completion within the OMT; 8. Reports monitoring and independent review results to the Medicare Compliance Officer and the Business Units on a regular basis. Disclaimer: Deviations:
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 9 of 11
Addendum A MA and Part D Identified Risk Areas Template
MA and Part D Identified Risk Areas_template.xls
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 10 of 11
Addendum B Risk Assessment Ranking Document
Risk Assessment_Ranking_final.doc
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
Page 11 of 11
Approvers: Policy Author: Sheryl D Pessah - Approved on 06/07/2012 Functional Owner: Gay Ann Williams - Approved on 06/07/2012 Executive Owner: Patricia T Clarey - Approved on 06/07/2012
Active Policy Disclaimer Please note: This copy of this policy is current as of the date printed. To be assured that you are viewing the currently active policy, please refer to Health Net's National Policy Library site. Date Printed: 06/28/2012 10:37:53 AM
http://sacdom50.healthnet.com/npl/NPL.NSF/sys_all/7F27AA7C3A6EBA0C88257A1600... 6/28/2012
