How drug plans can survive their Part D audit

"CMS is required by statute to audit Part D plans at least once every three years," said Babette Edgar, senior VP of operations at Gorman Health Group, a Washington, D.C., consulting firm. "If you haven't had that letter yet, get ready. We are moving into the third year of Part D."

CMS audits are time-consuming, Edgar told a packed audience at the Academy of Managed Care Pharmacy Annual Meeting & Showcase in San Francisco. But the audit process does not have to be traumatic. Advance preparation is the key.

There should be no surprises during a CMS audit, Edgar explained. The agency has posted complete audit guidelines on the CMS Web site. Plans can expect detailed examination of grievance and marketing procedures. The most common lapse is failure to provide timely notice. If that isn't enough warning, the official audit notice sent out 12 weeks before a plan audit lists the specific areas that will be examined. If it isn't in the audit notice, Edgar said, auditors won't ask about it-unless the plan opens the door by offering information auditors did not request.

"CMS audits specific elements," she explained. "That means you should only answer the questions that they ask you. Answer every question concisely and correctly. Don't give them any extraneous documents or information they can later question you on."

That's the good news. The bad news is that different CMS regions take different approaches. San Francisco has a reputation for conducting tough audits, Edgar noted, while Dallas typically allows more flexibility.

More bad news: Every CMS region will likely take a stricter view this year. Blame the Office of the Inspector General. OIG's work plan for fiscal year 2008 calls for an evaluation of CMS oversight of marketing and sales of Medicare Advantage plans, including the adequacy of sanctions against plans not in compliance.

CMS is also undergoing an internal reorganization. Data processes will be streamlined, which could focus more attention on Part D audits, deficiencies, and corrective action plans (CAPs). "It is important that you be uber-prepared for your audit," Edgar warned.

Before joining Gorman, Edgar worked at CMS and helped design the current audit program. She uses that inside perspective to help clients prep for audits, often by staging mock audits before the real event. She has found that 99% of plans are not ready.

Smart planning

Successful audits begin long before a plan ever receives that audit letter, Edgar said. Smart plans have internal compliance programs that are at least as tough as that of CMS.

"Auditors will look upon you more favorably if you monitor your own organization and can show that you have taken steps to maintain and correct any compliance issues," she said. "You don't want to be scrambling those last 12 weeks after you get the audit letter."

It is crucial to maintain good relationships with a single key contact at CMS, Edgar continued. When there are doubts or questions, the best policy is to ask.

Even if there are no questions, she recommended talking with that key contact every few months. "There may be things in the background that you have no way to know about otherwise," she explained.

When the audit letter arrives, the first step is to inform the entire organization, from the CEO to the receptionist, Edgar said. Audit training and education must include the entire organization. Even the way security and reception greet visitors can affect the outcome of the audit.

Internal preparation should begin with compliance binders arranged by chapter and element as noted in the audit letter. Each binder should represent a single chapter and every document in the binder should apply to a specific audit element. The section of each document part that applies to the element should be highlighted to help focus auditors' attention.

"If you have a document that doesn't have something highlighted, it doesn't belong in your submission," Edgar said. "You want to make things as clear and as easy as possible for the reviewers."