Ways a Health Plan Audit Can Be Initiated

| Posted on |

Health Plan Audit

There are several ways that a Health Plan audit can be initiated:

  • As a result of pre-delegation audit and annual audit findings
  • From a delegation/contractual standpoint, there can be Key Performance Indicators (KPIs) that must be met for a health plan to remain in compliance with the Centers for Medicare and Medicaid Services (CMS).  For example, data can be pulled from dashboard reporting which the health plan has identified in the Agreement (i.e., the Delegation Grid).  This data can detect errors/anomalies that the health plan may want to further examine and audit.
  • Via a complaint (e.g., from a patient, provider, whistleblower)
    • Unhappy patient, provider, whistleblower
  • Ad Hoc – random audit based on the health plan’s internal audit criteria/cycle
  • Based on data analytics that the health plan runs, for example, against claims submitted, denials, over or under utilization, or other red flags which may be on the health plan’s audit radar
  • The Agreement with the health plan should provide an indication of what the plan will be looking for…and the company can be expected to be monitored & audited based on the criteria within the Agreement 
  • Medicare Advantage Program and/or Data Validation Audits ‘measure a health plan’s compliance with the terms of its contract with CMS’.  These audits are typically for delegated functions (e.g., Provider Network, Credentialing, Claims, Utilization Management, Special Needs Plans).  The CPE audit (Compliance section) is pertinent across all Medicare Advantage FDRs (First-tier downstream related entities… i.e., covered entities, business associates, contracted providers).  The health plan’s Agreement with the company should be reviewed to identify what criteria they will be looking for.
    • CDAG: Part D Coverage Determinations, Appeals, and Grievances
    • CPE: Medicare Part C and Part D Compliance Program Effectiveness 🡪 there are components of Compliance (e.g., FWA, Code of Conduct, …), HIPAA Privacy, Security & Disaster Recovery requirements that are a part of health plan audits.  These areas are expected to be maintained within the company regardless of the type of delegated function that’s been contracted with the health plan.
    • FA: Part D Formulary and Benefit Administration
    • MMP-SARAG: Medicare-Medicaid Plan Service Authorization Requests, Appeals, and Grievances
    • MMPCC: Medicare-Medicaid Plan Care Coordination
    • ODAG: Part C Organization Determinations, Appeals, and Grievances
    • SNP-CC: Special Needs Plan – Care Coordination
    • SNP-CM: Special Needs Plan – Care Management 
    • SNP-MOC: Special Needs Plan – Model of Care (development, training, and/or execution, including Health Risk Assessment)

The way the audit is initiated will indicate who will be contacting the company.  For example, if the audit is initiated via a complaint, depending on who the complainant contacted with their complaint, will determine who the company will hear from.  (e.g., if the complainant goes to the health plan, then that’s who the company would hear from; if the complainant goes to a government agency, then that’s usually who the company would hear from).

The next post will highlight the General Audit Process… Coming soon!

Skip to content