Health Plan Blog

For compliance departments, the need to meet Compliance Program Effectiveness (CPE) requirements is always top of mind this time of year. CMS requires that Medicare health plans conduct a CPE audit at least once annually. Failure to do so often hurts plans during the CMS audit process and can result in civil monetary penalties (CMP). Many compliance departments struggle to reap the full value such audits can provide. With the right strategy, CPE audits could deliver significant value to organizations.

Developing a strategy to get full value out of the CMS annual CPE requirement

Planning is essential to having a fruitful CPE audit. Too often established compliance departments rely on past success, confident that they know every aspect of their program and that an audit will uncover no issues. In reality, operations teams often make changes of which compliance teams are not aware. These changes can impact adherence to regulatory requirements. In addition, CMS requirement changes can also easily slip under compliance teams’ radars. Strong performance in the past does not guarantee success. To be successful, focus on finding the right CPE strategy, which can also help improve the overall compliance program effectiveness.

Having a multi-year strategy is best because it helps compliance departments be better prepared, which frees them to be more strategic. For example, a multi-year strategy can help compliance programs avoid doing a complete audit every year, allowing them to pursue instead different types of action programs, which can be more tailored.

A vital tip for compliance programs to remember is not to look at CPEs in isolation. There are numerous audit options, and exploring those options is key to determining which the program needs.

Considering options for the CMS annual CPE requirement

Where a compliance department is in the program audit cycle is an integral part of determining which strategy is best. Identifying the type of audit that the department needs will help a compliance department function at a higher level.

Here are four strategies for meeting CPE requirements while performing audits that add value:

• Follow Protocol. If your organization recently underwent a program audit, following the standard CPE protocol won’t deliver as much value as other strategies. However, if a compliance program hasn’t been involved in a program audit within the last year or two, following protocol makes sense.
• Focused Audits. Some organizations will take a more targeted audit approach, such as only looking at specific external or internal processes. For example, a health plan in the middle of implementing a new operating system will want to avoid the irregularities caused by the new system showing up in an audit. By not auditing the area impacted by this implementation, the health plan audit will deliver better, more accurate information.
• Custom Audits. Sometimes, for a variety of reasons, compliance departments don’t want to produce universes. By making slight changes to the audit scope, they can avoid taking samples or pulling tracers from universes. For example, smaller organizations will pull from a board report, which simplifies the audit process and relieves some strain on resources.
• Deep dive on risk assessment. Compliance departments can also choose to perform a risk-focused audit to identify and assess risks in specific areas.

Working with a Consultant to Evaluate Compliance Program Effectiveness

Having an independent audit is critical for meeting CPE requirements, but there are multiple ways to do so. Organizations can conduct internal audits on themselves as long as it’s an independent audit, meaning outside the compliance department and removed from specific activities they’ll be reviewing. While it isn’t necessary to use an outside firm, there are many benefits to working with one, including:

• Checking in on CMS changes. It can be hard to follow all the information that CMS releases. Working with a consultant is an excellent way to ensure that compliance departments are doing what they need to be doing and allows compliance staff to focus on internal operations.
  
• Learning audit best practices. Compliance teams often operate in a vacuum where industry best practices may not be utilized. A consulting firm brings these best practices to the forefront as well as identify findings.
  
• Getting help with audit planning. Whether compliance departments want to learn how to do better next year, need tips to alleviate limited resources, or would like to uncover opportunities to improve themselves, working independently can be difficult.
  
• Finding opportunities to add value to audits. Having done a significant number of CPEs in the past few years, as well as being involved in the program audit process in various stages, consultants bring key insights and added value around areas such as:
• Corrective Action Plan (CAP) Process
• Monitoring oversight
• Delegation oversight

Meet 2019 CPE requirements

However you choose to meet your CPE requirement, it’s important to stop looking at CPE as a checkbox and start seeing it as an opportunity to improve your compliance program’s effectiveness. We believe every organization can get value from an audit, beyond simply meeting the regulatory requirement.