Medicare Parts C and D Universal Audit Guide

(ATTACHMENT III-A)
Compliance Program - Sample Case File Documentation Requested
Please note this document is being provided in conjunction with Attachment III (Compliance
Program Data and Documentation Requests). It is intended to provide sponsors with the
documentation that will be requested for each of the sample cases by CMS during the on-site
audit.
Instructions:
CMS will evaluate the sponsor’s submission in response to the Compliance Program Data and
Document Requests (Attachment III), and will identify sample cases on-site for the sponsor to
provide to the audit team. The sponsor must include in the sample request response all
documentation below for each sample case, unless otherwise noted. Sponsor must submit all
requested documentation electronically via the Secure File Transfer Protocol (SFTP), by the
deadline established by the Compliance Team Lead. All hard-copy documentation originals that
are not available electronically must be scanned to create an electronic copy, with the electronic
copy provided to CMS via the SFTP.
With the exception of the documents requested for Element I (Written Policies, Procedures and
Standards of Conduct), the documentation listed under each sample request is provided as
examples of what your organization may provide as evidence of compliance for the respective
element.
Compliance Program Effectiveness
I. Element I - Written Policies, Procedures and Standards of Conduct;
Element III - Effective Training and Education;
Element VI - Effective System for Routine Monitoring, Auditing and Identification
of Compliance Risks
Sample Requested: Employee Records/ Governing Body Records
(a) For each identified employee/volunteer/Board of Director Member, please provide
documentation e.g. sign-in sheets, employee attestations, electronic certifications of
completion, etc.) that confirms:
x
x
x
x

Standards of Conduct/Code of Conduct distributed to employee/volunteer/Board
member, along with date of distribution;
Most recent general compliance training and/or education
Most recent (including date)fraud, waste and abuse (“FWA”) training (including
date)
Screening against the OIG and GSA exclusion lists (including date(s)

Page 1 of 5
Last updated 12/12/12 by VLR

(ATTACHMENT III-A)
Compliance Program - Sample Case File Documentation Requested
II.

Compliance Officer, Compliance Committee, Governing Body
No sample- this element is satisfied through original universe request and Element IEmployee Records/ Governing Body Records.

III.

Effective Training and Education
No sample- this element is satisfied through Element I- Employee Records/ Governing
Body Records sample and First Tier Entity Records sample.

IV.

Effective Lines of Communication
Sample Requested: Log of Reported Non-Compliance Incidents (including but not
limited to hotline calls)
(a) For each report of noncompliance or hotline call, provide the following (when
applicable):
x Description of the issue reported;
x Specific steps taken to address the complaint ;
x Summary of findings;
x If applicable, report of findings to management and/or the compliance committee;
x Date of resolution of issue (if not resolved, please note);
x If applicable, dates and descriptions of actions taken to determine that the issue is
permanently resolved; and
x If applicable, final resolution of complaint and how it was reported to impacted
operational areas within the organization.

V.

Enforcement of Well-Publicized Disciplinary Standards
No sample- this element is satisfied through original universe request.

VI.

Effective System for Routine Monitoring, Auditing, and Identification of
Compliance Risks
Sample Requested: Monitoring and Auditing Activities
(a) For each identified monitoring/ auditing activity, provide the following (when
applicable):
x Full monitoring and/or audit report;
x Issues identified from the monitoring and/or audit activity;
x Corrective actions taken as a result of the monitoring and/or audit and date when
corrective action implemented;
x If applicable, report of findings to management and/or the compliance committee;
Page 2 of 5

Last updated 12/12/12 by VLR

(ATTACHMENT III-A)
Compliance Program - Sample Case File Documentation Requested
x
x
x

Names and titles of those who were responsible for ensuring corrective actions
were implemented :
Dates and results of monitoring corrective action for effectiveness and names and
titles of individuals who requested monitoring and who received the results.
If applicable, tracking of current status of corrective action or remediation plan .

Sample Requested: First Tier Entity Records
For each identified first tier entity, provide the following documentation, including the
date of receipt (e.g. signed certifications, attestations, training logs, etc.):
(a) Training, Education and Exclusion List Checking
x Evidence that general compliance training was timely provided to your FDRs.
x Evidence that sampled non-deemed first tier entities’ employees received timely
FWA training.
x Evidence that you provided FWA training or training materials to the non-deemed
first tier entity for its employees’ timely FWA training or otherwise ensured that
the first tier entity completed the CMS FWA training module through the
Medicare Learning Network (MLN) (Required).
x Evidence that you require the sampled first tier entities to maintain records for ten
years of the training of their employees, including the following details: time,
attendance, topic, certificate of completion, if applicable and test scores, if any.
x Evidence that sampled first tier entities’ employees were timely checked against
the OIG/GSA exclusion lists.
(b) Effective Communication
x Evidence that your compliance/FWA reporting mechanism(s) are accessible to
your FDRs. Evidence that you have publicized your compliance/FWA reporting
mechanism(s) to your FDRs
x Evidence that your sampled FDRs’ employees have been notified of the noretaliation policy for reporting potential FWA.
x Evidence that either you or the sampled first tier entities have communicated to
their employees the obligation to report compliance concerns and potential FWA.
(c) Disciplinary Standards
x Evidence that you have publicized your disciplinary standards to your FDRs,
including the duty and expectation to report.

Page 3 of 5
Last updated 12/12/12 by VLR

(ATTACHMENT III-A)
Compliance Program - Sample Case File Documentation Requested
(d) Monitoring/ Auditing Records
x Evidence of monitoring of the sampled first tier entities (please provide full report
as available)
x Evidence of auditing of the sampled first tier entities (please provide full report as
available)
x Evidence that you audited the sampled first tier entities to determine whether they
are monitoring / auditing their downstream entities’ compliance with Medicare
regulations and requirements.
x Issues identified from monitoring
x Issues identified from auditing
x If applicable, issue tracked through completion
x Corrective actions taken as a result of the monitoring and/or audit and date started
and completed
x If applicable, report to senior management and/or the compliance committee
x If applicable, names and titles of person responsible for the corrective action
x If applicable, names and titles of individuals requesting the monitoring and /or
audit
x Names and titles of individuals receiving the results
x If applicable, the risk analysis that demonstrated the need for the monitoring
and/or audit

VII.

Procedures and Systems for Promptly Responding to Compliance Issues
Sample Requested: Incidents of Non-compliance and FWA
(a) Investigations into Compliance Issues: For each investigation identified, provide the
following (when applicable):
x
x
x
x
x
x
x

Investigative report;
Conclusions of investigation;
Issues discovered from the investigation;
Root cause of the issue(s) that led to non-compliance, or FWA ;
Description and dates of all actions taken by the organization as a result of
the investigation;
Date investigation completed;
Communications to the Board, Senior Management, and/or the compliance
committee or others within organization the results, issues discovered, root
cause(s), and corrective actions taken from the investigation; and
Page 4 of 5

Last updated 12/12/12 by VLR

(ATTACHMENT III-A)
Compliance Program - Sample Case File Documentation Requested
x

Communications to the Account manager (AM) , the summary of the noncompliance & FWA issues, the results, issues discovered, root cause(s), and
corrective actions taken from the investigations.
Date(s) of subsequent monitoring to confirm effective correction.
Root cause of incident
Date(s) of investigation;
Summary of findings
Description of response to incident (e.g. reported to NBI MEDIC, corrective action
implemented)
Date of response to incident (e.g. date reported, date corrective action implemented)

x
x
x
x
x
x

(b) Incidents of Misconduct (if applicable)

x
x
x

All related documentation that demonstrates incident was investigated internally
at your organization
If applicable, the incident was referred to the National Benefit Integrity (NBI)
MEDIC, or to law enforcement
If applicable, current status of the referrals to NBI MEDIC or law enforcement

Page 5 of 5
Last updated 12/12/12 by VLR