Download:
pdf |
pdfMedicare Part C and Part D
Compliance Program
Effectiveness (CPE)
PROGRAM AUDIT PROTOCOL AND DATA
REQUEST
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Table of Contents
Program Audit Protocol ............................................................................................................................. 3
Purpose ........................................................................................................................................................ 3
Audit Elements Tested................................................................................................................................ 3
Program Audit Data Request.................................................................................................................. 11
Audit Engagement and Universe Submission Phase............................................................................. .11
Universe Submissions .......................................................................................................................11
Universe Requests ............................................................................................................................. 11
Universe Table 1: Compliance Oversight Activities (COA) Record Layout......................................11
Supplemental Documentation Submissions.....................................................................................14
Supplemental Documentation Requests ......................................................................................... 14
Tracer Case Summary Submissions ............................................................................................... 15
Tracer Case Summary Requests ..................................................................................................... 15
Audit Field Work Phase ........................................................................................................................... 15
Supporting Documentation Submissions ........................................................................................ 15
Root Cause Analysis Submissions ................................................................................................... 16
Page 2 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Program Audit Protocol
Purpose
To evaluate performance in the areas outlined in this Program Audit Protocol and Data Request
related to Compliance Program Effectiveness (CPE). The Centers for Medicare and Medicaid
Services (CMS) performs its program audit activities in accordance with the CPE Program Audit
Data Request and applying the compliance standards outlined in this Program Audit Protocol and
the Program Audit Process Overview document. At a minimum, CMS will evaluate cases against
the criteria listed below. CMS may review factors not specifically addressed below if it is
determined that there are other related CPE requirements not being met.
Audit Elements Tested
1. Prevention Controls and Activities
2. Detection Controls and Activities
3. Correction Controls and Activities
Page 3 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Audit
Element
Not
Applicable
Compliance
Standard
Integrity
Testing
Data Request
Method of Evaluation
Supplemental
Documentation:
• Compliance Officer
Questionnaire
• Customized
Organizational
Structure and
Governance
PowerPoint
Presentation
• First Tier, Downstream,
and Related Entities
(FDR) Operations
Oversight
Questionnaire
• Standards of
Conduct/Code of
Conduct document (in
effect at any time
during the audit review
period)
• Risk Assessments and
Compliance
Performance
Mechanisms that show
the extent to which
Medicare Parts C
and/or D operational
areas, FDRs, and FWA
risks were identified
and compliance goals
were monitored at any
time during the audit
review period
• Audit and Monitoring
Work Plans (for both
internal operations and
FDRs) in effect at any
time during the audit
review period
Conduct completeness and accuracy check
of supplemental documentation via desk
review. Verify:
• Questionnaires are complete (i.e., all
questions answered)
• Other documents represent all those in
effect during the scope of universe
request
Criteria Effective
01/01/2021
42 CFR §
422.504(e)
42 CFR §
423.505(e)
42 CFR § 422.504(f)
42 CFR § 423.505(f)
Conduct completeness and accuracy check
of Universe Table 1 via desk review.
Verify universe is in accordance with the
record layout:
• Specifications (e.g., inclusion and
exclusion language, scope of universe
request)
• Descriptions (e.g., all fields completed
in correct format)
Compare the data in Universe Table 1 to
the information in the supplemental
documentation via desk review. Determine
any variance in oversight activities.
Universe Table 1:
Compliance Oversight
Activities (COA)
Page 4 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Audit
Element
Compliance
Standard
Data Request
Method of Evaluation
Criteria Effective
01/01/2021
Prevention
Controls and
Activities
1.1
Supplemental
Documentation:
• Compliance Officer
Questionnaire
• Standards of
Conduct/Code of
Conduct document (in
effect at any time
during the audit review
period)
• Customized
Organizational
Structure and
Governance
PowerPoint
Presentation
Conduct review of supplemental and
supporting documentation via interviews
with compliance officer and individuals
responsible for SIU/FWA and FDR
oversight, as applicable. Assess whether
Sponsoring organization’s written
compliance policies, procedures, and
standards of conduct:
Articulate the Sponsoring organization’s
commitment to comply with all applicable
Federal and State standards; Describe
compliance expectations as embodied in
the standards of conduct; Implement the
operation of the compliance program;
Provide guidance to employees and others
on dealing with potential compliance
issues; Identify how to communicate
compliance issues to appropriate
compliance personnel;
Describe how potential compliance issues
are investigated and resolved by the
Sponsoring organization; and
Include a policy of non-intimidation and
non-retaliation for good faith participation
in the compliance program, including but
not limited to reporting potential issues,
investigating issues, conducting selfevaluations, audits and remedial actions,
and reporting to appropriate officials.
42 CFR §
422.503(b)(4)(vi)(A)
Universe Table 1:
Compliance Oversight
Activities (COA)
Supporting
Documentation:
• Written compliance
policies and procedures
42 CFR §
423.504(b)
(4)(vi)(A)
Select targeted samples of 20 audit
participants and 2 First Tier Entities (FTEs)
from attendance logs and impacted
individuals and entities from tracers,
supporting documentation and/or
supplemental documentation.
Sample selections will be provided to the
Sponsoring organization on the first day of
the onsite audit.
Evaluate the 20 samples and 2 FTEs via
live presentation by Sponsoring
organization or review of evidence (e.g.,
accessibility of compliance policies and
procedures and Standards of Conduct via
the intranet, FTE attestation).
Page 5 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Audit
Element
Compliance
Standard
Data Request
Method of Evaluation
Criteria Effective
01/01/2021
Prevention
Controls and
Activities
1.2
Supplemental
Documentation:
• Compliance Officer
Questionnaire
• Customized
Organizational
Structure and
Governance
PowerPoint
Presentation
Conduct review of supplemental and
supporting documentation via interviews
with compliance officer and individuals
responsible for SIU/FWA and FDR
oversight, as applicable. Assess whether
compliance training was provided annually
to the compliance officer and organization
employees, the Sponsoring organization's
chief executive and other senior
administrators, managers and governing
body members.
42 CFR §
422.503(b)
(4)(vi)(C)
Supporting
Documentation:
• Employee and
governing body
members training
records
42 CFR §
423.504(b)
(4)(vi)(C)
Use the same 20 samples of audit
participants from attendance logs and
impacted individuals from tracers,
supporting documentation and/or
supplemental documentation.
Sample selections will be provided to the
Sponsoring organization on the first day of
the onsite audit.
Detection
Controls and
Activities
2.1
Page 6 of 16
Supplemental
Documentation:
• Compliance Officer
Questionnaire
• Standards of
Conduct/Code of
Conduct document (in
effect at any time
during the audit review
period)
Evaluate the 20 samples via live
presentation by Sponsoring organization or
review of evidence (e.g., training
attendance log, training certificate,
employee attestation of receipt of
compliance policies and procedures and
Standards of Conduct).
Conduct review of supplemental
documentation via interviews with
compliance officer and individuals
responsible for SIU/FWA and FDR
oversight, as applicable. Assess whether
Sponsoring organization has wellpublicized disciplinary standards through
implementation of procedures which
encourage good faith participation in the
compliance program by all affected
individuals. These standards must include
policies that:
• Articulate expectations for reporting
compliance issues and assist in their
resolution;
• Identify noncompliance or unethical
behavior; and
• Provide for timely, consistent, and
effective enforcement of the standards
when noncompliance or unethical
behavior is determined.
42 CFR §
422.503(b)
(4)(vi)(E)
42 CFR §
423.504(b)
(4)(vi)(E)
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Audit
Element
All Audit
Elements
Compliance
Standard
4.1
Data Request
Method of Evaluation
Universe Table 1:
Compliance Oversight
Activities (COA)
Select 6 tracer case samples by targeting
those that represent compliance risk to
Sponsoring organization’s operations and
enrollees with the likelihood of touching
multiple elements of a compliance
program, including intelligence obtained
from documentation received with the
universe. When available, choose:
Pharmacy benefit management; Appeals
and grievances, including oversight of call
routing process; FTE performing a
delegated function; Quality improvement
program, if applicable; Network
management; Enrollment and
disenrollment, agent/broker
misrepresentation, quality of care,
including issues reported through
compliance mechanisms;
Customer/member services; or Compliance
actions (e.g., Notices of Noncompliance,
Warning Letters) relative to the audit
review period.
Other information available to CMS (and,
therefore, not requested from Sponsoring
organizations) may be used for tracer case
sample selection, such as:
Compliance actions; Enforcement actions;
or Memorandums issued via the Health
Plan Management System.
Tracer case sample selections will be
provided to the Sponsoring organization
two weeks prior to the Entrance
Conference.
Evaluate the 6 tracer case summaries via
live presentation by Sponsoring
organization, including interviews with
compliance officer and individuals
responsible for SIU/FWA and FDR
oversight, as applicable. Assess whether:
Sponsoring organization designated an
employee of the organization, parent
organization, or corporate affiliate as the
compliance officer; Compliance officer and
compliance committee demonstrated
appropriate accountability and reporting of
Medicare compliance issues to appropriate
senior management and governing body;
and Governing body exercised oversight of
the Medicare compliance program.
Note: Discussion may include compliance
oversight perspective on preliminary issues
discovered during the earlier portion of the
Audit Field Work phase.
Tracer case summaries
Supplemental
Documentation:
• Compliance Officer
Questionnaire
• Customized
Organizational
Structure and
Governance
PowerPoint
Presentation
Supporting
Documentation:
• Evidence that
compliance issues were
communicated to the
appropriate compliance
personnel, senior
management, and
oversight entities
• Meeting
minutes/agendas,
letters/correspondence,
etc. to support
statements within the
tracer case summaries
Page 7 of 16
Criteria Effective
01/01/2021
42 CFR §
422.503(b)
(4)(vi)(B)
42 CFR §
423.504(b)
(4)(vi)(B)
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Audit
Element
All Audit
Elements
Compliance
Standard
4.2
Data Request
Method of Evaluation
Tracer case summaries
Evaluate the 6 tracer case summaries via
live presentation by Sponsoring
organization, including interviews with
compliance officer and individuals
responsible for SIU/FWA and FDR
oversight, as applicable. Assess whether
Sponsoring organization:
• Established effective lines of
communication between the compliance
officer, members of the compliance
committee, employees, managers and
governing body, and FDRs
• Implemented a reporting system that is
accessible to all and allowed a method
for anonymous and confidential good
faith reporting of potential compliance
issues as they are identified.
Supplemental
Documentation:
• Compliance Officer
Questionnaire
• Customized
Organizational
Structure and
Governance
PowerPoint
Presentation
• First Tier, Downstream,
and Related Entities
(FDR) Operations
Oversight
Questionnaire
Criteria Effective
01/01/2021
42 CFR §
422.503(b)
(4)(vi)(D)
42 CFR §
423.504(b)
(4)(vi)(D)
Supporting
Documentation:
• Evidence of
communication to the
affected or involved
business areas
regarding compliance
issues
• Evidence of oversight
activities that occurred
as a result of the
detected issue(s)
• Description of the
enrollee and/or
Sponsoring
organization impact as
a result of the detected
compliance issues
• Meeting
minutes/agendas,
letters/correspondence,
etc. to support
statements within the
tracer case summaries
Page 8 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Audit
Element
All Audit
Elements
Compliance
Standard
4.3
Data Request
Method of Evaluation
Tracer case summaries
Evaluate the 6 tracer case summaries via
live presentation by Sponsoring
organization, including interviews with
compliance officer and individuals
responsible for SIU/FWA and FDR
oversight, as applicable. Assess whether
Sponsoring organization established and
implemented an effective system for
routine monitoring and identification of
compliance risks including internal
monitoring and audits of its internal
operations and FTEs to evaluate
compliance with CMS requirements and
the overall effectiveness of the compliance
program.
Supplemental
Documentation:
• Compliance Officer
Questionnaire
• First Tier, Downstream,
and Related Entities
(FDR) Operations
Oversight
Questionnaire
• Risk Assessments and
Compliance
Performance
Mechanisms that show
the extent to which
Medicare Parts C
and/or D operational
areas, FDRs, and FWA
risks were identified
and compliance goals
were monitored at any
time during the audit
review period
• Audit and Monitoring
Work Plans (for both
internal operations and
FDRs) in effect at any
time during the audit
review period
Criteria Effective
01/01/2021
42 CFR §
422.503(b)
(4)(vi)(F)
42 CFR §
423.504(b)
(4)(vi)(F)
Supporting
Documentation:
• Evidence of oversight
activities that occurred
as a result of the
detected issue(s)
• Description of the
enrollee and/or
Sponsoring
organization impact as
a result of the detected
compliance issues
• Meeting
minutes/agendas,
letters/correspondence,
etc. to support
statements within the
tracer case summaries
Page 9 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Audit
Element
All Audit
Elements
Compliance
Standard
4.4
Page 10 of 16
Data Request
Method of Evaluation
Tracer case summaries
Supplemental
Documentation:
• Compliance Officer
Questionnaire
• First Tier, Downstream,
and Related Entities
(FDR) Operations
Oversight
Questionnaire
Supporting
Documentation:
• Policies and procedures
reviewed and revised in
response to detecting
and correcting
compliance issues
• Training provided in
response to identifying
and correcting
compliance issues
• Evidence of oversight
activities that occurred
as a result of the
detected issue(s)
• Evidence of
accountability and
oversight by the
Sponsoring
organization when
issues are detected at
the FDR level,
including response and
correction procedures,
communication,
educational
requirements and
engagement with the
compliance department,
operational areas and
oversight entities
• Description of the
enrollee and/or
Sponsoring
organization impact as
a result of the detected
compliance issues
• Meeting
minutes/agendas,
letters/correspondence,
etc. to support
statements within the
tracer case summaries
Evaluate the 6 tracer case summaries via
live presentation by Sponsoring
organization, including interviews with
compliance officer and individuals
responsible for SIU/FWA and FDR
oversight, as applicable. Assess whether
Sponsoring organization promptly
responded to compliance issues,
investigated potential compliance problems
identified, or corrected such compliance
problems promptly and thoroughly to
reduce potential for recurrence and ensure
ongoing compliance with CMS
requirements.
Criteria Effective
01/01/2021
42 CFR §
422.503(b)
(4)(vi)(G)
42 CFR §
423.504(b)
(4)(vi)(G)
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Program Audit Data Request
Audit Engagement and Universe Submission Phase
Universe Submissions
Sponsoring organizations must submit the universe, comprehensive of all contracts and Plan
Benefit Packages (PBP) identified in the audit engagement letter, in either Microsoft Excel (.xlsx)
file format with a header row or Text (.txt) file format without a header row. Descriptions and
clarifications of what must be included in each submission and data field are outlined in the
universe record layout below. Characters are required in all requested fields, unless otherwise
specified, and data must be limited to the request specified in the record layout. Sponsoring
organizations must provide accurate and timely universe submissions within 15 business days of the
audit engagement letter date. Submissions that do not strictly adhere to the record layout
specifications will be rejected.
Universe Requests
1. Universe Table 1: Compliance Oversight Activities (COA) Record Layout
Universe
Record Layout
Table 1
Scope of Universe Request*
Submit a list of all compliance oversight activities that occurred during the 26week period preceding and including the date of the audit engagement letter.
* CMS reserves the right to expand the review period to ensure sufficient universe size.
Please use the guidance below for the following record layout:
Universe Table 1: Compliance Oversight Activities (COA) Record Layout
• Include all auditing, monitoring, and investigation activities (including compliance and fraud,
waste and abuse (FWA) activities) that were initiated, performed, or closed, related to the
Sponsoring organization’s Medicare Advantage (Part C) and/or Prescription Drug (Part D)
business during the universe request period. Include the activity if the Activity Start Date
(Column ID G) or Activity Completion Date (Column ID H) falls within the universe request
period, or if the activity is still in progress but the start and completion dates fall outside the
universe period.
• Daily activities should be rolled up into an aggregate time period of one month and included
in the universe each time the aggregate time period into which they were rolled occurred.
• Use consistent naming conventions throughout the submitted universe. For instance, when
the name of the Sponsoring organization’s component (e.g., department, operational area,
business unit) is requested, a consistent response (e.g., Agent Broker vs. Agent/ Broker vs.
AB vs. A/B) must be used.
• Ensure that all fields are populated; do not leave any fields blank (e.g. if there are no
deficiencies enter “0” for Number of Deficiencies in Column ID I, and Column ID J
(Description of Deficiencies) would be “NA”.
Page 11 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Column
ID
A
Field Name
B
Activity Type
CHAR
30
Always
Required
C
Compliance or
FWA?
CHAR
10
Always
Required
D
Activity
Frequency
CHAR
30
Always
Required
E
Activity Rationale
CHAR
200
Always
Required
F
Activity
Description
CHAR
400
Always
Required
Component
Page 12 of 16
Field
Field
Type
Length
CHAR
100
Always
Required
Description
Enter the name of the Sponsoring
organization’s department, operational
area, or First Tier Entity that is the focus
of the oversight activity.
Enter the activity type as:
• Auditing
• Monitoring
• Investigations
Enter whether the activity was:
• Compliance
• FWA
• Both
Enter the frequency of the oversight
activity. Valid values include but are not
limited to:
• Daily
• Weekly
• Bi-monthly
• Monthly
• Quarterly
• Semi-annually
• Annually
• Ad-hoc
Enter the rationale for conducting the
activity (e.g., routine audit stemming
from risk assessment and/or work plan,
referral from FTE, or hotline complaint,
operational failure/metric outlier/etc., or
audit activity was implemented because
the function has an immediate impact on
enrollees’ access to immediate medical
care and prescription drugs).
Provide a description of the activity (e.g.,
operational area, training requirements,
timeliness, accuracy of organization
determinations and notifications,
messaging errors, contractual
agreements, unannounced or onsite
audits, spot checks, compliance
monitoring, targeted or stratified
sampling, audit protocols).
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Column
ID
G
H
Field Name
Activity Start Date
Activity
Completion Date
Field
Field
Type
Length
CHAR
10
Always
Required
CHAR
10
Always
Required
Description
Enter the date that the specific activity
was initiated. For example, if the
Sponsoring organization started an audit
of the appeals process/ function within
the Sponsoring organization on January
1, 2020, that is the date that would be
used for the date the activity started.
Submit in CCYY/MM/DD format (e.g.,
2020/01/01).
Enter the date that the specific activity
was completed. For example, if the
Sponsoring organization completed an
audit of the appeals process/function
within the Sponsoring organization on
January 31, 2020, that is the date that
would be used for the date the activity
ended.
Submit in CCYY/MM/DD format (e.g.,
2020/01/01).
I
J
Number of
Deficiencies
Description of
Deficiencies
CHAR
3
Always
Required
CHAR 1000
Always
Required
Enter TBD (To Be Determined) if the
activity is currently in progress.
Enter the number of deficiencies,
findings, or issues identified.
Enter TBD if deficiencies have yet to be
identified for an ongoing activity.
Provide a summary of all
deficiencies, findings or issues
identified during the oversight
activity. If the oversight activity is
identified in the pre-audit issue
summary submitted to CMS, please
include the issue number.
Enter TBD if deficiencies have yet to be
identified for an ongoing activity.
Page 13 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Column
ID
K
Field Name
L
Activity Results
Shared?
Corrective Action
Required
Field
Field
Type
Length
CHAR
3
Always
Required
CHAR
50
Always
Required
Description
•
Enter “Yes” if any deficiencies were
identified during the activity and they
required a corrective action.
• Enter “No” if none of the deficiencies
identified during the activity required
a corrective action.
• Enter “TBD” if corrective actions
have yet to be determined for an
ongoing activity.
Enter whether activity results were
shared:
• ‘No’ if the results were not shared, or
• ‘Yes’ if the results were shared. Also
enter the name of the person or
Group with whom activity results
were shared.
Supplemental Documentation Submissions
Sponsoring organizations must submit the requested documentation identified below in either a
Microsoft Word (.docx), Microsoft Excel (.xlsx.), Microsoft PowerPoint (.pptx), or Adobe
Portable Document File (.pdf). Sponsoring organizations must submit this documentation within
15 business days of the audit engagement letter date, unless otherwise specified.
Supplemental Documentation Requests
1. Compliance Officer Questionnaire
2. Customized Organizational Structure and Governance PowerPoint Presentation
3. First Tier, Downstream, and Related Entities (FDR) Operations Oversight
Questionnaire
4. Standards of Conduct/Code of Conduct document (in effect at any time during the
audit review period)
5. Risk Assessments and Compliance Performance Mechanisms that show the extent to
which Medicare Parts C and/or D operational areas, FDRs, and FWA risks were
identified and compliance goals were monitored at any time during the audit review
period. Compliance performance mechanisms could include (but are not limited to)
monthly compliance dashboards that track the goals and statuses of the identified
risk/issue, self-assessments, surveys, or any other tools or mechanisms (outside the
risk assessment) that are used to identify potential compliance risks.
6. Audit and Monitoring Work Plans (for both internal operations and FDRs) in effect at
any time during the audit review period
Page 14 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
Tracer Case Summary Submissions
In response to each tracer case summary requested, Sponsoring organizations must prepare and
submit a written document in either a Microsoft Word (.docx), Microsoft Excel (.xlsx.),
Microsoft PowerPoint (.pptx), or Adobe Portable Document File (.pdf) of a story board and/or
dashboard prior to the Entrance Conference. The summary document must provide the specific
facts, rationales, and decisions around how suspected, detected, or reported compliance issues
are investigated and resolved by the Sponsoring organization. The following information must be
included in each summary document in chronological order:
a. An overview of the issue(s) or activity
b. Which compliance and business operations units were involved in detecting and
correcting the issue(s)
c. A detailed explanation of the issue(s)/activity (e.g., what the Sponsoring organization
found, when the Sponsoring organization first learned about the issue, and who or which
personnel/operational area(s) were involved.)
d. A root cause analysis that determined what caused or allowed the compliance issue,
problem, or deficiency to occur
e. The specific actions taken in response to the detected issue(s)/activity
f. The processes and procedures that were affected by the issue(s)/activity and that were
revised in response to becoming aware of the issue(s)/activity
g. The steps taken to correct the issue(s)/deficiencies at the Sponsoring organization and/or
FDR levels, including a timeline indicating the corrective actions implemented or, if not
implemented, when the Sponsoring organization expects the corrective action to be
completed
h. How the issue was escalated (e.g., senior management, compliance oversight committees,
governing body, etc.)
i. All relevant communications within the Sponsoring organization and with its FDRs
regarding the issue.
j. Each prevention control and safeguard implemented in response to the issue(s)/activity
Tracer Case Summary Requests
CMS will request a total of 6 tracer case summaries.
Audit Field Work Phase
Supporting Documentation Submissions
During audit field work, CMS will review 6 tracer case summaries in addition to 20 employee
samples of audit participants and 2 FTEs selected from attendance logs, tracers, supplemental
documentation and/or supporting documentation to determine whether the Sponsoring
organization is compliant with its Part C and/or Part D contract requirements. To facilitate this
review, the Sponsoring organization must have access to, and the ability to save and upload
screenshots of supporting documentation and data relevant for a particular case, including, but
not limited to:
• Written compliance policies and procedures
• Evidence that compliance issues were communicated to the appropriate compliance
personnel, senior management, and oversight entities
• Training provided in response to identifying and correcting compliance issues
Page 15 of 16
v.05-2020
Program Audit Protocol and Data Request
Medicare Parts C & D Compliance Program Effectiveness (CPE)
•
•
•
•
•
•
Employee and governing body members training records
Evidence of communication to the affected or involved business areas regarding compliance
issues
Evidence of oversight activities that occurred as a result of the detected issue(s)
Evidence of accountability and oversight by the Sponsoring organization when issues are
detected at the FDR level, including response and correction procedures, communication,
educational requirements and engagement with the compliance department, operational areas
and oversight entities
Description of the enrollee and/or Sponsoring organization impact as a result of the detected
compliance issues
Meeting minutes/agendas, letters/correspondence, etc. to support statements within the
Tracer Case Summaries
If not previously provided, the Sponsoring organizations are expected to submit supporting
documentation within 2 business days of the request.
Root Cause Analysis Submissions
Sponsoring organizations may be required to provide a root cause analysis using the Root Cause
Template provided by CMS. Sponsoring organizations have 2 business days from the date of
request to respond.
Verification of Information Collected: CMS may conduct integrity tests to validate the
accuracy of all universes, impact analyses, and other related documentation submitted in
furtherance of the audit. If data integrity issues are noted, Sponsoring organizations may be
required to resubmit their data.
PRA Disclosure Statement According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection
of information unless it displays a valid OMB control number. The valid OMB control number for this information collection is
10938-NEW (Expires: TBD). The CMS control number is CMS-10717. The time required to complete this information
collection is estimated to average 701 hours per response, including the time to review instructions, search existing data
resources, gather the data needed, and complete and review the information collection. If you have comments concerning the
accuracy of the time estimate(s) or suggestions for improving this form, please write to: CMS, 7500 Security Boulevard, Attn:
PRA Reports Clearance Officer, Mail Stop C4-26-05, Baltimore, Maryland 21244-1850. Please do not send applications, claims,
payments, medical records or any documents containing sensitive information to the PRA Reports Clearance Office. Please note
that any correspondence not pertaining to the information collection burden approved under the associated OMB control number
listed on this form will not be reviewed, forwarded, or retained. If you have questions or concerns regarding where to submit your
documents, please contact 1-800-MEDICARE.
Page 16 of 16
v.05-2020
File Type | application/pdf |
File Title | CPE PROTOCOL AND DATA REQUEST |
Subject | CPE PROTOCOL AND DATA REQUEST |
Author | CMS |
File Modified | 2020-05-18 |
File Created | 2020-05-15 |