Podcast: An Expert’s Guide to Surviving a CMS Audit

Let’s say you’re a Medicare Advantage organization and one day you receive a notification from CMS that you’ve been selected for a program audit. What should you do? Recently, I sat down with Scott Robinson, director of compliance at Davis Vision, and former medicare contractor who used to accompany the folks at CMS to conduct effectiveness audits. Robinson gave me the details on what to do and what not to do when and if you receive the news.

“The first thing is to not panic,” Robinson said. When people get these notices they suddenly realize their life is going to drastically change over the next couple of months and it’s really scary. “But if your organization has been doing all the right things all along, you have a sound compliance program, you’re following all the C-DAG and O-DAG guidelines. All you really need to do is explain yourself. You just need to articulate your usual business practices in a way that CMS will understand and agree with.” So the best way to handle that terrifying little notification? Be ready for it.

Tune into our latest Compliance Conversations podcast, What Not to do When CMS Audits You, to learn how to prepare for a CMS audit before it happens, stay calm during a CMS audit, and effectively explain yourself to CMS.

Episode Transcript

CJ: Welcome everybody. This is CJ Wolf, Healthicity’s Sr. Compliance Executive, and welcome to another episode of our podcast, Compliance Conversations. Today I’m really excited, we have a wonderful guest, Scott Robinson, who is the Director of Compliance for Davis Vision and Superior Vision, and he also has an interesting background that we’re going to pick his brain about a little bit, welcome Scott.

Scott: Thank you, thanks for having me.

CJ: Yes, and Scott’s joining us from the Baltimore area I believe, what’s the weather like there Scott?

Scott: Right now, the weathers not too terribly bad, we’re expecting some thunderstorms later, maybe severe, but pretty nice otherwise.

CJ: Great, and I’m here in Salt Lake City so we’re using technology to our advantage and those of you who are going to be listening to the recording, who knows, you might be in traffic in L.A. or something. That’s the whole point of the podcast, to let you kind of chew on some compliance fat so to speak, whenever you have a free moment. We’re going to jump right into this, Scott’s going to tell us a little bit, we’re going to talk a little bit about health plans, Medicare advantage compliance reviews. Scott has some great experience there. Before we jump into some of these questions we have for Scott, I wanted to give him an opportunity to tell us a little bit about his compliance experience, what he’s doing now, what he did previously, and whatever he’s comfortable sharing. Scott, if you don’t mind telling us a little bit about yourself, I think our listeners would enjoy that.

Scott: Sure, no problem. Currently, as you said, I am the director of compliance for Davis Vision and Superior Vision. Prior to this I worked for six years for a Medicare contractor. Mainly my company would go out with the CMS folks and do the compliance program effectiveness audit. We did the whole gamut, compliance program effectiveness, we did O-DAG audits, C-DAG audits, former administration, and the smith mock audits. My area of expertise was the compliance program effectiveness. I would go out with some colleagues and with some of the folks from CMS and we would audit the compliance program. We would look at the 7 elements, make sure there were policies and procedures in place, that they documented their training and education, that they were reporting issues to the CEO and the board. Everything that you could think of, dealing with the compliance program effectiveness. We also would sit there with the plans, and we would do the transfer samples to give us a better idea if the compliance program was working the way that it was designed to work.

CJ: Yeah.

Scott: It was really everything from soup to nuts, and it was great because we had a chance to actually sit face to face with the Medicare compliance officer and the staff to see what they were doing.

CJ: That’s neat. You know a lot of us as compliance officers and compliance professionals, we try to do this ourselves. We try to self-assess, look at the effectiveness of our programs on a year to year basis. We try to do that internally. You’re going to lend a really neat perspective, I think, in our conversation today. You were doing this on behalf of CMS as a contractor. Scott also has, correct me if I’m wrong, you’re a certified fraud examiner, you’re also certified in healthcare compliance, and you’re a CPA.

Scott: Yeah, that’s true for all three of those.

CJ: That’s great. Scott, if you don’t mind, let’s jump in, I wanted to ask you first for our listeners out there that might be involved in Medicare advantage. Let’s say you’re a Medicare advantaged organization and you received that initial notification from CMS that you’ve been selected for program audit. What should that person, let’s say they are the head of the compliance program or something else, what should they do, or what should they not do?

Scott: I would say the first thing to not do is panic. I know that you get these notices and suddenly you realize your life is going to drastically change over the next couple of months, but if your organization has been doing all the right things all along, you have a sound compliance program, you’re following all the C-DAG and O-DAG guidelines. All you really need to do is explain yourself. You just need to articulate your usual business practices in a way that CMS will understand and agree with.

CJ: Right.

Scott: I would ask the question, does this mean you’re going to have a deficiency free audit? And the answer is probably not. There are always little things that pop up that you don’t expect as a Medicare advantage organization. You think that you’re doing everything the right way, but then you start digging around and you find out there was something that you probably could have done better. That’s really why CMS is there to audit. You might have realized that the letters you send to your beneficiaries are not as understandable as they could have been, so CMS will actually to tell you that. It’s okay. They don’t expect you to be perfect, they just give you little hints about what you can do differently to be more complaint with the Medicare regulation.

CJ: Yeah, I think the joke sometimes is “I’m from the government and I’m here to help.”. I think it’s good advice to say not to panic, I think it would be hard for some folks. I think some of us in compliance profession that our personalities are such that we’re kind of worry warts to begin with. Some of us at least, and that brings some of that stress with it, and that’s actually what makes you good compliance officers sometimes. Is when you worry about stuff. I think it’s good advice to say not to panic at least.

Scott: Right.

CJ: Scott, a lot of our listeners will be familiar with the Medicare advantage organizations and those sorts of things, some of our listeners might not be. You mentioned a couple of things. C-DAG, and O-DAG, can you tell us briefly what those stand for, and what that is?

Scott: Yes. C-DAG is coverage determinations appeals and grievances. Those are typically what CMS loos for with your Medicare part D plans. O-DAG is organizational determinations of appeals and grievances, those are given more towards your Medicare advantage organizations. It’s not necessarily drug related, it could be claims, it could be anything that has to deal with the medical side.

CJ: Great, thank you for sharing that. I’m going to bring you back to something you said at the end. You said CMS does not expect perfection. I tell a lot of compliance folks that, when I’m trying to help them set up compliance programs, OIG and enforcement bodies do not expect perfection. If that’s true though, and CMS does not expect perfection, what do they expect, in your opinion and your experience.

Scott: My experience has always been that CMS doesn’t really expect perfection as much as they expect to protect the beneficiaries.

CJ: Okay.

Scott: One of the things… I did this for 6 years. In 2013 I was part of a team that got to go out to Philadelphia with Dr. Cynthia Tutor, I don’t know if many people are familiar with her name, but she was one of the main people that was working for CMS at the time. I was really quite nervous about working with her because she had a reputation for being a force to reckon with. The reputation really did precede here. So even though I was part of the audit team, and I wasn’t necessarily being audited, I was still a little intimidated by all that.

CJ: Right.

Scott: I had a chance to actually talk to her one night, and to ask her that question. What does CMS, what do they really expect in these audits? She said, these audits are really all about beneficiary protections. And that’s what I got from talking to her, and other people, at CMS. They are very strong beneficiary advocates. Dr. Calman, a lot of people may recognize Dr. Calman’s name because he would preside over many of the clinical decision making webinars. He is also a very strong beneficiary advocate. What they are really looking for, is if Medicare beneficiaries are experiencing some kind of adverse health condition, what they want to know is that the Medicare advantage organizations are doing something to address that health issue to mitigate the adverse threats.

CJ: Okay.

Scott: You know, there are regulations that have to be followed, and we all know that because we are all part of a health care plan. There may be incidences where the regulations were not followed because it was either a result of a human error, or failure to realize that something should have been done first, but the key that CMS is always looking for, is that you’re taking care of the beneficiary both in terms of their health and their finances. If you can do that, then you’re going to be in really good shape for CMS.

CJ: Yeah. That is probably a good way to look at your day to do work, right? We can all get bogged down, or get stressed out with all these regulations, but if your overall principal, or mission, is beneficiary protections and beneficiary benefits, making sur they are getting the right service. If that is your overall mission, sometimes I think that would calm your mind a little bit, is to go “what’s best for this beneficiary?”. Scott: Yeah, that is exactly what it’s all about, and I can tell you just from my experience that if you keep in mind what is best for the beneficiary, you’re going to be just fine with CMS.

CJ: Yeah, that’s great. Earlier you also mentioned not to panic, and I kind of joked a little bit that some of us in compliance are drawn to that field because we’re very conscientious. What advice would you have for individuals who in spite of their best efforts, still, they just can not shake the nerves. It is so nerve racking to see a contractor, somebody from CMS, across the table.

Scott: It definitely is nerve racking. I think what they need to understand is that it kind of works both ways. I had the opportunity to do about 50 compliance audits during those 6 years, and the reactions that I received on site really ran the gamut. Individuals accepting the fact that this was a CMS audit, and telling us what they knew. Then we had other individuals that were just so freaked out that they got very emotional. When I say emotional I’m talking about flat out crying because they just didn’t know what to expect.

CJ: Oh wow.

Scott: I felt bad for them, because every single person that I worked with in my capacity as the auditor. We all understood how nerve racking it could be to sit across the table from a government auditor. I knew that I did because I had been on their side before, I knew that to have to sit there and tell an auditor stuff, it can be very disconcerting.

CJ: Sure.

Scott: The way that I always approached it was, CMS, you mentioned this earlier when you were talking about something else, we’ve always reviewed compliance program effectiveness audit as a collaborative partnership.

CJ: Okay.

Scott: Nobody from CMS or the contractors had ever gone into a program audit with the gotcha type of attitude. We didn’t go in there looking to say “Oh, we knew were going to find this and we gotcha.” It was more looking for opportunities to hear from the Medicare advantage organizations about the way things are, and kind of how they should be.

CJ: Okay.

Scott: If an organization really did something that was wrong, then we always approached it as an opportunity to give them rational behind why were telling them that it was wrong and giving them suggestions to go ahead and correct that. The other thing to keep in mind too, for a lot of them, at the end of the audit we know we are going to be giving out an audit report. CMS has gone to great lengths the last couple years to make sure they have a draft report in the Medicare advantage organizations hands before we actually left the organization.

CJ: Okay.

Scott: So we had a lot of work to do as well as all the work that they were doing, and in my opinion, CMS would have much preferred to write a clean audit report that didn’t have any corrective actions to it, than to have to sit there and have to write out a long report full of deficiencies.

CJ: Exactly.

Scott: It was kind of a two-way thing, they didn’t want the deficiencies and we would have much rather gone in with the attitude of you’re doing a great job and we don’t have any deficiencies to give to you.

CJ: Exactly, everybody would be happier if there weren’t those things identified I think.

Scott: Right.

CJ: Maybe I if I could ask a logistics question, because I’m curious. How many people are on a team when you’re going, I’m assuming you’re on site with them, and how long are you there?

Scott: We usually get in there Monday morning, depending on how long the tracers took, we could be there for 4 full days, Monday through Thursday, and then on Friday the entire audit team, including the folks from O-DAG and C-DAG would get on a conference call and do the exit conference. That is when we would actually give them the draft report. You can imagine that, going back to what I was saying before, if we’re doing these audits Monday through Thursday and then we need to get a draft report in their hand Friday morning, we’re doing a lot of work on Thursday afternoon and Thursday evening to be ready for that.

CJ: Exactly, and how many people are on a typical assignment like this? Is there a team of 3 to 4, or is it more, or less?

Scott: Typically, when I went out, we had the CMS audit lead, the CMS compliance team lead, then probably 4 other team members.

CJ: Okay.

Scott: Occasionally there would be a little bit less than that if there were multiple audits going on at one time. Typically, you would have about 6 people sitting there in front of the medical advantage organization.

CJ: Gotcha. Let me come back to this report that is offered at the end. In spite of everything that you’ve said so far, how do you allay the fears of the organizations that understand that once the audit is done they are still likely to receive an audit report that could lead to some sort of sanction, or some sort of discipline. How do you help those fears?

Scott: That’s a good question. I know that people are listening to this are probably thinking it’s easy for me to say CMS would prefer to write a clean audit report, but the reality is once the audit is over, we’re still going to have to get a report with these i-cars, the immediate corrective actions or the cars that are the corrective actions. It’s also going to reflect negatively on them in the industry because these reports are made public at some point. CMS does post all that information on their website, and nobody really wants to be called out in front of their peers for not doing a great job.

CJ: Right.

Scott: I look at it as taking a calculous class in college where the professor posts the students grades in public, nobody wants to see that you didn’t do very well.

CJ: Right.

Scott: A lot of the times the organization finds out that from the reports that things really look bad at first glance, you have to peel away the layers of the proverbial onion as I call it, and you realize that a little tweak here or a little tweak there will take care of the condition. You’re going to go to a validation audit at some point, and that will give you a chance to demonstrate to CMS that the issues have been corrected. CMS also works on a 3 to 4-year cycle of audits, so if you were audited, say, in 2015, chances are 2018, 2019, CMS is going to come back around again. That will give you a chance just how much better you are than you were the last time out. That’s what everybody really wants to see.

CJ: Yeah, improvement.

Scott: Yeah, exactly. I think if you keep that in mind I always like to tell people, when I went out and did these audits, that yes, this audit report is going to look bad for you for lack of a better word, because you don’t want to see corrective actions there. You also need to realize you’re really, really, close. If you just document your training and education program, or if you get these policies in place, the next time we come back around you’re going to be in great shape.

CJ: As somebody that has worked in compliance a long time, but not necessarily in the Medicare advantage space, and I know a lot of our listeners might not have as much experience there as well. Is every Medicare advantage organization audited on this 3 to 4-year cycle, or is it possible to go 5 years without ever being audited?

Scott: It really depends on what your circumstances are. There are some plans that don’t get audited within that 3 to 4-year cycles for whatever circumstance it might be. I’m not privy to exactly what that is. Most of the plans that I have audited in the past have now gone through two cycles, and I know that a lot of them sit there and will tell me when I come, we’ve been waiting for this notice, so we knew we were going to get audited.

CJ: Right, right, and as you were saying these reports are posted. Do you think there is much learning, so let’s say I was audited 2 or 3 years ago, and I anticipate I’ll be audited again. Is there much value in me looking at peer organization reports that just took place over the last few months to see what kinds of things auditors are looking for, or is there not much value there?

Scott: I think there is tremendous value, and the other thing listeners should be aware of if they have not seen this yet. CMS just posted on May 8th, on their HTMS site, the audit report for last year. This was a compilation of all the audits that they did in 2017. There’s a lot of really good information in that report. It gives out the audit scores for everybody, it also breaks down the top 5 most common conditions in each of the audited areas.

CJ: Wow.

Scott: If you’re Medicare advantage plan with drug benefits, they call them MAPD plan. You can go out there, you can see the top 5 conditions in formulary administration, the top 5 in C-DAG, the top 5 in O-DAG, and the top 5 in compliance program effectiveness.

CJ: Yeah.

Scott: You definitely know, from looking at that report, what CMS is going to be focusing on.

CJ: That’s great. It amazed me that you’ve done this about 50 times, and where I think there’s some tremendous perspective that you have. When I was working full time as a compliance officer I would only do my own reviews, and occasionally I might be involved in a peer that asked me to be on a committee to do a review of theirs. So I might have seen 1 or 2 compliance programs in depth in a year. Where as you were seeing across, across the country, different compliance programs. You had an advantage to see, look at all these different compliance programs I can see really what, I can compare all 50 of these in my own head, I can see what’s strong and what’s week. Are there any, maybe one or two key points as we wrap up, as we run out of time here, that you would say is a good practice, or something that you really saw that you’d recommend people do?

Scott: There really are two things that I would say. The first thing is, just from my perspective, and this is personal, this isn’t anything that CMS might advocate. I always thought that the best types of compliance programs were those compliance programs that partnered with the business owners.

CJ: Ah, okay.

Scott: I saw some really good programs that did that very thing. The second thing is, I know that everybody gets caught up in their day to day operations, especially in compliance. You’re always looking at how you can improve your compliance program. I think you must stop at some point, and do a mock audit, of all the different areas that CMS might do. To see where your deficiencies are, and where you can improve, because as I said, you know that on a 3 to 4-year cycle you’re going to be re-audited again. So make sure you’re making that intermetal progress. Make sure you know your ducks are lined up so that the next time CMS comes in, you’re prepared for everything.

CJ: That is great, great advice Scott. We really appreciate your time, and your expertise is invaluable. Your experience. I really think this is one of the best podcasts we’ve had, I really appreciate your willingness to share, and would like to thank you. Any last minute, or parting comments.

Scott: I do want to make a comment to whoever might be listening who have met me before to be audits, you probably won’t forget me because I was told by one compliance officer that I ask way too many questions, but what I will say is that I had, it was a great honor for me to have meet the difference compliance officers that I had a chance to me. I hope that all the feedback that I’ve given you, both today, and during the audits, has been very helpful, and it’s helped you with your audits and with your careers.

CJ: Excellent. Thank you, Scott. I think that attribute is a strength when you’re an auditor like that, is asking too many questions, is a compliment. Thanks again for sharing your time with us, and everyone, thanks for joining us on this episode of Compliance Conversations. Until next time, bye-bye.