CMS AUDITS OF MEDICARE ADVANTAGE PLANS, TIM HILL, DIRECTOR, OFFICE OF FINANCIAL MANAGEMENT
HOUSE WAYS AND MEANS SUBCOMMITTEES ON HEALTH AND OVERSIGHT

Testimony of Timothy B. Hill, Chief Financial Officer and Director, Office of Financial Management -- CMS Audits of Medicare Advantage Plans -- Good Morning Chairmen Stark and Lewis, Ranking Members Camp and Ramstad, and distinguished members of the Committee. Thank you for inviting me here today to discuss the audit processes for Medicare private health care plans, which provide an important source of supplemental Medicare benefits for individuals with Medicare. I am honored to have the opportunity to describe to you how the Centers for Medicare & Medicaid Services (CMS) uses these important financial tools to ensure the financial integrity of our programs and protect our beneficiaries. I would like to begin my testimony this morning with a general discussion of the recent Government Accountability Office (GAO) report, including the steps we are taking to implement the GAO recommendations. The Agency�s full response to the final GAO report is attached to the end of my testimony. Then, I would like to turn to a more detailed discussion of the steps that CMS takes to ensure the accuracy and integrity of the payments we make to Medicare Advantage (MA) plans, including how we are complying with the �one-third financial audit� requirement of The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108�173). Finally, I will briefly touch upon other CMS compliance activities that compliment the audit process, which includes bid reviews, post-contract bid audits, and post-contract financial audits. GAO Report to Congress The GAO issued a Report to Congress in July of 2007 regarding the auditing procedures in place at CMS for MA and the former Medicare+Choice (M+C) programs. The GAO�s study focused on annual �Adjusted Community Rate (ACR)� audits and �bid� audits of Medicare Advantage Organizations (MAOs) for the contract years 2001 - 2006 and provided CMS with five specific recommendations to improve our financial auditing processes. CMS welcomes these constructive suggestions and as reflected in our comments to GAO on both the draft and final reports, CMS has already begun implementing some of the report recommendations. For example, we have modified and documented our procedures for selecting MAOs and Medicare prescription drug plans (PDPs) for financial audits. In addition, we have begun to better document the standard operating procedures to clearly describe the financial audit process CMS uses in reviewing MA contracts at the conclusion of a contract year. CMS appreciates the time and resources that GAO invested in this study, and we want to be unequivocally clear today that the Agency is committed to continuing steadfast oversight of the MA program in the years ahead. Bid Audits It is important to note that the scope of the GAO review was limited to our oversight of the MA bid process (or in the case of the M+C program, the ACR process). The initial CMS review process has two parts: bid reviews and any post-contract bid audits. CMS believes that both serve an important purpose in enabling CMS to provide prompt feedback to update and refine bid processes for the subsequent year of bid submissions. During the bid reviews, significant errors and corrections are made to bids in advance of the contracting process. In contrast, the bid audits afford CMS the opportunity to evaluate the details of the bid development against the bid instructions and the actuarial standards of practice. The resulting observations and findings from the bid audits are used to hold MA plan sponsors specifically accountable in subsequent bid submissions and more generally, to determine new and clarifying guidance and training for all plans. Bid audits are not financial audits, are not intended to catch significant contract mistakes (which are often corrected prior to bid approval during the bid review process), and are not intended to validate information in the contract which cannot accurately be determined until the conclusion of the contract year. Rather, their purpose is to provide prompt feedback to update and refine bid processes for the subsequent year. As we have seen over the past two years, the bidding process has become more refined and structured, particularly with regard to costs. While we concur with GAO that CMS does not have current authority to adjust payments to plans for the years under review based on the bid audit findings set forth in GAO�s report, we disagree with GAO that we would be able to establish such authority for future years through rulemaking. CMS does not believe that we could change the basic statutory design of the bid and payment process through a regulation, as suggested by GAO. According to the procedures established by Congress in the MMA, plans present CMS with a bid for Medicare benefits and other health care services, which serves as the basis of a fixed price contract for services the plans commit to provide to Medicare enrollees in the upcoming year. In submitting annual bids that will determined payment for a full year, participating MAOs and PDPs must assume risk in committing the services they will offer enrollees during the contract year; CMS reviews the bids and pays the plans based on a payment formula in accordance with the statutory guidelines for the services contained within the plan�s bid. If a plan underestimates the costs of providing promised care to Medicare beneficiaries, it nevertheless is tied to the terms in the bid contract for the remainder of the program year. Conversely, plans that overestimate their bids run the risk of losing enrolled beneficiaries or potential enrollees to another, more competitively priced Medicare plan. That is, the competitive framework established by Congress is designed to ameliorate gaming by plans without subjecting MA plans and beneficiaries to mid-year corrections in payments and benefits. Of course, if a review were to highlight potential fraud, that plan would be referred immediately to the U.S. Department of Health & Human Services (HHS) Office of the Inspector General (OIG). The �One-Third� Financial Auditing Requirement I will now discuss implementation of the one-third audit requirement of the MMA and how that requirement becomes the true fiduciary control for health plans. The statutory requirement for financial audits for one-third of the plans every year is established in Section 1857(d)(1) of the Social Security Act (the Act). Prior to the MMA, this section required the Secretary of HHS to provide for the annual audit of financial records (including data relating to Medicare utilization, costs, and computation of the ACR) of at least one-third of the MAOs offering M+C plans. The MMA dropped the reference to the ACR and retained the requirement for annual auditing of financial records of one-third of MAOs. In addition, Section 1860D-12(b)(3)(c) of the Act requires the Secretary to provide for the annual audit of financial records (including data relating to Medicare utilization, costs, including allowable reinsurance and risk corridor costs, as well as low-income subsidies and other costs) of at least one-third of PDPs. In its Report to Congress, GAO suggests that CMS� post-contract bid audits are the only action that CMS has taken to satisfy the statutory audit requirement. CMS concurs that bid audits occurring after contracts are awarded to MAOs do not fully satisfy the Agency�s audit responsibilities. However, CMS never intended for post-contract bid audits to serve as the only audit action to fulfill the auditing requirement. The financial audits for contract year 2006 described above had not yet been completed at the time of GAO�s investigation since they can only occur after the close of the contract year and final payment reconciliation, but clearly such audits are a critical component of CMS� plan for complying with its statutory audit responsibilities. Financial Audit Process As noted in my opening comments, CMS has a specific plan in place to meet our one-third audit goals for contract year 2006 and we have always intended to fulfill the audit requirements with more substantive reviews than our bid review and post-contract audit process. The elements of this strategy have been in place since last year. CMS first launched a smaller pilot audit to test and refine the criteria established for the financial audits for contract year 2006 MAOs. This pilot is currently under review, and refinements to the criteria will be forthcoming so that auditing firms can build on the findings as they begin their work. In September, we selected three accounting firms to conduct these reviews on our behalf. In the meantime, CMS is sending notification letters to inform MAOs from contract year 2006 that they have been selected for a financial audit which will commence in late 2007. (It should be noted that within each MAO contract there may be multiple plans that could be audited.) These comprehensive first-round audits are intended to examine in detail the approved components of the MAO bids to ensure that Medicare beneficiaries and the Federal government received what the contract specified and the MAOs promised. As noted earlier in my remarks, a comprehensive financial audit of plan actions cannot occur until the conclusion of a contract year and the completion of data reconciliation that plans are entitled to after that point. As such, our actions now are the first opportunity that CMS has to review and verify the results of contract year 2006 plans. As part of our documented standard operating procedures, CMS has developed specific criteria used in selecting plans for our end of the contract year financial audits. The criteria vary in accordance with the scope of MA and Part D benefits provided by the MAO and PDP. Examples of CMS� MAO audit criteria include the amount of Medicare payments and beneficiary enrollment, prior significant findings, and recommendations from other CMS components. Beyond procedures for MAO audit selections, CMS also has initiated standards and measures for the key elements that will govern the audit itself and enable CMS to meet its objectives in conducting the financial audits. The elements that will be evaluated in the post-contract year financial audits include: � Solvency: CMS plans to evaluate a MA or PDP organization�s ability to bear the risk of potential financial losses for services performed or determinations of amounts payable under the contract. � Risk Score Review: CMS financial audits will verify that the accuracy of a MAO�s self-reported diagnosis data by reviewing medical records and cross-referencing these records with the reported diagnostic code (e.g., ICD-9 code). � Related Party Transactions: CMS audits will review a MAO�s significant business transactions to identify related party transactions and determine if the transactions were reported appropriately. In addition, the audits will verify that claimed costs associated with related organizations (parties) of the MAO are accounted for on a cost basis, do not exceed the price of comparable services, facilities, or supplies that could be purchased elsewhere, and are allocated to the MAO on an equitable basis. � Part D Costs and Payments: CMS will review the three prospective payment mechanisms for Part D: direct subsidy, low income subsidy, and reinsurance subsidy, as well as any applicable risk sharing adjustments by obtaining the prescription drug event (PDE) data and tracing the information to the MAO�s supporting documentation to ensure that reported costs were appropriate. � Direct/Indirect Renumeration (DIR): CMS will obtain discounts, rebates, and other price concessions reported by plans (i.e., Direct/Indirect Renumerations) and trace the information to the MAO�s supporting documentation to ensure that amounts from the contract year were reported accurately with a reasonable allocation methodology. � True Out of Pocket Cost (TROOP): Audit procedures will verify whether PDPs and MAOs are calculating TROOP accurately. Medicare Integrity Program Funding The CMS post-contract financial audit process is funded through the Medicare Integrity Program. We are currently on schedule to begin audits of 81 MAOs from contract year 2006, which clearly does not meet the one-third audit requirement (meeting that requirement requires audits of 165 plans). The enactment of the President�s Budget Request will help us meet that goal. As you know, CMS has requested funding in fiscal year (FY) 2008 to meet the one-third audit requirement. I want to thank you and your colleagues in Congress for supporting this request in the current House and Senate appropriations for CMS, and emphasize that this administrative funding is a critical component of the Medicare program. Other Compliance Activities In addition to the financial audit process, CMS protocols for oversight of MAOs include a rigorous application and bid review process, which helps ensure that enrollees have adequate access to health care services, and that beneficiaries are not discriminated against in any way. CMS conducts routine and targeted audits of plans to verify compliance with established performance measures and tracks complaints systematically throughout the benefit year. When MAOs are found out of compliance with program requirements, CMS can employ a range of enforcement tools such as required corrective action, suspension of enrollment, suspension of payment for new enrollees, civil-monetary penalties, and termination of the plan�s involvement in the Medicare program To further support compliance efforts, on May 21, 2007 CMS issued a proposed rule to strengthen current oversight requirements and penalties for MAOs as well as Part D PDPs. In the proposed rule, CMS proposes changes to existing regulatory protocols, including: � New steps to help expose potential fraud or misconduct through mandatory self-reporting of compliance violations; and � Modifications to streamline the process relating to intermediate sanctions and contract determinations (including terminations and non-renewals) and to better clarify the process for imposing civil monetary penalties. These revisions will help strengthen the existing range of compliance actions available to CMS when plans violate program requirements and contract provisions. Conclusion CMS takes its auditing responsibilities seriously and has plans in place and in effect to meet its statutory and fiduciary responsibilities to beneficiaries and taxpayers. We believe our complete auditing procedures, which include bid reviews, post-contract bid audits, and post-contract financial audits, will support Medicare beneficiaries by ensuring that they can maintain access to Medicare plans that meet their individualized health care needs. I appreciate this Committee�s ongoing interest in monitoring CMS� efforts to uphold the integrity of all Medicare programs. CMS remains steadfast in its commitment to maintaining the highest level of accountability for the Agency�s financial resources and will work to improve our financial management performance in all areas. Through the work of our partnerships with MAOs and PDPs and the audits of their plans, we can ensure that seniors and disabled persons get the necessary support and care they need to stay healthy, so as to enjoy enhanced wellbeing and quality of life.