The Seven Elements of a Vendor Oversight Program

Transcription

1 The Seven Elements of a Oversight Program DST Health Solutions September 2014

2 The Seven Elements of a Oversight Program The Seven Elements of a Oversight Program Medicare Advantage plans must gain efficiencies and improve member outcomes. 1 DST Health Solutions

3 The Seven Elements of a Oversight Program The Medicare Advantage Landscape Currently there are over 15 million Medicare beneficiaries covered by Medicare Advantage (MA) programs. Four national health plans provide coverage for over 50% of the market with an average membership of 2 million members. However, over 50% of the total health plans that participate in the Medicare Advantage program cover an average of 850 members per plan. Even though costs are increasing and the Affordable Care Act (ACA) reduced payments to Medicare Advantage plans, new plans continue to enter the market and existing plans are expanding their service areas. Small to medium sized health plans face significant challenges. They must reduce their medical and administrative costs because the premiums paid on behalf of MA members are decreasing, while the regulatory and administrative demands on participating plans are increasing. These plans will need to evaluate purchasing technical solutions to automate work processes and potentially outsource administrative functions in order to offer competitively priced services to Medicare Advantage members. A Medicare Advantage Plan Sponsor (Plan Sponsor) may choose to outsource administrative services in order to gain expertise, reduce administrative cost, increase capacity and speed to market. If a plan chooses to outsource administrative functions, regulatory agencies, such as CMS as well as accrediting bodies (NCQA and URAC), define expectations regarding delegation and the plan s responsibility for structured oversight of the selected vendor. In general a Plan Sponsor may delegate the authority to perform services but the plan retains the responsibility to ensure that the services are performed in compliance with all regulatory requirements and accrediting standards. DST Health Solutions 2

4 The Seven Elements of a Oversight Program Selecting a The decision to outsource, as well as the selection of a partner, is a major decision and the Plan Sponsor should follow a deliberate evaluation, assessment and selection process. This process should apply to the identification of the Plan Sponsor s administrative processes to outsource, as well as the selection of the vendor. CMS expects the Plan Sponsor to have a process to determine if delegated entities are properly identified and classified as a first tier, downstream or related entity (FDR). In fact, Plan Sponsors need to identify their delegated entities in the Administrative/Contracting Required Provision Matrix within the annual application to CMS. The matrix should include a designation of the specific delegated services and require the plan to confirm that the specific required information is included in the contract with the vendor. Plan Sponsors should create and maintain a matrix of all delegates, identifying the services they perform on behalf of the organization, and document the methodology for vendor classification. This matrix will be the cornerstone of the organization s FDR Oversight Program. The Plan Sponsor s vendor classification criteria should consider the vendor s: Impact and level of direct access to the beneficiary Access to personal identifiable information or personal health information Level of decision making authority. These criteria, along with the definitions of a first tier, downstream or related entity provided on the next page, will allow the plan to establish a framework to classify the vendors as depicted in the subcontractor chart as shown. 3 DST Health Solutions

5 The Seven Elements of a Oversight Program Name Risk Score (Critical, High, Medium, Low) Enrollment & Eligibility Classification (First Tier, Downstream, Related Entity) Claims Administration Member Call Center Care Management (UM, DM, CM) Provider Contracting Provider Credentialing Provider Call Center HCC Revenue Management EDPS/RAPS Direct Member Contact? (Y or N) Access to PII or PHI? (Y or N) Does Make Decisions on Behalf of the Plan? (Y or N) Does Plan have Previous Experience with? (Y or N) First Tier Critical X X X X X X Y Y Y N ABC Care Mgt. Company First Tier Critical X Y Y Y Y XYZ Provider Mgt. First Tier Medium X X N N Y Y First tier entity means any party that enters into a written arrangement, acceptable to CMS, with an MA organization or applicant to provide administrative services or healthcare services for a Medicare eligible individual under the MA program or Part D. Downstream entity means any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the MA benefit, below the level of the arrangement between an MA organization (or applicant) or Part D sponsor and a first tier entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services. Related entity means any entity that is related to the MA organization or PDP sponsor by common ownership or control and: (1) Performs some of the MA organization s or PDP sponsor s management functions under contract or delegation (2) Furnishes services to Medicare enrollees under an oral or written agreement (3) Leases real property or sells materials to the MA organization or PDP sponsor at a cost of more than $2,500 during a contract period. DST Health Solutions 4

6 5 DST Health Solutions The Seven Elements of a Oversight Program

7 You are accountable The contract between the plan and the delegated entity governs the relationship and should outline the administrative functions to be performed by the vendor, specifically emphasizing performance guarantees and performance monitoring. It is also important for the contract to address communication about regulatory changes and compliance concerns, as well as reporting of information related to performance failures. The plan should document expectations regarding confidentiality, audit rights and contract termination, if the vendor s performance is unacceptable and consistently doesn t meet the plan s expectations or CMS obligations. As previously discussed, the Plan Sponsor is ultimately responsible for the performance 1 of the vendor, but the Plan Sponsor should ensure that detailed roles and responsibilities are clearly defined. Both parties should understand the transfer of work between the plan and the vendor as well as the decision making authority associated with the specific operational functions. For example, the Plan Sponsor may delegate claims processing. However, they may want to establish a dollar limit which requires plan review and approval prior to adjudication by the vendor. The attached matrix depicts a summary of the division of responsibility for typical activities that a plan may outsource to DST Health Solutions as a business processing vendor. This level of documentation will guide the development of detailed business requirements during the implementation activities as well as the statement of work included in the contract. Questions to Ask: Do you have a process for determining which delegated entities are properly identified as FDRs subject to Medicare compliance requirements? Does your contract include the references and information required by CMS? Have you clearly defined administrative services, including the roles and responsibilities of each party? Seven Elements of a Successful Oversight Program DST Health Solutions 6

8 Seven Elements of a Successful Oversight Program Auditing & Monitoring of Delegates performance should be monitored on an ongoing basis with a formal review no less than annually. The types of routine monitoring activities performed by the Plan Sponsor can vary based on past performance with the vendor and the nature of the services performed. The type and frequency of monitoring should be documented for each vendor including evidence of the monitoring activities. The Plan Sponsor should establish key performance metrics designed to measure the vendor services. For example, if the Plan Sponsor delegates call center operations to a vendor, then the performance metrics should include, at a minimum, the regulatory requirements defined by CMS, such as hold time, average speed of answer and abandoned rate. 7 DST Health Solutions The delegate oversight program must also define what happens if the vendor s performance is below the Plan Sponsor s performance expectations or CMS compliance standards. When noncompliant performance occurs, the Plan Sponsor should request a formal action plan defining specific activities to ensure performance meets the defined expectations. Depending upon the severity of performance, the Plan Sponsor should consider increasing monitoring and audit activities of the vendor. These performance action plans should be incorporated into the Compliance department records, and Compliance should recommend how to communicate the non-compliant performance to CMS.

9 Questions to Ask: Do you have a strategy to monitor and audit your first tier entities? Does your strategy for monitoring and auditing your first tier entities include: Ensuring that they are in compliance with Medicare Parts C and D requirements? Ensuring that they are monitoring their downstream entities? Seven Elements of a Successful Oversight Program Do you monitor and audit your related entities? Does your monitoring and auditing work plan include the number of first tier entities that will be audited and how the entities will be identified for auditing? If you do not monitor and audit all of your first tier entities, do you perform a risk assessment to identify the high risk first tier entities and then select a reasonable number to audit from the highest risk groups? Do you have procedures to ensure that your FDR s are not excluded from participation in Federal health care programs? Does your system include review of the OIG and GSA exclusion lists prior to hiring or contracting and monthly thereafter for FDRs and their employees either by you, your first entities, or the downstream entities themselves? Do you ensure that noncompliance or FWA committed by FDRs is well-documented and includes ramifications should the FDR fail to satisfactorily implement the corrective action? Do you maintain thorough documentation of all deficiencies identified and the corrective actions taken? DST Health Solutions 8

10 Seven Elements of a Successful Oversight Program Communicating policies and procedures Policies and procedures are a foundational element of any organization s business operations model and are required to successfully delegate administrative functions to a vendor. Policies define the administrative function and why the organization performs the function, including regulatory citations that govern the specific actions. The policy represents the What and Why of the business operations model. The process and/ or procedure documents outline How the function is performed. These documents include the flow and detailed tasks that must be performed to appropriately administer the function. Handoffs between the plan sponsor and the delegated vendor would be defined in the procedure documents. As a Plan Sponsor you should share your compliance program policies and procedures with the selected vendor or review their program documents for consistency, but remember that you must also document your oversight activities as well. At a minimum you should create policies and procedures that demonstrate how you select, classify and monitor your vendors. Specifically, you should develop policies regarding: classification of vendors as first tier, downstream or related entities oversight (program descriptions & committee structure) auditing & monitoring activities (frequency & type) communication protocols external audit coordination. Questions to Ask: Do you ensure that either your Standards of Conduct and Policies & Procedures or comparable documents are distributed to FDR s employees within 90 days of hire/ contracting and annually thereafter? Do you have policies and procedures that document your oversight of the vendor? Do you have policies and procedures governing the exchange of information with the vendor, including performance monitoring, compliance disclosures, and corrective action requirements? 9 DST Health Solutions

11 Foundational training and education When a health plan decides to outsource administrative functions, they are not simply delegating a task to a vendor. They are sharing their organizational culture, mission and values with another company. Training and education activities set the tone for the relationship with the vendor. The health plan and vendor staff will require ongoing training and education related to specific roles and responsibilities, monitoring activities and how to report compliance concerns or questions. Training and education will expand the knowledgebase of all stakeholders and define specific responsibilities, establish consistent expectations and ultimately improve productivity, while enhancing the quality Seven Elements of a Successful Oversight Program of service. The vendor should have structured capabilities to deliver and track outcomes of staff training including general compliance, fraud, waste and abuse, as well as detailed procedures in support of the delegated functions. The plan sponsor may want to request a periodic attestation and evidence that all required training occurred in a timely manner. 4 Questions to Ask: Do you ensure that general compliance information is communicated to your FDR s? Do you ensure that your FDR s employees receive FWA training within 90 days of hiring/contracting and annually thereafter? Do you provide training directly to your FDR s, provide them with FWA training materials or use CMS Learning Network module for FWA training for your FDR s? Do you require your FDR s to maintain records of the FWA training of their employees for ten years, as required? DST Health Solutions 10

12 Seven Elements of a Successful Oversight Program Communication Protocols Clear and concise communication is critical to a successful partnership between the Plan Sponsor and the selected vendor. The ultimate goal for the Plan Sponsor is to establish a relationship with a trusted partner, based upon effective, well established communication methods. This is crucial to not only the success of the relationship, but ultimately the success of the plan. While developing the ultimate relationship of trust, both parties should establish formal methods of communication including structured meetings (agendas and minutes) to review performance metrics and outstanding issues and informal meetings to discuss overall satisfaction or concerns. The meeting agendas, minutes and open issues tracking should clearly document the meeting participants, discussion, conclusions and recommended follow up actions. The frequency and duration of these meetings will depend upon the phase of the relationship. During the implementation phase, there will be frequent, lengthy meetings to collect and share information supporting the delegated process as well as approve process flows, review change requests, clarify assumptions and manage issues. After a successful implementation, the team should be able transition into less frequent meetings to monitor ongoing performance. During the initial phase of the relationship, the Plan Sponsor and the vendor should establish formal lines of communication to address compliance failures. It is inevitable that something will go wrong, such as key performance indicators may be missed, incorrect information may be provided to a member, or an employee may perform a deliberate act of theft or fraud. Compliance failures require quick and thorough evaluation by knowledgeable compliance team members to ensure that the compliance issues are identified and documented, and corrective actions are taken with appropriate notices to regulatory agencies as applicable. Questions to Ask: Do you have formal processes to support the sharing of information, including a centralized repository of information for process flows, assumptions, change requests, etc.? Do you have established methods to receive periodic monitoring reports? 11 DST Health Solutions Do you have communication protocols for compliance concerns or failures, including the evaluation of member impact, corrective action plans and supporting documentation?

13 Compliance and Oversight The Plan Sponsor should carefully evaluate the regulatory requirements that apply to the services performed by the vendor and the potential risk associated with the vendor s failure to perform the services in a compliant fashion. Best practices include developing a formal Delegate Oversight Program Description that is reviewed and approved by the Plan Sponsor s compliance and quality management committee structure. The Plan Sponsor must maintain written procedures for monitoring & reviewing delegated entities, and this program description allows the plan to tell their story, while documenting exactly how they comply with the accrediting standards as well as the regulatory requirements defined by CMS. The Plan Sponsor is ultimately responsible for the performance of the vendor and should consider designating a key member of the management team, who possesses the appropriate operational experience and authority, as the relationship owner. Another best practice is to establish a formal delegate oversight committee that includes members of the compliance and quality management teams as well as the designated members of management who own the business relationships with the vendors and the operational business owners of the processes being delegated. This oversight committee would review and approve the performance monitoring activities, oversee the vendor s implementation of corrective action plans, if needed, and allow the plan sponsor to demonstrate deliberate and organized oversight of the delegated vendor. Questions to Ask: Do you ensure that needed corrective actions are taken by first tier entities? Do you ensure that noncompliance or FWA committed by FDR s is well-documented and includes ramifications should the FDR fail to satisfactorily implement the corrective action plan? Do you maintain thorough documentation of all deficiencies identified and the corrective actions taken? Do you continue to monitor FDR corrective actions after their implementation to ensure that they are effective? Seven Elements of a Successful Oversight Program 6 DST Health Solutions 12

14 Seven Elements of a Successful Oversight Program Self Assessment It is critical for plans to document and have an ongoing process to evaluate and assess their vendor oversight program. The following matrix was adapted from the CMS questionnaire and should provide the Plan Sponsor with a guide to monitor program effectiveness. As documentation is collected to demonstrate the program effectiveness the Plan Sponsor should consider information such as policies & procedures, workflows and job aides, training materials & records indicating employee participation, monitoring reports, committee charters, committee meeting agendas & minutes, as well as corrective action plans and audit reports. Self-assessment is a critical component of a high performing organization and demonstrates a culture of continuous improvement. Evaluation of current activities allows the plan sponsor to identify deficiencies in the process and make modifications to ensure that the oversight program is functioning as designed. The ongoing program evaluation ensures that the plan has effective programs in place to monitor the compliant administration of the functions delegated to the vendor. Go to to download. 13 DST Health Solutions

15 The Seven Elements of a Oversight Program Conclusion Delegating services can be advantageous to an organization, but the Plan Sponsor just can t walk away and forget it! The Plan Sponsor is responsible for the performance of the vendor and must have established processes to oversee and monitor activities. The established processes must include the collection and retention of artifacts that demonstrate the oversight and monitoring activities. The Plan Sponsor should carefully evaluate the expectations and standards of the applicable accrediting bodies (NCQA & URAC) as well CMS requirements in order to design a comprehensive program that satisfies all requirements. A comprehensive program also provides management with reasonable assurance that the selected vendors are delivering quality services on behalf of the health plan. A high performance vendor can position a health plan for rapid growth and expansion into new markets, while, conversely, poor vendor performance can damage the health plan s reputation, tarnish their brand and result in stringent regulatory penalties, suspension of marketing privileges or loss of contract with the government. A comprehensive delegate oversight program will provide health plan management with the necessary information to clearly document roles and responsibilities while monitoring performance and proactively implementing corrective actions to avoid negative consequences in the future. Management is accountable for supporting the consistent implementation and administration of the program, in order to achieve the reasonable assurance of vendor performance. About DST Health Solutions DST Health Solutions, LLC, delivers contemporary healthcare technology and service solutions that enable clients to thrive in a complex, rapidly evolving market. Providing business solutions developed from a unique blend of industry experience, technological expertise, and service excellence, we assist our clients in improving efficiencies while also effectively managing the processes, information, and products that directly impact quality outcomes. Our portfolio of services and solutions, which includes enterprise payer platforms, population health management analytics, care management, and business process outsourcing solutions, is designed to assist clients in successfully managing their most important business functions while facilitating strategic and financial growth. We specifically support commercial, individual, and government-sponsored health plans, health insurance marketplaces, and healthcare providers in achieving the goal of affording the best possible care to their members each and every day. DST Health Solutions, LLC, is a wholly-owned subsidiary of DST Systems, Inc. DST Health Solutions 14

16 Resources NCQA Health Plan Standards, A formal process by which an organization gives another entity the authority to perform certain functions on its behalf. Although an organization may delegate the authority to perform a function, it may not delegate the responsibility for ensuring that the function is performed appropriately. URAC Health Plan Standards, Ver. 6.0, The process by which the organization contracts with or otherwise arranges for another entity to perform functions and to assume responsibilities covered under these standards on behalf of the organization, while the organization retains final authority to provide oversight to the delegate. Medicare Managed Care Manual - Chapter 21 Compliance Program Guidelines And Prescription Drug Benefit Manual Chapter 9 - Compliance Program Guidelines(Chapter 21 - Rev. 110, )(Chapter 9 - Rev. 16, ) Sponsor Accountability for and Oversight of FDRs 40 Sponsor Accountability for and Oversight of FDRs (Chapter 21 - Rev. 109, Issued: , Effective: ; Implementation: )(Chapter 9 - Rev. 15, Issued: , Effective: ; Implementation: )42 C.F.R (b)(4)(vi), (i), (b)(4)(vi), (i) Medicare Managed Care Manual Chapter 11, Medicare Advantage Application Procedures and Contract Requirements, Section 110: MA Organization Relationship with Related Entities, Contractors, Subcontractors, First-Tier and Downstream Entities Sponsors may enter into contracts with FDRs to provide administrative or health care services for enrollees on behalf of the sponsor. The sponsor maintains the ultimate responsibility for fulfilling the terms and conditions of its contract with CMS, and for meeting the Medicare program requirements. Therefore, CMS may hold the sponsor accountable for the failure of its FDRs to comply with Medicare program requirements. Code of Federal Regulations as of July 22, 2014 Title 42 Part Part D Title 42 Part Part C Contact us For more information on DST Health Solutions, call us at , us at marketingdsths@dsthealthsolutions.com, or visit us at DST Systems, Inc. DST Systems, Inc. (DST) has provided the information in this Product Sheet for general informational purposes only, has a right to alter it at any time, and does not guarantee its timeliness, accuracy or completeness. All obligations of DST with respect to its systems and services are described solely in written agreements between DST and its customers. This document does not constitute any express or implied representation or warranty by DST, or any amendment, interpretation or other modification of any agreement between DST and any party. In no event shall DST or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if DST or its suppliers have been advised of the possibility of such damages. DST Health Solutions 2500 Corporate Drive Birmingham, AL MarketingDSTHS@dsths.com