Skip to main content

Medicare Advantage: Required Audits of Limited Value

GAO-07-945 Published: Jul 30, 2007. Publicly Released: Jul 30, 2007.
Jump To:
Skip to Highlights

Highlights

In fiscal year 2006, the Centers for Medicare & Medicaid Services (CMS) spent over $51 billion on the Medicare Advantage program, which serves as an alternative to the traditional fee-for-service program. Under the Medicare Advantage program, companies wishing to participate must annually submit bids (effective with contract year 2006) that identify the health services the company will provide to Medicare members and the estimated cost and revenue requirements for providing those services. For 2001 through 2005, the submissions were called Adjusted Community Rate (ACR) Proposals. The Balanced Budget Act (BBA) of 1997 requires CMS to annually audit the financial records supporting the submissions of at least one-third of participating organizations. BBA also requires that GAO monitor the audits. In this report, GAO examined (1) whether CMS met the one-third requirement for 2001 through 2006, (2) what information the ACR audits provided and how CMS used it, and (3) what information the bid audits provided and how CMS used it.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Centers for Medicare & Medicaid Services To help fulfill CMS's responsibilities, the Administrator of CMS should finalize a decision and establish implementing procedures on how the prior adjusted community rate proposal (ACRP) audit results will be addressed and closed.
Closed – Implemented
CMS implemented procedures in July 2008 on how prior ACRP audits are addressed and closed to include CMS notifying the Medicare Advantage Organization (MAO) of its findings and observations and obtaining the MAOs certification that it will implement necessary corrective actions prior to its submission of future ACRP bids. The MAOs signed certification received by CMS as a result of the new procedures serves as evidence of close-out of the ACR audit.
Centers for Medicare & Medicaid Services To help fulfill CMS's responsibilities, the Administrator of CMS should finalize an approach for meeting the one-third audit requirement for contract year 2006 and subsequent years. This approach should clearly address (1) the procedures for annually identifying the organizations whose bid submissions and supporting financial records will be audited as part of the current Office of the Actuary (OACT) bid audits and those that will be reviewed as part of the planned financial reviews, (2) the supporting documentation that must be retained to show that the audit requirement was met, and (3) the procedures for conducting planned financial reviews that clearly identify how the reviews will provide results in a timely manner and how the reviews will be designed to identify misrepresentations and falsifications in the information furnished under the program.
Closed – Implemented
On January 11, 2010, CMS updated its written procedures to conduct, monitor, and manage financial audits of Medicare Advantage Organizations and Prescription Drug Plans. These procedures, Division of Capitated Plan Audits - Standard Operating Procedures for Financial Audits of Medicare Advantage Organizations (MAOs) and Prescription Drug Plans (PDPs), are intended to meet the one-third audit requirement for contract year 2006 and subsequent years. As such, no other planned financial reviews are performed to meet the one-third audit requirement. CMS's guidance includes procedures for annually identifying the organization whose bid submissions and the supporting documentation that must be retained to show the audit requirement was met. Examples of documentation include the audit notification letter, audit report desk review, and Medicare Advantage Organizations responses to the audit results. The guidance also cites Medicare regulations, which require that the audit documentation must be maintained for 10 years and that the Comptroller General, among others, has the right to inspect, evaluate, and audit these records. In addition, these procedures include the contractor's Statement of Work that outline reporting requirements and deliverables to CMS to support audit work conducted and to provide results in a timely manner. CMS developed an updated audit plan in October 2008 to conduct the financial audits, Division of Capitated Plan Audit Uniform Examination Program for Medicare Advantage Organizations and Prescription Drug Plans, to include procedures to help identify misrepresentations and falsifications in the information furnished under the Medicare Advantage program such as verifying the validity, accuracy, and propriety of various types of costs claimed by Medicare Advantage Organizations and Prescription Drug Plans. Key areas of focus include related-party transactions, duplicate payments to medical service providers, and a financial solvency review.
Centers for Medicare & Medicaid Services To help fulfill CMS's responsibilities, the Administrator of CMS should amend the implementing regulations for the Medicare Advantage Program and Prescription Drug Program to provide that all contracts CMS enters into with Medicare Advantage organizations and prescription drug plan sponsors include terms that inform these organizations of the audits and give CMS authority to address identified deficiencies, including pursuit of financial recoveries. If CMS does not believe it has the authority to amend its implementing regulations for these purposes, it should ask Congress for express authority to do so.
Closed – Not Implemented
In its comment letter to our report, CMS concurred with this recommendation and stated that it would seek legislative authority to amend its implementing regulations, if necessary. However, in July 2011, CMS officials informed GAO they would not amend or request an amendment to its implementing regulations. Furthermore, CMS officials stated that its regulations (42 CFR Section 422.504(e) and Section 423.505(e)) provided it the authority to conduct an on-site audit and inspection to evaluate compliance with regulations and address identified deficiencies and concluded that no additional action is required. The regulations provide CMS the authority, among others, to access and inspect or audit the financial records, contracts, medical records, and other documentation of MAOs and PDPs. CMS does not plan to take action to address our recommendation. Therefore, we are closing the recommendation as not implemented.
Centers for Medicare & Medicaid Services To help fulfill CMS's responsibilities, the Administrator of CMS should develop, as part of its approach for meeting the one-third audit requirement, additional procedures for following up on results of the OACT bid audits and results of the financial reviews. These procedures should clearly address: (1) how CMS will annually ensure that findings and observations from the bid audits are addressed before the next year's bids are approved, (2) how CMS will annually ensure that findings from the financial reviews are addressed before the subsequent year's bids are approved, (3) the supporting documentation that must be retained to show that the findings and observations from bid audits and findings from the financial reviews were addressed, and (4) how CMS reviews audit findings to determine if intermediate sanctions are warranted.
Closed – Implemented
CMS finalized its approach for meeting the one-third audit requirement by developing additional procedures for following up on the results of the Office of the Actuary (OACT) bid audits. CMS does not conduct other financial reviews to meet the one-third audit requirement. Specifically, CMS developed: (1) the Division of Capitated Plan Audits - Standard Operating Procedures for Financial Audits of Medicare Advantage Organizations (MAOs) and Prescription Drug Plans (PDPs), dated January 11, 2010 and (2) the CY2012 Actuarial Pricing Bid Desk Review Manual, dated June 10, 2011. The standard operating procedures and manual set forth the objectives and procedures, as well as the supporting documentation to be retained, for resolving findings and observations from bid audits and findings from financial reviews prior to approval of subsequent year's bids. The standard operating procedures describes the process of closing audits which includes reviewing findings and making recommendations for sanctions or corrective actions. The manual describes how CMS reviews audit findings to determine if intermediate sanctions are warranted by requiring bid reviewers to provide feedback to OACT and document cases of violation of the Code of Professional Conduct by certifying actuaries. We obtained and reviewed supporting documentation for a selected Medicare Advantage Organization (MAO) and noted that the MAO's calendar year 2010 audit findings were tracked and monitored within CMS's desk review information system and resolved prior to approval of the MAO's calendar year 2011 bid.
Centers for Medicare & Medicaid Services To help fulfill CMS's responsibilities, the Administrator of CMS should develop procedures to formalize the reviews and supporting documentation that must be retained to show that conflicts of interest arising from individuals or firms preparing, reviewing, or auditing the same bid have been addressed.
Closed – Implemented
CMS's Office of the Actuary (OACT) developed procedures to formalize the reviews and supporting documentation that must be retained to show that conflicts of interest arising from individuals or firms preparing, reviewing, or auditing the same bid have been addressed. These procedures are described in CMS's Conflicts of Interest Checking For Contractors Performing Bid Reviews or Audits (updated January 9, 2008). The procedures developed by the OACT require contractors to submit a list of potential conflicts of interest with their proposal for services which is then retained and maintained by the Office of Acquisition and Grant Management within CMS. According to CMS, conflicts can arise due to an individual or firm's association or business relationship with any Medicare Advantage Organizations and Prescription Drug Plans during the past 12 months or any involvement in the preparation of the bids to be reviewed or audited. Each contractor must reply to OACT as to whether any potential conflicts of interest exist, and describes those conflicts as applicable. In particular, each contractor assigned by CMS to review an MAO's bid with respect to the one-third annual audit requirement must indicate whether that contractor was also involved in the preparation or certification of that MAO's bid approved by CMS. Based on documentation submitted by the contractor, OACT will make a final decision as to whether a conflict of interest exists and take necessary action to have the contractor remove the persons involved from the bid or exclude the contractor from the bidding process. We obtained and reviewed supporting documentation for confirmation of conflicts of interest for a selected contractor during fiscal year 2010. We found there was substantive discussion between the contractor and CMS to confirm potential conflicts of interest in order to make the necessary adjustments to the contractor's proposed bid audit assignments. For another contractor, we noted email correspondence between OACT and the selected contractor in which OACT advised the contractor it may have a conflict of interest regarding a particular service rendered by the contractor to a Medicare Advantage Organization. OACT provided a justification with its decisions to which the contractor agreed not to submit a proposal for the service.

Full Report

Office of Public Affairs

Topics

Audit reportsAuditing proceduresAuditing standardsAuditsFinancial analysisHealth care programsMedicareProgram evaluationReporting requirementsConflict of interestsDocumentation