Part 2: The Validation Audit Process

By Michelle Ford

In Part 1 of our Independent Validation Audit blog series we indicated that a validation audit is likely in your future if you have recently been audited by CMS. In Part 2 of this series we explain the validation audit process and what you can expect.

Part 2: The Validation Audit Process

A validation audit is a limited scope audit that tests whether the corrective actions you implemented have corrected the deficiencies identified by CMS during the program audit. The words “limited scope” make the validation audit sound simple but it often gets tricky. Audit methodologies need to be modified so that only the deficiencies that led to corrective actions are tested. Similar to a CMS program audit, a validation audit is outcome focused and tests the compliance of actual transactions whenever possible. Often a deficiency is not able to be tested through samples available in a universe and test samples need to be developed.

There are generally five steps in the validation audit process:

Step 1: Hire an Independent Auditor

CMS does not provide recommendations on independent auditor (IA) firms. However, they do have requirements that an IA must meet. In Part 3 of our Independent Validation Audit blog series, we will discuss the IA requirements and what you should look for when hiring an IA.

Step 2: Develop a Validation Work Plan and Timeline

The IA will create a work plan based on information in the final report and the approved corrective action plans. The work plan details how the IA will conduct the validation audit and a schedule that identifies key milestones in the validation process. CMS approval of the work plan is required before the validation audit can begin. The approval process can take several weeks and there may be several iterations of a work plan before it is approved.

Step 3: Conduct the Validation

The IA will conduct the validation in accordance with the CMS approved work plan. The validation will include data integrity testing of universe submissions prior to sample selection and timeliness testing. The IA will request impact analyses from the Sponsor for any failed cases identified in the validation audit to determine whether additional beneficiaries have been impacted.

Step 4: Reporting the Results of the Validation Audit to CMS

The IA drafts a report of findings from the validation audit. CMS makes determinations about whether individual deficiencies have been corrected based on the findings in the IA’s report.

Step 5: CMS Review of the Validation Report and Other Information

CMS then reviews the IA’s report, any impact analyses, and additional information submitted by the Sponsor. Often CMS requests a follow-up call with the IA and the Sponsor to ask clarifying questions about the report and other information provided. CMS then makes a determination about whether to close the program audit.  If the Sponsor is unable to demonstrate through the validation audit that the CMS-identified conditions from the program audit are not sufficiently corrected, CMS may opt to keep the audit open and subject the Sponsor to another validation audit after additional corrective actions have been implemented.

The IA plays a vital role in the success of your validation audit. In Part 3 of this series we will discuss what to look for when hiring an IA.

Medicare Compliance Solutions has performed numerous validation audits that have led to successful program audit close-out. Contact us at 562 334 7980 if you have questions about the validation audit process.