And the money kept rolling in…

By Julie Mason
Last week, CMS announced the 17 Medicare Advantage (MA) plans subject to civil monetary penalties (CMPs) based on their 2016 audit findings. Until this year, the months of February and March in the MA space meant the application season. Now, based on CMS’ March 1 memo on CMPs, it is the application-and-enforcement actions season. Unlike past years, when CMS posted audit-based enforcement actions on a rolling basis throughout the year, they are now holding public notification of audit-based CMPs until the first quarter of the following year. (Although the CMS memo didn’t explicitly address timing of intermediate sanctions—e.g., freezing of enrollment and marketing—one should presume those actions will be imposed and announced on a more immediate basis.) This change in process allows CMS to evaluate all audits simultaneously (grading on a curve?), and that can’t happen until the end of audit season, typically November or early December. Add a couple of months for decision-making by CMS and the twenty layers of review required to issue just about anything, and that brings us to deep into the first quarter of the next year.
So what does this mean for MA plans scheduled for a 2017 audit, or the many MA plans who suspect they’re on the 2017 audit hit-list? For one, it means that audited MA plans may not know until well after the audit closes whether they will be sanctioned. Having worked with a number of MA plans undergoing CMS program audits, I’ve witnessed a fair amount of conjecture shared amongst senior management regarding whether the audit findings are significant enough to result in sanctions or enforcement actions. It’s not a fun exercise, and will be more protracted now that sanctions are announced in one fell swoop in the first quarter of the following year. Maybe those plans audited early in the year will have forgotten about the possible specter of sanctions by that point the following year. As if.

For all MA plans, it means that we won’t have a clear window on CMS’ approach to enforcement during the current year. And with a new and unpredictable administration in place (sort of), we will all be looking for clues. The March 1 memo stated that sanctions and enforcement actions for regulatory violations identified through sources other than audits would continue to be posted to the CMS website “within the normal timeframe after notification to the sponsor,” which typically has been within a few days or so. But non-audit related sanctions and enforcement actions are few and far between, or at least they have been up until now.

Are there any clues in the audit and enforcement action trends over the last few years to signal what we can expect in 2017? Yes and no. I have not seen a robust CMS analysis of 2014-2016 audit and enforcement data, so to satisfy my curiousity I created my own. I am not a data scientist by any means, so this is a rough analysis at best, based on information in the March 1 CMP memo (email me if you’d like a copy; there is no public link to it as it was released via HPMS), the 2015 Part C and Part D Program Audit and Enforcement Report (, the Part C and Part D Enforcement Actions page on the CMS website
( and the Program Audits Results page of the CMS website ( (Note: CMS will likely issue the 2016 Program Audit and Enforcement Report sometime this year, but possibly not for a while; they didn’t issue the 2015 report until September 2016. That report contained a brief comparison of 2014 and 2015 audit and CMP statistics, but was no more sophisticated than my own rough analysis herein.)

Looking at 2016 compared to 2015, CMS audited significantly more plans in 2016 (37) than 2015 (22) (Figure 1). The average audit score fell from 1.76 in 2015 to 1.22 in 2016, about a 30% decrease. But the percentage of audited plans that were issued a CMS fell only 9%, and still remains at around half of audited plans (46%). CMS has stated that enforcement actions are not based on a plan’s overall audit score, but on the impact the conditions have on members’ access to medical care and prescription drugs. So we can assume that, at least to some degree, plans are generally faring better in the audits with fewer conditions, but within that smaller number of conditions there are some that directly and significantly impact (or are likely to impact) members’ access to care and drugs and thus result in a CMP.

The dollar amounts of CMPs are based on formulas that CMS released in draft form last October; the final CMP methodology is yet to be released by CMS. But we can assume CMS used the draft methodology to calculate CMPs for the 2016 program audits. Because the proposed methodology takes into account a number of factors (type of member harm, number of members and/or contracts affected, and aggravating and mitigating factors), and includes limits based on size of the plan, it is more difficult to draw conclusions from the CMP amounts, both overall and average, imposed for 2016 audits. (Figure 2) We do know that the proposed CMP methodology increases the per enrollee and per determination amounts used to calculate a CMP from the amounts used by CMS in previous years, in order to encourage greater compliance with CMS requirements. We can assume that approach will continue for the 2017 audits.

With the significant decrease in the average overall audit score from 2015 to 2016, health plans have demonstrated that greater compliance with CMS requirements is possible. And CMS no doubt interprets its continuing pressure on plans through the imposition of CMPs as a major factor in the decreased audit scores. Therefore, there is little reason to expect a dropoff in audit-based CMPs in 2017. MA plans and PDPs that have not had a CMS program audit in the last several years should heed this as a call to action to thoroughly prepare for one.

Share this Post

Share this: