Auditing the Auditor: What Every Company Should Know

By Jessica Smythe August 19, 2015

With the ever-present threat of a CMS (Centers for Medicare and Medicaid Services) assessment of Section 111 reporting penalties looming on the horizon, many Responsible Reporting Entities (RREs) have turned to independent Section 111 reporting audits. A Medicare compliance audit is designed to assess the RRE’s reporting system and processes to ensure they’re compliant with CMS requirements.  While the audit is designed to review your company’s compliance, how do you review the proposed audit service? What questions should you ask the Medicare compliance auditor in advance to ensure your company’s data is being measured accurately and comprehensively?

How to Audit the Auditor

Before selecting a third-party audit service, the RRE should confirm what data the auditor will measure.  For example, will the auditor obtain the CMS response files and for how many quarters? How many months of the RRE’s quarterly reports will be reviewed? Will the auditor be prepared to understand and interpret the RRE’s error rate? Most important, will the auditor be able to make recommendations for a system implementation specific to the RRE that will help ensure error-free reporting? (YES, this is possible!)

The auditor should be knowledgeable about recent Section 111 reporting changes and able to provide recommendations based on them. At a minimum, the auditor should understand reporting thresholds for both liability and workers' compensation claims and know what types of claims must be reported. RREs will also want to check if the auditor can give recommendations regarding over- or underreporting certain information to CMS. Why give CMS information to which it’s not entitled and overburden your staff with unnecessary data compilation and warehousing?

RREs should also ascertain whether the proposed audit will provide an exhaustive, independent evaluation of their current reporting system. They should ask potential auditors:

  • How well versed is the auditor on information technology and claims systems?
  • Will the auditor be able to evaluate the RRE’s use of the CMS query process and provide strategic recommendations for the RRE’s use of query data?
  • Will the auditor provide recommendations for improved design of the RRE’s existing reporting process or recommend a new design that incorporates the right types of claims with the most cost-efficient, streamlined reporting method?

RREs should confirm that the auditor has taken the time to learn about their businesses. Did the auditor ask questions about:

  • claims volume
  • lines of business
  • claims system
  • number of claims handlers and their role in your reporting process
  • checks and balances around reporting failures
  • your understanding or definition of the ORM acceptance and ORM termination requirements

A Word about Conditional Payments and MSAs

Historically, the focus of the Medicare compliance audit has been on Section 111 reporting compliance.  However, no Medicare compliance audit is truly comprehensive without a corresponding evaluation of the RRE’s process for identifying, negotiating, and settling CMS conditional payments. Consequently, the RRE should also understand the scope of the audit, including whether the audit will include a review of the RRE’s conditional payment protocols.

Finally, the RRE should inquire if the audit will encompass Medicare Set-Aside (MSA) protocols.  Currently, CMS recommendations for procurement and submission of MSAs for review are directed primarily at the settlement of workers' compensation claims; however, new guidelines for MSAs in the context of liability settlements may soon become a reality. When an RRE reports a settlement to CMS, CMS has almost total visibility into the settlement and whether it is CMS-compliant. This includes whether the RRE has adequately protected Medicare’s future interests with respect to payment of medical treatment post-settlement to the Medicare beneficiary.

Finally, the auditor should not look at the RRE’s data in an opportunistic manner. You don’t need the auditor to “Monday morning quarterback” decisions that were made five to seven years ago when Section 111 reporting was in its infancy and policies were unclear. Your goal should be to correct the course going forward and discover any issues that should be addressed retrospectively. Always strive to mitigate risk holistically and — most important — get it right!


Jessica Smythe

Jessica C. Smythe is assistant vice president, Customer Relationship Management, for ISO Claims Partners. Before joining ISO Claims Partners, Jessica was a North Carolina liability and workers' compensation defense attorney. Her clients included national and international corporations, self-insured companies, insurance carriers, and third-party administrators (TPAs). She is a nationally recognized speaker and trainer on the subject of Medicare compliance, including the impact of Medicare compliance on claim handling and litigation management. Jessica also has also been awarded the designations of Certified Litigation Management Professional (CLMP), Medicare Set-Aside Certified Consultant (MSCC), and Certified Medicare Secondary Payer Professional (CMSP).