Best Practices Selection Criteria:

Medicare Part D Compliance (Draft)

SUMMARY: 
Achievement in a Part D prescription drug plan (PDP) compliance program assures a disciplined approach to compliance with the applicable laws and regulations and to the implementation of an effective program to detect, correct, and prevent fraud, abuse, and waste.  An effective PDP compliance program will make effective use of the organization’s existing compliance and fraud and abuse programs.  Particularly important is the integration of audit and internal controls with ethics and compliance. 

DEFINITION: 
An effective PDP compliance program requires establishment of policies and procedures to implement Part D requirements, effective training of employees, directors, and subcontractors, and a robust program to detect, correct, and prevent fraud, abuse, and waste. 

ACHIEVEMENT TO WARRANT FINDING OF BEST PRACTICE: 
In evaluating whether a program has achieved a “Best Practice” in this element, look for the existence of the following criteria :

1. Policies and Procedures:  There should be written policies and procedures that:
   
   
   1. Address the major components of a Part D program (PDP), including:
      
      
      1. Benefit design, including the pharmacy and therapeutics committee, utilization management standards, quality assurance and patient safety, medication therapy management, and electronic prescriptions. 
      2. Pharmacy access, including retail pharmacies, out-of-network access, mail order, home infusion, and Indian Health Service, Indian Tribe and Tribal Organizations, and Urban Indian Organization I/T/U pharmacies. 
      3. Enrollment and eligibility, including special enrollment periods, retroactive enrollment, disenrollment (voluntary and involuntary). 
      4. Grievances, including expedited reviews and member materials. 
      5. Exceptions and appeals, including expedited appeals, levels of review, notice of adverse determinations, and member materials. 
      6. Coordination of benefits, including user fees. 
      7. Tracking Out-of-Pocket Costs (TrOOP), including monthly reports to members, member access via phone, and status at disenrollment. 
      8. Marketing and beneficiary communications, including legal and business reviews and oversight of marketing materials, enrollee information, call center operation, web access, and EOBs. 
      9. Provider communications. 
      10. Reporting requirements, including significant business transactions, claims data, discounts and rebates, UM data, appeals, medication therapy management data, pricing and pharmacy network information, and conflict of interests. 
      11. Data exchange with CMS, including monthly enrollment, disenrollment, and change transactions and enrollment/payment reconciliations.
      12. Privacy, including disclosure to beneficiaries of PHI policies. 
      13. Security and record retention. 
      14. Claims processing, including in-network and out-of-network claims, mail order claims, claims data retention, audit trails, handling of overpayments / underpayments, etc.
          
          
   2. Define the compliance program.  These policies and procedures establish:
      
      
      1. The PDP’s cooperation and coordination with CMS and the organizations designated by CMS, including Medicare Drug Integrity Contractors (MEDICs), responsible for assisting PDPs with detection, correction, and prevention of fraud, abuse, and waste.
         
         
      2. The PDP’s commitment to detect, correct, and prevent fraud, abuse, and waste (FAW).  Policies and procedures will: 
         
         
         1. Require written standards of conduct to be distributed to employees at time of hire, to subcontractors at time of contract, when standards are updated, and annually thereafter.  As a condition of employment, employees must certify that they have read and will comply with the standards. 
         2. Require employees and subcontractors sign statement related to conflict of interests at time of hire or contract and annually thereafter. 
         3. Require the PDP to review exclusion lists periodically[1] to ensure that employees and subcontractors are not on such lists and that the appropriate employment and contracting actions are taken for employees or contractors appearing on such lists. 
         4. Describe how overpayments in the network are identified and repayments made to CMS.
         5. Describe how the PDP identifies FAW in the network and reports incidents as appropriate, internally and/or externally, for investigation. 
         6. Describe how the PDP coordinates and cooperates with CMS, organizations designated by CMS, and law enforcement agencies in conducting audits and investigations. 
         7. Describe how the PDP performs data requests for CMS, organizations designated by CMS, and law enforcement agencies. 
         8. Describe how the PDP will maintain records for 10 years as required in the Federal Regulation. 
         9. Describe how the PDP will ensure full disclosure of pricing decisions including clear guidance on how all decisions are to be documented.  This includes the steps that will be followed to prevent receipt or provision of benefits on commercial business in consideration of Part D formulary decisions. 
         10. Describe how the PDP will maintain a commitment to legal and ethical P&T Committee decisions and formulary decisions.
             
             
      3. Accountability of the PDP’s Compliance Officer and Compliance Committee for the PDP’s FAW and overall compliance plan. 
         
         
      4. An effective training and education program related to detection, correction, and prevention of FAW and compliance with the laws and regulations governing the PDP. 
         
         
         1. Training will include directors, compliance officer, compliance committee, employees, subcontractors, and agents. 
         2. Content of training will be aligned with CMS requirements and the specific requirements and needs of the PDP. 
            
            
      5. Effective lines of communication between the compliance officer and employees, subcontractors, agents, directors, and members of the compliance committee.  Effective communication requires:
         
         
         1. Hotlines for employees, subcontractors, and beneficiaries to report suspected FAW and other potential violations of laws and regulations and the PDP’s written standards of conduct. 
         2. Prompt initiation of investigations in response to hotline inquiries and reports.
         3. Centralized systems to track inquiries, reports, and corrective actions. 
         4. Procedures to ensure honest, effective, and efficient relationships with CMS, organizations designated by CMS, and law enforcement. 
            
            
      6. Promotion of FAW and other PDP standards through well-publicized disciplinary guidelines. 
         
         
      7. Effective internal monitoring and auditing of FAW and compliance with other laws and regulations.  The monitoring and auditing should be based on priorities established by the PDP’s risk assessment system. 
         
         
      8. Ensure prompt responses to FAW and other compliance issues and develop corrective action initiatives relating to such offenses.  Policies and procedures should address self-reporting of FAW. 
         
         
   3. Orderly and robust processes for completing and verifying certifications and attestations.
      
      
   4. Frequent, risk-based monitoring and oversight of delegated entities. 
      
      
2. Documentary Evidence:  There should be written evidence, reflecting enterprise-wide engagement, of the following: 
   
   
   1. Policies and procedures address the major components of the PDP as defined in the regulations. 
   2. The distribution of written standards of conduct to the appropriate audiences and the timely completion of certifications.
   3. Timely distribution and completion of conflict of interests statements. 
   4. Timely reviews of exclusion lists. 
   5. Appropriate identification and repayment of overpayments. 
   6. Appropriate initiation of FAW investigations, and timely and appropriate reporting of incidents. 
   7. Coordination and cooperation with CMS, organizations designated by CMS, and law enforcement agencies in conducting audits and investigations. 
   8. Timely and accurate completion of data requests by CMS, organizations designated by CMS, and law enforcement agencies. 
   9. Maintenance of records. 
   10. Full disclosure of pricing decisions. 
   11. Documentation of P&T Committee decisions and formulary decisions demonstrating legal and ethical decision-making.
   12. Training and communication with all appropriate constituencies.  Training documentation should demonstrate both content and attendance. 
   13. Effective implementation of the hotline, as demonstrated by promptness and thoroughness of investigations. 
   14. Communication of disciplinary standards to the appropriate audiences.
   15. Appropriate coordination / integration of the compliance and fraud (SIU) functions, such that:
       
       
       1. Risks are prioritized based on a risk assessment system
       2. Audits and monitoring activities are conducted in priority areas.
       3. Corrective actions are prompt and thorough. 
          
          
   16. Accuracy and completeness of certifications and attestations. 
       
       
   17. Robust monitoring of activities carried out by delegated entities. 
       
       
3. Role of Compliance Function:  The Compliance/Integrity Officer should be able to demonstrate that:
   
   
   1. The organization has developed and communicated written standards of conduct.
   2. The organization has effectively conducted training in the written standards of conduct, including identification, correction, and prevent of FAW, and the disciplinary actions that will occur for failure to comply with such standards. 
   3. There are effective communications with employees, subcontractors, agents and with the compliance committee and directors, so that reports of potential FAW and other compliance issues are encouraged, appropriately investigated, and promptly reported. 
   4. Exclusions lists are reviewed periodically. 
   5. Compliance risk is appropriately assessed, prioritized, and managed.  The auditing/monitoring program of the PDP is driven by the risk priorities. 
   6. The PDP devotes sufficient budget and human resources to compliance. 
   7. Appropriate disciplinary and contractual actions have occurred as a result of violations. 
   8. The compliance program is assessed periodically and modified in light of FAW and other violations of laws, regulations, and written standards of conduct.