Compliance Program Effectiveness (CPE) protocols help to evaluate performance in the Centers for Medicare and Medicaid Services (CMS) Program Audit Protocol and Data Request related to CPE. The CMS performs its program audit activities in accordance with the CPE Program Audit Data Request and applies compliance standards outlined in this Program Audit Protocol and the Program Audit Process Overview document. At a minimum, CMS will evaluate cases against the criteria listed below. CMS may review factors not specifically addressed below if it is determined that there are other related CPE requirements not being met.
- Audit Elements Tested
- Prevention Controls and Activities
- Detection Controls and Activities
- Correction Controls and Activities
Inovaare compiled these tables from information contained within the CMS website and displayed the 2022 audit protocol changes in an easy-to-follow format. The red font indicates critical areas health plans need to address and the blue font indicates the actual data required. This table is available for download through the link at the bottom of the page.
Table 1: COA
| COLUMN ID | FIELD NAME | FIELD LENGTH | DESCRIPTION |
| A | Component | 100 | Enter the name of the sponsoring organization’s department, operational area, or First Tier Entity that is the focus of the oversight activity. |
| B | Activity Type | 30 | Enter the activity type as: • Auditing • Monitoring • Investigations |
| C | Compliance or FWA? | 10 | Enter whether the activity was: • Compliance • FWA • Both |
| D | Activity Frequency | 30 | Enter the frequency of the oversight activity. Valid values
include but are not limited to: • Daily • Weekly • Bi-monthly • Monthly • Quarterly • Semi-annually • Annually • Ad-hoc |
| E | Activity Rationale | 200 | Enter the rationale for conducting the activity (e.g., routine audit stemming from risk assessment and/or work plan, referral from FTE, or hotline complaint, operational failure/metric outlier/etc., or audit activity was implemented because the function has an immediate impact on enrollees’ access to immediate medical care and prescription drugs). |
| F | Activity Description | 400 | Provide a description of the activity (e.g., operational area, training requirements, timeliness, accuracy of organization determinations and notifications, messaging errors, contractual agreements, unannounced or onsite audits, spot checks, compliance monitoring, targeted or stratified sampling, audit protocols). |
| G | Activity Start Date | 10 | Enter the date that the specific activity was initiated. For example, if
the sponsoring organization started an audit of the appeals process/ function
within the sponsoring organization on January 1, 2020, that is the date that
would be used for the date the activity started. Submit in CCYY/MM/DD format (e.g., 2020/01/01). |
| H | Activity Completion Date | 10 | Enter the date that the specific activity was completed. For example, if
the sponsoring organization completed an audit of the appeals
process/function within the sponsoring organization on January 31, 2020, that
is the date that would be used for the date the activity ended. Submit in CCYY/MM/DD format (e.g., 2020/01/01). Enter TBD (To Be Determined) if the activity is currently in progress. |
| I | Number of Deficiencies | 3 | Enter the number of deficiencies, findings, or issues identified. Enter TBD if deficiencies have yet to be identified for an ongoing activity. |
| J | Description of Deficiencies | 1000 | Provide a summary of all deficiencies, findings or issues identified during
the oversight activity. If the oversight
activity is identified in the pre-audit issue summary submitted to CMS,
please include the issue number. Enter TBD if deficiencies have yet to be identified for an ongoing activity. |
| K | Corrective Action Required | 3 | Enter: • Y (for Yes) if any deficiencies were identified during the activity and they required a corrective action. • N (for No) if none of the deficiencies identified during the activity required a corrective action. • TBD if corrective actions have yet to be determined for an ongoing activity. |
| L | Activity Results Shared? | 50 | Enter whether activity results were shared: • N (for No) if the results were not shared, or • Y (for Yes) if the results were shared. Also enter the name of the person or Group with whom activity results were shared. |
- Yellow: Audit Review Period
- Blue: valid values
Disclaimer: The data included in these tables are transposed directly from the CMS website and have not been edited for grammar and format consistency. Inovaare distilled the content for your convenience and educational purposes; it should not be used as a substitute for health plan compliance team authorization. Due to the unique needs of health plans, the reader should consult her or his compliance officer to determine the appropriateness of the information contained herein.