Healthcare payers with Medicare Advantage (MA) contracts commonly delegate specific functions and activities (such as claims payment, customer service, enrollment and medical management) to outside entities (such as hospitals, physician groups and specialty health companies). There are many valid business reasons to delegate those specific activities, including the desire to gain technological or financial advantage, but when delegating, Medicare Advantage organizations (MAOs) incur additional regulatory compliance responsibilities and pressure to which they must be prepared to respond.
The Centers for Medicare and Medicaid Services (CMS) makes it the sole responsibility of the MAO to ensure any activity required under, or governed by, CMS standards that is delegated to another outside entity be performed in accordance with applicable standards.1Many MAOs fail to meet this basic requirement because they lack a formal delegation oversight program and governance structure to monitor the performance of their delegates on an ongoing basis. This creates the potential for adverse consequences. If CMS deems a delegate’s performance to be unsatisfactory, it can lead to regulatory fines and/or sanctions, financial loss, lawsuits, and the loss of license to do business for the delegate as well as the MAO.
When a payer (i.e., insurance company) enters into an MA contract with CMS, it agrees to take ultimate responsibility for all services provided and all terms of the contract, and it must fulfill all terms and conditions of the contract regardless of the relationships it may have with other outside entities, including:
- First tier entities – Any party that enters into a written arrangement with an MAO or contract applicant to provide administrative services or healthcare services for a Medicare-eligible individual.2
- Downstream entities – Any party that enters into an acceptable written arrangement below the level of the arrangement between the MAO (and contract applicant) and a first tier entity. These written arrangements continue down to the level of the ultimate provider of health and/or administrative services.3
- The accountability provisions in MA contracts specify that both first tier and downstream entities must comply with Medicare laws, regulations and CMS instructions, and agree to audits and inspections by CMS and/or its designees. These entities also must cooperate, assist and provide information as requested, and maintain records for a minimum of 10 years.4
The MAO is responsible for assuring that first tier and downstream entities have all the information necessary to know how to comply with applicable CMS requirements. These requirements apply to such delegated work functions as:
- Administration and management marketing
- Utilization management
- Quality assurance
- Applications processing
- Enrollment and disenrollment functions
- Claims processing
- Adjudicating Medicare organization determinations
- Appeals and grievances
Challenges and Opportunities
To avoid the risk of first tier and downstream entities not being fully informed of and/or not meeting regulatory requirements, MAOs should establish an organizational approach and structure that support the delegation process. They also must have in place standardized policies, procedures and tools (including tracking and summary reporting capabilities), as well as clearly written arrangements that specify delegated activities, accountabilities and reporting responsibilities.
Prior to delegating any function or activity, an MAO must carefully evaluate the ability of first tier or downstream entities to execute and perform their responsibilities. It also must document that it has approved the entity’s policies and procedures with respect to the function to be delegated, and verify that the entity has sufficient resources and qualified staff to perform the activity.
Once the delegation agreement and structure are in effect, MAOs need to perform, at minimum, annual, comprehensive evaluations of a delegate’s performance, including compliance with applicable standards. Ongoing monitoring and annual assessments of delegates must be carried out by qualified staff. In the event that problems or deficiencies are identified, specific corrective actions must be created.
Our Point of View
CMS expects MAOs to establish effective oversight programs that allow for ongoing audit and review of each delegate’s performance to ensure these entities are meeting all CMS requirements. If a delegate is not in compliance with these standards, CMS will hold the MAO directly responsible. The easiest thing for the MAO to do is determine what to delegate, and the hardest thing for it to do is actually putting in place the oversight frameworks and activities necessary to ensure the delegated entity delivers on its commitments
One common oversight failure is not having clear visibility into the entire “delegate landscape.” Therefore, MAOs should be sure to answer the following questions when establishing their formal delegation programs:
- Who are our first tier delegates?
- What tasks are they contracted to perform? Which of these must be performed in accordance with CMS standards?
- Who is responsible for each delegate relationship?
- How many downstream entities does each first tier delegate work with and what tasks are they performing? (Note: It is not always clear from an MAO’s contract with a first tier entity which downstream entities will be involved in the execution of the delegated function.)
- Do all first tier and downstream entities have the information necessary to know how to comply with applicable CMS requirements?
How We Help Companies Succeed
Protiviti can help MAOs select delegated entities and create delegation agreements that clearly define the roles and obligations of first tier and downstream entities to the insurance plan and its members and providers. In addition, we can design an effective formal delegation program, assist in writing regulatory compliance policies and procedures, and establish a governance approach and structure for monitoring the performance of delegates.
Our experts not only make sure MAOs have the appropriate tools to audit their delegates, but we can also assist in executing audits on their behalf. In addition, we help MAOs create contingency plans to ensure there is no member disruption and that regulatory compliance of the delegated function is maintained in the event a delegation agreement is terminated.