Best Practices and Common Conditions of Audit Preparation

As we wait for the 2014 Part C and Part D Program Annual Audit and Enforcement Report to be released, we contemplate the activity that our client partners have experienced during CMS audits, in remediation of identified conditions, and preparation for future activities.

This year started a new audit cycle.  It has also been a year filled with plan sponsor confusion and frustration over published audit protocol that did not appear to be fully vetted before release to the industry.  We received a number of clarifying questions regarding the protocol instructions and data layouts before CMS’ summer Oversight and Enforcement conference, and we continue to advise clients — whether they are undergoing a CMS audit or not — to reach out to CMS for clarification in writing.  Protocol aside, there is much you can do to perfect the things you have control over — when you can’t change the data of the past.  With that, and using CMS nomenclature, I bring you some best practices and common conditions of audit preparation that we have garnered over the years.

Best Practices

  • Audit participants know their self-identified and disclosed data very well.
  • All documentation is perfectly organized when presenting tracers in easily accessible folders, reachable by one click.
  • Information Technology and Support staff tests telephone and web connectivity in every conference room.  Contact names of multiple IT staff are posted in each webinar room, with one professional outside the conference door at all times.
  • Debrief meetings occur every evening with the full plan audit team and CEO.  CEO also kept well informed during the day throughout the audit.
  • Audit participants are honest and forthcoming with reviewers.

Common Conditions

  • Organization is not audit-ready in light of annual protocol release.
  • Organization is not fully prepared in light of best practices/common conditions memos to demonstrate thorough evaluation of same.
  • Tasks completed but documentation is not in place to substantiate it.
  • Webinar participants designate drivers and speakers ahead of time, but do not designate note-takers, runners, or a master of the mute button.
  • Organization does not leverage opportunities to outreach to Compliance or CMS for clarification of guidance.

If you have been holding your breath patiently waiting for an audit notice, don’t worry, there’s still time.  The best practices above help your audit run smoothly, efficiently, and help demonstrate a connectedness of a well-oiled machine of a Compliance Department.  These folks are generally the ones tasked with the housekeeping and logistics of planning, as well as documentation uploads, leadership summaries and let’s not forget their day-to-day work.



The Centers for Medicare & Medicaid Services (CMS) audit practices have radically changed in recent years. Now with only days to prepare for CMS audits, organizations must become proactive in creating a culture of compliance. From a gap analysis to a comprehensive, deep-diving Part C and D audit, our team can help you minimize your compliance risk and maximize your time and resources. Visit our website to learn more >>

Stay connected. Subscribe to Gorman Health Group news and updates via our weekly newsletter.

Regan Pennypacker
Regan Pennypacker

Regan is Senior Vice President of Compliance Solutions at Gorman Health Group (GHG). She leads the Compliance Solutions practice, responsible for multidisciplinary projects such as Part C and Part D audits, new applications, marketing material reviews, risk assessments, and training engagements. As a member of this team, she has provided compliance direction and insight on industry best practices to many GHG clients. Regan brings GHG clients 19 years of experience in the healthcare industry. Read more

1 Comment
  1. I think that organization would help a ton when you are preparing for audit. It would make the process much easier and quicker. And everything that you do or is said should be documented! You don’t want to do something and then not have it remembered so it has to be done again.

Leave a Reply

Your email address will not be published.