Navigating CMS Audits: Preparing for a CMS Audit

At Informa’s recent Transparency, Aggregate Spend & HCP Engagement conference, compliance professionals focused heavily on the CMS audits that began in early 2023. Since data collection began in 2013, the CMS’s decision to perform random audits marks a pivotal shift, signaling a new phase in Sunshine Act reporting. Throughout the conference, valuable insights were shared on the audit process and how best to prepare should your company be selected.

Legal Disclaimer: The information provided in this blog is for educational purposes only. The opinions and recommendations expressed are those of the author and do not constitute legal or other professional advice.

This is Part 2 in our CMS audit blog series. Haven’t had a chance to read Part 1 which covers the CMS audit phases in detail? Be sure to check it out here.

Preparing for a CMS Audit

With auditing becoming a more prominent fixture in the Open Payments landscape, companies should assess their preparedness. Developing a transparency audit readiness plan aligned to the CMS audit process is essential. Reviewing your transparency program thoroughly now gives you the opportunity to understand all systems, processes and controls and ensure you are adequately prepared for an audit. Key considerations in developing an audit readiness plan include:

Document Everything: The phases of an audit set the foundation and template for your audit readiness plan. Your documented audit readiness plan should include processes for the kick-off meeting, fieldwork and audit close-out phases. Socialize your audit readiness plan with key stakeholders. Ensure that all policies and procedures related to your transparency program are thoroughly documented. Store everything in a central repository.
Assemble the Right Team: Create a working group of business leads who understand the CMS audit process. From this working group, identify the members of your audit response team, ensuring representation from critical areas like Internal Audit, Finance, Legal, Clinical, R&D and Commercial. Develop communication plans and schedule recurring working group sessions to review your transparency program. Present meaningful metrics in those discussions.
Inventory All Data Sources: Identify the sources where all your transparency data reside. As you inventory your data sources, work backwards to identify how an auditor can potentially find missing transactions. Document all transparency data flows into a matrix and share it with the audit response team.
Manage Third-Party Data: Clarify ownership of data sources, especially those managed by third parties. Audit your vendors to determine if they are providing adequate documentation in support of transfers of value. Consider implementing a process for third-party vendors to certify that the data they submit is complete and accurate.
Test Your Audit Plan: Engage in test steps to evaluate your ability to produce relevant documents. Present findings to your working group and revise your plan, policies and procedures based on the results. Testing your audit plan includes anticipating what types of requests auditors may have and ensuring your responses are comprehensive and well-documented.

A CMS audit can be incredibly stressful. While it is not a civil investigative demand from the DOJ, companies should still approach an audit with the same level of diligence and thoughtfulness. Now is the opportunity to ensure you are prepared if notice ever arrives. From documenting policies and procedures, assembling a cross-functional team of experts, and maximizing the effectiveness of your transparency solution (e.g. MediSpend), you can ensure your company is audit-ready.

Are you ready to elevate your transparency program to help ensure your organization is audit-ready? Don’t wait for compliance issues to arise—proactively manage your transparency risks and drive informed decision-making through a single repository for all your transparency data. To learn more, contact us.

Jay Ward
Director, Life Science Solutions

September 4, 2024

Cookie	Description
cookielawinfo-checkbox-advertisement	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Advertisement'.
cookielawinfo-checkbox-necessary	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Necessary'.
cookielawinfo-checkbox-non-necessary	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Non-Necessary'.
cookielawinfo-checkbox-preferences	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Preferences'.
viewed_cookie_policy	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Description
GPS	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
IDE	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
_gid	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.

Cookie	Description
IDE	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
Marketo	This allows a website to track visitor behaviour on the sites on which the cookie is installed and to link a visitor to the recipient of an email marketing campaign, to measure campaign effectiveness. Tracking is performed anonymously until a user identifies himself by submitting a form.
test_cookie	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.
VISITOR_INFO1_LIVE	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	This cookies is set by Youtube and is used to track the views of embedded videos.

This is Part 2 in our CMS audit blog series. Haven’t had a chance to read Part 1 which covers the CMS audit phases in detail? Be sure to check it out here.

Preparing for a CMS Audit

Share This Story, Choose Your Platform!