Auditing Your Aggregate Spend Program

Written by Alexis Stroud, Director Quality and Compliance, QPharma

1. What components of the audit process need to be implemented to ensure compliance with state aggregate spend and Healthcare Reform regulations?

In order to comply with state aggregate spend and healthcare reform legislation and regulations, you need to have policies, procedures, systems, controls, and monitoring and auditing processes designed to maintain data integrity and compliance with the various state and federal reporting requirements.

Life science companies must clearly understand and interpret the regulatory challenges to comply with each States’ reporting requirements, as well as begin preparation for the Patient Protection and Affordable Care Act (PPACA) – and possibly new state legislation. Based on these interpretations, their policies, procedures, monitoring controls, and auditing steps need to be developed and implemented to ensure reporting compliance is maintained.  This becomes even more challenging for a life science company, because the necessary data and systems are generally not centrally located or maintained (i.e. a cross-functional effort). In addition, the required data elements required to comply with the current Federal reporting requirements may be incomplete or non-existent within these systems.

Using a process-based audit approach enables a company to understand all of its interactions with Healthcare Providers (HCPs) and how those interactions are performed and recorded within its existing systems.  This type of assessment delivers a detailed understanding of the current environment in which your company is operating; identifies policy and procedure gaps, control weaknesses, and opportunities to implement industry best practices; and positions your company to ensure accurate and complete state and federal disclosure.
Note: Some of the state laws (NV and MA, for example) require certification that a manufacturer has conducted audits as part of its compliance program.



What should your Auditing and Monitoring Program consider?

•  Is the process documented?  What is the process for reporting findings?
• Does the compliance auditing and monitoring program incorporate key approval points such as HCP credentialing, needs assessment, payment authorization, and reporting accuracy?
• Have you built into the formal compliance audits a degree of independence?
• Are audits performed at least annually?
• How aware are your Internal Audit teams of the requirements of the state and federal regulations.  
• When reviewing past audit reports, how comprehensive were those reviews?  Were findings investigated and closed out?

Things to consider when auditing your aggregate spend program:

• Do you have a Federal- and State-specific reporting policy?  Is it adequate and is it being followed?  How are you keeping up to date with the changing legislation and regulations and how is that information being communicated within the organization and to any third party providers?
• Do you have assessments of third party vendors?
• Third party vendors are acting as agents of a Company. Their activity is ultimately the activity of the Company.
• Monitoring/auditing should include activities of third party vendors.  Perform contract reviews.
• Third party vendors should be informed of this requirement and will have to potentially provide data and other documentation for the audit.
• Do you understand the underlying data controls?
• Process – How is data captured, approved, and updated?
• Systems – What systems are the data maintained in and what are the relevant controls and validation procedures?
• Data – What data elements are available to meet the reporting requirements?
• Procedures – What processes are necessary to capture accurate and complete relevant data?
• What are your data collection challenges? How can you improve current processes to address these challenges?
• Are there enough resources within your organization to perform various data gathering, validation, and reporting functions?
• Have you had any prior incomplete or inaccurate State reporting filings?
• What tools/procedures (checklists, sign-offs, sub-certification process) and monitoring controls are in place to address the day-to-day process designed to enhance compliant state reporting?
•  ensure accuracy of data through consistent and efficient data review
• identify and investigate outliers and compliance red flags
• Have you tested any system-based tools to ensure they are working properly?
• Is your system flexible enough to change and adapt over time with new/updated laws and are you collecting data at the most granular level?
• Has training been provided to all levels of the organization related to the current and future reporting environment requirements, company policies and standard operating procedures, and monitoring and auditing techniques?
• Is the company using the information obtained for state reporting requirements to enhance business operations, as well as overall corporate compliance?
• Do you have disciplinary actions for employees that do not comply with your procedures?