HEDIS Auditing
Compliance Audits P4P Audit Reviews
WHP Reviews
 
CMS Part C & D
Data Validation
Healthier Days
Data Consulting
Research Consulting
Survey Services

Phase 2: Onsite Visit

The onsite portion of the Compliance Audit is composed of a number of critical activities which fall into two broad categories - an assessment of compliance with NCQA's standards for information systems capabilities and an evaluation of compliance with the HEDIS measure specifications.

Information Systems (IS) Standards Assessment

The Information Systems Standards Assessment is performed to determine the effects that information systems (IS) practices have on the HEDIS reporting process. The audit does not evaluate the overall effectiveness of the health plan's management information systems; rather, it focuses on the impact that the health plan IS has on HEDIS reporting accuracy. The auditors determine whether the health plan's automated systems, information management practices and data control procedures ensure that all information required for HEDIS reporting is adequately captured, translated, stored, analyzed and reported.

Within the assessment of information systems capabilities, the following standard areas are analyzed:

  • coding methodology,
  • medical data,
  • membership data,
  • provider data,
  • vendor oversight by organization,
  • data integration,
  • data completeness, and
  • data control.

The generalized methodology for assessing information system compliance consists of any or all of the following:

  • interview key plan representatives who are responsible for operations or departments supplying data used in HEDIS reporting;
  • review documentation relevant to the information system domains and, as needed, view a demonstration of specific procedures;
  • analyze documentation describing the operation of computer systems and computerized files via text, code, and flow charts;
  • observe operations which include those areas that use the information system resources while preparing data for the HEDIS report;
  • verify that file contents are accurate;
  • review oversight actions by the plan for all data received and transmitted; and
  • confirm integration of data from the medical record review data abstraction process.

HEDIS Measure Determination Standards

The purpose of this audit component is to determine whether the processes used to produce each HEDIS measure were in compliance with HEDIS specifications and thus "reportable." The standards address the following areas:

  • identification of members for the denominator files;
  • determination of the extent to which sampling activities are performed according to HEDIS specifications;
  • an assessment of numerator identification;
  • determination of algorithmic compliance by ensuring that computation of HEDIS rates or percentages, as well as other parameters, is done correctly;
  • documentation of data and processes;
  • delegation and monitoring of activities performed by vendors; and
  • assessment of software pre-certification results, as applicable.

To assess these areas, our auditors may:

  • review the computer programs, identify numerators and calculate rates;
  • run programs against test data where the outcome is predetermined;
  • examine files pertaining to specific measures;
  • evaluate medical record review tools, training and processes; and
  • determine the accuracy of continuous enrollment criteria by measure.
* HEDIS® is a registered trademark of the National Committee for Quality Assurance (NCQA).
* HEDIS Compliance Audit™ is a registered trademark of the National Committee for Quality Assurance (NCQA).