October 11, 2019
Centers for Medicare and Medicaid Services,
Department of Health and Human Services,
RE: CMS-R-305- External Quality Review (EQR) of Medicaid Managed Care Organizations (MCOs) and Supporting Regulations
Dear Administrator Verma,
Thank you for the opportunity to comment on the proposed External Quality Review (EQR) of Medicaid Managed Care Organizations (MCOs) and Supporting Regulations. For over 25 years the National Committee for Quality Assurance (NCQA) has worked to improve the quality and value of health care. NCQA commends CMS for identifying the opportunities for efficiency in managed care oversight as reflected in this modernized set of draft protocols. A streamlined approach to quality improvement and measurement is critical to managing costs and improving outcomes.
NCQA is reiterating the support and commentary we offered in our April comment letter on the following items:
1. Non-Duplication (Introduction, p. 16-17)
NCQA supports the addition of the non-duplication language for mandatory EQR-related activities to reduce the administrative burden on managed care plans and states. The language states the goals and intent of non-duplication while still ensuring relevant information is available to EQROs for the annual EQR.
NCQA is supportive of non-duplication as CMS has outlined:
Nonduplication is intended to reduce administrative burden on MCPs and states while still ensuring relevant information is available to EQROs for the annual EQR. The expansion of nonduplication to three of the mandatory EQR-related activities (Protocols 1–3, Validation of Performance Improvement Projects, Validation of Performance Measures, and Review of Compliance with Medicaid Managed Care Regulations) for all Medicaid managed care MCOs, PIHPs, and PAHPs—not just those serving only dually eligible beneficiaries—provides additional flexibility to states to reduce administrative burden. Nonduplication is an option for a state only when the Medicare or accreditation review standards are comparable to the EQR protocols (not vice versa). If a state elects to use nonduplication, it must document in its managed care quality strategy the EQR-related activities for which it will utilize nonduplication along with the state’s rationale for its determination that the Medicare or private accreditation review standards are comparable to those in these protocols. The federal requirements related to nonduplication of mandatory activities are described in 42 C.F.R. § 438.360.
Like Medicaid, CHIP MCPs may submit information from a private accreditation review; however, with regard to CHIP, information documenting compliance with Medicare Advantage standards is not applicable as described in 42 C.F.R. § 457.1250(a).
Nonduplication allows a state to use information from a Medicare or private accreditation review of an MCP in place of generating that information through one or more of three mandatory EQR-related activities (Protocols 1–3, Validation of Performance Improvement Projects, Validation of Performance Measures, and Review of Compliance with Medicaid Managed Care Regulations). To do so, the following conditions must be met:
- The MCP is in compliance with the applicable Medicare Advantage or private accreditation standards
- The Medicare or private accreditation review standards are comparable to those established through the EQR protocols for the three mandatory EQR-related activities
- The MCP provides the state with all applicable reports, findings, and other results of the Medicare or private accreditation review applicable to the specified EQR-related activities
The state is responsible for providing the EQRO with all information from the Medicare or private accreditation review which is being used for nonduplication. The EQRO then assesses the completeness of information from the accreditation review to determine the extent of nonduplication, including confirming the comparable information fully meets the requirements for completing the analysis and developing EQR findings and recommendations. If a state chooses nonduplication, it must ensure the completion of any EQR-related activities (or components of those activities) that are not addressed by the information from the Medicare or private accreditation review. For example, if an accreditation review did not validate long term services or supports (LTSS) or other non-Healthcare Effectiveness Data and Information Set (HEDIS®) measures required by the state as a part of an MCP’s QAPI program, that validation activity would need to be completed for those measures.
Using accreditor standards for non-duplication. As noted below, we agree it is important to identify all the potential accreditor requirements that can be used for non-duplication. Many requirements may fully align, while some may partially align. NCQA’s annual Medicaid Managed Care Toolkit analyzes how our standards align with the federal requirements eligible for non-duplication noting when standards Meet or Partially Meet them and how.
It is important to note that even when information from a Medicare or private accreditation review does not completely meet the requirements of an activity, that information can still be used toward meeting the nonduplication requirements. For example, nonduplication might be able to satisfy a subset of the regulatory requirements that are subjects of the compliance review. In this example, the EQRO could use information from the nonduplication source for that subset of requirements, and then the EQR-related activity would only need to be conducted on the remaining requirements to fully assess compliance. Similarly, if a state requires its MCPs to include 10 measures in QAPI and 5 are validated as a part of an accreditation review, only the other 5 would need to be validated through the EQR-related activity. Validation information on all 10 measures would then be provided to the EQRO for the EQR.
When information from a Medicare or private accreditation review of an MCP is used to support one or more mandatory EQR-related activities, the EQRO’s analysis of the data is eligible for FFP. The accreditation activities that produce the information are not eligible for the FFP. Note that use of nonduplication is at the discretion of the state, not its MCPs.
2. Protocol 2: Performance Measure Validation (p. 57)
The HEDIS Compliance Audit is the industry’s gold standard for reviewing a managed care plan’s capability to produce and report valid and reliable data on key health care performance measures. Up to 40 states use the HEDIS Audit to ensure that data reported by plans is valid and comparable. The process ensures only the most reliable data is used in NCQA’s Medicaid HEDIS benchmarks which many states use to compare and drive plan performance.
NCQA supports the guidance CMS has included in Protocol 2 on the role of non-duplication in the Validation of Performance measures.
As noted in the Introduction, states have the option to use information from a Medicare or private accreditation review of an MCP to provide information for the annual EQR instead of conducting this mandatory EQR-related activity. (p. 58)
We appreciate the clear guidance to states and their EQROs regarding the use of the HEDIS Compliance Audit and the specific reference to its applicability for the Information Systems Capability Assessment (ISCA).
The ISCA provides information about the timing of any other recent, independent, documented assessment such as a HEDIS Compliance Audit™. If the MCP recently had a comprehensive, independent assessment of its information systems, the EQRO may review those results. (p. 61)
We applaud the recognition that measure validation methods continue to evolve and more organizations are using certified software to ensure measure results are accurately calculated. In addition, we agree reviewing the data sources that feed the calculations are a critical function of the audit process and must be done to ensure the most accurate reporting of performance.
Review of HEDIS® Measures Calculated by HEDIS®-certified Software
If the state requires HEDIS® measures and the MCP used HEDIS®-certified software to calculate the measures, the EQRO does not need to review source code for those measures. However, the EQRO is required to verify that the measures were calculated as specified by the software and that systems issues did not compromise the accuracy and completeness of the performance measures. As an example, when an MCP pays for prenatal and postpartum care as part of a bundled maternity care payment, HEDIS® measures may be calculated according to the specifications but the rates may be significantly under-reported using administrative data due to the lack of separate claims for prenatal and postpartum care. Thus, the EQRO is required to review and validate the accuracy and completeness of HEDIS® measures based on findings from the ISCA. (p. 66)
3. Protocol 3: Compliance Review ( 117)
NCQA supports the role of non-duplication in the compliance review. NCQA reviews plans on a three-year cycle and the Accreditation findings that are compliant with the non-duplication provisions are eligible for consideration as part of the annual EQR technical report summary findings.
NCQA supports the language as written regarding the frequency of compliance review and manner of reporting as outlined by CMS in the protocol language below:
Federal regulations require MCPs to undergo a review at least once every three years to determine MCP compliance with federal standards as implemented by the state. States may choose to direct their EQROs to review all applicable standards at once or may spread the review over a three-year cycle in any manner they choose (for example, fully reviewing a third of plans each year or conducting a third of the review on all plans each year). However, if an EQR technical report summarizes a compliance review that does not include all required components, the report should clearly describe:
- The three-year period covered by the current compliance review cycle
- The quality standards not included in the current report
- A summary of findings from all previous reviews within the current review cycle
- The state’s schedule for review of the remaining standards
Thank you again for the opportunity to share our comments on the July draft protocols. Please contact me, Kristine Thurston Toppe, Director of State Affairs, at email@example.com or Paul Cotton, Director of Federal Affairs, at firstname.lastname@example.org if you have questions.
Kristine Thurston Toppe
Director of State Affairs, NCQA
Cc: Paul Cotton, Director of Federal Affairs
 Available for free from our publications department.