Contributed 2/7/00 by Kristin Hobbs kristinhobbs@alliant-energy.com THIRD PARTY ADMINISTRATOR HEALTH CARE BENEFITS AUDIT INTERNAL AUDIT WORK PROGRAM I. Eligibility and Enrollment Risks: A) Non-eligible employees may be receiving benefits. B) All employees have not signed up for benefits or, if applicable, completed a waiver of benefits. C) There is not a signed contract on file for all flexible spending accounts. D) Data transmission may be partial or inaccurate. E) Dependents that have been enrolled may be ineligible. F) The employer may be paying premiums while an employee is on leave of absence. G)Terminated employees may continue to receive benefits without the election of COBRA. H) Changes in option election may not be transmitted accurately or timely. I) Enrollment data received from Mercer may be inaccurate. J) Claims may be being paid for conditions where a waiting period exists and has not expired. II. Plan Administration Risks: A) Plan may not be being administered in accordance to the contract and governmental provisions, causing loss of status of the plan and tax benefits. B) Benefit program data is not being analyzed to ensure the current arrangements continue to be cost beneficial. C) Plan may not have been selected from competitive bids. III. Claims Processing Risks: A) Claims may be approved before an individual is eligible (e.g. waiting period, pre-existing condition). B) Claims may be approved for materials/services not covered by the plan. C) Duplicate claims may be submitted and approved. D) Where self-insured, the level of service provided by TPA may be lesser than they provide their indemnity accounts. E) The person approving claims can also authorize claim payments. F) There may be a backlog of claims filed not paid. H) Fraudulent claims may be submitted by individuals not insured by the plan (sharing of insurance card). I) Claims processing software may not have adequate controls to deny approval of non-covered materials/services. Audit Steps: 1) Select a sample of claims paid and test for: * eligibility * material/services received are covered by plan * if waiting period is applicable * deductible/coinsurance applied 2) Identify potential duplicate payments using ACCESS query and investigate. 3) Inquire of personnel the process of paying claims to ensure adequate segregation of duties. 4) Inquire of personnel the procedures used to detect potential fraudulent claims. 5) Using Access Query, test for dollar maximums by plan and also procedure type to ensure they were not exceeded. 6) Test to see if possible pre-existing conditions are investigated for new employees. IV. Payment of Claims Risks: A) Individual authorizing payment may also approve claims, no segregation of duties. V. Application of Recovery Risks: A) Dollars recovered from claims that should not have been paid out are not returned to Company or their account (e.g. applied to the plan fund). Audit Steps: 1) Inquire of BC/BS personnel the procedure used when recoveries of payment made. VI. Review of Contract Risks: A) Contract may not contain provisions for critical areas (e.g. right to audit, performance guarantees, procedures for recoveries, transition provisions). Audit Steps: 1) Review contract for critical areas. VII. Stop Loss Coverage Risks: A) If the TPA is also indemnity insurer of stop loss coverage, conflict of interest may arise. B) Costs may not be accumulated on the stop loss "year", resulting on lost stop loss coverage. Audit Steps: 1) Inquire of BC/BS personnel how stop loss limits applied. 2) Select the 12 highest dollar claims and test for application of stop loss. a) Of the individuals where stop loss applied, test to ensure all claims were included in accumulation. VIII. Confidentiality of Data Risks: A) Safeguards may not be in place to ensure the security of confidential data. Audit Steps: 1) Inquire of BC/BS personnel what controls are in place to protect confidential data. VIIII. Usual Customary and Reasonable Charges Risks: A) UCR fees determined by BC/BS may be significantly higher than the industry average. B) Company may not be receiving the discount given by participating facilities. Audit Steps: 1) Inquire of BC/BS personnel how UCR rates are determined, how often they are reevaluated, and what standards are used. 2) Inquire of BC/BS Internal Audit Staff the procedures, if any, performed to test UCR rates. 3) Inquire of BC/BS personnel how the facility discount is passed on to Company. X. Coordination of Benefits Risks: A) BC/BS may not pursue coordination of benefits and Company may be paying higher costs than necessary. Audit Steps: 1) Inquire of BC/BS personnel the routine (standard) method for investigating for coordination of benefits. 2) Inquire of BC/BS Internal Audit Staff what procedures are done to test coordination of benefits. 3) Inquire if any statistics are available for the number of COB letters sent for indemnity insured vs. cost plus. 4) Select a sample of COB letters sent and, for those indicating COB does apply, investigate follow-up performed. 5) Inquire of BC/BS the criteria established for sending COB inquiry letters. 6) Inquire of BC/BS if there is a national registry of insurance subscribers and, if so, if this is utilized by BC/BS.