2014 Annual Technical Report
Delmarva Foundation
79
HEDIS
®
Audit Protocol
The HEDIS
®
auditor follows NCQA’s Volume 5: HEDIS
®
Compliance Audit
TM
: Standards, Policies, and
Procedures described briefly below:
Offsite preparation for the onsite audit: To prepare the MCOs for the upcoming audit, HDC takes the
following steps:
Conference call: A conference call is held to introduce key personnel, review the onsite agenda,
identify session participants, and determine a plan to audit data sources used for HEDIS
®
.
HEDIS
®
Roadmap review: Each MCO must complete the HEDIS
®
Record of Administration,
Data Management, and Processes (ROADMAP). The Roadmap includes detailed questions about all
audit standards and describes the operational and organizational structure of the organization. The
auditor reviews the HEDIS
®
Roadmap to make preliminary assessments regarding information
systems compliance and to identify areas requiring follow-up at the onsite audit.
Information Systems (IS) standards compliance: The onsite portion of the HEDIS
®
Audit that
expands upon information gleaned from the HEDIS
®
Roadmap to enable the auditor to make
conclusions about the organization’s compliance with IS standards. IS standards, describing the minimum
requirements for information systems and processes used in HEDIS
®
data collection, are the foundation
on which the auditor assesses the organization’s ability to report HEDIS
®
data accurately and reliably.
The auditor reviews data collection and management processes, including the monitoring of vendors, and
makes a determination regarding the soundness and completeness of data to be used for HEDIS
®
reporting.
HEDIS
®
Measure Determination (HD) standards compliance: The auditor uses both onsite and
offsite activities to determine compliance with HD standards and to assess the organization’s adherence
to HEDIS
®
Technical Specifications and report-production protocols. The auditor confirms the use of
NCQA certified software. (All Maryland Medicaid organizations continue to use certified software to
produce HEDIS
®
reports.) The auditor reviews the organization’s sampling protocols for the hybrid
method. Later in the audit season, the auditor reviews HEDIS
®
results for algorithmic compliance and
performs benchmarking against NCQA-published means and percentiles.
Medical record review validation (MRRV): The HEDIS
®
audit includes a protocol to validate the
integrity of data obtained from medical record review (MRR) for any measures calculated using the
hybrid method. The audit team compares its medical record findings to the organization’s abstraction
forms for a sample of positive numerator events. Part one of the validation may also include review of a
convenience sample of medical records for the purpose of finding procedural errors early in the medical
record abstraction process so that timely corrective action can be made. This is optional based on NCQA
standards and auditor opinion. MRRV is an important component of the HEDIS
®
Compliance Audit. It
ensures that medical records reviews performed by the organization, or by its contracted vendor, meet
audit standards for sound processes and that abstracted medical data are accurate. In part two of the
MRRV, the auditor selects hybrid measures from like-measure groupings for measure validation. MRRV
tests medical records and appropriate application of the HEDIS
®
hybrid specifications (i.e., the member