Section 4540.60  Provider Directory Audits

a)         By April 1 of each year, an insurer shall file with the Department a report applicable to all provider directories of all its network plans that describes the protocols the insurer uses to ensure that it complies with the requirements in Section 25 of the Act to keep each electronic directory up-to-date, accurate, and complete by updating it both at least monthly and within 10 business days of receipt of updated information from preferred providers, as well as to update the print directory and errata quarterly and to ensure that the print directory is accurate as of the date of publication.  The report shall also describe the insurer’s current verification process established pursuant to 42 U.S.C. 300gg-115(a)(2).  The report shall also describe any changes to these protocols and to the verification process that have occurred since the beginning of the previous calendar year. The report shall describe all variances in the protocols and the verification process among the insurer’s network plans or between its different provider directories, including any distinctions made among HMO and Preferred Provider Organization (PPO) networks.  An insurer that demonstrates that, at all times during the audit period, the contents of any print directory are printed from the same data used for the corresponding online directory on the same date of printing is exempt from auditing the print directories separately.  For 2023, the report shall be filed no later than July 1.

b)         An insurer must conduct the periodic self-audit required under Section 25(a)(3) of the Act for each provider directory no less than twice per year.  If an insurer has not completed a self-audit for each provider directory by the date this rule takes effect, it shall audit the provider directory for that network plan and generate a report by July 1, 2023.  The insurer’s unredacted internal self-audit reports generated during the previous calendar year shall be attached to the report required under subsection (a).

c)         Each self-audit report generated on or after July 1, 2023 must include a summary specifically identifying each print and electronic directory audited, the marketing name of each network plan using that directory, and the SERFF Tracking Number of the most current filing under Section 10 of the Act that contained the directory. The summary must specify, at a minimum:

1)         For each print or electronic directory audited and each provider specialty type in that directory, the number of preferred providers for which the self-audit revealed any incorrect provider directory information at the time of audit;

2)         For each print or electronic directory audited and for each provider specialty type in that directory, the number of preferred providers that had furnished corrected or updated information to the insurer more than the following number of business days prior but the self-audit revealed any incorrect provider directory information still present:

A)        for an electronic directory, 10 business days before the auditor reviewed that provider’s directory information, and

B)        for a print directory that is not an on-demand, unaltered printout of the electronic directory, 10 business days before the date of printing;

3)         For each print or electronic directory audited and for each provider specialty type in that directory, the number of:

A)        preferred providers with directory entries updated since the prior self-audit;

B)        preferred providers that submitted updates to their provider directory information since the prior self-audit; and

C)        preferred providers from whom the insurer requested updated information because of the self-audit or other internal detection of inaccurate information or any complaint received of inaccurate provider information since the prior self-audit;

4)         For each print or electronic directory audited and for each provider specialty type in that directory, the smallest, largest, and median number of business days since the prior self-audit between:

A)        the insurer’s receipt of updated information from a preferred provider or the termination of a provider contract if the insurer is contractually required to update the directory on its own initiative; and

B)        the insurer’s update to the electronic or print provider directory;

5)         The combined totals of the numbers in subsections (c)(1) through (4) across all provider specialty types, both within each directory and across all directories provided by the insurer; and

6)         A high-level evaluation of the effect of known internal or external processes or circumstances and changes to those processes or circumstances on the accuracy of the insurer’s directories and the timeliness of updates to directory information under State and federal requirements.

d)         Any time the insurer submits a report or other documentation to the federal Centers for Medicare and Medicaid Services related to the insurer’s compliance with 42 U.S.C. 300gg-115(a)(2), the insurer shall give the Department a copy of that report or documentation.

e)         The Director may request additional information upon receipt of a self-audit report and may at any other time audit the accuracy of any network plan's provider directory.

f)         Reports required under this Section shall be filed in SERFF as a network adequacy filing separately from the insurer’s filings required under Section 10 of the Act.