On July 11, 2018, OIG issued a report entitled “Weaknesses Exist in Medicaid Managed Care Organizations’ Efforts To Identify and Address Fraud and Abuse.”  In its report, OIG states that Medicaid managed care organizations (MCOs) “are on the front line of ensuring the integrity of Medicaid Payments” and that MCOs need to improve both reporting fraud and abuse to the State and recovering overpayments. The report finds that CMS and States have opportunities to better work with MCOs to curb fraud and abuse and to ensure taxpayer dollars are being spent appropriately.

Traditionally, CMS, State agencies and MCOs are each responsible for program integrity in Medicaid. According to OIG’s report, the nature of States’ efforts to ensure program integrity changes with managed care, due to the shifting of responsibility for identifying fraud and abuse to MCOs. MCOs cover 80 percent of all Medicaid enrollees and are the primary delivery system for Medicaid as of 2015. With this increased role in care delivery, OIG has expressed concerns that fraud and abuse are prevalent with MCOs and that they “often lack[] the incentive to detect and refer potential fraud.”

The report’s stated purpose is to assess MCOs’ and States’ program integrity. As the report notes, “[f]raud, waste, and abuse in Medicaid cost States billions of dollars every year, diverting funds that could otherwise be used for legitimate health care services.”  In 2016, CMS issued a final rule codifying MCOs’ responsibilities to report fraud and abuse, which include referring cases of fraud and abuse to the State, suspending provider payments if there is a State determination that there is credible allegation of fraud and identifying and recovering overpayments. CMS’s final rule also requires MCOs to submit encounter data to the state. According to the report, CMS announced in June 2017 that it would work with States that were unable to implement the requirements of the final rule as scheduled. The report builds on OIG’s prior work, which has primarily focused on States’ efforts, by focusing on MCOs’ efforts to identify and address cases of suspected fraud or abuse.

The OIG report is based on data obtained from three areas: (1) a 2015 survey from MCOs with the largest expenditures in each of the 38 states that provide Medicaid services through managed care; (2) interviews with officials from five selected MCOs; and (3) interviews with officials from the same five states as the selected MCOs. Additionally, the report notes that its focus is solely on full-risk managed care and excludes partial-risk models such as prepaid inpatient-health plans.

The report finds that within the 38 MCOs included in the study, the numbers of identified cases of fraud and abuse in 2015 “ranged widely.”  While three of the 38 MCOs included in the report identified over 800 cases, seven others identified fewer than 30. The report also finds that the numbers of reported cases in general were very low. Specifically, although four MCOs included in the study referred more than 100 cases to the State, one-third of the included MCOs reported fewer than 10 cases of fraud and abuse. The report additionally finds that MCOs do not always identify or recover overpayments, including four MCOs that did not identify any overpayments in 2015. MCOs and States both note that offering MCOs additional incentives to recover overpayments may encourage better efforts.

Although the report identifies that a select number of States already employ strategies to improve MCOs’ efforts,  OIG notes that “CMS and States have opportunities to work together to make improvements in MCOs’ efforts to identify and address fraud and abuse.” With this in mind, OIG recommends eight specific areas for CMS to work with States. Specifically, CMS should work with States to:

1. Improve MCO identification and referral of cases of suspected fraud or abuse;
2. Increase MCO reporting of corrective actions taken against providers suspected of fraud or abuse to the State;
3. Clarify the information MCOs are required to report regarding providers that are terminated or otherwise leave the MCO network;
4. Identify and share best practices about payment retention policies and incentives to increase recoveries;
5. Improve coordination between MCOs and other State program integrity entities;
6. Standardize reporting of referrals across all MCOs in the State;
7. Ensure that MCOs provide complete, accurate, and timely encounter data; and
8. Monitor encounter data and impose penalties on States for submitting inaccurate or incomplete encounter data.

In its comments to the report, CMS agreed with all but one of these recommendations. CMS noted that standardized reporting of referrals across all MCOs in the state would hinder State flexibility. OIG responded that, although it agrees with CMS that State flexibility is important, it continues to support working with states to develop a standardized template for MCOs to “reduce provider burden and improve the quality and consistency of referrals.”