New Reporting Rules for State Medicaid Fraud Control Units

There is no doubt that state Medicaid Fraud Control Units (MFCUs) have their hands full and are charged with a difficult task. They are responsible for investigating Medicaid fraud. This is part of the responsibility assigned to them by the Centers for Medicare & Medicaid Services (CMS) as a mandate for receiving federal healthcare dollars to reimburse those services and other items covered by Medicaid.

According to the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) website, “Medicaid Fraud Control Units (MFCUs) investigate and prosecute Medicaid provider fraud as well as patient abuse or neglect in healthcare facilities and board and care facilities. MFCUs operate in 49 states and the District of Columbia. The MFCUs, usually a part of the state attorney general’s office, employ teams of investigators, attorneys, and auditors; are constituted as single, identifiable entities; and must be separate and distinct from the state Medicaid agency. OIG, in exercising oversight for the MFCUs, annually re-certifies each MFCU, assesses each MFCU’s performance and compliance with federal requirements, and administers a federal grant award to fund a portion of each MFCU’s operational costs.”

On June 1, 2012, the Federal Register published an important mandate to measure the success of state Medicaid Fraud Control Units. Performance Standard 8(f) calls for all state MFCUs to transmit to the OIG for HHS, “for purposes of program exclusions under section 1128 of the Social Security Act, all pertinent information on MFCU convictions within 30 days of sentencing, including charging documents, plea agreements, and sentencing orders.”

The OIG reviews many components of state MCFU compliance, using 12 performance standards, and monitors MCFU compliance with federal grant requirements. This can include the review of policies and procedures, documentation of the unit’s operations, staffing, and caseload (as well as financial documentation), structured interviews with key stakeholders, and review of the sample of cases worked by the unit. 

This article will focus on the performance of reporting, sentencing, and actions taken against providers by the OIG. The OIG relies upon the MFCUs to timely notify it of actions taken that might require the provider to be excluded by the OIG.

State MCFUs have listed various reasons why they did not know which cases to report or why they were late in informing the OIG about certain matters. No matter the reason, the OIG has proposed to clear up what is required via the revised rules for MFCUs, which were published on Sept. 9, 2016.

The proposed rules expand the MCFUs’ functions and responsibilities and propose to require that MCFUs:

• Submit all convictions to the OIG for purposes of program exclusion within 30 days of sentencing, or as soon as practicable if a MFCU encounters delays from the courts.
• Make information available to, and coordinate with, OIG investigators and attorneys, other federal investigators, and federal prosecutors on Medicaid fraud information and investigations involving the same suspects or allegations.
• Transmit to the OIG pertinent information on all convictions, including charging documents, plea agreements, and sentencing orders, for purposes of program exclusion under section 1128 of the SSA.

By referring convicted individuals or entities to OIG for exclusion, MFCUs help ensure that such individuals and entities do not have the opportunity to defraud Medicaid and other federal health programs, or to commit patient abuse or neglect. Historically, referrals by MFCUs have constituted a significant part of the exclusions imposed each year by OIG.

MCFU Not Reporting

Let’s look at the Virginia MFCU, as an example. In 2016 it recovered $34 for each dollar spent on fighting healthcare fraud. However, with those stellar results, the MFCU did not report about half of all convictions to OIG within required time frames. The Unit did not report 42 of its 79 convictions to OIG within 30 days of sentencing.

Late reporting of convictions to OIG delays the initiation of the program exclusion process, which may result in improper payments being made to providers by Medicare or other federal healthcare programs – or possible harm to beneficiaries.

The ProviderTrust Compliance Healthcare Index Report (CHIRP) compares each state exclusion to determine whether it was the result of a felony for patient abuse, substance abuse, and/or fraud abuse, as enumerated by Section 1128. For illustrative purposes, we focused on New York state exclusions (felonies).

The New York MCFU excluded 6,291 individuals and entities: 5,508 individuals, 783 entities.

The OIG list of excluded individuals and entities (LEIE) has 3,113 of those 5,508 individuals and 21 of the 783 entities.

However, the ProviderTrust CHIRP analysis identified 21 excluded individuals (for a felony) that were not found on the OIG LEIE list. The exclusions were mandatory, being as they were for a felony, and thus according to Performance Standard 8, they should have been provided to the OIG for inclusion on the LEIE.

Here are two examples of such lag in reporting to the OIG:

Buena Vista Pharmacy Inc.
New York, N.Y.
Excluded on Nov. 20, 2000 by New York (18 NUCRR 515.8) for all federal healthcare programs

Aaron S. Goldfein

Excluded in New York as a physician on Aug. 27, 2015 and excluded in Michigan May 6, 2014.

In fact, an audit of the OIG LEIE found that approximately two-thirds of state exclusions were not found on it. This is consistent with ProviderTrust’s CHIRP findings, as evidenced by New York’s missing data outlined above. Thus, a company needs to conduct monthly monitoring of not only the OIG LEIE, but also the 40 state Medicaid exclusion lists in order to be assured of searching against all available exclusions (state and federal).

Summary

Whatever results from these clarifying MFCU reporting rules, the OIG LEIE can only receive those cases that resulted in a conviction, sentence, or plea agreement. Without timely reporting, the OIG LEIE list will not be all-encompassing, creating a big gap for exclusion compliance for your organization.

Accordingly, make sure to cover the OIG LEIE, SAM.gov and all available state Medicaid exclusion lists in your monthly exclusion monitoring program in 2017. Until the MFCUs get better at following the tenets of Performance Standard 8(f), employers will have to include federal OIG and all available state Medicaid exclusion lists (40) in order to ensure that they are not hiring or contracting with an excluded individual and/or entity.