2017 OIG Report on Medicaid Fraud Control Units

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently issued its annual report on state Medicaid Fraud Control Unit (MFCU) statistics for fiscal year (FY) 2017. The report is based on data collected from the individual MFCUs that currently operate in 49 states and the District of Columbia. According to HHS, Medicaid represents about 17 percent of the $3.3 trillion annual national healthcare expenditure. MFCUs investigate and prosecute Medicaid provider fraud, patient abuse and neglect cases. Federal and state governments jointly fund each of the 50 MFCUs. Each of the MFCUs receives federal reimbursement equivalent to 75 percent of their total expenditures and state reimbursement equivalent to the remaining 25 percent. In 2017, the total expenditure to support the MFCUs was $276 million, $207 million of which was contributed by federal funds. For MFCUs to continue to receive federal reimbursement, the OIG must recertify each MFCU annually. As part of its oversight efforts, the OIG conducts periodic onsite reviews of the various MFCUs.

In 2017, MFCUs reported 1,528 convictions, similar to the number of convictions reported the past several years. From this number, 1,157 convictions were for fraud and 371 convictions were for patient abuse or neglect. Additionally, there were 961 civil settlements and judgments. A total of $1.8 billion was reported recovered from criminal and civil cases, with $1.1 billion from civil actions and $693 million from criminal cases. With regards to the criminal case recoveries, $519 million came from the Texas MFCU’s prosecution of one significant case. Further, recoveries from drug diversion cases increased from $15.7 million to $28.4 million over the past year. A single case in New York was responsible for $25.2 million of the total $28.4 million. During the same period, MFCUs conviction referrals resulted in the OIG’s exclusion of 1,181 individuals and entities from participation in health care programs.

MFCUs Failing to Report to the OIG

MFCUs are required to disclose certain criminal conviction, provider exclusion, and administrative sanction information to the OIG (42 CFR §§§ 455.106, 1002.230, 1002.4, MFCU Performance Standard 8). The OIG uses this information to make exclusion determinations for a provider and includes resulting exclusions on its List of Excluded Individuals and Entities (LEIE). The OIG is then obligated to report its exclusions to the General Services Administration (GSA) System for Award Management (SAM) debarments listings. Although these state reporting requirements to the OIG are set forth in federal regulations and in MFCU performance standards issued by the OIG, whether states actually submit such reports to the OIG, and to what degree, remains unclear.

The OIG’s reports on MFCU recertification reviews indicate that many states are not fully complying with state reporting requirements. In the annual summary report entitled Comprehensive Program Integrity Reviews in 2014, the Centers for Medicare and Medicaid Services (CMS) reported that many states were not in compliance with disclosure and adverse action reporting requirements. Specifically, 19 states were found to be noncompliant in disclosing healthcare-related criminal convictions, and 10 states failed to report adverse actions taken on provider applications to the OIG. The 2017 MFCUs report showed a combination of 2,118 criminal and civil actions, but the OIG only reported 1,181 individual and entity exclusions that year. Although not all actions reported by the MFCUs qualify for inclusion on the OIG’s LEIE, the difference of almost 1,000 actions reinforces the concern that not all relevant state actions are being reported to the OIG. This concern also highlights the importance of separate sanction screening of Medicaid exclusion databases in order to capture those actions not reported to federal authorities and the OIG.

Looking for Help Safeguarding Your Compliance Program?

Don’t fall victim to federal penalties due to an oversight in new regulations. Strategic Management Services offers a variety of healthcare compliance program services to meet your organization’s individual needs. For questions about our services, please feel free to contact our experts online, or give us a call at (703) 683-9600.