The Medicaid Managed Care Final Rule aims to align Medicaid regulations with those of other health coverage programs, modernizing the post-Affordable Care Act healthcare landscape. Among other goals, the Final Rule seeks to bolster the transparency, accountability, and integrity of Medicaid managed care by imposing and clarifying requirements meant to reduce fraud, waste, and abuse. The rule finalizes a number of changes that address two types of program integrity risks: fraud committed by Medicaid managed care plans and fraud by network providers. It also tightens standards for managed care organization (MCO) submission of certified data, information, and documentation used for program integrity oversight by state and federal agencies.
First, the Final Rule places new responsibilities on both states and managed care plans. State Medicaid programs will now be required to screen and enroll all network providers that order, refer, or furnish services to beneficiaries under the state plan unless a network provider is otherwise enrolled with the state to provide services to fee-for-service (FFS) Medicaid beneficiaries. This requirement, which will take effect in July 2018, may delay the growth of provider networks; to address this concern the Final Rule allows programs to execute network provider agreements pending the outcome of the screening process of up to 120 days. However, upon notification from the state that a provider’s enrollment has been denied or terminated, or the expiration of the 120 day period without enrollment, the plan must terminate the network provider immediately and notify affected enrollees. In addition, the Final Rule requires states to periodically, but no less frequently than once every 3 years, audit patient encounter data and financial reports for accuracy, truthfulness, and completeness. States must also post on their website or otherwise publicize a range of programmatic data, including the results of past audits and information related to entity contracts.
Second, beginning July 2017, managed care plans will also have to submit and certify a range of data—including data related to rate setting, compliance with Medical Loss Ratio (MLR) standards, accessibility of services, and recoveries of overpayments—to their respective states. In order to comply with this requirement, the Final Rules permits the executive leadership of an MCO to delegate the certification to an employee who reports directly to the plan’s CEO or CFO.