Managed Care Audit and Consulting Services

In accordance with the Medicaid and CHIP Managed Care Final Rule, published on May 6, 2016, states must periodically, but no less frequently than once every 3 years, conduct an independent audit of the accuracy, truthfulness and completeness of the encounter and financial data submitted by, or on behalf of, each health plan [§ 438.602(e)]. Additionally, states are required to provide accurate encounter and financial data to the state actuaries, as well as to the Centers of Medicare & Medicaid Services (CMS) as part of the Transformed Medicaid Statistical Information System (T-MSIS) project[1].

Preceding the regulatory requirements enacted by the CMS, Myers and Stauffer has been working with state Medicaid agencies since 2009 to ensure that critical data needed to support effective and efficient oversight of its managed care programs is complete and accurate. Our encounter data validation engagement assist states in reaching the goals of transparency and payment reform to support its efforts in quality measurement and improvement. Another level of service we offer to meet this requirement is the CMS External Quality Review (EQR) Validation of Encounter Data, Protocol 5. 

Our encounter data testing procedures may include:

• Reconciling MMIS managed care encounter claims to health plan financial data.
• Testing, analysis, and data mining of encounter submission and cash disbursements data from health plans and subcontractors.
• Working with health plans and delegated vendors to resolve issues identified within the encounter data submission process.
• Evaluating state/department policies, as well as the policies, procedures, and systems of the health plan, assists states in gauging utilization, identifying potential gaps in services, evaluating program effectiveness, and identifying strengths and opportunities to enhance oversight
• Preparing reports regarding health plan compliance with contractual submission obligations and accuracy of the submitted encounter data.
• Assistance with the development of corrective action plans and monitoring corrections of deficiencies.
• Analyzing utilization rates:
  • Operational reviews of health plan processes to aggregate and report encounter data.
  • Validation of encounter data to data contained in patient medical charts.
  • Comparison of health plan performance to peers.
• Comparing health plan data and operational processes to contractual standards, industry best practices, National Committee for Quality Assurance standards, Health Effectiveness Data and Information Set measures and other accepted protocols.
• Performing on-site assessments of health plan encounter processes.

States may be at risk for loss of federal financial participation or reimbursement if the encounter data is incomplete or inaccurate.

[1] https://www.medicaid.gov/medicaid/data-and-systems/macbis/tmsis/index.html

[2] https://www.medicaid.gov/medicaid/quality-of-care/medicaid-managed-care/quality-of-care-external-quality-review/index.html

In July 2021, the Office of Management and Budget (OMB) issued its Compliance Supplement to 2 CFR Part 2, Appendix XI, (2021 Compliance Supplement Addendum_ Final (whitehouse.gov)) which contains guidance to auditors performing audits under the Single Audit Act.  Within that very large document, there are some items of which State Medicaid programs with managed care will want to take note of in order to ensure they meet the compliance requirements.  OMB directs auditor focus to Managed Care Financial Audits and prescribes the procedures auditors should perform (see page 1431).

Federal regulations require two types of audits for managed care: 

1. Audited Financial Reports – The contract with each MCO, PIHP, and PAHP must require them to submit to the state an audited financial report specific to the Medicaid contract on an annual basis. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards (42 CFR 457.1201(k)).
2. Effective no later than for rating periods for contracts starting on or after July 1, 2017, the state must periodically, but no less frequently than once every three years, conduct, or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of each MCO, PIHP, and PAHP and post the results of these audits on its website (42 CFR Part 438, Subpart H (as adopted in CHIP at 42 CFR 457.1285); May 6, 2016, Federal Register (81 FR 27497); OMB No. 0938­0920)).

Myers and Stauffer has aided several state clients in successfully satisfying the audit requirements outlined in these regulations.  Our work performing encounter data validation and External Quality Review Protocol 5, combined with our robust financial examination procedures performed on medical loss ratio (MLR) reports, addresses the requirement for Periodic Audits.  We perform these examinations under AICPA attest standards to ensure the appropriate level of assurance is attained. 

Please contact mjohnson@mslc.com or ksorensen@mslc.com for further information regarding how Myers and Stauffer can help ensure your program is compliant with these periodic audit requirements.

Learn more about our MLR services.

On May 6, 2016, the Centers for Medicaid & Medicare (CMS) published sweeping reform changes to the Medicaid managed care industry through the codification of the Medicaid and CHIP Managed Care Final Rule within the Federal Register. These changes were designed to better align key provisions with other health insurance programs, promote greater financial and performance transparency, and provide stronger accountability to consumers and stakeholders. Emerging from these regulations is the mandate that Medicaid managed care health plans must calculate and report a MLR in accordance with final rule § 438.8. States must periodically, but no less frequently than once every three years, conduct an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of, each health plan [§ 438.602(e)].

Federal agencies are monitoring compliance, including CMS and the Office of Management and Budget (OMB). The 42 Code of Federal Regulations § 438.66(e) stipulates submission of the Managed Care Program Annual Report (MCPAR), which serves to hold states accountable for compliance with this periodic audit requirement. The MCPAR requires states to disclose health plan MLR percentages and the location of the audit results on the state website. Additionally the OMB is ensuring compliance through its issued guidance utilized under the Single Audit Act.

Health plans are required to spend at least 85 percent (federal minimum) of premium dollars on medical care. In order to bring consistency and standardization across all health insurance markets, and to promote fiscal stewardship, administrative efficiency, and comparability across states and markets, the final rule requires a MLR be calculated, reported, and used in the development of actuarially-sound rates. We perform MLR examinations for numerous state Medicaid agencies and CMS and have the unique experience and expertise to assist with all facets of the MLR reporting, auditing, and performance oversight.

Through our examination procedures we ensure MLR components are:

• Properly supported.
• Properly classified.
• Accurately allocated.
• Allowable.
• Reported in the proper period.
• In compliance with the state and federal guidance.

Millions of current and future dollars are potentially at stake. Do not let inaccurate and incomplete reporting contribute to difficult programmatic funding choices.

As CMS issues additional guidance for MLR reporting and auditing requirements, we have created the following alerts:

May 2019

Explore example reports and findings further:

Louisiana Department of Health

Wisconsin- ForwardHealth

Myers and Stauffer offers expertise with managed care program strategic planning, assisting with health plan procurement, onboarding, and evaluation. We help ensure program design and procurement vehicles are aligned with your program needs and are poised to achieve the intended program performance goals. Our services include:

• Managed care delivery system strategic planning and design.
• Analysis of federal authorities for managed care implementation.
• State plan amendment and waiver development.
• CMS negotiation support.
• Stakeholder engagement.
• MCO request for proposal (RFP) development.
• MCO procurement support (RFP language development, proposal evaluation tool design, subject matter expertise consultation, question and answer (Q&A) responses, contract provisions, etc.).
• Quality strategy development and enhancement.
• Driving value-based payments through MCO contracts.

Learn more about our readiness review services.

We have a structured approach to make sure your managed care implementation goes smoothly. We can help you identify and mitigate program risks, determine the resources and infrastructure necessary to manage the programs, and figure out the when, where, why, and how to deploy those resources to maximize the efficiency and value of the program.

• Implementation strategy and timeline management.
• Resource support, including subject matter expertise.
• Health plan contract development and reviews.
• Health plan readiness reviews.
• State readiness reviews for MCO implementation.
• Stakeholder outreach planning and implementation, including liaison to provider associations, legislative advocacy groups, or other outreach, as appropriate.
• Capitation payment testing.
• Program risk assessment and evaluation.
• Assistance with development of reporting requirements and other program management tools.
• Data analysis, Medicaid management information system (MMIS) readiness testing, and encounter testing.
• MCO Command Center strategy to support initial contract implementation and resolve recipient and provider issues.

A comprehensive monitoring program is vital to ensuring the accuracy of the vast amount of data generated and used by your managed care program, the costs reported are allowable, the profits are appropriate and reasonable, that operations are meeting contract performance standards and health outcome goals are achieved. Myers and Stauffer has extensive experience assessing the appropriateness of MCO payments, the reliability of MCO financial and performance data, and monitoring all relevant areas.

• Development and review of cost principles.
• Treatment of third-party recoveries, reinsurance recoveries, and pharmacy rebates.
• Programs for assessing data retention and submission requirements and systems.
• Programs for addressing and identifying non-compliance.
• Programs for addressing and identifying overpayments and excess profits.
• Recovery audits.
• External quality review (EQR) Protocol 5 – Validation of Encounter Data Reported by the MCO.
• Validating outcome achievement as part of value based contracts.

An effective and comprehensive contract compliance monitoring program is essential to ensuring Medicaid and Medicare dollars are spent appropriately and enrollees are receiving expected services. Myers and Stauffer can draw on our significant experience with these issues to help you evaluate your current processes and make recommendations for improvement.

• Performance audits to test for compliance with contract performance provisions.
• Follow-up audits to validate correction of issues.
• Subcontractor and delegated vendor oversight reviews.
• Health Insurance Portability and Accountability Act (HIPAA) compliance reviews
• Benefit administration reviews.
• Network adequacy reviews.
• Pharmacy benefit manager reviews.

Myers and Stauffer conducts performance audits and analysis that go beyond the scope of EQR to ensure MCOs are providing beneficiaries with access to the services to which they are entitled. The audits focus on services that are denied by MCOs and ensure beneficiaries are given the appropriate rights to obtain service.

• Denial of services.
• Prior authorization denials. 
• Improperly limiting the quantity of medication supplied to beneficiaries.
• Geo-access analysis, review, and development of findings.
• Evaluation of appeals and grievances.