The Case for Program Integrity in Medicaid Managed Care

Part Eight: Managed Care and Program Integrity Oversight of Subcontractors

Meeting Program Integrity Challenges Amid Layered Complexity

In our previous post, the Benefit/Program Integrity team discussed problematic encounter data, how it factors into rate setting and the medical loss ratio, and provided recommendations alongside a case study. In this resource, we address the nuanced aspects of managing program integrity (PI) and addressing FWA within the realm of managed care organizations (MCOs), their subcontractors, and related entities.

Understanding the Relationships of MCOs to their Subcontractors

Although MCOs are responsible for overseeing their providers and programs, to operate significant segments of managed care services. The responsibilities assigned to these entities define their roles, as several terms are used interchangeably to describe the relationships between the MCO and its affiliated entities. See the box to the right.

Although subcontractors provide services and may process claims and/or manage encounter data, the MCO remains contractually responsible for compliance, data integrity, and PI oversight. MCOs are increasingly delegating PI activities to the very subcontractors providing services. As more services are delegated and subcontracted, oversight activities (including PI) become more challenging because they are further removed from the direct supervision of their respective MCOs and states. The risk of non-compliance and fraud, waste, and abuse (FWA) significantly increases due to limited or ineffective oversight and diminished PI efforts. It is critical for states to ensure MCOs and their subcontractors are effectively addressing FWA through mandated PI activities. Additionally, MCOs must provide real-time, ongoing transparency with respect to their oversight of subcontractor PI activities.

Subcontractor Relationships Defined

Since various terms are used to describe managed care operational organization relationships, there are two factors to consider to better understand entity roles:

Does this entity make payment or coverage decisions, or perform other oversight responsibilities? If so, these functions are considered delegated to that entity.
Does the MCO own the entity? If so, incorporating related-party reviews helps ensure the entity’s functions are being performed at “arm’s length.”

In this post, we refer to a relationship between MCOs and other entities as “subcontractors,” and we are focusing on relationships in which decision making has been delegated to a vendor.

Risks Inherent in the Subcontractor Arrangement

States may face several unique challenges because of the complexities of this structure and these relationships.

Oversight of Related Entities. When an MCO has subcontractors, the MCO may expect or rely on these vendors to perform PI activities, leveraging the subcontractor’s specialized knowledge to lead PI initiatives. However, gaps can occur if the MCO assumes oversight is being performed without verifying how oversight activities have been implemented, or if the PI function truly exists at all. Managing these relationships presents additional challenges when the subcontractor is a related entity under common ownership with the MCO. The potential for conflicts of interest is high. It is vital for states to ensure MCO subcontractor contracts are executed as “arm’s-length transactions,” meaning that related parties conduct business as if they are fully independent and without undue influence. PI activities should be driven by the obligation to ensure a fair, effective, and sustainable health care system that prioritizes patient care and financial accountability, not by ownership interests seeking to maximize profits and minimize responsibility.

We recommend states carefully review contracts between MCOs and MCO subcontractors, comparing the terms of related-entity agreements with those of unrelated vendors offering similar benefits for other MCOs. Key areas for comparison include:

Payment Structure. Are the payment models, such as per-member per-month payments or fee-plus structures, comparable to those used by other MCOs?
Vendor Reimbursement. Is the reimbursement to the related entity comparable to what other MCOs are paying for similar services?
Claim Payments. Are claim payments made by the related entity consistent with those made by vendors providing similar services for other MCOs? For instance, a pharmacy benefit manager (PBM) with its own network (e.g., CVS Caremark or Walgreens) may have different reimbursement rates for related-party locations compared to unrelated organizations.
Standards and Processes. Do contractually required standards differ across provider types and responsibilities, or between related and unrelated entities? Are the processes for PI, reporting, or other requirements consistent?

Unresolved and Unreported Investigations. A backlog of unresolved or unreported investigations may indicate insufficient SIU or subcontractor capacity, unclear investigative workflows, or lack of follow-through on overpayment recovery. In some cases, investigations could remain open past the period during which the MCO or subcontractor is permitted to recover payments (e.g., one year), resulting in missed recovery opportunities and cases aging out without action. Unreported investigations may also occur when subcontractors do not consistently share outcomes with the MCO or the state, limiting visibility into PI efforts.

Growth of an investigative backlog can be an indicator that there are gaps in MCO oversight. To mitigate these risks, the state should ensure that roles, accountability, and investigation timeframes are clearly defined, and that regular reporting requirements apply to both the subcontractor’s PI activities and the MCO’s oversight of those activities. Clear expectations and monitoring reduce the likelihood of case backlogs and support timely recovery and resolution.

Limited Cost Avoidance Activity. MCO contracts often require subcontractors to perform cost‐avoidance functions, such as prepayment claim reviews, particularly for providers identified as higher risk. These activities help prevent improper payments before they occur. When subcontractors do not perform sufficient prepayment review, the state is more likely to incur avoidable overpayments and rely instead on post‐payment recovery (“pay and chase”), which can place additional administrative burden on the program. Some subcontractors, including PBMs, may argue that the nature of their adjudication systems limits their ability to conduct prepayment reviews, which can lead to inconsistent cost avoidance practices across subcontractors.

To address these risks, states should periodically review and assess MCO and subcontractor compliance with cost‐avoidance expectations, including whether prepayment review activities are performed and appropriately documented. Contracts should clearly define cost avoidance requirements and documentation standards, and subcontractors should identify practical approaches to implement prepayment controls within their operational constraints. Ensuring that cost avoidance activities are consistently applied and monitored supports more effective program oversight and helps manage overall program costs.

Unwritten Expectations. States must include detailed and well-defined PI requirements in contracts with MCOs. Clear PI requirements should subsequently flow down to be incorporated in the MCOs’ contracts with their subcontractors. States will lack the necessary legal basis for enforcement with the MCO without documented requirements for MCO PI and FWA detection and prevention activities, Furthermore, in the absence of detailed contractual obligations, there can be no targets for recovery rates, no standard timelines, and no consistent resolutions, thereby causing investigations and PI activities that may exist to stall.

Over the course of our decades of experience supporting state managed care program oversight, we have observed numerous instances of these issues, highlighting the need for states to implement strong PI requirements for MCOs and their subcontractors that are both precise and actionable.

In our next post on these issues, we present a real-world example from one of our own engagements alongside our recommendations for tackling them.

Myers and Stauffer

Purpose driven. Exclusive focus. Government Programs.

Established in 1977, Myers and Stauffer is a nationally based consulting and certified public accounting firm. For nearly 50 years, we have worked exclusively with local, state, and federal government health and human-services agencies to help them accomplish their most critical goals for the nation’s most fragile people.

Our Benefit/PI program area covers a range of services, disciplines, and areas of focus, including data analytics, and health plan oversight and compliance, which takes direct aim at oversight of MCOs. We are here to answer any questions and help with any health care and human services needs your agency may encounter. Contact a member of our team today.