Managed Care Oversight Toolbox 

What’s in Your Managed Care Oversight Toolbox? 

With all of the various reporting and monitoring requirements, an active oversight program is a must to become and remain compliant.  From the Centers for Medicare and Medicaid Services’ (CMS) increased focused on Medicaid Managed Care program oversight and fiscal accountability[1], to the Office of Management and Budget Single Audit Act guidance directing state auditors to confirm compliance with managed care and medical loss ratio (MLR) auditing requirements contained with the Federal regulations[2], it is more important than ever for state Medicaid agencies to take a close look at their Medicaid Managed Care Organization (MCO) oversight procedures and ensure those procedures are effective and up to date.

Important Dates to Know

Description Requirement Citation Dates to Note
Audited Financial Reports Contract with each MCO, PIHP, and PAHP must require them to submit to the state an audited financial report specific to the Medicaid contract on an annual basis. These audits must be conducted in accordance with generally accepted accounting principles and generally accepted auditing standards. 42 CFR 457.1201(k) Annually
Periodic Audit Conduct, or contract for an independent audit of the accuracy, truthfulness, and completeness of the encounter and financial data submitted by, or on behalf of each MCO, PIHP, and PAHP and post the results of these audits on its website. 42 CFR Part 438, Subpart H (as adopted in CHIP at 42 CFR 457.1285); May 6, 2016, Federal Register (81 FR 27497); OMB No. 0938­0920)) Effective no later than for rating periods for contracts starting on or after July 1, 2017, the state must conduct periodically, but no less frequently than once every three years.
Medical Loss Ratio Summary Report[1] Using a standard template provided by CMS, states must submit along with their rate certification required in 42 CFR 438.7, a summary description of the MLR report(s) received from the MCOs, prepaid inpatient health plans (PIHP) and prepaid ambulatory health plans (PAHP) under contract with the state. 42 CFR 438.74(a) Annually
Network Adequacy and Access Assurances Report States must submit an assurance of compliance to CMS that each MCO, PIHP and PAHP meets the state’s requirement for availability of services, including documentation of an analysis that supports the assurance of the adequacy of the network for each contracted MCO, PIHP or PAHP related to its provider network. 42 CFR 438.207(d) Information must be submitted at the time the state enters into a contract with each MCO, PIHP or PAHP; on an annual basis; and any time there is a significant change in the operations that would affect the adequacy of capacity and services of an MCO, PIHP or PAHP.
Managed Care Program Annual Report (MCPAR)[2] Using the MCPAR reporting template, each state must submit to CMS a report on each managed care program administered by the State, regardless of the authority under which the program operates. 42 CFR 438.66(e) Due via CMS’ MDCT – Managed Care Reporting 180 days after end of each contract year beginning with contract periods starting on or after July 1, 2021. First reports will be due December 27, 2022.



The Centers for Medicare & Medicaid Services (CMS) guidance includes guidance and specific parity compliance requirements for each managed care organization (MCO) providing services to members. For example, MCOs that have no certain aggregate or lifetime dollar limits M/S benefits also may not impose limits in kind on SUD benefits.2 Those that do impose a limit on at least two-thirds of all M/S benefits must either apply those limits to SUD benefits in a way that does not differentiate between the two or NOT include a limit on SUD that does not also exist on M/S benefits.2

Put another way, any benefits or limitations within M/S benefits must be similarly applied to those of SUD benefits, which may not be relatively more limited or restricted in terms of cost or services. Further, SUD benefits cannot be subject to separate cost-sharing standards or treatment limitations that apply only to these benefits. If requested, the provider must disclose standards for medical necessity determinations and reasons for denials related to MH/SUD benefits must be disclosed upon request.3

How Myers and Stauffer Can Help 

Our efforts are designed to assist our Medicaid and Medicare agency clients in realizing their goals and objectives for their managed care programs. Our managed care work includes:

  • Encounter data reconciliation or CMS External Quality Review Protocol 5- Encounter Data Validation, in order to ensure encounter data used for utilization analysis and rate setting is complete and accurate.
  • Financial data engagements, including MLR examinations and monitoring of MCO administrative costs, to ensure that 1) reported MLRs are consistent with the Medicaid Managed Care Final Rule, 2) only allowable and appropriate costs are charged to the program, 3) related-party transactions are reported in accordance with program requirements, and 4) capitation rates are properly supported. Our MLR examination reports will be modeled in a manner to aid in the completion of the required MLR Reporting Template.
  • CMS External Quality Review (EQR) Protocol 4, Network Adequacy, to ensure recipients have access to needed health care services in a timely and geographically reasonable manner. This is a mandatory protocol beginning November 1, 2022 and provides the supporting documentation requirement of the Network Adequacy and Access Assurances Report.
  • MCPAR required reporting assistance and validation of data, including incorporating the MLR ratios and information. Assistance with additional transparency requirements.
  • Program cost containment services to identify over reported medical and administrative costs of beneficiary services provided by contracted Managed Care entities.
  • Monitoring of third-party liability (TPL) payments and recoveries to ensure these are properly offset against costs.
  • Contract compliance reviews to ensure health plans are operating in accordance with both the contract with the regulatory agency and with the provider community. This also ensures that opportunities to strengthen contract language are highlighted and addressed.
  • Compliance audits of pharmacy benefit managers (PBMs) and third-party administrators (TPAs).
  • Risk assessments.
  • Operational performance audits.
  • MCO readiness reviews.
  • CMS-64 quarterly expense report reviews and reconciliations.
  • Collaboration with the actuarial vendor to ensure appropriate knowledge sharing.
  • Oversight and monitoring education support and training of state staff.


[2] 2021 Compliance Supplement Addendum_ Final (

Keith Sorensen, CPA, CFE (Member)

PH 919.829.7429

Judy Hatfield, CPA (Member)

PH 816.945.5319