|SUMMARY OF:||A Special Report on the Department of Health and Social Services, Division of Medical Assistance, Internal Control Over Medicaid Payments, January 31, 2003.|
Purpose of the Report
The primary objective of our review was to evaluate the controls over the payments made under the State’s Medicaid program. The program is administered by the Division of Medical Assistance (DMA) and involves numerous payments made to a variety of service providers involved with meeting the medical needs of citizens that meet the program’s eligibility requirements. Additionally, our review addressed specific concerns related to Medicaid’s home and community-based (HCB) waiver programs. The issues in this part of the review involved primarily the billing and budgeting practices of private nonprofit community services agencies.
Internal controls over Medicaid program need to be improved
Our central conclusion is that the internal controls related to a significant segment of the payments made under State’s Medicaid program are weak. There are weaknesses in both phases of the payment process: (1) the system involved in processing claims; and (2) the practices used to monitor the activities of recipient and providers involved in Medicaid. This second phase, we refer to as program integrity function, includes activities both at DMA and the Department of Law’s Medicaid Fraud Control Unit (MFCU).
While the control weaknesses in the Medicaid system involve circumvention or neglect of established controls, the findings related to HCB waiver programs primarily stem from the lack of well-designed controls. In this instance, the primary control involves state regulations which permit reimbursement for expenditures in a manner inconsistent with good financial practices.
The weaknesses in the internal controls over the review and electronic processing of payment claims include:
- Poor controls over provider enrollment. DMA’s procedures for enrolling eligible service providers in the State Medicaid program are not consistent with federal regulations. Additionally, DMA fails to inactivate providers with extended lapses of participation in the Medicaid program.
- Administrative data processing controls being ignored. The data processing system that generates payments uses an elaborate structure of edits to evaluate claims. The objective of these evaluative edits is to provide assurance the claim is legitimate and consistent with state and federal regulations, as well as established healthcare standards. DMA, through practice and policy, has weakened the effectiveness of some of these edit checks.
- Insufficient controls over nonemergency transportation. Many of the controls in this area are designed to contain transportation costs. There are a number of problems involving the application of controls over nonemergency transportation. There were many transportation claims paid without a related medical claim involved. Some travel costs appear to be unreasonable, while an established control procedure such as prior authorization, is applied in such a way as to be of limited value.
The weaknesses in internal controls relating to program integrity involve:
- An ineffective provider and recipient review system within DMA. The section within DMA responsible for reviewing providers and recipients for possible abuse and fraud has not been adequately supported. This lack of support compromises DMA’s capacity to effectively manage program integrity information. Accordingly, known problem providers are not effectively monitored on an ongoing basis.
- Lack of effective coordination between DMA and MFCU. In recent years, two DMA policy decisions adversely affected MFCU investigations. Additionally, vague DMA policies and regulations hamper MFCU investigatory efforts.
Weaknesses in the manner in which controls are designed for HCB services allow providers to be paid for levels of service higher than they actually provide. This is due to the way service costs are developed and billed, consistent with the requirements of state regulations.
Findings and Recommendations
To address the weaknesses in internal control outlined in the Conclusions section we make 13 recommendations. Recommendation numbers 1 through 4 address the data processing involved with payment of claims through the Medicaid management information system (MMIS). Recommendation numbers 5 through 9 address the internal monitoring and review of activities at DMA. Recommendation numbers 10 and 11 address the controls stemming from activities of other agencies such as the Division of Mental Health and Developmental Disabilities involvement with HCB waiver costs. Recommendation numbers 12 and 13 address actions the legislature should possibly take to improve the operations and controls related to administration of the State’s Medicaid program.