Medicaid managed care organization oversight
CPAs can help states mitigate risks in Medicaid cost-containment efforts.
June 11, 2012
Medicaid, the joint federal-state program that provides health care to low-income Americans, is causing considerable fiscal strain for states. Medical inflation, certain incentives in the Patient Protection and Affordable Care Act, P.L. 111-148, and higher levels of unemployment since 2008 have left many states looking for ways to contain the cost of Medicaid programs, which generally account for the largest component of a state’s budget.
The most common Medicaid cost-containment method among states is the use of managed care. Under Medicaid managed care programs, the states pass on the risk of providing Medicaid services to managed care organizations (MCOs), which accept fixed monthly capitated payments in return for providing Medicaid services to beneficiaries. Requiring that Medicaid services be attained through an MCO also reduces the number of health care providers a state oversees.
The structure of a Medicaid managed care environment, though, is still complex. The various private vendors to a state could include MCOs, fiscal intermediaries, electronic benefits transfer contractors, insurance companies, third-party administrators, and external quality-control organizations.
Due to the amount of dollars flowing through the Medicaid program to those vendors, states must exercise oversight of managed care operations to ensure that services that are contracted for are being delivered. However, states have not been immune to the economic downturn and have laid off staff or are making employees assume additional duties. As a result, various state governments are emphasizing third-party audits of MCOs. Certain state governments want assurance that Medicaid funds are being used efficiently and properly. State governments are also taking steps to recover funds or impose liquidated damages when MCO inefficiencies or improprieties are discovered, or if an MCO is not complying with the terms of its contract. States also require corrective action plans to address noncompliance findings.
Many CPAs work for governmental units, health care organizations, or firms that have a stake in such audits. Understanding the factors surrounding such audits enables CPAs to better meet the needs of disparate stakeholders.
State expectations of MCOs
Since the late 1990s, more and more states have contracted with MCOs to provide Medicaid-funded services. Medicaid beneficiaries are assigned to an MCO and then seek medical care from the MCO’s network of providers.
Within those contractual relationships, states have various expectations of MCOs, including:
Risks to states
Conventional wisdom says that under a Medicaid managed care regime, MCOs are assuming the risk. That is only partially true. While MCOs bear significant financial risk, the state still retains a large risk because it bears the public responsibility for failings and shortcomings of an MCO’s performance.
Some of the specific risks to states include the possibility of overpayment, inability to hold the MCO accountable because of complex organizational structures, safeguarding of PHI, inadequacy of utilization management systems, excessive administrative costs, and network adequacy. This list is by no means exhaustive.
Medicaid agencies also face considerable media scrutiny and federal government oversight. Governors and state legislators face reelection, among other political considerations.
If an audit of an MCO uncovers troublesome circumstances, certain state governments may recover millions of dollars through litigation or the imposition of liquidated damages. The state government, though, is ultimately responsible for oversight and is primarily responsible for returning federal matching funds that have been improperly spent.
Methods states use to provide independent oversight of MCOs
States are increasingly engaging CPA firms to mitigate their risks and provide independent oversight of MCOs. These engagements are generally performance audits, examinations, and, occasionally, agreed-upon procedures. The oversight objectives typically address:
What MCOs can expect from independent oversight
The Medicaid managed care industry has boomed in recent years. In many instances, the growth of MCOs has outpaced the development and implementation of adequate control and compliance structures. Independent audits should be viewed as a valuable tool to aid the MCO in managing its own risks, and in correcting shortcomings that could snowball into much bigger problems.
Some of the items found in past audits that led to corrective actions that eventually aided MCOs included:
CPAs may work on behalf of an auditing entity or an MCO. In either instance, being aware of the MCO compliance factors helps them assure that vital health care services are delivered efficiently and properly.
Selvadas Govind, CPA, MPA, CIA, CICA, is senior manager for health care assurance services for Weaver, an independent accounting firm with offices throughout Texas.