Sweeping Amendments Impact Medicaid Fraud Control Units After 40 Years

State Medicaid Fraud Control Units (MCFU) are poised to undergo significant changes on May 21, 2019, due to final rules issued by the Department of Health and Human Services (HHS) Office of Inspector General (OIG) on March 22, 2019.¹

The amendments incorporate statutory changes affecting MFCUs as well as policy and practice changes that have occurred since the regulations were originally issued over 40 years ago. MFCU’s mission is to investigate and prosecute Medicaid provider fraud and patient abuse or neglect occurring in health care, board, and care facilities. The HHS OIG has related responsibilities, including administering grant awards to each MFCU and providing oversight for their operations.

HHS identified a threefold purpose to these amendments:

• Assist MFCUs in understanding their authorities and responsibilities under the federal grant program
• Clarify flexibilities MFCUs have in operating their programs
• Reduce administrative burden by eliminating duplicative and unnecessary reporting requirements, where appropriate

Twelve categories of changes were made to the regulatory provisions. A summary of the most relevant changes follows.

Definitions of Key Terms. The final rule adds definitions of key terms related to MFCU operations, including fraud and other criminal conduct, abuse of patients, data mining, director, health care facility, program abuse, and provider, among others.

Prosecutorial Requirements. Changes related to prosecutorial requirements include the prosecution of patient or resident abuse and neglect as well as provisions requiring formal written procedures for referrals to the state attorney general or other offices with statewide prosecutorial authority.

Agreement With Medicaid Agency. Changes consistent with the recent Medicaid managed care regulations requiring managed care organizations (MCOs) to refer potential fraud to the Medicaid agency or MFCU, found at 42 CFR Part 438, were incorporated. Requirements were also established for Medicaid agency agreements, including establishing regular communication and procedures for both coordination and receiving referrals of potential fraud from MCOs. The companion Centers for Medicare and Medicaid Services (CMS) regulation, found at 42 CFR 455.21, was also amended to ensure MFCUs and Medicaid agencies are required to have these agreements.

Duties and Responsibilities. The amended regulations require MFCUs to submit all convictions to the OIG within 30 days of sentencing or in instances of court delay as soon as practicable for purposes of program exclusion. The final rule also clarifies information-sharing requirements and provides that MFCUs must coordinate with, and make Medicaid fraud, investigation, and prosecution information available to, OIG investigators and attorneys as well as other federal investigators and prosecutors.

The changes to the MFCU regulations can be viewed in their entirety on the HHS OIG website.