Medicaid Managed Care:

Additional CMS Actions Needed to Help Ensure Data Reliability

GAO-19-10: Published: Oct 19, 2018. Publicly Released: Nov 19, 2018.

Additional Materials:

Contact:

Carolyn L. Yocom
(202) 512-7114
yocomc@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

States collect data on Medicaid services to help the Centers for Medicare & Medicaid Services (CMS) oversee the managed care program. For example, this data can help set managed care payment rates, identify inappropriate billing patterns, and ensure access to services.

But what if the data isn’t reliable?

CMS started requiring states to have independent audits of their data to help ensure reliability, but hasn't fully informed states on how to conduct these audits—which could lead to inconsistent results.

We recommended that CMS give states more information on the audits and how it will enforce the new data reliability requirements.

 

Photo of a stethoscope on a computer keyboard.

Photo of a stethoscope on a computer keyboard.

Additional Materials:

Contact:

Carolyn L. Yocom
(202) 512-7114
yocomc@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Centers for Medicare & Medicaid Services (CMS) requires states to collect service utilization data—known as encounter data—from Medicaid managed care organizations (MCO). GAO found that, in 2017, all eight selected states it reviewed checked MCO-submitted encounter data for reasonableness—that is, they checked that the data contained valid values, were submitted in a timely manner, and reflected historical trends. Three of the selected states used an additional oversight practice—comparing encounter data with an external data source—which could involve comparing encounter data with a sample of medical records. Such comparisons are recommended by CMS and other experts, such as actuaries, to help ensure data reliability (i.e., accuracy, completeness, and timeliness). Five of the eight selected states reported using mechanisms—such as penalties—to enforce encounter data reporting requirements in 2017.

Oversight Practices for Encounter Data Used by Selected States, 2017

 

Selected states

Oversight practice

CA

NE

NH

NY

OH

TX

UT

WV

Conducted reasonableness checks

Compared to external data sources

Required corrective action plans, assessed penalties, or provided performance incentives

Legend: ● = used practice; ○ = did not use practice

Source: GAO analysis of state reported information | GAO-19-10

GAO found that CMS has provided states with limited information on how to fulfill new regulatory requirements related to encounter data reliability. For example, CMS has provided states with limited information on

  • the required scope and methodology for the required independent audits of state encounter data; and
  • the required content of annual assessments of encounter data reporting that states must submit to the agency.

Because of the limited information from CMS, the agency will not have the information it needs to perform effective oversight of encounter data reliability.

States report encounter data to CMS's Transformed Medicaid Statistical Information System (T-MSIS). However, CMS has not provided states with information on the circumstances under which the agency will determine whether to defer or disallow federal matching funds in response to T-MSIS data submissions that do not comply with the agency's standards. In 2016, CMS indicated that it would provide this information before taking such actions. Until CMS provides this information to states, the effectiveness of deferring or disallowing funds as a potential enforcement tool to ensure state compliance is diminished, thus potentially hampering its efforts to ensure the reliability of encounter data.

Why GAO Did This Study

Questions have been raised about the reliability of states' Medicaid managed care encounter data, which are often used to set rates paid to MCOs. States collect the data from the Medicaid MCOs they contract with and then submit the data to CMS through T-MSIS. With managed care comprising nearly half of the total federal Medicaid expenditures in 2017, the importance of reliable encounter data is paramount to ensuring that rates are appropriate and beneficiaries in Medicaid managed care are receiving covered services.

GAO was asked to examine Medicaid managed care encounter data reliability. In this report, GAO examined (1) states' oversight practices, and (2) CMS's actions for helping to ensure encounter data reliability. GAO reviewed documents on oversight practices, and interviewed Medicaid officials from eight states, selected based on enrollment and geography; and collected information from two MCOs (one with low and one with high enrollment) in each of the eight states. GAO also reviewed relevant federal regulations and guidance; and interviewed CMS officials.

What GAO Recommends

The Administrator of CMS should provide states information on (1) scope and methodology requirements for encounter data audits; (2) required content of the annual assessments; and (3) circumstances for deferring or disallowing matching funds in response to noncompliant T-MSIS data submissions. The Department of Health and Human Services agreed with the first two recommendations and neither agreed nor disagreed with the third recommendation.

For more information, contact Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Administrator of CMS should provide states with more information on how to fulfill the requirement for independent encounter data audits, including information on the required audit scope and methodology, and what should be described in the resulting report. (Recommendation 1)

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Administrator of CMS should provide states information on the required content of the annual assessment of encounter data reporting. (Recommendation 2)

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The Administrator of CMS should provide states with information on the circumstances under which CMS would defer or disallow matching funds in response to noncompliant encounter data submissions. (Recommendation 3)

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

 

Explore the full database of GAO's Open Recommendations »

Dec 13, 2018

Dec 10, 2018

Nov 30, 2018

Nov 27, 2018

Nov 13, 2018

Oct 30, 2018

Oct 23, 2018

Oct 15, 2018

Oct 1, 2018

Looking for more? Browse all our products here