Medicaid Managed Care:

Additional CMS Actions Needed to Help Ensure Data Reliability

GAO-19-10: Published: Oct 19, 2018. Publicly Released: Nov 19, 2018.

Additional Materials:

Contact:

Carolyn L. Yocom
(202) 512-7114
yocomc@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

States collect data on Medicaid services to help the Centers for Medicare & Medicaid Services (CMS) oversee the managed care program. For example, this data can help set managed care payment rates, identify inappropriate billing patterns, and ensure access to services.

But what if the data isn’t reliable?

CMS started requiring states to have independent audits of their data to help ensure reliability, but hasn't fully informed states on how to conduct these audits—which could lead to inconsistent results.

We recommended that CMS give states more information on the audits and how it will enforce the new data reliability requirements.

 

Photo of a stethoscope on a computer keyboard.

Photo of a stethoscope on a computer keyboard.

Additional Materials:

Contact:

Carolyn L. Yocom
(202) 512-7114
yocomc@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Centers for Medicare & Medicaid Services (CMS) requires states to collect service utilization data—known as encounter data—from Medicaid managed care organizations (MCO). GAO found that, in 2017, all eight selected states it reviewed checked MCO-submitted encounter data for reasonableness—that is, they checked that the data contained valid values, were submitted in a timely manner, and reflected historical trends. Three of the selected states used an additional oversight practice—comparing encounter data with an external data source—which could involve comparing encounter data with a sample of medical records. Such comparisons are recommended by CMS and other experts, such as actuaries, to help ensure data reliability (i.e., accuracy, completeness, and timeliness). Five of the eight selected states reported using mechanisms—such as penalties—to enforce encounter data reporting requirements in 2017.

Oversight Practices for Encounter Data Used by Selected States, 2017

 

Selected states

Oversight practice

CA

NE

NH

NY

OH

TX

UT

WV

Conducted reasonableness checks

Compared to external data sources

Required corrective action plans, assessed penalties, or provided performance incentives

Legend: ● = used practice; ○ = did not use practice

Source: GAO analysis of state reported information | GAO-19-10

GAO found that CMS has provided states with limited information on how to fulfill new regulatory requirements related to encounter data reliability. For example, CMS has provided states with limited information on

  • the required scope and methodology for the required independent audits of state encounter data; and
  • the required content of annual assessments of encounter data reporting that states must submit to the agency.

Because of the limited information from CMS, the agency will not have the information it needs to perform effective oversight of encounter data reliability.

States report encounter data to CMS's Transformed Medicaid Statistical Information System (T-MSIS). However, CMS has not provided states with information on the circumstances under which the agency will determine whether to defer or disallow federal matching funds in response to T-MSIS data submissions that do not comply with the agency's standards. In 2016, CMS indicated that it would provide this information before taking such actions. Until CMS provides this information to states, the effectiveness of deferring or disallowing funds as a potential enforcement tool to ensure state compliance is diminished, thus potentially hampering its efforts to ensure the reliability of encounter data.

Why GAO Did This Study

Questions have been raised about the reliability of states' Medicaid managed care encounter data, which are often used to set rates paid to MCOs. States collect the data from the Medicaid MCOs they contract with and then submit the data to CMS through T-MSIS. With managed care comprising nearly half of the total federal Medicaid expenditures in 2017, the importance of reliable encounter data is paramount to ensuring that rates are appropriate and beneficiaries in Medicaid managed care are receiving covered services.

GAO was asked to examine Medicaid managed care encounter data reliability. In this report, GAO examined (1) states' oversight practices, and (2) CMS's actions for helping to ensure encounter data reliability. GAO reviewed documents on oversight practices, and interviewed Medicaid officials from eight states, selected based on enrollment and geography; and collected information from two MCOs (one with low and one with high enrollment) in each of the eight states. GAO also reviewed relevant federal regulations and guidance; and interviewed CMS officials.

What GAO Recommends

The Administrator of CMS should provide states information on (1) scope and methodology requirements for encounter data audits; (2) required content of the annual assessments; and (3) circumstances for deferring or disallowing matching funds in response to noncompliant T-MSIS data submissions. The Department of Health and Human Services agreed with the first two recommendations and neither agreed nor disagreed with the third recommendation.

For more information, contact Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: HHS agreed with our recommendation, noting that CMS would provide states with additional information on how to fulfill the requirement for independent encounter data audits. HHS also noted in January 2019 that CMS was developing voluntary guidance that will include information on best practices for validating encounter data. To implement this recommendation, the Administrator of CMS should inform states of the required audit scope and methodology as well as the resulting report. We will update the status of this recommendation when we receive additional information from HHS.

    Recommendation: The Administrator of CMS should provide states with more information on how to fulfill the requirement for independent encounter data audits, including information on the required audit scope and methodology, and what should be described in the resulting report. (Recommendation 1)

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  2. Status: Open

    Comments: HHS agreed with our recommendation, noting that CMS would provide states further information on the required content of the annual assessment. In January 2019, HHS noted that CMS continues to develop guidance to states on how to fulfill the annual assessment requirement. We will update the status of this recommendation when we receive additional information from HHS.

    Recommendation: The Administrator of CMS should provide states information on the required content of the annual assessment of encounter data reporting. (Recommendation 2)

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  3. Status: Open

    Priority recommendation

    Comments: HHS neither agreed nor disagreed with our recommendation and noted steps it has already taken to remind states of their obligation to submit timely, quality encounter data, and prioritize data quality. In January 2019, HHS identified a possible step CMS could take in the event it finds deficiencies in states' encounter data reporting that cannot be resolved through informal monitoring and discussions with state Medicaid agencies. In particular, HHS noted that CMS would issue guidance on the parameters by which the agency would impose financial penalties on states for noncompliant encounter data submissions, if necessary. To fully implement this recommendation, the Administrator of CMS should provide states with this information.

    Recommendation: The Administrator of CMS should provide states with information on the circumstances under which CMS would defer or disallow matching funds in response to noncompliant encounter data submissions. (Recommendation 3)

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

 

Explore the full database of GAO's Open Recommendations »

Jun 12, 2019

May 22, 2019

May 20, 2019

May 17, 2019

Apr 15, 2019

Apr 10, 2019

Apr 8, 2019

Apr 1, 2019

Mar 28, 2019

Looking for more? Browse all our products here