This spring, the Centers for Medicare and Medicaid Services (CMS) will publish its final rule updating the regulatory framework pertaining to Medicaid Managed Care (primarily CFR 42 part 438). This represents the first major update of Medicaid Managed Care regulations since 2002.
The Notice of Proposed Rule Making (NPRM), CMS 3490-P, issued May 26, 2015, received considerable comment, and the final rule is sure to have some variation from the proposed rule. But almost certainly both states and managed care organizations (MCOs) will be responsible for complying with enhanced regulatory provisions related to enrollment, beneficiary support, access to care, quality of care, rate setting and financial reporting, encounter data, program integrity, and reporting.
A key concept throughout CMS’s NPRM is transparency. To achieve better transparency within the program, CMS describes an enhanced set of data points that will enable beneficiaries to better navigate and enroll in the managed care program, enable states to monitor access to care and quality of care, and help states and CMS better ensure fiscal soundness and program integrity. Seven key areas affecting new types of data sharing will include:
- MCOs will be required to share information related to providers and networks, to ensure access to care and network adequacy compliance as well as for program integrity purposes.
- Quality of care data will be expanded, as will data related to member satisfaction surveys, member grievance and appeal logs, and provider complaint logs.
- States will be required to monitor all MCO providers, MCO ownership, and MCO subcontractors to ensure that excluded individuals and entities are not receiving payment under the Medicaid program. This will require sharing of ownership and contractor information on a regular basis.
- MCOs will be required to promptly report changes in a provider’s circumstances that may affect the provider’s ability to participate in the managed care program, such as termination of a provider agreement.
- MCOs will be required to report all improper payments identified or recovered, specifying the improper payments due to potential fraud. MCOs will be required to have a mechanism in place for providers to self-report overpayments. States will be required to exclude improper payments from (actuarial sound) rate setting calculations.
- MCOs will be required to notify states of changes in an enrollee’s circumstances that may affect the enrollee’s eligibility (including residence, income, or death), in order to better prevent inappropriate capitation payments by the state to the MCO.
- MCOs will be required to implement a method to verify on a regular basis, by sampling or other methods, whether services billed by providers were actually received by enrollees.
In the proposed rule, CMS discusses the importance of accurate encounter data for purposes of oversight, rate-setting, and program integrity. The NPRM re-emphasizes existing statute that enable CMS to withhold federal funds from states and MCOs that do not meet encounter data standards. MCO CEOs/CFOs will be required to certify the accuracy of submitted encounter data. States must, within 90 days of the effective date of the requirement, submit to CMS a detailed plan of their procedures and processes to ensure the timely submission of complete and accurate enrollee encounter data. While encounter data sharing is of course not new, following years of quality problems it seems that CMS is serious about resolving this issue.
To ensure compliance with the final rule and achieve the required levels of oversight over the managed care program, states will need to expand data sharing with MCOs. To support this effort, the proposed rule directs that states should have a monitoring system for managed care. This system would incorporate data from specific areas of managed care administration and oversight. Data from this process is to be used to improve the quality of the managed care program.
States will need to decide – informed by CMS guidance and funding options – whether Medicaid Management Information Systems (MMIS) designed to support high volume fee-for-service program administration are the right platform to support the types of data required for comprehensive managed care program oversight, or whether nimbler technology capable of integrating and analyzing various types of data and populations are more appropriate.
States will also need to determine the level of collaboration they want with MCOs. Do they want broader oversight to be a one-way street? Or, do they want a more collaborative approach based on insights from utilization, provider, and program integrity data analysis?
As part of this process, states should also consider how existing program integrity vendors – including third party liability vendors; recovery audit contractors; and fraud, waste, and abuse analytics vendors – can be leveraged to support enhanced data sharing, program integrity, and oversight related to the managed care program. Many of these vendors are already working with states and MCOs in this area, using encounter and claims data that could be integrated into collaborative data sharing practices that benefit all parties.
When published, the final rule will be required reading, and it will be interesting to see how the rule is implemented across various states. One thing seems certain – there will be a lot more data!
Michael Hostetler is vice president of business and product innovation for HMS. Contact Michael at email@example.com.