13 States Still Struggle to Check Providers to Avoid Medicaid Fraud

July 30, 2019 - States are struggling to implement effective provider enrollment screening processes to prevent Medicaid fraud, including fingerprint-based criminal background checks, according to a recent HHS Office of the Inspector General (OIG) investigation.

The watchdog’s survey of 50 states and District of Columbia found that 18 states had not implemented fingerprint-based criminal background checks for high-risk providers in Medicaid as of July 1, 2018. And by January 1, 2019, 13 states still had not implemented the Medicaid fraud prevention requirement.

Furthermore, three of the states without fingerprint-based criminal background checks failed to report their implementation status to OIG despite federal officials asking for the information.

CMS required states to implement criminal background checks for high-risk providers in 2018. The agency explained that comprehensive criminal background checks protect Medicaid against fraudulent and abusive providers.

Since 2016, states have received guidance from CMS on implementing required criminal background checks, which include notifying each high-risk provider that is subject to the requirement, collecting fingerprints from the providers and verifying whether the provider has a state or FBI criminal history, reviewing results and taking necessary action, and updating enrollment records to note the results.

READ MORE: How Providers Can Detect, Prevent Healthcare Fraud and Abuse

But a significant number of states are still reporting challenges with carrying out new criminal background check requirements, which is opening the door for Medicaid fraud and improper payments, OIG said.

Specifically, the watchdog found that startup challenges are still preventing five states from collecting fingerprints. Common startup challenges included a lack of authority at the state level, limited resources to collect fingerprints, and delays in determining criminal histories that disqualify a provider from participating in Medicaid.

The eight remaining states that have not fully implemented fingerprint-based criminal background checks also said that they are facing residual delays from a lack of resources and state-level authority. For example, one state notified providers and started collecting fingerprints, but experienced delays because it has one of the largest Medicaid programs and needs to check about 600 providers.

Other states not complying with the requirement said they are still working on checking newly enrolled high-risk providers and establishing who needs a criminal background check.

Even though states are required to conduct fingerprint-based criminal background checks for high-risk Medicaid providers, two loopholes are opening the program to fraud by allowing some high-risk providers to enroll in Medicaid without undergoing criminal background checks, the OIG found.

READ MORE: Medicare, Medicaid Exclude 200% More Docs for Healthcare Fraud

First, CMS regulations allow states to skip criminal background checks on high-risk Medicaid providers if the providers are already enrolled in Medicare, regardless of whether Medicare has conducted a background check.

CMS means for the rule to reduce administrative burden. However, CMS staff told OIG that Medicare is still conducting criminal background checks on approximately 1,000 high-risk providers, and the agency is not expected to complete the checks until 2020 or later.

OIG found that 44 states rely on Medicare enrollment results when it comes to registering high-risk Medicaid providers, meaning these states may have enrolled some of the 1,000 high-risk providers who have not been subject to fingerprint-based criminal background checks by any federal healthcare program. The loophole poses a threat to Medicaid, OIG stated.

The other loophole involves high-risk providers who do not disclose owners. CMS requires not only that providers disclose individuals whose direct or indirect ownership interest in high-risk providers is five percent or higher, but also that states collect fingerprints from such individuals. Provider enrollment in Medicaid hinges on the results of the owner’s criminal background check.

States are experiencing challenges with verifying provider-attested ownership information, resulting in Medicaid fraud risks, OIG found.

READ MORE: DoJ Memo Limiting Guidance Use to Impact Healthcare Fraud Cases

By 2018, nine states reported lacking the capability to identify owners whom providers did not report on enrollment applications. Contemporaneously, CMS staff told OIG that the agency does not have the ability to verify accuracy of provider-reported ownership information.

“Because States and CMS lack this capability and because provider ownership information is self-reported, States and CMS have no way to conclusively verify that providers are being truthful in their disclosures of their owners,” OIG stated.

The watchdog recommended that CMS ensure all states fully implement fingerprint-based criminal background checks to prevent Medicaid fraud and improper payments. The agency should also use financial disallowances to ensure compliance.

CMS should also amend its guidance so states cannot forgo performing criminal background checks on high-risk providers who are already enrolled in Medicare unless Medicare has finished its own check of the provider, OIG reported. The agency should also compare the information reported by high-risk Medicaid providers to Medicare’s provider ownership information to help states identify discrepancies.

CMS concurred with OIG’s first recommendation but expressed concerns that the latter two recommendations would increase administrative burdens on both states and CMS.