New Reporting Rules for State Medicaid Fraud Control Units

Original story posted on: March 29, 2017

There is no doubt that state Medicaid Fraud Control Units (MFCUs) have their hands full and are charged with a difficult task. They are responsible for investigating Medicaid fraud. This is part of the responsibility assigned to them by the Centers for Medicare & Medicaid Services (CMS) as a mandate for receiving federal healthcare dollars to reimburse those services and other items covered by Medicaid.

According to the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) website, “Medicaid Fraud Control Units (MFCUs) investigate and prosecute Medicaid provider fraud as well as patient abuse or neglect in healthcare facilities and board and care facilities. MFCUs operate in 49 states and the District of Columbia. The MFCUs, usually a part of the state attorney general's office, employ teams of investigators, attorneys, and auditors; are constituted as single, identifiable entities; and must be separate and distinct from the state Medicaid agency. OIG, in exercising oversight for the MFCUs, annually re-certifies each MFCU, assesses each MFCU's performance and compliance with federal requirements, and administers a federal grant award to fund a portion of each MFCU's operational costs.”

On June 1, 2012, the Federal Register published an important mandate to measure the success of state Medicaid Fraud Control Units. Performance Standard 8(f) calls for all state MFCUs to transmit to the OIG for HHS, “for purposes of program exclusions under section 1128 of the Social Security Act, all pertinent information on MFCU convictions within 30 days of sentencing, including charging documents, plea agreements, and sentencing orders.”

The OIG reviews many components of state MCFU compliance, using 12 performance standards, and monitors MCFU compliance with federal grant requirements. This can include the review of policies and procedures, documentation of the unit’s operations, staffing, and caseload (as well as financial documentation), structured interviews with key stakeholders, and review of the sample of cases worked by the unit. 

This article will focus on the performance of reporting, sentencing, and actions taken against providers by the OIG. The OIG relies upon the MFCUs to timely notify it of actions taken that might require the provider to be excluded by the OIG.

State MCFUs have listed various reasons why they did not know which cases to report or why they were late in informing the OIG about certain matters. No matter the reason, the OIG has proposed to clear up what is required via the revised rules for MFCUs, which were published on Sept. 9, 2016.

The proposed rules expand the MCFUs’ functions and responsibilities and propose to require that MCFUs:

  • Submit all convictions to the OIG for purposes of program exclusion within 30 days of sentencing, or as soon as practicable if a MFCU encounters delays from the courts.
  • Make information available to, and coordinate with, OIG investigators and attorneys, other federal investigators, and federal prosecutors on Medicaid fraud information and investigations involving the same suspects or allegations.
  • Transmit to the OIG pertinent information on all convictions, including charging documents, plea agreements, and sentencing orders, for purposes of program exclusion under section 1128 of the SSA.

By referring convicted individuals or entities to OIG for exclusion, MFCUs help ensure that such individuals and entities do not have the opportunity to defraud Medicaid and other federal health programs, or to commit patient abuse or neglect. Historically, referrals by MFCUs have constituted a significant part of the exclusions imposed each year by OIG.

MCFU Not Reporting

Let’s look at the Virginia MFCU, as an example. In 2016 it recovered $34 for each dollar spent on fighting healthcare fraud. However, with those stellar results, the MFCU did not report about half of all convictions to OIG within required time frames. The Unit did not report 42 of its 79 convictions to OIG within 30 days of sentencing.

Late reporting of convictions to OIG delays the initiation of the program exclusion process, which may result in improper payments being made to providers by Medicare or other federal healthcare programs – or possible harm to beneficiaries.

The ProviderTrust Compliance Healthcare Index Report (CHIRP) compares each state exclusion to determine whether it was the result of a felony for patient abuse, substance abuse, and/or fraud abuse, as enumerated by Section 1128. For illustrative purposes, we focused on New York state exclusions (felonies).

The New York MCFU excluded 6,291 individuals and entities: 5,508 individuals, 783 entities.

The OIG list of excluded individuals and entities (LEIE) has 3,113 of those 5,508 individuals and 21 of the 783 entities.

However, the ProviderTrust CHIRP analysis identified 21 excluded individuals (for a felony) that were not found on the OIG LEIE list. The exclusions were mandatory, being as they were for a felony, and thus according to Performance Standard 8, they should have been provided to the OIG for inclusion on the LEIE.

Here are two examples of such lag in reporting to the OIG:

Buena Vista Pharmacy Inc.
New York, N.Y.
Excluded on Nov. 20, 2000 by New York (18 NUCRR 515.8) for all federal healthcare programs

Aaron S. Goldfein

Excluded in New York as a physician on Aug. 27, 2015 and excluded in Michigan May 6, 2014.

In fact, an audit of the OIG LEIE found that approximately two-thirds of state exclusions were not found on it. This is consistent with ProviderTrust's CHIRP findings, as evidenced by New York’s missing data outlined above. Thus, a company needs to conduct monthly monitoring of not only the OIG LEIE, but also the 40 state Medicaid exclusion lists in order to be assured of searching against all available exclusions (state and federal).


Whatever results from these clarifying MFCU reporting rules, the OIG LEIE can only receive those cases that resulted in a conviction, sentence, or plea agreement. Without timely reporting, the OIG LEIE list will not be all-encompassing, creating a big gap for exclusion compliance for your organization.

Accordingly, make sure to cover the OIG LEIE, and all available state Medicaid exclusion lists in your monthly exclusion monitoring program in 2017. Until the MFCUs get better at following the tenets of Performance Standard 8(f), employers will have to include federal OIG and all available state Medicaid exclusion lists (40) in order to ensure that they are not hiring or contracting with an excluded individual and/or entity.

Michael Rosen, Esq.

Michael Rosen brings more than 20 years of experience in founding and leading service-oriented businesses. He co-founded Background America, Inc., which was acquired by Kroll Inc. He was promoted to president of the Background Screening Division, which employed 1,000 people in seven countries.

He is now the co-founder of ProviderTrust, Inc. a national healthcare compliance service that helps facilities stay in compliance. He has received numerous accolades, including the Inc. Magazine 500 Award, Nashville Chamber of Commerce Small Business of the Year award, and the Music City Future 50 Award.

This email address is being protected from spambots. You need JavaScript enabled to view it.

Related Articles

  • Are you with the FBI, or the F-I-B?
    Scammers targeted a local medical board in the name of the FBI. Here’s a story you need to share with your licensed professionals. Last week a physician called me in a panic. A member of the local medical board had…
  • Explosive OIG Report Raises Red Flags for Providers, CDI Professionals
    The report underscores federal authorities’ recent assertions that coding errors are generating ample unwarranted reimbursement. EDITOR’S NOTE: This article was originally published by ICD10monitor on March 2, 2021 and is being republished in light of continuing interest in the subject.…
  • Philip Esformes Has Sentence Commuted
    I have written four previous articles on Philip Esformes, who was sentenced to 20 years in federal prison for a truly infamous scheme to defraud Medicare out of millions of dollars. He bribed doctors and other providers of care to…