Legislative Milestones in Medicaid Program Integrity
| Year | |
| 1965 | Medicaid was enacted as Title XIX of the Social Security Act (the Act, P.L. 89-97) to provide health coverage for certain groups of low-income people. The law established Medicaid as an individual entitlement with federal-state financing; it also enacted Medicare under Title XVIII of the Act. During its first decade, Medicaid operated with few fraud controls and did not specify any state or federal law enforcement agencies to monitor criminal activity within the program. |
| 1977 | The Medicare-Medicaid Anti-Fraud and Abuse Amendments (P.L. 95-142) provided special federal funding to establish state Medicaid Fraud Control Units (MFCUs). |
| 1980 |
The Mental Health Systems Act (P.L. 96-398) required most states to develop a computerized Medicaid Management Information System (MMIS). The Medicare and Medicaid Amendments of 1980 (P.L. 96-400) provided the authority under Section 1128 of the Act to exclude individuals and entities from participation in Medicare and Medicaid for fraud against the programs. The Omnibus Reconciliation Act of 1980 (P.L. 96-499) provided permanent federal funding for MFCUs beyond the initial three-year start-up period. |
| 1981 | The Omnibus Budget Reconciliation Act of 1981 (P.L. 97-35) provided the authority to impose civil money penalties as an intermediate sanction for fraud or abuse. |
| 1986 | The False Claims Act Amendments (P.L. 99-562) made significant changes to the False Claims Act (FCA), including rewards for whistleblowers and fines for fraudulent activity. |
| 1987 | The Medicare and Medicaid Patient and Program Protection Act of 1987 (P.L. 100-93) strengthened authorities to sanction and exclude providers from the program and established criminal penalties for fraud against Medicare, Medicaid, and other federal health care programs. |
| 1989 | The Omnibus Budget Reconciliation Act of 1989 (P.L. 101-239) placed limitations on physician self-referrals. The physician self-referral provisions are commonly referred to as the Stark law. |
| 1993 | The Omnibus Budget Reconciliation Act of 1993 (P.L. 103-66) significantly amended the Stark law, with rules commonly referred to as Stark II, and required each state to have a MFCU unless the state could demonstrate to the satisfaction of the Secretary of the U.S. Department of Health and Human Services (HHS) that its Medicaid program sustained a minimal amount of fraud and could protect Medicaid enrollees from abuse and neglect. |
| 1996 | The Health Insurance Portability and Accountability Act of 1996 (HIPAA, P.L. 104-191) defined numerous offenses relating to health care and set civil and criminal penalties for them. It also created several programs to control fraud and abuse within the health care system, including Health Care Fraud and Abuse Control (HCFAC) Program and the Medicare Integrity Program (which was the model for the Medicaid Integrity Program (MIP) that was created through the Deficit Reduction Act of 2005, described below). |
| 1997 | The Balanced Budget Act of 1997 (P.L. 105-33) allowed states to contract with a limited number of managed care plans; applied federal conflict-of-interest standards to state officials involved in Medicaid managed care contracting; required prior approval by HHS of all Medicaid managed care contracts over $1 million; and added conditions of participation for managed care regarding fraud and abuse, quality assurance, protections against patient billing, information and disclosure, and marketing. |
| 2002 | The Improper Payments Information Act of 2002 (P.L. 107-300) required every federal agency to report on improper payments and efforts to combat them. The Centers for Medicare & Medicaid Services (CMS) created the Payment Error Rate Measurement (PERM) program to comply with the statute. |
| 2005 | The Deficit Reduction Act of 2005 (P.L. 109-171) established the Medicaid Integrity Program (MIP) and the Medicare-Medicaid data match program, strengthened third-party liability, and included provisions encouraging states to enact their own False Claims Acts. |
| 2009 |
The Fraud Enforcement and Recovery Act (P.L. 111-21) further strengthened the FCA by broadening the range of conduct that can be subject to false claims prosecution by including presentation of a false claim (even if not paid) and the knowing use of false records or statements related to a false claim. The Children’s Health Insurance Program Reauthorization Act of 2009 (P.L. 111-3) provided states with the option to verify U.S. citizenship through data matches with the Social Security Administration, simplified enrollment, and required coordination of Medicaid Eligibility Quality Control (MEQC) and PERM program efforts, as well as substitution of data between these two programs. |
| 2010 |
The Patient Protection and Affordable Care Act (ACA, P.L. 111-148, as amended) established provider screening requirements, an integrated data repository for Medicare and Medicaid, and the Medicaid Recovery Audit Contractors (RACs). The ACA also contained provisions addressing provider terminations, credible allegations of fraud, reporting managed care data in MMIS, participation in the National Correct Coding Initiative, the Stark law, and FCA actions. The Small Business Jobs Act of 2010 (P.L. 111-240) mandated that CMS implement a predictive analytics system to analyze Medicare claims to detect patterns that present a high risk of fraudulent activity and report to the Congress in 2014 on the cost effectiveness and feasibility of expanding the use of predictive analytics to Medicaid and CHIP in the future. |
| 2013 | The Bipartisan Budget Act of 2013 (P.L. 113-67) allowed state Medicaid agencies to recover any payments by a third party, rather than payments made solely for health care items or services. It also created an exception to Medicaid’s anti-lien statute for third-party liability. |
| 2015 | Consolidated Appropriations Act, 2016 (P.L. 114-113) provides additional funding for Medicaid and CHIP program integrity activities and limits state Medicaid durable medical equipment payment to Medicare payment rates. |
| 2016 | 21st Century Cures Act (P.L. 114-255) includes provisions addressing a range of different Medicaid issues, including several designed to enhance access to mental health services and improve program integrity:
Comprehensive Addiction and Recovery Act of 2016 (CARA, P.L. 114-198) excludes certain abuse-deterrent drug formulations from the definition of line-extension drugs in the Medicaid drug rebate program. Additionally, the statute:
|
Key Program Integrity Provisions in the Social Security Act
| Year | |
| Section 1893(g) | Medicare-Medicaid Data Match program |
| Section 1902(a)(4) and Section 1903(u) | Medicaid Eligibility Quality Control (MEQC) program |
| Section 1902(a)(4)(C) | Conflict-of-interest standards |
| Section 1902(a)(25) | Third-party liability |
| Section 1902(a)(30)(A) | Payment methods and procedures to safeguard against unnecessary utilization, consistent with efficiency, economy, and quality, and to provide access equal to the general population |
| Section 1902(a)(37) | Procedures for prepayment and postpayment claims review, including review of appropriate data with respect to the recipient and provider of a service and the nature of the service for which payment is claimed, to ensure the proper and efficient payment of claims and management of the program |
| Section 1902(a)(39) | Termination of provider participation under Medicaid if this provider has been terminated under Medicare or another state’s Medicaid program |
| Section 1902(a)(42)(B) | Recovery Audit Contractors for the Medicaid program |
| Section 1902(a)(46)(A) | State Income and Eligibility Verification System (also in Section 1137) |
| Section 1902(a)(46)(B) | Citizenship documentation |
| Section 1902(a)(61) | A state must effectively operate a Medicaid Fraud Control Unit, unless it can show that such efforts would not be cost-effective because minimal fraud exists and enrollees will be protected from abuse and neglect without such a unit |
| Section 1902(a)(77) | State compliance with provider screening, oversight, and reporting requirements in Section 1902(kk) |
| Section 1902(a)(79) | Requires billing agents, clearinghouses, and other alternate payees that submit claims on behalf of a provider to register with the state and HHS |
| Section 1902(a)(80) | Prohibits payment for items and services to any financial institution or entity located outside the United States |
| Section 1902(e)(13) | Express lane eligibility |
| Section 1902(ee) | Provides states with the option to verify citizenship through the Social Security Administration data match |
| Section 1902(kk) | Provider and supplier screening, oversight, and reporting requirements |
| Section 1903(a)(6) | Federal match for Medicaid Fraud Control Unit expenses |
| Section 1903(d)(2) | Allows states one year to return the federal share of most overpayments |
| Section 1903(i)(2) | Prohibits payments to an individual or entity excluded from the program |
| Section 1903(q) | Requirements Medicaid Fraud Control Units must meet |
| Section 1903(r)(1)(B)(iv) | National Correct Coding Initiative |
| Section 1903(r)(1)(F) | Requires states to report expanded set of data elements under MMIS to detect fraud and abuse |
| Section 1903(x) | Citizenship documentation |
| Section 1909 | State False Claims Act requirements for increased state share of recoveries |
| Section 1921 | Information reporting requirements concerning sanctions taken by state licensing authorities against health care practitioners and providers |
| Section 1927(g) | Drug use review |
| Section 1932(d) | Protections against fraud and abuse in managed care |
| Section 1936 | Medicaid Integrity Program |
| Section 1124 | Disclosure of ownership and related information |
| Section 1126 | Disclosure by institutions, organizations, and agencies of owners and certain other individuals who have been convicted of certain offenses |
| Section 1128 | Exclusion of certain individuals and entities from participation in Medicare and state health care programs |
| Section 1128A | Civil monetary penalties |
| Section 1128B | Criminal penalties for acts involving federal health care programs |
| Section 1128C | Fraud and Abuse Control Program |
| Section 1128D | Guidance regarding application of health care fraud and abuse sanctions |
| Section 1128E | Health Care Fraud and Abuse Data Collection Program |
| Section 1128F | Coordination of Medicare and Medicaid surety bond provisions (applies only to home health agencies) |
| Section 1128G | Transparency reports and reporting of physician ownership or investment interests |
| Section 1128H | Reporting information relating to drug samples |
| Section 1128I | Accountability requirements for facilities (skilled nursing facilities and nursing facilities) |
| Section 1128J | Medicare and Medicaid program integrity provisions |
| Section 1137 | Requirements for state income and eligibility verification systems (also in Section 1902(a)(46)(A)) |
| Section 1156 | Obligations of health care practitioners and providers of health care services, sanctions and penalties, hearings and review |