Unlike fee-for-service (FFS) arrangements, in which states pay providers directly and are solely responsible for monitoring access, managed care arrangements involve states contracting with managed care organizations (MCOs), which in turn contract with providers and monitor and enforce access and quality standards. State Medicaid programs approve contracts that describe how access will be monitored and deficiencies will be corrected, but in most cases do not pay or interact with providers directly. States do, however, maintain contractual oversight of the plans. States have an obligation to ensure that beneficiaries receive the appropriate services and that capitation payments are actuarially sound and made to entities that can provide these services.
Managed care offers states the opportunity to provide access to appropriate services and coordinate care for Medicaid enrollees—linking each enrollee with a regular source of primary care, arranging access to a contracted network of providers, and providing support services such as health education. But because managed care plans are paid on a capitated basis, there are risks that these arrangements will incentivize plans to contain costs through limited provider networks or inadequate payment rates that could negate some of the positive aspects of ensuring access to care.
Access requirements in Medicaid managed care
Access to Medicaid services for enrollees in managed care are covered under Sections 1903(m) and 1932 of the Social Security Act. MCOs must show the state and the Secretary of the U.S. Department of Health and Human Services (HHS) that they have the capacity to serve the expected number of enrollees and provide evidence that the plan offers an appropriate range of services, including access to preventive and primary care services, and maintains a sufficient number, mix, and geographic distribution of providers. The statute also requires that MCOs have procedures in place for monitoring and evaluating the quality and appropriateness of care and services to beneficiaries and that these services reflect the full spectrum of the needs of the populations enrolled under the contract. Medicaid MCOs must document standards for access to care so that covered services are available within reasonable timeframes and in a manner that ensures continuity of care, adequate primary care, and specialized services capacity (§1932 of the Social Security Act).
On November 13, 2020, CMS issued a final rule that amended the Medicaid managed care regulations (CMS 2020). The 2020 final rule eliminated the requirement that states develop time and distance network adequacy standards for providers and instead requires states to develop and publish quantitative network adequacy standards for providers including primary and specialty care providers (adult and pediatric), obstetricians and gynecologists, adult and pediatric behavioral health providers, hospitals, pharmacies, and pediatric dental providers. The rule applies to services provided to beneficiaries who are enrolled in managed care, including those who receive some carved-out services, such as behavioral health and dental services, in FFS arrangements. The 2020 final rule also requires states contracting with managed care plans for LTSS to have a quantitative network adequacy standard for LTSS providers, removing the requirement the states develop time and distance standards for those providers to which beneficiaries must travel to receive services (42 CFR 438.68, CMS 2020).
The Medicaid managed care final rule also lists factors that states must consider in setting standards, including:
- the ability of providers to communicate with limited English-proficient enrollees and to accommodate enrollees with disabilities, and
- the availability of triage lines or screening systems, as well as the use of telemedicine, e-visits, and other evolving and innovative technological solutions (42 CFR 438.68).
States must develop standards for all geographic areas of the state covered by the managed care program, but may allow capitated plans to meet different standards in different parts of the state. For example, a state could require plans to provide primary care within 10 miles or 15 minutes in urban areas of the state, but within 30 miles or 45 minutes in rural areas. States may grant exceptions to its network adequacy standards, as long as the exceptions process is set forth in the plan contract and is based on the number of providers in the relevant specialty area who are practicing in the plan’s service area. State network adequacy standards must be published on the state’s website and be provided in hard copy and accessible formats upon request. If states create exceptions to network adequacy standards, they must monitor enrollee access on an ongoing basis (42 CFR 438.68).
The rule also has more specific requirements, such as ensuring that female beneficiaries have direct access to women’s health specialists and timely access to family planning services. Enrollees must also be able to get second opinions from an in-network or out-of-network provider, if necessary. Beneficiaries must be permitted to obtain medically necessary services out of network, and out-of-network providers must coordinate with MCOs to ensure that enrollees do not have to pay more for these out-of-network services. Network providers must offer hours of operation no less than those offered to commercial beneficiaries or comparable to Medicaid FFS, and must offer around-the-clock services when medically necessary (42 CFR 438.206).
Current access monitoring practices in managed care
Managed care plans may be in a better position than state officials to monitor beneficiary access to care; their defined population of enrollees and providers provides a ready source for data collection. Managed care plans are required to report to the state if they have received accreditation from a private independent accrediting entity such as the National Committee for Quality Assurance (NCQA). More than half of states either require or recognize health plan accreditation from the National Committee for Quality Assurance (NCQA), which includes consistent data collection and reporting across states and plans (NCQA 2021). NCQA accreditation requires annual submission of data collected by the Healthcare Effectiveness Data and Information Set (HEDIS) measures and Consumer Assessment of Healthcare Providers and Systems (CAHPS) surveys. HEDIS is a set of state-level quality, access, and effectiveness-of-care measures for selected conditions, including measures related to the receipt of certain cancer screenings and child immunization rates. CAHPS is a set of beneficiary surveys designed for children and adults that covers a range of topics, including access to care (NCQA 2021).
Because federal regulations did not require specific network adequacy or other access standards prior to 2016 rule, states varied considerably in what they required in MCO contracts. States also used different strategies to assess compliance with the access standards established in their managed care contracts. A review by the HHS Office of Inspector General found that most states did not identify any violations of their access standards over a five-year period; the states that found the most violations were those that conducted direct tests of compliance. Among the states that identified violations, most relied on corrective action plans to address the violations, and only six imposed sanctions. Finally, the study found that CMS provided limited oversight of state access standards (OIG 2014).
A 2018 MACPAC review of Medicaid managed care contracts and quality strategies for several states found that states include multiple components in their provider network adequacy standards beyond the required time and distance standards, such as provider-to-member ratios, separate standards for rural and urban areas, appointment scheduling and appointment wait-time standards, requirements for after-hours access, and specifications for physical and communication accessibility. In addition, most states appear to be using multiple methods to monitor access including review of periodic MCO provider network files and additional network reports. Many contracts also require MCOs to submit other information that could be used for access and network adequacy monitoring, such as member and provider grievances, member and provider surveys, and encounter data. However, very few states detail the metrics or standards that are used to measure access or network adequacy beyond the time and distance standards or provide public information on how they monitor access and adequacy beyond ensuring contract compliance (MACPAC 2018).