Idaho State Medicaid Fraud Control Unit: 2012 Onsite Review
WHY WE DID THIS STUDY
OIG oversees all State Medicaid Fraud Control Units (MFCU or Unit) with respect to Federal grant compliance. As part of this oversight, OIG annually reviews and certifies all Units. In addition, OIG conducts onsite reviews of selected States. These reviews assess Unit performance in accordance with the 12 MFCU performance standards and monitor Unit compliance with Federal grant requirements, laws, and regulations.
HOW WE DID THIS STUDY
We analyzed data from seven sources: (1) a review of documentation, policies, and procedures related to the Unit's operations, staffing, and caseload; (2) a review of financial documentation; (3) structured interviews with key stakeholders; (4) a survey of Unit staff; (5) structured interviews with the Unit's management and selected staff; (6) an onsite review of case files; and (7) an onsite review of Unit operations.
WHAT WE FOUND
Our analysis of collected data from fiscal years (FY) 2009 through 2011 shows that the Unit reported recoveries of $5 million, Unit convictions and civil judgments and settlements increased, and the Unit opened 326 cases. Unit case files consistently contained documentation of supervisory approval to open and close cases, documentation of at least one supervisory review, and documentation of additional, periodic supervisory reviews. The Unit lacked adequate safeguards to secure case files, however. In addition, the Unit had not fully updated its policies and procedures manual to reflect its current operations and had not updated its memorandum of understanding (MOU) with Idaho's State Medicaid agency-the Department of Health and Welfare (DHW)-to reflect current law and practice. Except for case file security and an MOU stipulation that the Unit may be charged for data requests, we found no evidence of noncompliance with applicable laws, regulations, and policy transmittals.
WHAT WE RECOMMEND
We recommend that the Idaho Unit: (1) ensure that case files are secured against unauthorized access and/or removal and create adequate policies or procedures for securing case files and other documentation containing personally identifiable information, (2) revise its policies and procedures manual to reflect current Unit operations, and (3) revise its MOU with DHW to reflect current law and practice. The Unit concurred with all three of our recommendations.