On May 13, Vice President Vance, the chair of the White House Task Force to Eliminate Fraud, held a press conference. He announced the deferral of $1.3 billion in federal Medicaid matching payments owed to California, which received considerable attention. He also announced that the HHS Inspector General had by letter that day warned state Attorneys General that they needed to be more aggressive in prosecuting fraud against Medicaid. That received considerably less attention. Then on June 4, Andrew Ferguson, the Chairman of the Federal Trade Commission and co-chair of the White House Task Force, announced that the HHS IG had denied the Hawaii Attorney General’s request for recertification of her state’s Medicaid Fraud Control Unit, cutting off $3 million in federal funds for the costs of operating that unit. Since other shoes are likely to drop, it’s worth understanding just how nonsensical the IG’s actions are.
By way of background, state Medicaid programs are required to operate a Medicaid Fraud Control Unit. The MFCU is usually located in the office of the state’s Attorney General. Its responsibilities are to investigate and prosecute (1) fraud against the Medicaid program and (2) abuse and neglect of patients in long-term care facilities receiving Medicaid payments and, at state option, of Medicaid patients in community settings. The federal government pays 75 percent of the cost of operating a MFCU that meets performance standards. These include “cooperation with federal and other state authorities on fraud cases.” The HHS Office of Inspector General—not CMS—oversees the MFCUs, assessing their compliance with federal requirements, recertifying them annually as eligible for federal matching funds, and administering the payment of those funds to the MFCUs. OIG also posts annual performance data for each MFCU.
In his May 13 letter to all state AGs, the Inspector General, T. March Bell, informs each of them that OIG will “engage in a robust review of your MFCU” as part of the annual recertification process. He emphasizes that “HHS will protect American taxpayer dollars by requiring every single MFCU to comply with all of their obligations under Federal law in order to receive their MFCU funds.” A little too much drama, but fair enough.
Then he veers off the road:
And not just that. Noncompliance with your MFCU obligations can take your State’s entire Medicaid program out of compliance. This means your failure to do your job as head of the MFCU has put all of your State’s Medicaid funds in jeopardy.
(Yes, you read that right. The IG warned states that their “entire” Medicaid program would be found out of compliance and putting “all” of their Medicaid funds in jeopardy).
Let’s all take a deep breath and exhale slowly. It is true that decertification of a state’s MFCU would put the state out of compliance with one of the 90 different statutory requirements that states must meet in order to receive federal Medicaid matching funds (section 1902(a)(61) of the Social Security Act). But the implication that OIG has the authority to deny a state all of its Medicaid matching funds for this reason is simply false. OIG’s authority, delegated by the Secretary of HHS, is to administer federal matching funds to MFCUs. Authority with respect to all other federal Medicaid matching funds remains with the Secretary.
Of course, the IG could recommend that the Secretary (through the CMS Administrator) withhold all federal Medicaid matching funds from a state because its MFCU is no longer certified. That said, the notion that the Secretary—even this Secretary, and even in an election year—would take such an action is laughable.
To see why, one need look no further than the unprecedented compliance action that CMS took against Minnesota this past January. CMS notified the state that it was out of compliance with another statutory requirement (section 1902(a)(64) of the Social Security Act) relating to the compilation of data about waste, fraud, and abuse and that as a result CMS would reduce its federal matching payments by $515 million each quarter going forward until the state came into compliance. Half a billion each quarter is a lot of money, particularly for a relatively small Medicaid state like Minnesota, but it is less than 20 percent of the amount of Medicaid funds Minnesota receives from the federal government each year. And although Minnesota has been a particular target for this administration, CMS eventually thought better of its action and two months later found an off-ramp by approving the state’s corrective action plan.
The IG’s June 4 letter to Hawaii’s AG underscores this point. The letter states that OIG is denying recertification of the state’s MFCU because it is (1) “not effectively investigating fraud,” (2) “not effectively investigating Medicaid patient abuse and neglect cases,” and (3) “not adhering to MFCU Performance Standards.” In the view of the OIG, there is “a repeated history of statutory, regulatory, and performance deficiencies that contribute to the Hawaii MFCU consistently having among the lowest outcomes for MFCUs nationwide and among similar sized MFCUs.” As a result, the letter says that, effective June 4, the costs of operating the MFCU “are not allowable and will not be reimbursed.” Under OIG regulations, the state has the opportunity to request a reconsideration and to appeal the disallowance of federal matching funds; the AG has announced her intent to seek reconsideration.
Let’s assume for the sake of argument that the IG’s allegations about the Hawaii MFCU are accurate. Does the remedy—withholding 75 percent of the MFCU’s operating costs—make any sense? In a word, no. As the IG recognized in his May 13 letter to all state AGs, “The effective functioning of your State’s MFCU is a critical component of Medicaid fraud prevention.” Three weeks later, the IG effectively guts the funding of the Hawaii MFCU, eliminating “a critical component of Medicaid fraud prevention.”
MFCUs investigate potential fraud cases referred by the state Medicaid agency and, in a managed care state like Hawaii, from the MCOs with which it contracts. Without a MFCU, there is likely no state law enforcement capacity to prosecute fraud against the program (or abuse and neglect of patients). And without a MFCU, there is likely no state law enforcement capacity on which OIG, the FBI, and DOJ can rely to support their own investigations and prosecutions (as noted above, cooperation with federal agencies is a performance standard for MFCUs). Will bad actors in Hawaii, knowing that the funding for the MFCU has been drastically reduced, feel emboldened to steal from Medicaid?
It’s not at all clear how defunding the MFCU will improve the ability of either the state—or for that matter, the federal government—to fight fraud against Hawaii’s Medicaid program. (In FFY 2024, the federal government paid for 72 percent of the $3.236 billion that Hawaii spent on Medicaid, so the federal government has a strong interest in protecting the integrity of the program against bad actors). The IG’s June 4 letter denying recertification does not outline any path to improvement for the Hawaii MFCU, such as a corrective action plan. Nor does it indicate what, if anything, OIG will do to replace the MFCU with another state law enforcement presence to which the state Medicaid agency and/or the MCOs can refer potential cases of fraud for investigation and prosecution. A funding cut-off is a dramatic political gesture, but it is no way to win an actual “war on fraud” against Medicaid.