Kusserow on Compliance: GAO reports CMS gaps in nursing home oversight

CMS needs to address gaps in federal oversight of nursing home abuse investigations

The Government Accountability Office (GAO) reviewed CMS oversight of nursing home abuse in response to a request from the Congress. As part of its review, the GAO interviewed officials from survey agencies about how they investigate complaints and facility-reported incidents of resident abuse in nursing homes in five selected states.

The GAO noted, there are approximately 15,600 nursing homes providing care to about 1.4 million nursing home residents, a population of elderly and disabled individuals. CMS defines the standards nursing homes must meet to participate in the Medicare and Medicaid programs, including standards for resident care and safety. To monitor compliance with these standards, CMS enters into agreements with state survey agencies to conduct standard surveys or evaluations of the state’s nursing homes. Those surveys and evaluations investigate both complaints from the public and facility-reported incidents regarding resident care or safety, such as abuse. Investigations of nursing homes based on public complaints and facility-reported incidents offer a unique opportunity for the state survey agencies to identify potential abuse, as these can provide a timely alert of acute issues that otherwise might not be addressed until the standard survey.  Federal nursing home surveys and investigations of complaints and facility-reported incidents can be cited and tracked by CMS. Where deficiencies are found, CMS can impose federal sanctions to prompt the correction of deficiencies.

The review focused on Oregon, a state with 135 nursing homes caring for approximately 7,000 residents. The GAO found failure to follow federal requirements that the survey agency investigate all complaints and facility-reported incidents. Additionally, the GAO found CMS failed to address gaps in federal oversight in Oregon for at least 15 years. The GAO suggested to CMS that these problems may extend to other states and that CMS needs to take corrective action.

GAO recommendations to the administrator of CMS included: (1) evaluating state survey agency processes in all states to ensure all state survey agencies are meeting federal requirements that state survey agencies are responsible for; (2) investigating complaints and facility-reported incidents alleging abuse in nursing homes; and (3) that the results of those investigations are being shared with CMS.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Medicaid third-party liability changes a challenge for states

The U.S. Government Accountability Office (GAO) conducted a study to see the progress states have made in implementing the changes in third-party liability requirements since the Bipartisan Budget Act of 2018 was passed. The GAO found that the states are unclear on how to collect the required information, update their data systems, and implement the new policies. Adding to the difficulties in understanding and implementing the changes, CMS has issued inconsistent guidance and offers only outdated policy manuals that offer no assistance in implementing the changes (GAO Report, GAO-19-601, August 9, 2019).

Bipartisan Budget Act of 2018

Federal law requires states ensure that Medicaid is the payer of last resort by taking steps to identify Medicaid beneficiaries’ other potential sources of health coverage and their legal liability. The Bipartisan Budget Act of 2018 modified the required processes states must follow when paying claims with probable third-party liability for three types of services. Under the amended statute, states must apply cost avoidance procedures to claims for prenatal care services and pregnancy-related services when it is apparent that a third party is or may be liable at the time the claim is filed. Additionally, states are no longer required to pay claims for pediatric preventative services immediately and may instead require the provider to submit the claim to the third party and wait 90 days (wait-and-see period) for payment before seeking Medicaid payment. Finally, states must make payment for a child support enforcement (CSE) beneficiary’s claim if the third party has not paid the provider’s claim within a 100-day wait-and-see period.

State concerns

According to state officials, several changes to administrative tasks and the Medicaid Management Information System (MMIS) needed to be undertaken to implement the new third-party liability changes and some required research and discussion about the best methods to make these changes. Officials noted that they would need to identify the correct codes in their data systems, establish some sort of indicators in their system to identify which claims were for CSE beneficiaries or had been billed to a third party and when. Some of this additional information would require a data sharing agreement with the state entity maintaining the CSE information while other information would require providers to track down insurance information from a non-custodial parent. Some officials expressed concern that the system changes may require new hardware and system modifications and may make it difficult or impossible to implement the changes, while others discussed waiting for the new MMIS that they were already working to roll out in the future. There were also concerns that the technology changes and the increased administrative work may make the changes not cost-effective to implement.

Stakeholder concerns

Stakeholders were concerned that obtaining accurate information on third-party liability sources for Medicaid beneficiaries and resubmitting claims that result from incorrect or outdated information can be resource intensive and time consuming. Medicaid beneficiaries may be unaware or may not disclose other insurance policies, especially when there are multiple policies by custodial and non-custodial parents or transitions in insurance following birth. Some stakeholders were concerned that rural-based providers may not have the resources to deal with the increased administrative work and delays in payment for services that could result from the payment changes. This may lead some providers to be less willing to serve Medicaid beneficiaries, which would potentially reduce access to care or delay time-sensitive services for children and pregnant women. Some providers may also seek to identify sources of third-party liability before providing services to beneficiaries, which would also delay access to care.


Many states expressed the need for further guidance from CMS on how to implement some of these changes, however, the GAO noted that CMS has issued guidance that is inconsistent with the federal laws and some CMS guidance documents are out of date and not a reliable source of information for states to use in implementing the new requirements. Therefore, the GAO recommended that CMS ensure the agency’s Medicaid third-party liability guidance is consistent with federal law.

The GAO found that CMS has not taken steps to determine the extent to which state Medicaid agencies are meeting the new requirements and indicated that they expect states to comply and will not verify unless the agency is made aware of non-compliance. The GAO recommended that CMS determine the extent to which state programs are meeting federal third-party liability requirements and take actions to ensure compliance where appropriate.

Kusserow on Compliance: GAO calls for strengthening oversight of Managed Care organizations

Medicaid is a major commitment of federal and state budgets, with total estimated expenditures of $596 billion in fiscal year 2017—expenditures that rival the budget of the Department of Defense. States are permitted wide latitude in the design and implementation of their program. The resulting diversity of the program and its size make the program particularly challenging to oversee at the federal level. The Government Accountability Office (GAO), in testimony before Congress, reported last year that they estimated about $37 billion in improper payments that accounted for about 26 percent of government-wide improper payments. The GAO testimony called for increased oversight of Medicaid providers and managed-care plans, and was critical of the Obama administration’s lax auditing of Medicaid insurers as millions joined the rolls through expansion. During the same hearing, the CMS Administrator responded by reporting the structure of expansion with the 90 percent match and an open-ended entitlement is an incentive for the states to spend more and more.


Highlights of GAO recommendations to CMS

  1. Add to clearly establish approval criteria and review processes to ensure supplemental payments of around $50 billion a year are identified and accounted for by states when setting future payment rates.
  2. Ensure demonstrations do not increase federal costs and properly conduct evaluations to increase significant savings and better informed policy decisions.
  3. Improve the Transformed Medicaid Statistical Information System to improve program oversight and collect complete and comparable data from all states.
  4. Conduct a fraud risk assessment and implement a risk-based antifraud strategy for Medicaid.
  5. Increased collaboration with the states is needed to help reduce improper payments.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS increases audits to address Medicaid fraud and abuse

In efforts to prevent Medicaid fraud and reduce improper payments, CMS is in the process of implementing eight “new or enhanced” program integrity initiatives and strategies to address reported billions in improper Medicaid payments. These initiatives include target auditing of selected state programs and known vulnerabilities. The stated aim is to promote transparency and accountability. The CMS announcement noted that Medicaid spending has risen more than 26 percent in the three years leading up to 2017, from $456 to $576 billion. A significant part of the increase was as result of states expanding their Medicaid programs under the Patient Protection and Affordable Care Act (ACA). Most of this increase was covered by the federal government, with its share rising 38 percent, from $263 billion to $363 billion, over the same three-year period. CMS efforts include evaluating the impact of this expansion on program integrity. The announced new initiatives followed a Senate hearing that lambasted CMS, reporting that Medicaid pays out $37 billion a year of improper payments, an increase of 157 percent since 2013.  The new initiatives will be designed to address previously identified activities that harmed Medicaid’s program integrity, and address problems identified by the GAO and OIG and include:

  1. Targeted audits of certain state MCOs. CMS will review financial reports from MCOs in targeted states to ensure they match actual claims experience.
  2. New audits of beneficiary eligibility. States that had OIG reviews of Medicaid beneficiary eligibility will have follow-up determinations reviewed by CMS.
  3. Claims and provider data optimization. CMS will validate the quality and completeness of state-provided data in the Transformed Medicaid Statistical Information System (TMSIS) using data analytics and other techniques to improve data quality and to flag potential problems that require further investigation.
  4. Data analytics pilots. CMS will use analytics and other IT tools on state-provided data to optimize state data to identify areas that need additional investigation.
  5. Provider screening on an opt-in basis. CMS will pilot a plan to screen Medicaid providers on behalf of states, in the belief that centralizing this process will improve efficiency and coordination across Medicare and Medicaid. This, in turn, should reduce state and provider burden, and address one of the biggest sources of error as measured by the Payment Error Rate Measurement (PERM) program.
  6. State-federal data sharing and collaboration. CMS is giving states access to the SSA’s master file of death records to help with managing provider enrollment.
  7. Publicly report state performance. The Medicaid scorecard will indicate how well states perform on certain measures pertaining to their Medicaid programs. This scorecard will include the state’s “integrity performance measures,” such as PERM.
  8. Provider education to reduce improper payments. CMS will bolster education efforts for Medicaid providers to reduce billing errors, including targeting comparative billing reports and provider-facing tools currently in development.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.