Highlight on Pennsylvania: Better Medicaid spending through technology

Pennsylvania lawmakers introduced legislation attempting to reduce spending and improve patient care within the state’s Medicaid program. Under the proposed legislation, Senate Bill 600, the state would adopt new technology to monitor and identify areas of unnecessary or wasteful health care services and procedures. The state would have 90 days within enactment of the bill to pick a technology company and implement the monitoring. Lawmakers noted that by providing more information, patients and providers, alike, could make better health care decisions. Consequently, this would reduce Medicaid spending. Pennsylvania is one of the highest spenders per Medicaid enrollee in the U.S., with one out of every four dollars in the state’s annual budget accounted for by Medicaid.

The lawmakers have started to review tech companies with prior experience in collecting and monitoring patients to improve care, notably companies that have worked with Alaska’s Medicaid program. The tech company involved  reduced misdiagnosis rates, improved outpatient care, cut waste, and reduced Medicaid expenditures in Alaska by over 14 percent. According to Pennsylvania lawmakers, a similar program could generate between $2 billion and $4 billion in annual savings.

In fiscal year 2015-16, the federal government spent about $15.3 billion on Medicaid in Pennsylvania, while the state spent about $10.6 billion, bringing the total to $25.9 billion; the state’s Department of Health and Human Services budget over the past few years has increased by about $500 million annually. The influx of approximately 700,000 new patients into the Medicaid system is a 20 percent increase and has cost an additional $4.6 billion. State lawmakers are concerned that the push for health care reform by the federal government will result in a cut in the federal portion of Medicaid to the state.

 

Highlight on Wisconsin: Medicaid waiver could be first of its kind

Wisconsin Governor Scott Walker (R) supports a number of novel Medicaid requirements for the state’s beneficiaries, including premium payments, drug testing, and a work requirement. Although a formal plan is not expected to be released until mid-April and sent to HHS by the end of May, if the plan is approved, Wisconsin would become the first state in the country with mandatory drug testing for Medicaid beneficiaries. Testing would be based upon Medicaid applicants’ answers to a screening. The proposal would mandate treatment for those who test positive. The screening is designed to limit the number of individuals in the program.

Price and Verma

The Wisconsin approach is part of a bigger theme of Republican-led states looking to limit Medicaid spending. Governors expect reciprocation from new HHS and CMS leaders regarding the restrictive ideals and, accordingly, are looking to get more out of Medicaid waivers than the Obama Administration allowed. The strategy is not without its rationale. In their first joint action, HHS Secretary Price and CMS Administrator Verma sent a letter to state governors discussing potential improvements to the Medicaid program. In that letter, Price and Verma wrote that the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) expansion of Medicaid “to non-disabled, working-age adults without dependent children was a clear departure from the core, historical mission of the program.” Also, prior to her position as Administrator, Verma worked on a proposed work requirement for Indiana’s Medicaid program. The Obama Administration rejected that proposal.

Drug screening

While the Obama Administration allowed states to differ in the expectation they placed upon program enrollees, governors like Walker are hoping they will see more eye-to-eye with Price and Verma than they did with Obama Administration officials on restrictive policies like work requirements. In light of the recent failure of the American Health Care Act (AHCA) in Congress, and that legislation’s attempt to cut Medicaid funding through per-capita caps, the Trump Administration is incentivized to find savings in other places. Walker believes Wisconsin’s plan is a promising approach. However, there is concern that the Trump Administration will be opposed to the drug screening because the Administration is trying to appear sympathetic to the growing drug epidemic. Opponents criticize the drug screening measuring, noting that the best way to help drug abusers is to expand Medicaid and provide them with the care they need.

Unconstitutional?

Other critics have called the drug screening measure illegal. However, the state’s Medicaid director defended the plan to test Medicaid recipients for drug use, rejecting assertions that the requirement would be unconstitutional. In addition to asking the Trump Administration whether Wisconsin can drug test childless adults on Medicaid, Governor Walker plans to request the ability to drug test able-bodied adults seeking other public benefits including food stamps and jobless payments—a request the Obama administration denied.

States try to manage expectations for Medicaid managed care

When CMS updated regulations regarding Medicaid managed care in May 2016, it was the first significant update to these regulations since 2002. Over the past year, as speakers at the American Health Lawyers’ Association Institute on Medicare and Medicaid Payment on March 29, 2017, noted, states have started the multi-year process of complying with the new rules, while dealing with resources issues at the state level and political change in Washington, D.C.

About 80 percent of the 73 million Medicaid enrollees are in some kind of managed care program, according to Lindsey Browning with the National Association of Medicaid Directors. Thirty-nine states and the District of Columbia have contracted with managed care entities to deliver care to all or some of their Medicaid beneficiaries.

Four options

Prior to the issuance of the revised regulations (81 FR 27498, May 6, 2016) states had basically one option for putting a managed care plan in place—requesting a Medicaid state plan amendment from HHS. Under the revised regulations states now have four options to implement managed care waivers under various provisions of the Social Security Act: (1) a Sec. 1932 state plan waiver; (2) a Sec. 1915(a) waiver (waiving competitive procurement process); (3) a Sec. 1915(b) waiver, requiring all enrollees, including dual eligibles and children with special health care needs to enroll in managed care; and (4) a Sec. 1115 waiver (which may permit coverage of services not otherwise covered in Medicaid) (see CMS modernizes Medicaid managed care, Health Law Daily, May 6, 2016).

James Golden, director, Division of Managed Care Plans at CMS, noted that full implementation of the revised regulations will take three to five years, and that the key to success is how well states work with affected stakeholders—both managed care entities and beneficiaries. “CMS expects the states to take the lead in setting standards,” Golden said.

State challenges

Browning highlighted two key challenges that states face – setting up adequate networks of providers so managed care beneficiaries can actually access health care; and limited staff capacity to drive expansion of Medicaid managed care alongside a number of other Medicaid related regulations.

Impact of new administration

A further complication, Browning noted, is the new Trump Administration and new leadership for HHS and CMS. She noted that the new CMS Administrator, Seema Verma, indicated an interest in re-examining all recent rules related to Medicare and Medicaid during her confirmation hearing. Browning also pointed to the Executive Order issued by President Trump which requires all agencies to create a Task Force to review existing regulations with the goal of repealing many of them. Browning noted that both Verma and HHS Secretary Tom Price are interested in increased state flexibility around health programs.

In addition, Browning said that any changes to the Affordable Care Act (ACA) (P.L. 111-148) may impact the new Medicaid managed care regulations, for example, she noted that a key goal of the managed care rule was alignment with qualified health plan requirements under the ACA. Would this change if the ACA’s health insurance Exchanges are eliminated? Finally, she said that any structural changes to Medicaid would likely require revised managed care rules.

OIG reviews MassHealth and its Medicaid data and information system safeguards

MassHealth failed to adequately safeguard data and information systems through its Medicaid Management Information System (MMIS) according to an audit by the HHS’ Office of Inspector General (OIG) undertaken to determine whether Massachusetts safeguarded MMIS data as required under federal requirements.

What is MMIS?

The MMIS is “an integrated group of procedures and computer processing operations (subsystems) developed at the general design level to meet principal objectives” which are: Title XIX program control and administrative costs; service to recipients, providers and inquiries; operations of claims control and computer capabilities; and management reporting for planning and control. States receive 90 percent federal financial participation (FFP) for design, development, or installation of MMIS and 75 percent FFP for operation of state mechanized claims processing and information retrieval systems.

MassHealth MMIS

The Massachusetts Executive Office of Health and Human Services is responsible for administering the state Medicaid program, commonly known as MassHealth, and information technology architecture, maintenance, and support is provided by the Massachusetts Office of Information Technology. Application support is provided through a contract with Hewlett-Packard.

The audit

Audits of information security controls are performed routinely on states’ computer systems used to administer HHS-funded programs and states are required to implement computer system security requirements and review them biennially. The OIG’s audit of MassHealth’s MMIS included MassHealth’s websites, databases, and other supporting information systems. The review was limited to security control areas and controls in place at the time of the visit. Specifically, the OIG looked at MassHealth’s implementation of federal requirements and National Institute of Standards and Technology guidelines regarding: system security plan, risk assessment, data encryption, web applications, vulnerability management, and database applications. Preliminary findings were communicated directly to MassHealth prior to the report’s issuance.

OIG’s findings

The OIG found MassHealth did not safeguard MMIS data and supporting systems as required by federal requirements. Vulnerabilities were discovered related to security management, configuration management, system software controls, and website and database vulnerability scans. Should exploitation of the vulnerabilities have occurred (and there was no evidence that it had), sensitive information could have been accessed and disclosed and operations of MassHealth could have been disrupted. Sufficient controls must be implemented over MassHealth Medicaid data and information systems.

Specific vulnerabilities uncovered were not detailed in the report because of the sensitive nature of the information. However, specific details were provided to MassHealth so it may address the issues. In response to the report, MassHealth described corrective actions it had taken or planned to take in response to the vulnerabilities.