Department of Health and Human Services OFFICE OF INSPECTOR GENERAL COLORADO STATE MEDICAID FRAUD CONTROL UNIT: 2016 ONSITE REVIEW (INITIAL CAPS, SMALL CAPS) Suzanne Murrin Deputy Inspector General August 2017 OEI-06-16-00520 EXECUTIVE SUMMARY: COLORADO STATE MEDICAID FRAUD CONTROL UNIT: 2016 ONSITE REVIEW OEI-06-16-00520 WHY WE DID THIS STUDY The Office of Inspector General (OIG) administers the Medicaid Fraud Control Unit (MFCU or Unit) grant awards, annually recertifies the Units, and oversees the Units’ performance in accordance with the requirements of the grant. As part of this oversight, OIG conducts periodic reviews of all Units and prepares public reports based on these reviews. These reviews assess the Units’ adherence to the 12 MFCU performance standards and compliance with applicable Federal statutes and regulations. HOW WE DID THIS STUDY We conducted an onsite review of the Colorado Unit in October 2016. We based our review on an analysis of data from seven sources: (1) policies, procedures, and documentation related to the Unit’s operations, staffing, and caseload; (2) financial documentation for fiscal years (FYs) 2013 through 2015; (3) structured interviews with key stakeholders; (4) a survey of Unit staff; (5) structured interviews with the Unit’s management; (6) a sample of files for cases that were open in FYs 2013 through 2015; and (7) observation of Unit operations. WHAT WE FOUND Our review found that the Colorado Unit was generally in compliance with applicable laws, regulations, and policy transmittals. For FYs 2013 through 2015, the Unit reported 32 criminal convictions, 106 civil judgments and settlements, and combined criminal and civil recoveries of over $22 million. However, we found four areas in which the Unit should improve. First, the Unit investigated few patient abuse or neglect cases. Second, the Unit did not report all convictions or adverse actions to Federal partners within the required timeframes. Third, 46 percent of the Unit’s case files lacked documentation of periodic supervisory reviews, although supervisors documented the opening and closing of all cases. Finally, the Unit did not retain documentation for a recurring grant expenditure, as required by Federal regulation. WHAT WE RECOMMEND We recommend that the Colorado Unit: (1) take steps to increase the number of investigations of patient abuse or neglect; (2) ensure that it consistently reports convictions and adverse actions to Federal partners within the required timeframes; (3) ensure that supervisory reviews of Unit case files are conducted and documented according to the Unit’s policies and procedures; and (4) ensure that it retains expenditure documentation for the time period required by regulation. The Unit concurred with our recommendations. TABLE OF CONTENTS Objective ......................................................................................................1 Background ..................................................................................................1 Methodology ................................................................................................4 Findings........................................................................................................6 For FYs 2013 through 2015, the Colorado Unit reported 32 criminal convictions, 106 civil judgments and settlements, and combined criminal and civil recoveries of over $22 million ....6 The Unit investigated few patient abuse or neglect cases ................7 The Unit did not report all convictions or adverse actions to Federal partners within the required timeframes .............................8 Forty-six percent of the Unit’s case files lacked documentation of periodic supervisory reviews, although supervisors documented the opening and closing of all cases .................................................9 The Unit did not retain documentation for a recurring grant expenditure, as required by Federal regulation ..............................10 Conclusion and Recommendations ............................................................ 11 Unit Comments and Office of Inspector General Response ..........13 Appendixes ................................................................................................14 A: 2012 Performance Standards ...................................................14 B: Colorado MFCU Referrals by Referral Source for FYs 2013 Through 2015 .................................................................................18 C: Point Estimates and 95-Percent Confidence Intervals Based on Reviews of Case Files ...............................................................19 D: Detailed Methodology .............................................................20 E: Unit Comments.........................................................................23 Acknowledgments......................................................................................26 OBJECTIVE To conduct an onsite review of the Colorado Medicaid Fraud Control Unit (MFCU or Unit). BACKGROUND The mission of MFCUs is to investigate and prosecute Medicaid provider fraud and patient abuse or neglect under State law.1 The Social Security Act (SSA) requires each State to operate a MFCU, unless the Secretary of Health and Human Services (HHS) determines that operation of a Unit would not be cost-effective because minimal Medicaid fraud exists in a particular State and that the State has other adequate safeguards to protect Medicaid beneficiaries from abuse and neglect.2 Currently, 49 States and the District of Columbia (States) have MFCUs.3 Each Unit must employ an interdisciplinary staff that consists of at least an investigator, an auditor, and an attorney.4 Unit staff review referrals of provider fraud and patient abuse or neglect to determine their potential for criminal prosecution and/or civil action. In fiscal year (FY) 2016 the 50 Units collectively reported 1,564 convictions, 998 civil settlements and judgments, and approximately $1.9 billion in recoveries.5, 6 Units must meet a number of requirements established by the SSA and Federal regulations. For example, each Unit must:  be a single, identifiable entity of State government, distinct from the single State Medicaid agency; 7  develop a formal agreement, such as a memorandum of understanding (MOU), which describes the Unit’s relationship with the State Medicaid agency;8 and ____________________________________________________________ 1 SSA § 1903(q). Regulations at 42 CFR § 1007.11(b)(1) add that the Unit’s responsibilities may include reviewing complaints of misappropriation of patients’ private funds in residential health care facilities. 2 SSA § 1902(a)(61). 3 North Dakota and the territories of American Samoa, Guam, the Northern Mariana Islands, Puerto Rico, and the U.S. Virgin Islands have not established Units. 4 SSA § 1903(q)(6); 42 CFR § 1007.13. 5 Office of Inspector General (OIG), MFCU Statistical Data for Fiscal Year 2016. Accessed at https://oig.hhs.gov/fraud/medicaid-fraud-control-units- mfcu/expenditures_statistics/fy2016-statistical-chart.pdf on February 28, 2017. 6 All FY references in this report are based on the Federal FY (October 1 through September 30). 7 SSA § 1903(q)(2); 42 CFR §§ 1007.5 and 1007.9(a). 8 42 CFR § 1007.9(d). Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 1  have either statewide authority to prosecute cases or formal procedures to refer suspected criminal violations to an agency with such authority.9 MFCU Funding Each MFCU is funded jointly by its State and the Federal government. Federal funding for the MFCUs is provided as part of the Federal Medicaid appropriation, but it is administered by OIG.10 Each Unit receives Federal financial participation equivalent to 75 percent of its total expenditures, with State funds contributing the remaining 25 percent.11 In FY 2016, combined Federal and State expenditures for the Units totaled nearly $258 million, $194 million of which represented Federal funds.12 Oversight of the MFCU Program The Secretary of HHS delegated to OIG the authority to administer the MFCU grant program.13 To receive Federal reimbursement, each Unit must submit an initial application to OIG for approval and be recertified each year thereafter. In annually recertifying the Units, OIG evaluates Unit compliance with Federal requirements and adherence to performance standards. The Federal requirements for Units are contained in the SSA, regulations, and policy guidance.14 In addition, OIG has published 12 performance standards that it uses to assess whether a Unit is effectively performing its responsibilities.15 The standards address topics such as staffing, maintaining adequate referrals, and cooperation with Federal authorities. Appendix A contains the Performance Standards. OIG also performs periodic onsite reviews of the Units, such as this review of the Colorado MFCU. During these onsite reviews, OIG evaluates Units’ compliance with laws, regulations, and policies, as well as adherence to the ____________________________________________________________ 9 SSA § 1903(q)(1). 10 SSA § 1903(a)(6)(B). 11 Ibid. 12 Office of Inspector General (OIG), MFCU Statistical Data for Fiscal Year 2016. Accessed at https://oig.hhs.gov/fraud/medicaid-fraud-control-units- mfcu/expenditures_statistics/fy2016-statistical-chart.pdf on February 28, 2017. 13 The SSA authorizes the Secretary of HHS to award grants to the Units (SSA § 1903(a)(6)); the Secretary delegated this authority to the OIG. 14 On occasion, OIG issues policy transmittals to provide guidance and instructions to MFCUs. 15 77 Fed. Reg. 32645 (June 1, 2012). Accessed at https://oig.hhs.gov/authorities/docs/2012/PerformanceStandardsFinal060112.pdf on February 28, 2017. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 2 12 performance standards. OIG also makes observations about best practices, provides recommendations to the Units, and monitors the implementation of the recommendations. These evaluations differ from other OIG evaluations as they support OIG’s direct administration of the MFCU grant program. These evaluations are subject to the same internal quality controls as other OIG evaluations, including internal peer review. OIG provides additional oversight including the collection and dissemination of performance data, training, and technical assistance. Colorado MFCU The Colorado Unit, a division of the Colorado Office of the Attorney General, investigates and prosecutes cases of Medicaid fraud and patient abuse and neglect. The Unit is located in Denver. At the time of our October 2016 onsite review, the Unit employed 16 staff members, including 9 investigators, 3 attorneys, and 1 auditor. The Unit’s management was comprised of a director, a senior assistant attorney general, and a supervising investigator.16 The Colorado Unit had total expenditures of approximately $2.18 million in combined State and Federal funds in FY 2016.17 Referrals. The Unit receives fraud referrals from a variety of sources, including private citizens, the State Medicaid Agency, other law enforcement agencies, and OIG. Appendix B depicts Unit referrals by source for FYs 2013 through 2015. For patient abuse or neglect referrals, the Unit develops nearly all referrals by reviewing complaints in the Occurrences database maintained by the Health Facilities and Emergency Medical Services Division of the Colorado Department of Public Health and Environment.18 The Occurrences database stores complaints about harm to residents and patients of health care facilities in Colorado, ranging from verbal abuse to serious injury to death. Unit staff search the Occurrences database for complaints that appear to warrant further investigation. If staff identify such complaints, they are submitted to Unit ____________________________________________________________ 16 The previous Unit director served during the review period of this report and left the position in February 2016. The interim director served from February 2016 until September 2016, when the current director was hired. 17 OIG, MFCU Statistical Data for Fiscal Year 2016. Accessed at https://oig.hhs.gov/fraud/medicaid-fraud-control-units- mfcu/expenditures_statistics/fy2016-statistical-chart.pdf on February 22, 2017. 18 Colorado Department of Public Health and Environment, Occurrences Reporting Manual. Accessed at https://www.colorado.gov/pacific/sites/default/files/HF_Occurrence-Reporting- Manual_0.pdf on May 6, 2017. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 3 management for acceptance as a referral. If Unit management accepts the complaint as a referral, it subsequently opens an investigation. Investigations. Once the Unit decides to open a case, the supervising investigator and the director assign one or more investigators and attorneys to the case. Per Unit policy, the assigned investigator(s) are responsible for all investigative activity conducted for the case, under the direction of the supervising investigator. The supervising investigator conducts reviews of each open case every 90 days.19 Unit policy requires that the Unit maintain documentation of each supervisory review in the case file. Previous Onsite Review In 2010, OIG issued a report regarding its onsite review of the Colorado Unit. The review found that the Unit did not fully comply with 2 of the 12 MFCU performance standards. First, the review found that a Colorado MFCU investigator worked on a non-Medicaid matter. OIG determined that the non-Medicaid related activity was minimal and did not require a reimbursement adjustment to the grant. Second, the review found that the MOU between the Unit and the State Medicaid agency did not address cross-training with the fraud detection staff of the State Medicaid agency, as required at the time.20 METHODOLOGY Data Collection and Analysis We conducted the onsite review in October 2016. We based our review on an analysis of data from seven sources: (1) policies, procedures, and documentation related to the Unit’s operations, staffing, and caseload; (2) financial documentation for FYs 2013 through 2015; (3) structured interviews with key stakeholders; (4) a survey of Unit staff; (5) structured interviews with the Unit’s management; (6) a sample of files for cases that were open in FYs 2013 through 2015; and (7) observation of Unit operations. Appendix E provides details of our methodology. ____________________________________________________________ 19 The Unit changed its supervisory review policy during our review period from every 90 days to 9–12 times per year. For the purposes on this evaluation, we used the 90 days threshold. 20 59 Fed. Reg. 49080 (Sept. 26, 1994). Performance Standards adopted in FY 2012 and after the earlier review no longer require the MOU to address cross-training between the Unit and the State Medicaid agency. 77 Fed. Reg. 32645 (June 1, 2012). Accessed at https://oig.hhs.gov/authorities/docs/2012/PerformanceStandardsFinal060112.pdf on February 28, 2017. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 4 Standards This study was conducted in accordance with the Quality Standards for Inspection and Evaluation issued by the Council of the Inspectors General on Integrity and Efficiency. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 5 FINDINGS Our review of the Colorado Unit found that it was generally in compliance with applicable laws, regulations, and policy transmittals. The Unit reported over $22 million in combined criminal and civil recoveries and 32 criminal and civil convictions during the review period. However, the Unit investigated few patient abuse or neglect cases. Further, the Unit did not report all convictions or adverse actions to Federal partners within the required timeframes, and some case files lacked documentation of at least one required supervisory review. Additionally, the Unit did not retain documentation for a recurring grant expenditure, as required by regulation. For FYs 2013 through 2015, the Colorado Unit reported 32 criminal convictions, 106 civil judgments and settlements, and combined criminal and civil recoveries of over $22 million For FYs 2013 through 2015, the Unit reported 32 criminal convictions and 106 civil judgments and settlements. Exhibit 1 provides details of the Unit’s yearly convictions and civil judgments and settlements. Of the Unit’s 32 convictions over the 3-year period, 31 involved provider fraud, and 1 involved patient abuse or neglect. Exhibit 1: Colorado MFCU Criminal Convictions and Civil Judgments and Settlements, FYs 2013–2015 3-Year Outcomes FY 2013 FY 2014 FY 2015 Total Criminal Convictions (fraud) 13 9 9 31 Criminal Convictions (abuse or neglect) 0 1 0 1 Civil Judgments and Settlements 36 26 44 106 Source: OIG analysis of Unit-submitted documentation, 2016. The Unit reported criminal and civil recoveries of over $22 million for FYs 2013 through 2015—ranging from $4.7 million to nearly $10 million over the 3 years (shown in Exhibit 2). During the 3-year period, “global” recoveries accounted for over 90 percent of the Unit’s total recoveries. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 6 Exhibit 2: Colorado MFCU Recoveries and Expenditures, FYs 2013–2015 Type of FY 2013 FY 2014 FY 2015 3–Year Total Recovery Global Civil $7,605,983 $9,607,840 $3,739,443 $20,953,266 Nonglobal Civil $317,966 $308,015 $307,040 $933,021 Criminal $226,252 $84,118 $660,651 $971,021 Total $8,150,201 $9,999,973 $4,707,134 $22,857,308 Recoveries Total $2,046,627 $1,615,525 $1,651,018 $5,313,170 Expenditures Source: OIG analysis of Unit-submitted documentation, 2016. The Unit investigated few patient abuse or neglect cases The Unit opened and investigated few patient abuse or neglect cases during the review period. According to Performance Standard 6, the Unit’s case mix should cover all significant provider types and include a balance of fraud and patient abuse or neglect cases. Of the 673 cases that were open at any time during the review period, less than 4 percent (25 cases) were patient abuse or neglect cases. Moreover, the number of abuse or neglect referrals that the Unit processed declined each year during our review period from 11 in 2013 to 8 in 2014 to only 1 referral in 2015. According to Unit staff, the previous management did not prioritize abuse or neglect cases. Staff reported that the previous director and supervising investigator declined to develop nearly all abuse or neglect complaints into referrals and investigations.21 Several Unit staff reported that, since the appointment of an interim director and now under the current permanent director, the Unit increased its focus on abuse and neglect cases. ____________________________________________________________ 21 As explained in the background, Unit staff search the Occurrences database for abuse or neglect complaints that appear to warrant further investigation. Unit staff then submit these complaints to Unit management for acceptance as a referral, from which an investigation may be opened. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 7 The Unit did not report all convictions or adverse actions to Federal partners within the required timeframes The Unit did not report all convictions or adverse actions to OIG and the National Practitioner Data Bank (NPDB) within the timeframes required by these entities. Performance Standard 8(f) states that the Unit should transmit to OIG reports of all convictions for the purpose of exclusion from Federal health care programs within 30 days of sentencing. Federal regulations require that Units report any adverse actions resulting from investigations or prosecution of healthcare providers to the NPDB within 30 calendar days of the date of the final adverse action.22 Performance Standard 8(g) also states that the Unit should report qualifying cases to the NPDB.23 The Unit did not report more than half of its convictions to OIG within the required timeframe The Unit did not report 59 percent of its convictions (19 of 32) to OIG within 30 days of sentencing. Exhibit 3 illustrates the number of days after sentencing that the Unit reported these convictions to OIG. Unit managers and staff explained that late reporting of convictions to OIG was primarily due to the Unit’s case management system lacking the functionality to automate monitoring of case progress. In December 2016, the Unit reported that it began exploring options for a more comprehensive case management system, to replace its current system. Late reporting of convictions to OIG delays the initiation of the program exclusion process, which may result in improper payments to providers by Medicare or other Federal health care programs or possible harm to beneficiaries. ____________________________________________________________ 22 45 CFR § 60.5 23 Performance Standard 8(g) states that the Unit should report “qualifying cases to the Healthcare Integrity & Protection Databank [HIPDB], the National Practitioner Data Bank, or successor data bases.” The HIPDB and the NPDB were merged during our review period (FYs 2013 through 2015); therefore, we reviewed the reporting of adverse actions under the NPDB requirements. See 78 Fed. Reg. 20473 (April 5, 2013). Examples of final adverse actions include, but are not limited to, convictions, civil judgments (but not civil settlements), and program exclusions. See 45 CFR § 60.3. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 8 Exhibit 3: Number of Convictions and Adverse Actions Reported After Required Timeframe Convictions or Convictions or Convictions or Total Convictions Federal Partner Adverse Actions Adverse Actions Adverse Actions or Adverse Actions Reported To Reported 1–30 Reported 31-60 Reported More Than Reported Late Days Late Days Late 60 Days Late OIG (Convictions) 10 6 3 19 NPDB (Adverse Actions) 12 6 42 60 Source: OIG analysis of Unit convictions and dates reported to OIG and the NPDB, 2016. The Unit did not report 72 percent of adverse actions to the NPDB within the required timeframe The Unit did not report 60 of its 83 adverse actions (72 percent) to the NPDB within 30 days of the adverse action, as required. Exhibit 3 illustrates the number of days after the adverse actions that the Unit reported them to the NPDB. Similar to late reporting of convictions to OIG, the Unit stated that late reporting to the NPDB was due to the Unit’s inadequate case management system. The NPDB is intended to restrict the ability of physicians, dentists, and other health care practitioners to move from State to State without disclosure or discovery of previous medical malpractice and adverse actions. If a Unit fails to report adverse actions to the NPDB, individuals may find new healthcare employment with an organization that is not aware of the adverse actions. Forty-six percent of the Unit’s case files lacked documentation of periodic supervisory reviews, although supervisors documented the opening and closing of all cases Of the Unit’s 71 case files that were open longer than 90 days and required review, 33 cases (46 percent) lacked documentation of supervisory reviews, as required by Unit policy.24 Performance Standards 5(b) and 7(a) state that supervisors should periodically review the progress of cases, consistent with Unit policies and procedures, ensure that each stage of the investigation and prosecution is completed in an appropriate timeframe, and note in the case file that the reviews took place. Unit policy for supervisory reviews states that the supervising investigator is to meet at least quarterly with investigators to review progress of cases. ____________________________________________________________ 24 Appendix C contains the point estimates and 95-percent confidence intervals. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 9 Still, all of the Unit’s case files contained documentation of supervisory approval to open and close the cases. Performance Standard 5(b) states that Unit supervisors should approve the opening and closing of cases. The Unit’s policy also requires opening and closing memorandums to document the opening and closing of cases. Supervisory approval to open cases indicates that Unit supervisors are monitoring the intake of cases, thereby facilitating progress in the investigation. Supervisory approval to close cases helps ensure the timely completion and resolution of cases. The Unit did not retain documentation for a recurring grant expenditure, as required by Federal regulation The Unit was unable to provide supporting documentation for a monthly expenditure incurred during FY 2013, selected as part of OIG’s sample. The Unit explained that it could not provide documentation of the monthly expenditure from this time period because the documentation was purged from a system no longer used by the Colorado Office of Attorney General.25 Federal regulations require grantees to retain all financial records and supporting documents pertinent to a Federal award for a period of three years, from the date of submission of the last expenditure report.26 ____________________________________________________________ 25 The FY 2013 expenditure, of $780 ($585 Federal share), was a monthly expense for leased phones that was centrally billed by another State agency to the Office of Attorney General. 26 45 CFR § 92.42. Beginning in FY 2016, the applicable requirement is found at 45 CFR § 75.361. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 10 CONCLUSION AND RECOMMENDATIONS Our review of the Colorado Unit found that it was generally in compliance with applicable laws, regulations, and policy transmittals. For FYs 2013 through 2015, the Unit reported 32 criminal convictions, 106 civil judgments and settlements, and combined criminal and civil recoveries of over $22 million. However, we found four areas in which the Unit should improve. First, the Unit investigated few patient abuse or neglect cases. Second, the Unit did not report all convictions or adverse actions to Federal partners within the required timeframes. Third, some case files lacked documentation of at least one required supervisory review. Finally, the Unit did not retain documentation for a recurring grant expenditure, as required by Federal regulation. We recommend that the Colorado Unit: Take steps to increase the number of investigations of patient abuse or neglect The Unit should, as appropriate, increase the number of investigations it opens from complaints in the Occurrences database. The Unit could also work with new and existing stakeholders to increase the number of referrals. Ensure that it consistently reports convictions and adverse actions to Federal partners within the required timeframes The Unit should develop procedures to ensure that it consistently reports convictions to OIG and adverse actions to the NPDB within 30 days of sentencing or following the adverse action. The Unit should also continue to explore implementing a new case management system that will make it easier to monitor case progress. Ensure that supervisory reviews of Unit case files are conducted and documented according to the Unit’s policies and procedures Unit management should ensure that supervisors adhere to the Unit’s written policy for conducting and documenting reviews of case files. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 11 Ensure that it retains expenditure documentation for the time period required by regulation The Unit should ensure that the MFCU and other State offices can provide supporting documentation for all expenditures, in accordance with Federal regulations. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 12 UNIT COMMENTS AND OFFICE OF INSPECTOR GENERAL RESPONSE The Colorado Unit concurred with our recommendations. Regarding the first recommendation, the Unit stated it has taken steps to increase the number of referrals of abuse and neglect by meeting with stakeholders beginning in October 2016, completing negotiations for a new MOU with the Colorado Department of Public Health and Finance, and increasing the number of cases it opens after reviewing the Occurrences database. Regarding the second recommendation, the Unit reported that the Colorado Department of Law is evaluating options for a case management system that would consolidate the Unit’s multiple tracking systems. In addition, the Unit now requires that closing forms contain all sentencing information, which will help to ensure timely reporting to Federal partners. Regarding the third recommendation, the Unit stated that it has taken steps to ensure that the lack of review and lack of documentation to show review do not occur going forward. These steps include conducting monthly meetings between the supervising investigator and investigators about open cases and requiring that attendees sign an electronic case-review form after each meeting. Regarding the fourth recommendation, the Unit stated that it is taking steps to ensure that it retains all supporting documentation for all expenditures in accordance with Federal regulations. The full text of the Unit’s comments is provided in Appendix E. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 13 APPENDIX A 2012 Performance Standards27 1. A UNIT CONFORMS WITH ALL APPLICABLE STATUTES, REGULATIONS, AND POLICY DIRECTIVES, INCLUDING: A. Section 1903(q) of the Social Security Act, containing the basic requirements for operation of a MFCU; B. Regulations for operation of a MFCU contained in 42 CFR part 1007; C. Grant administration requirements at 45 CFR part 92 and Federal cost principles at 2 CFR part 225; D. OIG policy transmittals as maintained on the OIG Web site; and E. Terms and conditions of the notice of the grant award. 2. A UNIT MAINTAINS REASONABLE STAFF LEVELS AND OFFICE LOCATIONS IN RELATION TO THE STATE’S MEDICAID PROGRAM EXPENDITURES AND IN ACCORDANCE WITH STAFFING ALLOCATIONS APPROVED IN ITS BUDGET. A. The Unit employs the number of staff that is included in the Unit’s budget estimate as approved by OIG. B. The Unit employs a total number of professional staff that is commensurate with the State’s total Medicaid program expenditures and that enables the Unit to effectively investigate and prosecute (or refer for prosecution) an appropriate volume of case referrals and workload for both Medicaid fraud and patient abuse and neglect. C. The Unit employs an appropriate mix and number of attorneys, auditors, investigators, and other professional staff that is both commensurate with the State’s total Medicaid program expenditures and that allows the Unit to effectively investigate and prosecute (or refer for prosecution) an appropriate volume of case referrals and workload for both Medicaid fraud and patient abuse and neglect. D. The Unit employs a number of support staff in relation to its overall size that allows the Unit to operate effectively. E. To the extent that a Unit maintains multiple office locations, such locations are distributed throughout the State, and are adequately staffed, commensurate with the volume of case referrals and workload for each location. 3. A UNIT ESTABLISHES WRITTEN POLICIES AND PROCEDURES FOR ITS OPERATIONS AND ENSURES THAT STAFF ARE FAMILIAR WITH, AND ADHERE TO, POLICIES AND PROCEDURES. A. The Unit has written guidelines or manuals that contain current policies and procedures, consistent with these performance standards, for the investigation and (for those Units with prosecutorial authority) prosecution of Medicaid fraud and patient abuse and neglect. B. The Unit adheres to current policies and procedures in its operations. C. Procedures include a process for referring cases, when appropriate, to Federal and State agencies. Referrals to State agencies, including the State Medicaid agency, should identify whether further investigation or other administrative action is warranted, such as the collection of overpayments or suspension of payments. D. Written guidelines and manuals are readily available to all Unit staff, either online or in hard copy. E. Policies and procedures address training standards for Unit employees. 4. A UNIT TAKES STEPS TO MAINTAIN AN ADEQUATE VOLUME AND QUALITY OF REFERRALS FROM THE STATE MEDICAID AGENCY AND OTHER SOURCES. ____________________________________________________________ 27 77 Fed. Reg. 32645, June 1, 2012. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 14 A. The Unit takes steps, such as the development of operational protocols, to ensure that the State Medicaid agency, managed care organizations, and other agencies refer to the Unit all suspected provider fraud cases. Consistent with 42 CFR 1007.9(g), the Unit provides timely written notice to the State Medicaid agency when referred cases are accepted or declined for investigation. B. The Unit provides periodic feedback to the State Medicaid agency and other referral sources on the adequacy of both the volume and quality of its referrals. C. The Unit provides timely information to the State Medicaid or other agency when the Medicaid or other agency requests information on the status of MFCU investigations, including when the Medicaid agency requests quarterly certification pursuant to 42 CFR 455.23(d)(3)(ii). D. For those States in which the Unit has original jurisdiction to investigate or prosecute patient abuse and neglect cases, the Unit takes steps, such as the development of operational protocols, to ensure that pertinent agencies refer such cases to the Unit, consistent with patient confidentiality and consent. Pertinent agencies vary by State but may include licensing and certification agencies, the State Long Term Care Ombudsman, and adult protective services offices. E. The Unit provides timely information, when requested, to those agencies identified in (D) above regarding the status of referrals. F. The Unit takes steps, through public outreach or other means, to encourage the public to refer cases to the Unit. 5. A UNIT TAKES STEPS TO MAINTAIN A CONTINUOUS CASE FLOW AND TO COMPLETE CASES IN AN APPROPRIATE TIMEFRAME BASED ON THE COMPLEXITY OF THE CASES. A. Each stage of an investigation and prosecution is completed in an appropriate timeframe. B. Supervisors approve the opening and closing of all investigations and review the progress of cases and take action as necessary to ensure that each stage of an investigation and prosecution is completed in an appropriate timeframe. C. Delays to investigations and prosecutions are limited to situations imposed by resource constraints or other exigencies. 6. A UNIT’S CASE MIX, AS PRACTICABLE, COVERS ALL SIGNIFICANT PROVIDER TYPES AND INCLUDES A BALANCE OF FRAUD AND, WHERE APPROPRIATE, PATIENT ABUSE AND NEGLECT CASES. A. The Unit seeks to have a mix of cases from all significant provider types in the State. B. For those States that rely substantially on managed care entities for the provision of Medicaid services, the Unit includes a commensurate number of managed care cases in its mix of cases. D. As part of its case mix, the Unit maintains a balance of fraud and patient abuse and neglect cases for those States in which the Unit has original jurisdiction to investigate or prosecute patient abuse and neglect cases. C. The Unit seeks to allocate resources among provider types based on levels of Medicaid expenditures or other risk factors. Special Unit initiatives may focus on specific provider types. E. As part of its case mix, the Unit seeks to maintain, consistent with its legal authorities, a balance of criminal and civil fraud cases. 7. A UNIT MAINTAINS CASE FILES IN AN EFFECTIVE MANNER AND DEVELOPS A CASE MANAGEMENT SYSTEM THAT ALLOWS EFFICIENT ACCESS TO CASE INFORMATION AND OTHER PERFORMANCE DATA. A. Reviews by supervisors are conducted periodically, consistent with MFCU policies and procedures, and are noted in the case file. B. Case files include all relevant facts and information and justify the opening and closing of the cases. C. Significant documents, such as charging documents and settlement agreements, are included in the file. D. Interview summaries are written promptly, as defined by the Unit’s policies and procedures. E. The Unit has an information management system that manages and tracks case information from initiation to resolution. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 15 F. The Unit has an information management system that allows for the monitoring and reporting of case information, including the following: 1. The number of cases opened and closed and the reason that cases are closed. 2. The length of time taken to determine whether to open a case referred by the State Medicaid agency or other referring source. 3. The number, age, and types of cases in the Unit’s inventory/docket 4. The number of referrals received by the Unit and the number of referrals by the Unit to other agencies. 5. The number of cases criminally prosecuted by the Unit or referred to others for prosecution, the number of individuals or entities charged, and the number of pending prosecutions. 6. The number of criminal convictions and the number of civil judgments. 7. The dollar amount of overpayments identified. 8. The dollar amount of fines, penalties, and restitution ordered in a criminal case and the dollar amount of recoveries and the types of relief obtained through civil judgments or prefiling settlements. 8. A UNIT COOPERATES WITH OIG AND OTHER FEDERAL AGENCIES IN THE INVESTIGATION AND PROSECUTION OF MEDICAID AND OTHER HEALTH CARE FRAUD. A. The Unit communicates on a regular basis with OIG and other Federal agencies investigating or prosecuting health care fraud in the State. B. The Unit cooperates and, as appropriate, coordinates with OIG’s Office of Investigations and other Federal agencies on cases being pursued jointly, cases involving the same suspects or allegations, and cases that have been referred to the Unit by OIG or another Federal agency. C. The Unit makes available, to the extent authorized by law and upon request by Federal investigators and prosecutors, all information in its possession concerning provider fraud or fraud in the administration of the Medicaid program. D. For cases that require the granting of “extended jurisdiction” to investigate Medicare or other Federal health care fraud, the Unit seeks permission from OIG or other relevant agencies under procedures as set by those agencies. E. For cases that have civil fraud potential, the Unit investigates and prosecutes such cases under State authority or refers such cases to OIG or the U.S. Department of Justice. F. The Unit transmits to OIG, for purposes of program exclusions under section 1128 of the Social Security Act, all pertinent information on MFCU convictions within 30 days of sentencing, including charging documents, plea agreements, and sentencing orders. G. The Unit reports qualifying cases to the Healthcare Integrity & Protection Databank, the National Practitioner Data Bank, or successor data bases. 9. A UNIT MAKES STATUTORY OR PROGRAMMATIC RECOMMENDATIONS, WHEN WARRANTED, TO THE STATE GOVERNMENT. A. The Unit, when warranted and appropriate, makes statutory recommendations to the State legislature to improve the operation of the Unit, including amendments to the enforcement provisions of the State code. B. The Unit, when warranted and appropriate, makes other regulatory or administrative recommendations regarding program integrity issues to the State Medicaid agency and to other agencies responsible for Medicaid operations or funding. The Unit monitors actions taken by the State legislature and the State Medicaid or other agencies in response to recommendations. 10. A UNIT PERIODICALLY REVIEWS ITS MEMORANDUM OF UNDERSTANDING (MOU) WITH THE STATE MEDICAID AGENCY TO ENSURE THAT IT REFLECTS CURRENT PRACTICE, POLICY, AND LEGAL REQUIREMENTS. A. The MFCU documents that it has reviewed the MOU at least every 5 years, and has renegotiated the MOU as necessary, to ensure that it reflects current practice, policy, and legal requirements. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 16 B. The MOU meets current Federal legal requirements as contained in law or regulation, including 42 CFR § 455.21, “Cooperation with State Medicaid fraud control units,” and 42 CFR § 455.23, “Suspension of payments in cases of fraud.” C. The MOU is consistent with current Federal and State policy, including any policies issued by OIG or the Centers for Medicare & Medicaid Services (CMS). D. Consistent with Performance Standard 4, the MOU establishes a process to ensure the receipt of an adequate volume and quality of referrals to the Unit from the State Medicaid agency. E. The MOU incorporates by reference the CMS Performance Standard for Referrals of Suspected Fraud from a State Agency to a Medicaid Fraud Control Unit. 11. A UNIT EXERCISES PROPER FISCAL CONTROL OVER UNIT RESOURCES. A. The Unit promptly submits to OIG its preliminary budget estimates, proposed budget, and Federal financial expenditure reports. B. The Unit maintains an equipment inventory that is updated regularly to reflect all property under the Unit’s control. C. The Unit maintains an effective time and attendance system and personnel activity records. D. The Unit applies generally accepted accounting principles in its control of Unit funding. E. The Unit employs a financial system in compliance with the standards for financial management systems contained in 45 CFR 92.20. 12. A UNIT CONDUCTS TRAINING THAT AIDS IN THE MISSION OF THE UNIT. A. The Unit maintains a training plan for each professional discipline that includes an annual minimum number of training hours and that is at least as stringent as required for professional certification. B. The Unit ensures that professional staff comply with their training plans and maintain records of their staff’s compliance. C. Professional certifications are maintained for all staff, including those that fulfill continuing education requirements. D. The Unit participates in MFCU-related training, including training offered by OIG and other MFCUs, as such training is available and as funding permits. E. The Unit participates in cross-training with the fraud detection staff of the State Medicaid agency. As part of such training, Unit staff provide training on the elements of successful fraud referrals and receive training on the role and responsibilities of the State Medicaid agency. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 17 APPENDIX B Colorado MFCU Referrals by Referral Source for FYs 2013 Through 2015 FY 2013 FY 2014 FY 2015 Referral Abuse & Abuse & Abuse & Fraud Fraud Fraud Source Neglect1 Neglect Neglect Medicaid agency – 5 0 13 0 6 0 PI/SURS2 Medicaid 20 0 2 0 3 0 agency – other Managed care 0 0 0 0 0 organizations State survey and certification 0 6 1 1 6 0 agency Other State 5 0 0 0 2 0 agencies Licensing board 0 0 0 0 0 0 Law 10 0 0 0 1 1 enforcement Office of Inspector 3 1 1 0 9 0 General Prosecutors 0 0 1 0 1 0 Providers 6 0 1 0 0 0 Provider 0 0 0 0 0 0 associations Private health 0 0 0 0 0 0 insurer Long-term-care 0 0 0 0 0 0 ombudsman Adult protective 0 1 0 0 0 0 services Private citizens 57 1 76 0 82 0 MFCU hotline 0 0 0 0 0 0 Self-generated 0 0 0 0 0 0 Other 19 2 18 7 4 0 Total 125 11 113 8 114 1 Annual Total 136 121 115 Source: OIG analysis of Unit Quarterly and Annual Statistical Reports, FYs 2013-2015. 1 The category of abuse & neglect referrals includes patient funds referrals. 2 The abbreviation “PI” stands for program integrity; the abbreviation “SURS” stands for Surveillance and Utilization Review Subsystem. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 18 APPENDIX C Point Estimates and 95-Percent Confidence Intervals Based on Reviews of Case Files 95-Percent Confidence Sample Point Interval Estimate Size Estimate Lower Upper Percentage of cases open longer than 90 days that required periodic supervisory review but 71 46.5%28 35.7 57.7 lacked documentation of such review Percentage of cases that contained 99 100.0% 96.7% 100.0% documentation of supervisory approval to open Percentage of cases that contained 89 100.0% 96.4% 100.0% documentation of supervisory approval to close Source: OIG analysis of Colorado MFCU case files, 2016. ____________________________________________________________ 28 The actual percentage is 46.479, which rounds to 46 percent as a whole number and to 46.5 percent when rounding to one decimal place. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 19 APPENDIX D Detailed Methodology Data collected from the seven sources below was used to describe the caseload and assess the performance of the Colorado MFCU. Data Collection Review of Unit Documentation. Prior to the onsite visit, we analyzed information regarding the Unit’s investigation of Medicaid cases, including information about the number of referrals the Unit received, the number of investigations the Unit opened and closed, the outcomes of those investigations, and the Unit’s case mix. We also collected and analyzed information about the number of cases that the Unit referred for prosecution and the outcomes of those prosecutions. We gathered this information from several sources, including the Unit’s quarterly statistical reports, annual reports, recertification questionnaire, policy and procedures manuals, and MOU with the State Medicaid agency. We requested any additional data or clarification from the Unit as necessary. Review of Unit Financial Documentation. We reviewed the Unit’s control over its fiscal resources to identify any issues involving internal controls or the use of resources. Prior to the onsite review, we reviewed the Unit’s financial policies and procedures; its response to an internal control questionnaire; and documents (such as financial status reports) related to MFCU grants. We reviewed three purposive samples to assess the Unit’s internal control of fiscal resources. All three samples were limited to the review period of FYs 2013 through FY 2015. The three samples included the following: 1. To assess the Unit’s expenditures, we selected a purposive sample of 24 items from the Unit’s 1,585 non-payroll expenditure transactions. We selected routine and nonroutine transactions representing a variety of budget categories and payment amounts. 2. To assess the Unit’s travel expenditures, we selected a purposive sample of 24 items from the Unit’s 228 travel transactions. We selected a variety of travel expenditure categories related to both in-State and out-of-State travel, such as hotel stays, airfare, and conference expenses. 3. To assess employees’ “time and effort”—i.e., their work hours spent on various MFCU tasks—we selected a sample of three pay periods, one from each fiscal year. We then requested and Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 20 reviewed documentation to support the time and effort of the MFCU staff during the selected pay periods. We also reviewed a purposive sample of the Unit’s equipment inventory. For this review, we selected and verified a purposive sample of 25 items from the current inventory list of 95 items maintained in the Unit’s office. Interviews with Key Stakeholders. In September and October 2016, we interviewed key stakeholders, including officials in the U.S. Attorneys’ Office and State agencies that interact with the Unit, including the Colorado Department of Health and Environment and Medicaid Program Integrity. We also interviewed supervisors from OIG’s Region VII office who work regularly with the Unit. We focused these interviews on the Unit’s relationship and interaction with OIG and other Federal and State authorities, and we identified opportunities for improvement. We used the information collected from these interviews to develop subsequent interview questions for Unit management. Survey of Unit Staff. In September 2016, we conducted an online survey of all 11 nonmanagerial Unit staff within each professional discipline (i.e., investigators, auditors, attorneys, analysts, and nurse investigators) as well as support staff. Our questions focused on Unit operations, opportunities for improvement, and practices that contributed to the effectiveness and efficiency of Unit operations and/or performance. The survey also sought information about the Unit’s compliance with applicable laws and regulations. Onsite Interviews with Unit Management. We conducted structured onsite interviews with the Unit’s management in October 2016. We interviewed the Unit Director, Supervising Investigator, two Assistant Attorneys General, Audit Manager, Nurse Analyst, and Administrative Manager. We also interviewed the Chief Section Counsel who supervises the Unit director. The Chief Section Counsel served as interim Unit director for approximately 7 months until the new director was hired in September 2016. We asked these individuals to provide information related to (1) Unit operations, (2) Unit practices that contributed to the effectiveness and efficiency of Unit operations and/or performance, (3) opportunities for the Unit to improve its operations and/or performance, and (4) clarification regarding information obtained from other data sources. Onsite Review of Case Files and Other Documentation. We requested that the Unit provide us with a list of cases that were open at any time during FYs 2013 through 2015. We requested data on the 673 cases that included, but was not limited to, the current status of the case; whether the Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 21 case was criminal, civil, or global; and the date on which the case was opened. Because global cases are civil false claims actions that typically involve multiple agencies, such as the U.S. Department of Justice and a group of State MFCUs, we excluded all of those cases from our review of a Unit’s case files. Therefore, we excluded 342 cases categorized as “global” from the list of cases. The remaining number of case files was 331. We then selected a simple random sample of 100 cases from the population of 331 cases. From this initial sample of 100 case files, we selected a further simple random sample of 50 files for a more in-depth, qualitative review of selected issues, such as the timeliness of investigations and case development. While onsite, we consulted MFCU staff to address any apparent issues with individual case files, such as missing documentation. We did not estimate any population or subpopulation proportions from this additional sample of 50 case files. Onsite Review of Unit Operations. During our October 2016 onsite visit, we reviewed the Unit’s workspace and operations. To conduct this review, we visited the Unit headquarters in Denver, Colorado. While onsite, we observed the Unit’s offices and meeting spaces, security of data and case files, location of select equipment, and the general functioning of the Unit. Data Analysis We analyzed data to identify any opportunities for improvement and instances in which the Unit did not fully meet the performance standards or was not operating in accordance with laws, regulations, or policy transmittals.29 ____________________________________________________________ 29 All relevant regulations, statutes, and policy transmittals are available online at http://oig.hhs.gov/fraud/medicaid-fraud-control-units-mfcu. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 22 APPENDIX E Unit Comments Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 23 Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 24 Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 25 ACKNOWLEDGMENTS Ben Gaddis served as the team leader for this study. Office of Evaluation and Inspections staff who conducted the review include Anthony Soto McGrath. Medicaid Fraud Policy and Oversight Division staff who participated in the review include Susan Burbach. Office of Investigations staff also participated in the review. Central office staff who contributed to this review include Kevin Farber and Christine Moritz. This report was prepared under the direction of Ruth Ann Dorrill, Regional Inspector General for Evaluation and Inspections in the Dallas regional office, and Deputy Regional Inspectors General, Amy Ashcraft and Petra Nealy; and in consultation with Richard Stern, Director of the Medicaid Fraud Policy and Oversight Division. Colorado State Medicaid Fraud Control Unit: 2016 Onsite Review (OEI-06-16-00520) 26 Office of Inspector General http://oig.hhs.gov The mission of the Office of Inspector General (OIG), as mandated by Public Law 95452, as amended, is to protect the integrity of the Department of Health and Human Services (HHS) programs, as well as the health and welfare of individuals served by those programs. This statutory mission is carried out through a nationwide network of audits, investigations, and inspections conducted by the following operating components: Office of Audit Services The Office of Audit Services (OAS) provides auditing services for HHS, either by conducting audits with its own audit resources or by overseeing audit work done by others. Audits examine the performance of HHS programs and/or its grantees and contractors in carrying out their respective responsibilities and are intended to provide independent assessments of HHS programs and operations. These assessments help reduce waste, abuse, and mismanagement and promote economy and efficiency throughout HHS. Office of Evaluation and Inspections The Office of Evaluation and Inspections (OEI) conducts national evaluations to provide HHS, Congress, and the public with timely, useful, and reliable information on significant issues. These evaluations focus on preventing fraud, waste, or abuse and promoting economy, efficiency, and effectiveness of departmental programs. To promote impact, OEI reports also present practical recommendations for improving program operations. Office of Investigations The Office of Investigations (OI) conducts criminal, civil, and administrative investigations of fraud and misconduct related to HHS programs, operations, and individuals. With investigators working in all 50 States and the District of Columbia, OI utilizes its resources by actively coordinating with the Department of Justice and other Federal, State, and local law enforcement authorities. The investigative efforts of OI often lead to criminal convictions, administrative sanctions, and/or civil monetary penalties. Office of Counsel to the Inspector General The Office of Counsel to the Inspector General (OCIG) provides general legal services to OIG, rendering advice and opinions on HHS programs and operations and providing all legal support for OIG’s internal operations. OCIG represents OIG in all civil and administrative fraud and abuse cases involving HHS programs, including False Claims Act, program exclusion, and civil monetary penalty cases. In connection with these cases, OCIG also negotiates and monitors corporate integrity agreements. OCIG renders advisory opinions, issues compliance program guidance, publishes fraud alerts, and provides other guidance to the health care industry concerning the anti-kickback statute and other OIG enforcement authorities.