U.S. Department of Health and Human Services Office of Inspector General Utah Medicaid Fraud Control Unit: 2018 Onsite Review Add OEI-00-00-00000 OEI-09-18-00170 Month 201Y Suzanne Murrin August 2019 Deputy Inspector General for oig.hhs.gov Evaluation and Inspections oig.hhs.gov Report in Brief U.S. Department of Health and Human Services August 2019 OEI-09-18-00170 Office of Inspector General Utah Medicaid Fraud Control Unit: 2018 MFCU Case Outcomes Onsite Review The MFCU’s case outcomes for FYs 2015–2017 consisted of: What OIG Found  4 fraud convictions; During Federal fiscal years (FYs) 2015–2017, the number of criminal fraud  11 convictions of patient convictions that the Utah Medicaid Fraud Control Unit (MFCU) obtained— abuse or neglect; four convictions—fell below the level that the MFCU had achieved in the preceding years. This decrease in fraud convictions came at the same time as  approximately $400,000 a decrease in fraud referrals to the MFCU from the Utah Inspector General for in criminal recoveries; Medicaid Services (Utah MIG) and from Medicaid managed care organizations,  44 civil settlements and which Utah’s Medicaid program refers to as “accountable care organizations” judgments; and (ACOs). We note that, subsequent to our period of review, the MFCU obtained  $16.8 million in civil seven fraud convictions for FY 2018. The MFCU increased the number of recoveries. convictions that it obtained for patient abuse or neglect during FYs 2015–2017, compared to previous years. Why OIG Did This Review Several factors contributed to the MFCU’s declining nonglobal civil settlements, The primary purpose of this onsite judgments, and recoveries in FY 2017. MFCU management reported a decline review was to identify and address in civil cases involving pharmaceutical manufacturers, as well as a change in factors that contributed to the State law that limited the MFCU’s ability to follow its historical approach for MFCU’s low number of fraud litigating nonglobal civil cases. convictions during FYs 2015–2017 and declining amounts of We also found two instances of nonadherence with MFCU performance nonglobal* civil settlements, standards—one related to the MFCU’s practices for storing and maintaining judgments, and recoveries in case information, and the other regarding a lack of documentation of FY 2017. supervisory review of case files. The Office of Inspector General What OIG Recommends and How the Unit Responded (OIG) administers MFCU grant We recommend that the MFCU take steps to address the factors contributing awards, annually recertifies each to its decreased case outcomes. Specifically, we recommend that the MFCU: MFCU, and oversees MFCU performance in accordance with  develop and implement a plan to increase Medicaid fraud referrals from the requirements of the grant. the Utah MIG and ACOs; and As part of this oversight, OIG  further develop its approach to litigating nonglobal civil cases in-house conducts periodic onsite reviews of or refer them to other appropriate agencies for litigation. MFCUs and prepares public reports. These onsite reviews To address the instances of nonadherence with MFCU performance standards, supplement OIG’s annual we recommend that the MFCU: recertifications of the MFCUs.  develop and implement written procedures for storing, maintaining, and efficiently accessing case information; and * Nonglobal cases involve primarily State  establish a process to ensure that case files contain appropriate rather than Federal litigation; are pursued documentation. separately by individual MFCUs or with other law enforcement partners; and are The MFCU concurred with all four recommendations. not coordinated by the National Association of Medicaid Fraud Control Units. TABLE OF CONTENTS BACKGROUND 1 FINDINGS The MFCU obtained fewer fraud convictions during FYs 2015–2017 than in previous years, but 6 increased its number of convictions of patient abuse or neglect Fraud referrals from the Utah Inspector General for Medicaid Services (Utah MIG) and from 7 Medicaid accountable care organizations (ACOs) decreased in comparison to previous years Several factors contributed to the MFCU’s declining nonglobal civil case outcomes 8 The MFCU did not store and maintain its case information in a manner that allowed for 9 efficient access to the information Many case files were missing documentation of periodic supervisory reviews and/or approval 10 to open cases CONCLUSION AND RECOMMENDATIONS Develop and implement a plan to increase Medicaid fraud referrals from the Utah MIG and 11 ACOs Further develop its approach to litigating nonglobal civil cases or refer them to other 11 appropriate agencies for litigation Develop and implement written procedures for storing, maintaining, and efficiently accessing 11 case information Establish a process to ensure that case files contain appropriate documentation, including 12 records of periodic supervisory reviews and approval to open cases MFCU COMMENTS AND OIG RESPONSE 13 APPENDICES A: MFCU Performance Standards 14 B: Utah MFCU Referrals Received, by Source, Fiscal Years 2015–2017 20 C: Detailed Methodology 21 D: MFCU Comments 25 29 ACKNOWLEDGMENTS BACKGROUND Objective To examine performance and operational issues that the Office of Inspector General identified during its recertification and onsite review of the Utah Medicaid Fraud Control Unit Medicaid Fraud Medicaid Fraud Control Units (MFCUs or Units) investigate (1) Medicaid provider fraud and (2) patient abuse or neglect in facility settings, and Control Units prosecute those cases under State law or refer them to other prosecuting offices.1, 2 Under the Social Security Act (SSA), a MFCU must be a “single, identifiable entity” of State government, “separate and distinct” from the State Medicaid agency, and employ one or more investigators, attorneys, and auditors.3 Each State must operate a MFCU or receive a waiver.4 Currently, 49 States, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands operate MFCUs.5 Each MFCU receives a Federal grant award, equivalent to 90 percent of total expenditures for new Units and 75 percent for all other Units.6 In Federal fiscal year (FY) 2018, combined Federal and State expenditures for the Units totaled approximately $294 million.7 1 SSA § 1903(q)(3). Regulations at 42 CFR § 1007.11(b)(1) clarify that the Units’ responsibilities include the review of complaints of misappropriation of patients’ private funds in health care facilities. 2References to “State” in this report refer to the States, the District of Columbia, and the U.S. Territories. 3 SSA § 1903(q). 4 SSA § 1902(a)(61). 5 North Dakota and the territories of American Samoa, Guam, and the Northern Mariana Islands have not established Units. 6SSA § 1903(a)(6). For a Unit’s first 3 years of operation, the Federal government contributes 90 percent of funding and the State contributes 10 percent of Unit funding. (Currently, this provision is applicable to the new MFCUs in Puerto Rico and the U.S. Virgin Islands.) Thereafter, the Federal government contributes 75 percent and the State contributes 25 percent. 7 OIG analysis of MFCU annual statistical reporting data for FY 2018. The Federal FY 2018 was from October 1, 2017, through September 30, 2018. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 1 The Office of Inspector General (OIG) administers the grant award to each OIG Grant Unit and provides oversight of Units.8, 9 As part of its oversight, OIG reviews Administration and and recertifies each MFCU annually and conducts periodic onsite reviews, Oversight of the such as this review. MFCUs In a recertification review, OIG examines the following (collectively referred to as “recertification data”): the Unit’s annual report; questionnaire responses from the Unit’s director and stakeholders; and annual case statistics. Through the recertification review, OIG assesses a Unit’s performance, as measured by the Unit’s adherence to published performance standards;10 the Unit’s compliance with applicable laws, regulations, and OIG policy transmittals;11 and the Unit’s case outcomes. (See Appendix A for MFCU performance standards, including performance indicators for each standard.) OIG further assesses Unit performance by conducting onsite Unit reviews that may identify findings and make recommendations for improvement. During an onsite review, OIG also makes observations regarding Unit operations and practices, and may identify beneficial practices that may be useful to share with other Units. Finally, OIG provides training and technical assistance to Units while onsite, as appropriate, and on an ongoing basis. The Utah MFCU’s office is located in Murray—a suburb of Salt Lake City, the Utah MFCU State capital. The MFCU is an entity within the State Attorney General’s Office. At the time of our April 2018 onsite review, the MFCU had 13 staff positions: a director (who was also an attorney), 2 other attorneys (one of whom served as the deputy director), 6 investigators (one of whom served as the chief investigator), 2 auditors, a paralegal, and an office administrator. The chief investigator supervised the MFCU’s investigators, and the director served as the immediate supervisor for the chief investigator and other 8As part of grant administration, OIG receives and examines financial information from Units, such as budgets and quarterly and final Federal Financial Reports that detail MFCU income and expenditures. 9 The SSA authorizes the Secretary of Health and Human Services to award grants (SSA § 1903(a)(6)) and to certify and annually recertify the Units (SSA § 1903(q)). The Secretary delegated these authorities to OIG in 1979. 10MFCU performance standards are published at 77 Fed. Reg. 32645 (June 1, 2012). The performance standards were developed by OIG in collaboration with the MFCUs and were originally published at 59 Fed. Reg. 49080 (Sept. 26, 1994). OIG occasionally issues policy transmittals to provide guidance and instruction to MFCUs. 11 These policy transmittals may be found at https://oig.hhs.gov/fraud/medicaid-fraud-control- units-mfcu/index.asp. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 2 staff members. During our review period of FYs 2015–2017, the MFCU spent approximately $6 million, with a State share of about $1.5 million.12 Referrals. The MFCU receives fraud referrals from the Utah Medicaid Inspector General (Utah MIG), the State Medicaid agency, and Medicaid managed care organizations (which Utah refers to as “accountable care organizations” (ACOs)13), as well as from other sources, such as OIG and other law enforcement agencies. The Utah MFCU receives referrals of patient abuse or neglect from Adult Protective Services and the State Medicaid agency, as well as other sources. Appendix B identifies the MFCU’s referrals, by source, during FYs 2015–2017. When the MFCU receives a referral, the chief investigator reviews it to determine whether it has potential to be a full investigation. If the chief investigator determines that the referral has this potential, he sends the referral to the director, who decides whether to open a case. If the chief investigator declines a referral or the director decides not to open a case, the MFCU can send the referral to another agency for investigation or administrative action. Investigations and Prosecutions. After the MFCU opens a case, the director and chief investigator assign the case to an investigator and attorney to conduct a full investigation. After the investigation concludes, the director determines whether the case warrants prosecution.14 Utah Medicaid In FY 2017, Utah’s Medicaid expenditures were approximately $2.6 billion.15 In 13 of Utah’s 29 counties, all Medicaid beneficiaries receive their services Program through ACOs. In Utah’s other 16 counties, Medicaid beneficiaries have the option to receive their services through either ACOs or fee-for-service 12OIG, “Expenditures and Statistics,” MFCU Statistical Data, accessed at https://oig.hhs.gov/fraud/medicaid-fraud-control-units-mfcu/index.asp on September 28, 2018. 13Utah’s ACOs are—notwithstanding the phrase “accountable care”—similar to managed care organizations in other States in that their contracts with the State are “full risk capitated contracts and therefore assume the risk for all health care costs for their members.” Utah Department of Health, 2017 Utah Medicaid & CHIP Annual Report, p. 39, accessed at https://medicaid.utah.gov/Documents/pdfs/annual%20reports/medicaid%20annual% 20reports/MedicaidAnnualReport_2017.pdf on October 16, 2018. 14 Utah enacted a False Claims Act in 2007. Among other provisions, the Act (Utah Code §§ 26-20-1 through 26-20-15) imposes civil monetary and criminal penalties on persons or entities that submit false claims; make false statements; or receive or pay kickbacks or bribes. The civil provisions of Utah’s False Claims Act—unlike the Federal civil false claims act (31 U.S.C. §§ 3729–3733) and civil fraud statutes in many other States—do not contain a “qui tam,” or whistleblower, provision that would provide a monetary incentive to whistleblowers who identify fraud. 15OIG, Medicaid Fraud Control Unit 2017 Statistical Chart, accessed at https://oig.hhs.gov/fraud/medicaid-fraud-control-units-mfcu/expenditures_statistics/fy2017- statistical-chart.pdf on October 10, 2018. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 3 providers.16 As of FY 2015, nearly 90 percent of Utah’s roughly 291,000 Medicaid beneficiaries received their services through managed care entities.17 All of the ACOs operate Special Investigation Units that engage in a variety of program integrity activities, such as conducting audits of claims data to identify and address fraud, waste, and abuse. State contracts with the ACOs, as well as the ACOs’ policies and procedures, require ACOs to refer any suspected provider fraud to either the Utah MIG or MFCU. However, these contracts do not require the ACOs to refer suspected fraud to both agencies.18 The Utah MIG is responsible for Medicaid program integrity efforts in Utah. Among other duties, Utah MIG staff analyze the State’s Medicaid claims data to identify fraud, waste, and abuse.19, 20 The Utah MIG also conducts preliminary investigations of referrals that it receives from other sources. The Utah MIG is required to refer all cases of suspected fraud to the MFCU.21 16Utah Department of Health, 2017 Utah Medicaid & CHIP Annual Report, p. 38, accessed at https://medicaid.utah.gov/Documents/pdfs/annual%20reports/medicaid%20annual% 20reports/MedicaidAnnualReport_2017.pdf on October 16, 2018. 17CMS, Center for Program Integrity, Utah Focused Program Integrity Review (June 2017), p. 1, accessed at https://www.cms.gov/Medicare-Medicaid-Coordination/Fraud- Prevention/FraudAbuseforProfs/Downloads/UTfy16.pdf on October 16, 2018. In addition to receiving services from the ACOs, some Utah Medicaid beneficiaries receive certain services, such as behavioral health and substance abuse treatment, through other managed care entities. Utah Department of Health, 2017 Utah Medicaid & CHIP Annual Report, p. 42, accessed at https://medicaid.utah.gov/Documents/pdfs/annual%20reports/ medicaid%20annual% 20reports/MedicaidAnnualReport_2017.pdf on October 16, 2018. 18Federal regulation requires managed care entities (effective July 1, 2017) to refer any potential fraud, waste, or abuse to the State Medicaid program integrity unit, and to refer any potential fraud directly to the MFCU(s) in the State(s) where the potential fraud occurred. 42 CFR § 438.608(a)(7). 19The Utah State Legislature established the Utah MIG during its 2011 General Session as an independent office within the Utah Department of Administrative Services. The mission of the Utah MIG is to maximize the recovery of improper Medicaid payments and the identification of fraud, waste, and abuse within the Medicaid program. These Medicaid program integrity functions were previously performed by the State’s Department of Health, which serves as the State Medicaid agency. Utah Inspector General for Medicaid Services, 2017 Annual Report, p. 5, accessed at https://le.utah.gov/interim/2017/pdf/00004914.pdf on October 16, 2018. 20 If the Utah MIG receives a complaint of Medicaid fraud or identifies questionable practices, it is required to conduct a preliminary investigation to determine whether sufficient evidence exists to warrant a full investigation. See 42 CFR § 455.14. 2142 CFR § 455.21(a)(1) and Utah Code § 63A-13-202(1)(j). Consistent with these requirements, a memorandum of understanding among the Utah MIG, the State Medicaid agency, and the MFCU states that the Utah MIG must notify the MFCU whenever the Utah MIG has a “suspicion of fraud, patient abuse, patient neglect, or patient exploitation.” Memorandum of Understanding between the Utah MFCU, Utah OMIG, and Utah Department of Health, February 22, 2012, p. 5, Term 5(B) (Article V(2) of the 2018 version). Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 4 Previous OIG Onsite In 2014, OIG issued a report on its previous onsite review of the MFCU. The report contained four recommendations to improve the MFCU’s adherence Review to certain performance standards. OIG recommended that the MFCU (1) ensure that case files contain documented evidence of supervisory approval to open and close cases and periodic supervisory reviews; (2) ensure that letters referring convicted providers for exclusion from Federal health care programs are submitted to OIG within an appropriate timeframe; (3) revise its policies and procedures manual to include the MFCU’s periodic supervisory review process; and (4) ensure that adverse actions are reported to the National Practitioner Data Bank, as specified in Federal regulations. From the MFCU’s reporting of subsequent actions that it took, OIG considers each of these recommendations as implemented. We conducted the onsite review in April 2018. The review team consisted of Methodology OIG evaluators, law enforcement agents, and a director from another State MFCU. The primary purpose of the review was to follow up on issues that OIG had identified through its ongoing administration and oversight activities. Our analysis identified three specific areas of concern: (1) a low number of fraud convictions compared to those in previous FYs and compared to those of similarly sized MFCUs; (2) a low number of fraud referrals from the MFCU’s key State partners; and (3) declining nonglobal civil settlements and judgments in FY 2017.22 We focused our data collection and analysis primarily on identifying factors that contributed to these conditions. We also reviewed the MFCU’s operations and fiscal controls. Our review covered the 3-year period of FYs 2015–2017. We based our inspection on an analysis of data from six sources: (1) general MFCU documentation; (2) financial documentation; (3) structured interviews with key stakeholders; (4) structured interviews with the MFCU’s managers and staff; (5) a review of case files that were open at some point during the review period; and (6) observation of MFCU operations. (See Appendix C for a detailed methodology.) Standards We conducted this study in accordance with the Quality Standards for Inspection and Evaluation issued by the Council of the Inspectors General on Integrity and Efficiency. These inspections differ from other OIG evaluations in that they support OIG’s direct administration of the MFCU grant program, but they are subject to the same internal quality controls as other OIG evaluations, including internal and external peer review. 22“Global” civil cases are False Claims Act cases that are litigated in Federal court by the U.S. Department of Justice and typically involve a group of MFCUs. The National Association of Medicaid Fraud Control Units facilitates the settlement of global cases on behalf of the States. Nonglobal cases involve primarily State rather than Federal litigation; are pursued separately by Units or with other law enforcement partners; and are not coordinated by the National Association of Medicaid Fraud Control Units. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 5 FINDINGS The MFCU obtained During the 3-year period of FYs 2015 through 2017—the period of our review—the Utah MFCU reported four convictions of provider fraud. This fewer fraud number represented a decrease from the nine fraud convictions that the convictions during Utah MFCU had reported during the previous 3-year period. It was also the FYs 2015–2017 than lowest total among other similarly sized MFCUs for FYs 2015–2017.23, 24 in previous years, During this period, the number of fraud convictions among other similarly sized MFCUs ranged from 10 to 95. However, subsequent to our period of but increased its review, the MFCU reported seven fraud convictions for FY 2018— number of a significant increase compared to any of the fiscal years during the period convictions of of our review.25 patient abuse or Exhibit 1 displays the Utah MFCU’s convictions during FYs 2015–2017 and neglect FYs 2012–2014, and the range of convictions among other similarly sized MFCUs during FYs 2015–2017. Exhibit 1: Utah MFCU convictions in FYs 2015–2017 as compared to those from the previous 3-year period and those for similarly sized MFCUs. Utah Range Among Other MFCU Similarly Sized MFCUs Type of FYs FYs FYs Case Outcome 2012–2014 2015–2017 2015–2017 Fraud convictions 9 4 10 to 95 Criminal Convictions of patient abuse or 4 11 0 to 19 neglect Source: OIG, “Expenditures and Statistics,” MFCU Statistical Data, accessed at https://oig.hhs.gov/fraud/medicaid-fraud-control-units-mfcu/index.asp on September 28, 2018. During FYs 2015 through 2017, the Utah MFCU reported 11 convictions related to allegations of patient abuse or neglect, almost tripling its number 23MFCU management reported that circumstances outside the MFCU’s control involving a single case significantly reduced the total number of fraud convictions that it reported during FYs 2015–2017. 24 Although comparing a MFCU’s case outcomes with those of similarly sized MFCUs provides some context, many factors other than a MFCU’s number of staff can affect case outcomes. See Appendix C for a detailed description of our analysis, including the selection of similarly sized MFCUs and limitations associated with the comparative analysis. 25MFCUs were not required to report their FY 2018 recertification data (for example, the total number of convictions and referrals) to OIG until after we completed our onsite review. Therefore, we did not conduct analysis to determine why FY 2018 totals may have increased or decreased from our period of review. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 6 of such convictions (4 convictions) from the previous 3-year period. During FYs 2015–2017, the number of patient abuse or neglect convictions among other similarly sized MFCUs ranged from 0 to 19. For FY 2018, the MFCU reported 7 patient abuse or neglect convictions. Fraud referrals During FYs 2015 through 2017, the Utah MFCU received a total of six fraud referrals from the Utah MIG. This number represented a decrease from the from the Utah MIG 14 fraud referrals that the MFCU received from the MIG during the previous and ACOs 3-year period.26 It was also the second-lowest total among other similarly decreased in sized MFCUs for the number of fraud referrals that the MFCUs received from their respective State Medicaid program integrity units during comparison to FYs 2015 through 2017.27 Performance Standard 4 states that a MFCU previous years should take steps to ensure that it receives an adequate volume and quality of referrals. For FY 2018, the MFCU received 3 fraud referrals from the Utah MIG, a number that was consistent with the previous 3 fiscal years. The low number of fraud referrals from the Utah MIG to the MFCU is concerning because the Utah MIG has the primary responsibility of monitoring the State’s Medicaid program for cases of suspected fraud. It employs staff who are trained to analyze Medicaid data for potential fraud and to conduct preliminary investigations of fraud allegations. Therefore, it should be a significant source of quality referrals for the MFCU. Appendix B identifies the MFCU’s referrals, by source, during FYs 2015–2017. In addition, the MFCU reported that during the review period, it received only one fraud referral from Utah’s four ACOs. The low volume of ACO-generated referrals over a 3-year period is concerning in a State where nearly 90 percent of the Medicaid population is served by ACOs.28 Performance Standard 6(B) states that for those States that rely substantially on managed care entities for the provision of Medicaid services, the MFCU’s case mix should consist of a “commensurate number" of managed care cases. In a 2017 report on program integrity oversight in managed care in Utah’s Medicaid program, CMS noted that the number of fraud referrals 26MFCU management explained that when the MFCU reports to OIG the number of referrals that the MFCU received in a prior fiscal year, the MFCU reports only those referrals that it opened as full investigations. Therefore, it is possible that the MFCU received additional referrals from its key State partners that it did not open or pursue as full investigations because the MFCU judged that there was not sufficient preliminary evidence of fraud or because the allegation was outside of the MFCU’s grant authority. 27 By comparison, the number of fraud referrals that similarly sized MFCUs received from their respective MIG equivalents (i.e., from the agencies that primarily were responsible for Medicaid program integrity functions in their respective States) during FYs 2015–2017 ranged from 2 to 138. 28CMS, Center for Program Integrity, Utah Focused Program Integrity Review (June 2017), p. 1, accessed at https://www.cms.gov/Medicare-Medicaid-Coordination/Fraud- Prevention/FraudAbuseforProfs/Downloads/UTfy16.pdf on October 16, 2018. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 7 that the ACOs sent to either the Utah MFCU or the Utah MIG was “low” compared to the size of the ACOs.29 A low number of fraud referrals from ACOs in a State that is served primarily by managed care entities could make it difficult for the MFCU to carry out its mission effectively.30 The MFCU reported that it received no fraud referrals from the ACOs in FY 2018. Although the MFCU reported receiving few fraud referrals, MFCU management and staff stated that the MFCU regularly conducts outreach to other State agencies and associations of health care providers to encourage both referrals of fraud and referrals of patient abuse or neglect. MFCU and Utah MIG management and ACO program integrity staff stated that the MFCU meets with the Utah MIG, the State Medicaid agency, and ACOs collectively—on a quarterly basis—to discuss potential referrals and other program integrity issues. In addition, the MFCU and the Utah MIG meet quarterly with each of the four ACOs. Several factors One area of concern for the Utah MFCU involved declining outcomes from nonglobal civil cases in FY 2017. The MFCU had no nonglobal civil contributed to the settlements or judgments in FY 2017, compared to 10 settlements and MFCU’s declining judgments in FY 2016 and 6 in FY 2015. (See Exhibit 2.) Additionally, the nonglobal civil case MFCU’s nonglobal civil recoveries substantially declined in FY 2017— to $3,318, down from $7.9 million in FY 2016 and $5.6 million in FY 2015. outcomes Exhibit 2 shows the MFCU’s nonglobal civil case outcomes during FYs 2015–2017. Exhibit 2: The Utah MFCU’s nonglobal civil case outcomes declined in FY 2017. Type of Case Outcome FY 2015 FY 2016 FY 2017 Settlements and 6 10 0 Nonglobal civil judgments Recoveries $5.6 million $7.9 million $3,318 Source: MFCU response to OIG data request, 2018. 29CMS, Center for Program Integrity, Utah Focused Program Integrity Review (June 2017), p. 7, accessed at https://www.cms.gov/Medicare-Medicaid-Coordination/Fraud- Prevention/FraudAbuseforProfs/Downloads/UTfy16.pdf on October 16, 2018. CMS’s analysis of referrals used data from three of the ACOs for FYs 2013–2015. 30The total number of fraud referrals that the MFCU received from all sources declined during the review period, from 46 in FY 2015 to 36 in FY 2016 to 20 in FY 2017. The MFCU said that the reason for this decline was the drop in referrals of global fraud cases from the National Association of Medicaid Fraud Control Units. (Such referrals constituted the majority of fraud referrals that the MFCU received in FYs 2015 through 2017, as shown in Appendix B.) MFCU management reported that the MFCU does not control the number of global case referrals that it receives. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 8 At the time of our review in April 2018, MFCU management stated that the MFCU had only a limited “footprint” with regard to civil cases and identified key factors that contributed to its declining nonglobal civil case outcomes. The MFCU director reported that historically, the MFCU’s nonglobal civil cases had involved pharmaceutical manufacturers,31 but fewer of these cases were available now than in the past. The director further explained that the MFCU could no longer use its historical approach for litigating these types of civil cases because a 2015 State law restricts the use of outside counsel under contingent fee contracts, which the MFCU previously used.32 Subsequent to our onsite review, the MFCU reported two nonglobal settlements in FY 2018, neither of which was litigated by outside counsel under contingent fee contracts. Performance Standard 6(E) indicates that the MFCU should seek to maintain a balance of criminal and civil fraud cases.33 The MFCU did not The MFCU did not have standard practices to ensure that its staff consistently stored and maintained case information; this limited the store and maintain MFCU’s ability to efficiently access the information. Performance its case information Standard 7 states that a MFCU should maintain its case files in an effective in a manner that manner and have a case management system that, among other things, allows efficient access to case information for both monitoring and allowed for efficient reporting restitution and recoveries. access to the information We found that the MFCU stored information in four different places: (1) a case management and tracking system; (2) a networked drive shared by the MFCU office; (3) paper case files; and (4) staff’s personal computers. Because the MFCU lacked standard practices for case information storage, case file information was not always complete, accurate, or consistently maintained in these four locations. In some cases, we could not locate certain information in any of the four locations. We found that the MFCU 31MFCU management explained that in these cases, pharmaceutical manufacturers had substantially inflated the average wholesale prices that they reported to CMS. This inflated the prices that retailers ultimately paid for prescription drugs, thereby increasing costs to Medicaid. 32Utah Code § 67-5-33(5)(c), enacted in May 2015. The law prohibits the Office of Attorney General from using outside counsel under contingent fee contracts that are “based on the imposition or amount of a penalty or civil fine.” The law does not apply to any contingent fee contracts that were in existence before May 12, 2015. Therefore, the effects of the law on the MFCU’s nonglobal outcomes were not apparent until FY 2017. 33Additionally, Performance Standard 8(E) specifies that for cases that have civil fraud potential, the Unit should investigate and prosecute such cases under State authority or refer them to OIG or the U.S. Department of Justice. Also, OIG State Fraud Policy Transmittal 99-01 states that “all provider fraud cases that are declined criminally [should] be investigated and/or analyzed fully for their civil potential.” The policy transmittal further states that MFCUs should either try meritorious civil cases “under State law” or refer them to another agency “if no State civil fraud statute exists.” Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 9 designated eight cases as “open” strictly for the purpose of collecting restitution, even though the cases had been resolved. However, for some of these cases, the MFCU could not determine whether restitution had been received and, if so, how much. For one case, the MFCU did not know whether restitution had ever been received. Our review also found 11 cases that were listed as “open” in the system but were actually closed. In addition, three cases listed as “nonglobal” in the system were actually “global” cases. Many case files Of the 101 total case files that we reviewed, 68 lacked documentation of periodic supervisory reviews that complied with the MFCU’s policy for were missing periodic supervisory review.34 Of the 87 fraud case files we reviewed, documentation of 62 lacked this documentation. Of the 14 files for cases of patient abuse or periodic neglect we reviewed, 6 lacked this documentation. Performance supervisory reviews Standard 7(A) states that—consistent with the MFCU’s policies and procedures—supervisors should review case files periodically and these and/or approval to reviews should be noted in the case files. According to the MFCU’s policy open cases for periodic supervisory review, these reviews should occur every 45 days. However, 30 case files that we reviewed lacked documentation that supervisors had conducted any periodic reviews of the cases. An additional 38 case files contained documentation of some periodic supervisory review; however, the frequency of these documented reviews did not comply with the MFCU’s policy for supervisory review. OIG’s prior (2014) Utah MFCU onsite review report included a similar finding. According to MFCU management, the MFCU does not document periodic supervisory reviews during the prosecution phase of cases.35 In addition, documentation of supervisory approval to open cases was missing in 27 of the 87 fraud case files that we reviewed.36 Performance Standard 5(B) states that supervisors should approve the opening and closing of all investigations, and Performance Standard 7(B) states that case files should contain all relevant information and justify the opening of cases. OIG’s prior (2014) Utah MFCU onsite review report included a similar finding. 34Of the 105 case files in our sample, 3 cases were global fraud cases and 1 case was a fraud case that the MFCU had closed after a preliminary investigation. Therefore, we reviewed only 101 cases—87 cases of provider fraud and 14 cases of patient abuse or neglect—for documentation of supervisory approval to open the case and for documentation of periodic supervisory reviews. 35 For those cases that did not comply with the MFCU’s policy for periodic supervisory review, we determined that this noncompliance with regard to reviews and recordkeeping had not affected case outcomes. 36We did not find a lack of documentation of supervisory approval to open cases in any of the files we reviewed for the 14 cases of patient abuse or neglect. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 10 CONCLUSION AND RECOMMENDATIONS The number of fraud convictions during FYs 2015 through 2017 fell below the level that the Utah MFCU had achieved in previous years. We note that, subsequent to our period of review, the MFCU reported 7 fraud convictions for FY 2018. The MFCU achieved more convictions of patient abuse or neglect during FYs 2015 through 2017 than it had during the previous 3-year period. The MFCU’s FY 2015–2017 decrease in fraud convictions came at the same time as a decrease in fraud referrals from the Utah MIG and ACOs. Additionally, several factors contributed to the MFCU’s declining nonglobal civil cases and its civil settlements, judgments, and recoveries in FY 2017. Our review identified two instances of nonadherence with MFCU performance standards—specifically, issues with the MFCU’s practices for storing and maintaining case information and a lack of documentation of periodic supervisory review of case files. To address these issues related to case outcomes and nonadherence to performance standards, we recommend that the MFCU: Develop and implement a plan to increase Medicaid fraud referrals from the Utah MIG and ACOs The MFCU should further engage with the Utah MIG and the ACOs to develop and implement a plan to increase the number of fraud referrals to the MFCU. As part of this plan, the MFCU could assess its outreach efforts and identify ways to improve the volume of fraud referrals from other potential sources. Further develop its approach to litigating nonglobal civil cases or refer them to other appropriate agencies for litigation The MFCU should develop and implement a plan to ensure that it can either effectively litigate nonglobal civil cases in-house or refer cases with the potential to be litigated under Utah’s False Claims Act or other State laws to another agency with the authority to litigate these cases. Develop and implement written procedures for storing, maintaining, and efficiently accessing case information The MFCU should develop written procedures to standardize how it stores and maintains case file information. At a minimum, the procedures should specify where particular categories of case information will be stored. For example, case file information could be consolidated from the current four Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 11 types of locations into a single location. This could improve the MFCU’s ability to maintain, locate, and retrieve case information and more efficiently determine the status of cases, including any associated restitution owed or received. Establish a process to ensure that case files contain appropriate documentation, including records of periodic supervisory reviews and approval to open cases Both this 2018 onsite review and OIG’s prior (2014) review found that case files in the samples we reviewed lacked documented periodic supervisory reviews and/or supervisory approval to open cases. Although the MFCU took actions that appeared to have addressed OIG’s 2014 recommendation, our 2018 onsite review again found that many of the MFCU’s case files had no documentation that periodic supervisory reviews and/or supervisory approval to open cases had occurred. As part of a process to ensure documentation of periodic supervisory reviews, the MFCU could develop and use a system—electronic or otherwise—that reminds supervisors to both perform and document the reviews. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 12 MFCU COMMENTS AND OIG RESPONSE The MFCU concurred with all four of our recommendations. Regarding our recommendation for it to develop and implement a plan to increase Medicaid fraud referrals from the Utah MIG and ACOs, the MFCU stated that it will continue to evaluate the results of its outreach activities and implement additional strategies to increase referrals, as necessary. The MFCU said that it will continue to work closely with its State and Federal partners and further develop its relationship with the Utah Department of Health. The MFCU further noted that its numbers of fraud referrals and convictions had increased since the period of our review, and the MFCU stated that it anticipates these trends will continue. Regarding our recommendation for it to further develop an approach for litigating nonglobal civil cases or refer them to other appropriate agencies for litigation, the MFCU stated that it is attempting to identify the most effective plan to handle these cases. The MFCU further explained that it is pursuing multiple joint civil cases with the U.S. Attorney’s Office and that the Utah State Legislature recently approved funding for the MFCU to hire a civil attorney, should the MFCU determine that is the most effective way to pursue nonglobal civil cases. Regarding our recommendation for it to develop and implement written procedures for storing, maintaining, and efficiently accessing case information, the MFCU reported that it has created procedures, checklists, and standardized forms to improve its case documentation. The MFCU further indicated that it will create a case documentation subcommittee to determine what additional policies, processes, and forms are necessary. Regarding our recommendation for it to establish a process to ensure that case files contain appropriate documentation, the MFCU reported that it has worked to analyze and improve the case-tracking and documenting processes and said that it will continue to refine processes, as needed. Finally, the MFCU stated that it has improved the documentation of its case reviews and has implemented a new case review process. The full text of the MFCU’s comments is provided in Appendix D. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 13 APPENDIX A: MFCU Performance Standards 37 1) A Unit conforms with all applicable statutes, regulations, and policy directives, including: A) Section 1903(q) of the Social Security Act, containing the basic requirements for operation of a MFCU; B) Regulations for operation of a MFCU contained in 42 CFR part 1007; C) Grant administration requirements at 45 CFR part 92 and Federal cost principles at 2 CFR part 225; D) OIG policy transmittals as maintained on the OIG website; and E) Terms and conditions of the notice of the grant award. 2) A Unit maintains reasonable staff levels and office locations in relation to the State’s Medicaid program expenditures and in accordance with staffing allocations approved in its budget. A) The Unit employs the number of staff that is included in the Unit’s budget estimate as approved by OIG. B) The Unit employs a total number of professional staff that is commensurate with the State’s total Medicaid program expenditures and that enables the Unit to effectively investigate and prosecute (or refer for prosecution) an appropriate volume of case referrals and workload for both Medicaid fraud and patient abuse and neglect. C) The Unit employs an appropriate mix and number of attorneys, auditors, investigators, and other professional staff that is both commensurate with the State’s total Medicaid program expenditures and that allows the Unit to effectively investigate and prosecute (or refer for prosecution) an appropriate volume of case referrals and workload for both Medicaid fraud and patient abuse and neglect. D) The Unit employs a number of support staff in relation to its overall size that allows the Unit to operate effectively. E) To the extent that a Unit maintains multiple office locations, such locations are distributed throughout the State, and are adequately staffed, commensurate with the volume of case referrals and workload for each location. 3) A Unit establishes written policies and procedures for its operations and ensures that staff are familiar with, and adhere to, policies and procedures. A) The Unit has written guidelines or manuals that contain current policies and procedures, consistent with these performance 37 77 Fed. Reg. 32645 (June 1, 2012). Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 14 standards, for the investigation and (for those Units with prosecutorial authority) prosecution of Medicaid fraud and patient abuse and neglect. B) The Unit adheres to current policies and procedures in its operations. C) Procedures include a process for referring cases, when appropriate, to Federal and State agencies. Referrals to State agencies, including the State Medicaid agency, should identify whether further investigation or other administrative action is warranted, such as the collection of overpayments or suspension of payments. D) Written guidelines and manuals are readily available to all Unit staff, either online or in hard copy. E) Policies and procedures address training standards for Unit employees. 4) A Unit takes steps to maintain an adequate volume and quality of referrals from the State Medicaid agency and other sources. A) The Unit takes steps, such as the development of operational protocols, to ensure that the State Medicaid agency, managed care organizations, and other agencies refer to the Unit all suspected provider fraud cases. Consistent with 42 CFR 1007.9(g), the Unit provides timely written notice to the State Medicaid agency when referred cases are accepted or declined for investigation. B) The Unit provides periodic feedback to the State Medicaid agency and other referral sources on the adequacy of both the volume and quality of its referrals. C) The Unit provides timely information to the State Medicaid or other agency when the Medicaid or other agency requests information on the status of MFCU investigations, including when the Medicaid agency requests quarterly certification pursuant to 42 CFR 455.23(d)(3)(ii). D) For those States in which the Unit has original jurisdiction to investigate or prosecute patient abuse and neglect cases, the Unit takes steps, such as the development of operational protocols, to ensure that pertinent agencies refer such cases to the Unit, consistent with patient confidentiality and consent. Pertinent agencies vary by State but may include licensing and certification agencies, the State Long Term Care Ombudsman, and adult protective services offices. E) The Unit provides timely information, when requested, to those agencies identified in (D) above regarding the status of referrals. F) The Unit takes steps, through public outreach or other means, to encourage the public to refer cases to the Unit. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 15 5) A Unit takes steps to maintain a continuous case flow and to complete cases in an appropriate timeframe based on the complexity of the cases. A) Each stage of an investigation and prosecution is completed in an appropriate timeframe. B) Supervisors approve the opening and closing of all investigations and review the progress of cases and take action as necessary to ensure that each stage of an investigation and prosecution is completed in an appropriate timeframe. C) Delays to investigations and prosecutions are limited to situations imposed by resource constraints or other exigencies. 6) A Unit’s case mix, as practicable, covers all significant providers types and includes a balance of fraud and, where appropriate, patient abuse and neglect cases. A) The Unit seeks to have a mix of cases from all significant provider types in the State. B) For those States that rely substantially on managed care entities for the provision of Medicaid services, the Unit includes a commensurate number of managed care cases in its mix of cases. C) The Unit seeks to allocate resources among provider types based on levels of Medicaid expenditures or other risk factors. Special Unit initiatives may focus on specific provider types. D) As part of its case mix, the Unit maintains a balance of fraud and patient abuse and neglect cases for those States in which the Unit has original jurisdiction to investigate or prosecute patient abuse and neglect cases. E) As part of its case mix, the Unit seeks to maintain, consistent with its legal authorities, a balance of criminal and civil fraud cases. 7) A Unit maintains case files in an effective manner and develops a case management system that allows efficient access to case information and other performance data. A) Reviews by supervisors are conducted periodically, consistent with MFCU policies and procedures, and are noted in the case file. B) Case files include all relevant facts and information and justify the opening and closing of the cases. C) Significant documents, such as charging documents and settlement agreements, are included in the file. D) Interview summaries are written promptly, as defined by the Unit’s policies and procedures. E) The Unit has an information management system that manages and tracks case information from initiation to resolution. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 16 F) The Unit has an information management system that allows for the monitoring and reporting of case information, including the following: 1) The number of cases opened and closed and the reason that cases are closed. 2) The length of time taken to determine whether to open a case referred by the State Medicaid agency or other referring source. 3) The number, age, and types of cases in the Unit’s inventory/docket. 4) The number of referrals received by the Unit and the number of referrals by the Unit to other agencies. 5) The dollar amount of overpayments identified. 6) The number of cases criminally prosecuted by the Unit or referred to others for prosecution, the number of individuals or entities charged, and the number of pending prosecutions. 7) The number of criminal convictions and the number of civil judgments. 8) The dollar amount of fines, penalties, and restitution ordered in a criminal case and the dollar amount of recoveries and the types of relief obtained through civil judgments or prefiling settlements. 8) A Unit cooperates with OIG and other Federal agencies in the investigation and prosecution of Medicaid and other health care fraud. A) The Unit communicates on a regular basis with OIG and other Federal agencies investigating or prosecuting health care fraud in the State. B) The Unit cooperates and, as appropriate, coordinates with OIG’s Office of Investigations and other Federal agencies on cases being pursued jointly, case involving the same suspects or allegations, and cases that have been referred to the Unit by OIG or another Federal agency. C) The Unit makes available, to the extent authorized by law and upon request by Federal investigators and prosecutors, all information in its possession concerning provider fraud or fraud in the administration of the Medicaid program. D) For cases that require the granting of “extended jurisdiction” to investigate Medicare or other Federal health care fraud, the Unit seeks permission from OIG or other relevant agencies under procedures as set by those agencies. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 17 E) For cases that have civil fraud potential, the Unit investigates and prosecutes such cases under State authority or refers such cases to OIG or the U.S. Department of Justice. F) The Unit transmits to OIG, for purposes of program exclusions under section 1128 of the Social Security Act, all pertinent information on MFCU convictions within 30 days of sentencing, including charging documents, plea agreements, and sentencing orders. G) The Unit reports qualifying cases to the Healthcare Integrity & Protection Databank, the National Practitioner Data Bank, or successor data bases. 9) A Unit makes statutory or programmatic recommendations, when warranted, to the State government. A) The Unit, when warranted and appropriate, makes statutory recommendations to the State legislature to improve the operation of the Unit, including amendments to the enforcement provisions of the State code. B) The Unit, when warranted and appropriate, makes other regulatory or administrative recommendations regarding program integrity issues to the State Medicaid agency and to other agencies responsible for Medicaid operations or funding. The Unit monitors actions taken by the State legislature and the State Medicaid or other agencies in response to recommendations. 10) A Unit periodically reviews its Memorandum of Understanding (MOU) with the State Medicaid agency to ensure that it reflects current practice, policy, and legal requirements. A) The MFCU documents that it has reviewed the MOU at least every 5 years, and has renegotiated the MOU as necessary, to ensure that it reflects current practice, policy, and legal requirements. B) The MOU meets current Federal legal requirements as contained in law or regulation, including 42 CFR 455.21, “Cooperation with State Medicaid fraud control units,” and 42 CFR 455.23, “Suspension of payments in cases of fraud.” C) The MOU is consistent with current Federal and State policy, including any policies issued by OIG or the Centers for Medicare & Medicaid Services (CMS). D) Consistent with Performance Standard 4, the MOU establishes a process to ensure the receipt of an adequate volume and quality of referrals to the Unit from the State Medicaid agency. E) The MOU incorporates by reference the CMS Performance Standard for Referrals of Suspected Fraud From a State Agency to a Medicaid Fraud Control Unit. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 18 11) A Unit exercise proper fiscal control over Unit resources. A) The Unit promptly submits to OIG its preliminary budget estimates, proposed budget, and Federal financial expenditure reports. B) The Unit maintains an equipment inventory that is updated regularly to reflect all property under the Unit’s control. C) The Unit maintains an effective time and attendance system and personnel activity records. D) The Unit applies generally accepted accounting principles in its control of Unit funding. E) The Unit employs a financial system in compliance with the standards for financial management systems contained in 45 CFR 92.20. 12) A Unit conducts training that aids in the mission of the Unit. A) The Unit maintains a training plan for each professional discipline that includes an annual minimum number of training hours and that is at least as stringent as required for professional certification. B) The Unit ensures that professional staff comply with their training plans and maintain records of their staff’s compliance. C) Professional certifications are maintained for all staff, including those that fulfill continuing education requirements. D) The Unit participates in MFCU-related training, including training offered by OIG and other MFCUs, as such training is available and as funding permits. E) The Unit participates in cross-training with the fraud detection staff of the State Medicaid agency. As part of such training, Unit staff provide training on the elements of successful fraud referrals and receive training on the role and responsibilities of the State Medicaid agency. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 19 APPENDIX B: Utah MFCU Referrals Received, by Source, Fiscal Years 2015–2017 FY 2015 FY 2016 FY 2017 3-Year Total Patient Patient Patient Patient Abuse/ Abuse/ Abuse/ Abuse/ Source Fraud Neglect Fraud Neglect Fraud Neglect Fraud Neglect Total Adult Protective 0 6 0 17 1 14 1 37 38 Services Medicaid 3 2 4 2 0 4 7 8 15 Agency HHS OIG 2 0 6 1 3 0 11 1 12 Utah MIG 1 0 3 0 2 0 6 0 6 Licensing Board 1 0 0 1 1 1 2 2 4 Other Law 0 0 0 1 0 0 0 1 1 Enforcement Providers 1 0 0 0 0 0 1 0 1 Prosecutors 0 0 1 0 0 0 1 0 1 Private Health 1 0 0 0 0 0 1 0 1 Insurers ACOs 0 0 0 0 1 0 1 0 1 Other 37 0 22 0 12 1 71* 1 72 Total 46 8 36 22 20 20 102 50 152 * Allegations related to global cases accounted for 66 of the 71 “other” fraud referrals that the MFCU reported in FYs 2015–2017. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 20 APPENDIX C: Detailed Methodology The onsite review team consisted of OIG evaluators and agents, as well as a director from another State MFCU. The primary purpose of the review was to follow up on issues that OIG had identified through its ongoing oversight activities. We focused the review on four general areas: (1) case outcomes; (2) referrals; (3) MFCU operations; and (4) fiscal controls. We analyzed qualitative and quantitative data from a variety of sources. These included:  case outcome data;  referral data associated with the MFCU;  other documentation that the MFCU had submitted;  structured interviews with MFCU staff and key stakeholders;  onsite review of case files;  onsite observations; and  documentation related to the MFCU’s fiscal controls. Data Collection Case outcomes Prior to the onsite visit, we examined statistical reports and other and Analysis documentation that the MFCU had submitted to OIG. This included MFCU case outcome data pertaining to FYs 2015–2017 and the previous 3-year period (FYs 2012–2014). We examined five case outcome measures: (1) the number of fraud convictions; (2) the number of convictions of patient abuse or neglect; (3) the amount of monetary recoveries associated with criminal convictions; (4) the number of civil settlements and judgments; and (5) the amount of monetary recoveries associated with civil cases. For each measure, we performed two types of comparative analysis. We compared outcomes for the Utah MFCU during each period of 3 fiscal years to determine whether outcomes changed during FYs 2015–2017. We also compared Utah’s outcomes for FYs 2015–2017 to those of other similarly sized MFCUs.38 The nine similarly sized MFCUs have staffs ranging in size from 11 to 15 employees; the Utah MFCU has an approved staffing level of 13 employees.39 Referrals of fraud and patient abuse or neglect We examined data associated with referrals sent to and that the MFCU received from a variety of sources. This included the number of referrals 38Although comparison across similarly sized MFCUs provides context for the case outcomes of a particular MFCU, many factors other than a MFCU’s staff size can affect case outcomes. 39The figures of 11–15 employees come from the numbers of employees that MFCUs reporting having at the end of FY 2017. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 21 that the MFCU reported receiving during FYs 2015–2017; the number of referrals from the previous period of 3 fiscal years; and the number of referrals received by similarly sized MFCUs during FYs 2015–2017. These referral-related data included referrals relating to both general types of cases that the MFCU handles: those regarding fraud and those regarding patient abuse or neglect. We also examined the processes that the MFCU used for monitoring the opening of cases, and we examined the outcomes of cases. We also reviewed the MFCU’s memorandum of understanding with the Utah MIG and State Medicaid agency. Other documentation We examined the MFCU’s policies and procedures and held discussions with MFCU management to gain an understanding of those policies and procedures. We confirmed with the MFCU director that the information we had was current, and we requested any additional data and clarification that we needed. We also examined data associated with the MFCU’s staff, both to identify the number of MFCU staff and to determine how long each staff member had been at the MFCU during the period of FYs 2015–2017. Interviews with MFCU staff and director We conducted interviews with nine MFCU staff, including the MFCU director.40 These interviews focused on case outcomes—specifically, why they were low during FYs 2015–2017 and how to improve them. The interviews were informed by our analysis of the MFCU’s case-outcomes data, other documentation, and stakeholder interviews. We asked MFCU staff to provide us with any additional context that could help us understand the MFCU’s operations. Subsequent to the onsite review, we followed up with the MFCU director to clarify certain data we collected onsite and to gain further information. Key stakeholder interviews In March and April 2018, we interviewed individual stakeholders from 12 entities who were familiar with the MFCU’s operations. Staff conducting the structured interviews included OIG evaluators and OIG agents, and a director from another State MFCU. Stakeholders whom we interviewed included the following: program integrity staff from the State’s four ACOs; a manager from the Department of Aging and Adult Services (Adult Protective Services); an Assistant U.S. Attorney; a manager from the Bureau of Internal Review and Audit; the Deputy Director and another manager from the State Medicaid agency; the Utah Medicaid Inspector General; two managers from the Medicaid agency’s Survey and Certification bureau; 40 We did not interview the office administrator, one auditor, and two investigators. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 22 a Deputy Attorney General;41 and another OIG agent who worked closely with the MFCU. We focused these interviews on (1) the MFCU’s relationship and interactions with these entities; (2) any areas in which stakeholders believed the MFCU had opportunities for improvement; and (3) practices that may be beneficial to the MFCU’s operations or to other MFCUs. As needed, we followed up with some of the interviewees after the onsite review. Case file reviews We asked the MFCU to provide us with a list of cases that were open at any point during FYs 2015–2017. The MFCU provided us with a list of 274 cases that met these parameters. The MFCU categorized 122 of these cases as “global” cases, which we excluded from consideration for our onsite review of case files. We formed two strata from the remaining 152 cases on the list. Stratum 1 consisted of 91 fraud cases, and stratum 2 consisted of 61 cases of patient abuse or neglect.42 We selected our sample of 105 cases by including all 91 fraud cases from stratum 1 and selecting a simple random sample of 14 of the 61 cases of patient abuse or neglect from stratum 2. We allocated our sample this way because of our concerns about the MFCU’s low fraud outcomes for FYs 2015–2017. With the assistance of OIG agents and the director from another State MFCU, we reviewed referrals that the MFCU received and the MFCU’s processes for monitoring the opening, status, and outcomes of cases.43 We also reviewed the MFCU’s approach to investigating and prosecuting cases that were open at some point during FYs 2015–2017. Onsite observations While onsite, we examined the MFCU’s workspace and operations to identify any instances of nonadherence to performance standards and/or instances of noncompliance with applicable Federal laws, regulations, and OIG policy transmittals. Among other things, we evaluated the security of the MFCU’s case files and the functionality of the MFCU’s electronic system for tracking case files. 41 The Deputy Attorney General supervises the MFCU director. 42While onsite, we determined that three additional cases marked by the MFCU as “nonglobal fraud” were in fact global cases. We removed these three cases from our sample of case files for onsite review. 43To verify—in the absence of documentation—whether the periodic reviews for these files had ever been conducted, we followed up with the MFCU staff. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 23 Review of MFCU financial documentation We conducted a limited review of the MFCU’s control over its fiscal resources. Prior to the onsite review, we analyzed the MFCU’s response to an internal-controls questionnaire and conducted a desk review of the MFCU’s financial status reports. While onsite, we followed up with MFCU officials to clarify issues identified in the internal-controls questionnaire. We also selected a purposive sample of 30 items from the current inventory list of 369 items maintained in the MFCU’s office and verified those items onsite. This limited review did not produce any findings related to the MFCU’s control over its fiscal resources. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 24 APPENDIX D: MFCU Comments Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 25 Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 26 Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 27 Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 28 ACKNOWLEDGMENTS Matthew DeFraga served as the team leader for this study. Others in the Office of Evaluation and Inspections who conducted the study include Michael Henry and Christina Lester. Medicaid Fraud Policy and Oversight Division staff who participated in the review include Susan Burbach. Office of Evaluation and Inspections staff who provided support include Kevin Farber and Christine Moritz. Office of Investigations staff and a peer reviewer from another State MFCU also participated in this review. This report was prepared under the direction of Blaine Collins, Regional Inspector General for Evaluation and Inspections in the San Francisco regional office, and Abigail Amoroso and Michael Henry, Deputy Regional Inspectors General; and in consultation with Richard Stern, Director of the Medicaid Fraud Policy and Oversight Division. To obtain additional information concerning this report or to obtain copies, contact the Office of Public Affairs at Public.Affairs@oig.hhs.gov. Utah Medicaid Fraud Control Unit: 2018 Onsite Review (OEI-09-18-00170) 29 ABOUT THE OFFICE OF INSPECTOR GENERAL The mission of the Office of Inspector General (OIG), as mandated by Public Law 95-452, as amended, is to protect the integrity of the Department of Health and Human Services (HHS) programs, as well as the health and welfare of beneficiaries served by those programs. This statutory mission is carried out through a nationwide network of audits, investigations, and inspections conducted by the following operating components: Office of Audit The Office of Audit Services (OAS) provides auditing services for HHS, either by conducting audits with its own audit resources or by overseeing audit Services work done by others. Audits examine the performance of HHS programs and/or its grantees and contractors in carrying out their respective responsibilities and are intended to provide independent assessments of HHS programs and operations. These assessments help reduce waste, abuse, and mismanagement and promote economy and efficiency throughout HHS. Office of Evaluation The Office of Evaluation and Inspections (OEI) conducts national evaluations to provide HHS, Congress, and the public with timely, useful, and reliable and Inspections information on significant issues. These evaluations focus on preventing fraud, waste, or abuse and promoting economy, efficiency, and effectiveness of departmental programs. To promote impact, OEI reports also present practical recommendations for improving program operations. Office of The Office of Investigations (OI) conducts criminal, civil, and administrative investigations of fraud and misconduct related to HHS programs, Investigations operations, and beneficiaries. With investigators working in all 50 States and the District of Columbia, OI utilizes its resources by actively coordinating with the Department of Justice and other Federal, State, and local law enforcement authorities. The investigative efforts of OI often lead to criminal convictions, administrative sanctions, and/or civil monetary penalties. Office of Counsel to The Office of Counsel to the Inspector General (OCIG) provides general legal services to OIG, rendering advice and opinions on HHS programs and the Inspector operations and providing all legal support for OIG’s internal operations. General OCIG represents OIG in all civil and administrative fraud and abuse cases involving HHS programs, including False Claims Act, program exclusion, and civil monetary penalty cases. In connection with these cases, OCIG also negotiates and monitors corporate integrity agreements. OCIG renders advisory opinions, issues compliance program guidance, publishes fraud alerts, and provides other guidance to the health care industry concerning the anti-kickback statute and other OIG enforcement authorities.