Medicaid Audit Unit Completed Audits, March 2, 2024 through February 28, 2025

During this reporting period, the Office of the State Auditor (OSA) released three audit reports on MassHealth’s compliance with state and federal laws, regulations, and other applicable authoritative guidance. These reports identified an estimated $27,259,164 in potential cost savings and provided several recommendations to strengthen internal controls and oversight in MassHealth’s program administration. The following is a summary of our Medicaid audit work between March 2024 and the end of February 2025.

Background and Reason for Audit

The purpose of this audit was to determine whether MassHealth ensured that it did not make capitation payments to managed care organizations (MCOs) on behalf of members who were assigned more than one member ID. OSA conducted the audit as part of our ongoing independent statutory oversight of the state’s Medicaid program.

Summary of Findings and Recommendations

OSA reported one finding in this audit:

1. MassHealth made capitation payments on behalf of members with multiple IDs.

OSA’s recommendations to MassHealth were as follows:

2. MassHealth should require that all members flagged by data matches submit documentation to confirm their identity. If the member does not provide documentation, then MassHealth should either pause the member’s coverage or move the member to its fee-for-service model until it can determine whether the member’s coverage should be terminated.
3. MassHealth should investigate and resolve all instances where its data matches indicate that a member has been assigned more than one member ID.
4. MassHealth should implement a match criterion that focuses solely on Social Security Numbers (SSNs). Because an SSN should be unique to each individual, a targeted match criterion that only includes an SSN would reduce the prevalence of multiple IDs by 19%, based on our sample testing.

EOHHS’s Comments

Specifically regarding the three issues noted in the finding, MassHealth responded with the following:

Member IDs linked in [the Medicaid Management Information System (MMIS)]: The majority of identified overpayments ($622,885 out of $672,946) result from capitation payments made for 67 cases where [member IDs (MIDs)] were linked by MassHealth after the implementation of our enhanced [master data management (MDM)] identification process. MassHealth has reviewed and addressed or is in the process of addressing these resulting overpayments. MassHealth’s use of MDM reports to identify and investigate potential cases of multiple MIDs in 2022 resulted in a significant number of cases being linked after the point in time when resulting duplicate capitation payments from 2019, 2020, and 2021 would have been recouped within MMIS. Overpayments made in 2019 and 2020 were not recoverable as MassHealth does not pursue overpayments nor account for underpayments made to managed care entities after the closure of its risk-sharing reconciliation process for that rate year. However, MassHealth was able to recoup [Office of the State Auditor (OSA)]-identified 2021 overpayments associated with linked members made to [accountable care organization] and MCO plans as part of its risk-sharing reconciliation process for rate year 2021. Finally, MassHealth will pursue recoupment for a small amount of 2022 capitation payments associated with three cases that were linked later in 2023 and 2024. Going forward, MassHealth’s timely identification and review of any multiple MID cases will result in duplicate capitation payments to be collected within MMIS.

Member IDs not linked in MMIS but determined to be the same person: Based upon MassHealth’s review of the OSA’s findings, 7 cases that remained unlinked were due to MIDs being associated with an inactive benefit. MassHealth’s review of duplicate MIDs is limited to cases where both MIDs are associated with active benefits that result in duplicate capitation payments. For these cases, by the time the MDM enhancements were implemented in 2022, at least one of the MIDs had an inactive benefit. MassHealth notes that these cases account for a smaller overpayment amount of $31,918 over the course of the four-year audit period.

MassHealth unable to determine whether member IDs were for the same person: MassHealth respectfully disagrees with the OSA characterization of the 26 cases under this category. While MassHealth recognizes these cases as instances of multiple MIDs being associated with the same individual, MassHealth is unable to link these cases due to privacy concerns. In certain cases, particularly for children in the care and custody of the Department of Children and Families (DCF), it has been MassHealth’s policy to not link certain MIDs. For example, in order to prevent the biological parent from having access to the new family’s information, multiple IDs for adopted children are not linked without prior authorization from DCF. MassHealth recognizes that the policy not to link these members may result in duplicate capitation payments made to managed care entities. MassHealth notes that these cases reflected the smallest share of identified overpayments at $18,143. While this policy affects a relatively small number of cases and associated capitation payments, MassHealth will explore new means of preventing and recouping these duplicate payments without risking the privacy of the associated members.

Specific to our recommendations, MassHealth responded with the following:

Recommendation 1: MassHealth will investigate the feasibility of establishing a process to request further documentation where MassHealth is unable to determine if two [member IDs (MIDs)] are associated with the same individual. MassHealth notes that the majority of cases can be determined via the information submitted through members’ applications and external data sources. The cases where [the Office of the State Auditor (OSA)] determined the MIDs cannot be confirmed as the same person instead reflect a policy decision to not link members where there is a privacy concern as described above. MassHealth will explore an alternative course of action for this small subset members to prevent and recoup duplicate capitation payments made in these cases. . . .

Recommendation 2: MassHealth believes that it has established the system infrastructure as well as policies and procedures to comprehensively identify and investigate potential MID duplicates. As stated above, MassHealth’s MDM program both prevents the creation of multiple MIDs for the same individual as well as produces routine reports that MassHealth uses to link members with more than one MID. In addition, these routine reports allow MassHealth to investigate cases in a timely manner that ensures any duplicate capitation payments are recouped. . . .

Recommendation 3: MassHealth disagrees with this recommendation. Because MassHealth may receive inaccurate social security numbers due to typographical errors, preventing the creation of an MID due to a matching social security number with no other matches across personal information may result in delayed enrollment for members and impact their access to care. However, in most cases, MassHealth’s existing controls prevent the creation of multiple MIDs for an individual where the social security number matches. For those cases where multiple MIDs are created, MDM’s regular reporting of potential duplicates allow MassHealth to link MIDs in time to ensure any duplicate capitation payments are ultimately recouped and prevented going forward.

Background and Reason for Audit

The purpose of this audit was to determine whether MassHealth monitored telehealth practices for ADH to ensure compliance with its regulations.

This audit was conducted as part of OSA’s ongoing independent statutory oversight of the state’s Medicaid program. Several of our previously issued audit reports disclosed weaknesses in MassHealth’s claim processing system and improper billing practices by MassHealth providers, which identified millions of dollars in potentially improper payments. As with any government program, public confidence is essential to the success of and continued support for public expenditures, such as the state’s Medicaid program. Our audit is designed to identify issues that will help improve the Medicaid program so that taxpayers know their dollars are spent prudently and that there is a system of continuous improvement of efficiency and service over time.

Summary of Findings and Recommendations

OSA reported three findings in this audit:

1. MassHealth paid providers for ADH that it did not authorize and/or that did not have supporting documentation.
2. MassHealth paid providers for transportation to ADH that it did not authorize and/or that did not have supporting documentation.
3. MassHealth paid providers $11,797 for 109 claims for services allegedly rendered to 31 members who were proven to be deceased.

OSA’s recommendations to MassHealth were as follows:

4. MassHealth should ensure that system edits to prevent payments for ADH without prior authorization are properly implemented.
5. MassHealth should investigate the paid claims identified by OSA and take corrective action as it deems appropriate. MassHealth should also investigate for improper documentation of ADH claims from providers that OSA did not review.
6. MassHealth should ensure that system edits to prevent payments for ADH without prior authorization are properly implemented.
7. MassHealth should investigate the paid claims identified by OSA and take corrective action as it deems appropriate. MassHealth should also investigate ADH claims from providers outside the five OSA reviewed for improper documentation.
8. MassHealth should establish monitoring controls to ensure that ADH claims are documented.
9. MassHealth should update its MMIS algorithms to cross-reference members’ dates of death with additional data sources and not rely solely on the Department of Public Health’s Vital Statistics file when verifying members’ dates of death.
10. MassHealth should establish a plan to recoup the $11,797 in overpayments made on behalf of deceased members.

EOHHS’s Comments

Regarding Finding 1, MassHealth stated the following:

Regarding recommendation 1 . . . MassHealth delayed the planned activation of a system edit related to prior authorization that—prior to the pandemic—had been set to be activated on April 15, 2020. MassHealth made the decision to delay activation of the edit to avoid further disruption to the ADH program at a time when ADH providers had been forced to close and MassHealth was intently focused on finding ways to retain the existence of ADH providers and ensure the continued availability of ADH services. This decision was also premised on the understanding that any claims for ADH services that were paid absent a [prior authorization (PA)] could be recovered via post payment review, a process which has since occurred, and as noted in further detail below. Ultimately MassHealth activated the PA edit on September 1, 2021, after the height of the pandemic had receded. . . .

Regarding recommendation 2, MassHealth agrees with this recommendation. MassHealth will review the OSA’s findings and recover any identified overpayments that are not already subject to ongoing MassHealth provider audits and recoveries. Specifically, and as noted above, MassHealth is finalizing a claim-based algorithm recovery for ADH services provided without a PA, which encompass the OSA’s audit period and was previously in development as part of MassHealth’s standard program integrity controls. Further, MassHealth will ensure that any findings from the OSA not captured in the existing recovery project will be validated and pursued through overpayment recoveries as appropriate.

MassHealth further requests, however, that in . . . the draft audit report, where it states “$123,733 out of the $262,685 (47%) in undocumented ADH claims were for retainer payments to ADH providers” that the auditor identify whether the identified retainer payment claims with no documentation were for dates that occurred in a week with no other documentation of a member contact, as it was permissible for ADH providers to claim multiple retainer payments in a given month so long as they had at least one contact with the member during each week in that month.

Regarding Finding 2, MassHealth stated the following:

Regarding recommendation [4], MassHealth agrees with this recommendation. MassHealth will review the OSA’s findings and recover any identified overpayments that are not already subject to ongoing MassHealth provider investigations and recoveries. Of note, MassHealth is currently finalizing a claim-based algorithm recovery for ADH nonemergency transportation services provided without a PA for ADH services, which encompass the OSA’s audit period and was previously in development as part of MassHealth’s standard program integrity controls. Further, MassHealth will ensure that any findings from the OSA not captured in the existing recovery project will be validated and pursued through overpayment recoveries as appropriate.

Regarding recommendation [5], MassHealth agrees with this recommendation and is committed to ensuring ADH providers’ compliance with documentation requirements. MassHealth works to ensure ADH provider compliance via training conducted during provider meetings, as well as robust program integrity controls. Such program integrity controls include a comprehensive set of pre-pay edits, a prior authorization process that ensures services rendered are clinically appropriate, postpayment claims recoveries, and regularly scheduled audits of providers. Specifically, MassHealth regularly initiates 1 to 2 ADH provider audits per month which may result in the issuance of corrective actions and overpayments for improper documentation. Since January 1st, 2022, MassHealth has initiated 36 audits of ADH providers and has issued 20 initial notices of overpayment which detail the agency’s overpayment and sanction findings.

Regarding Finding 3, MassHealth stated the following:

MassHealth agrees with these recommendations. MassHealth has robust program integrity controls in place to prevent payments after a member’s date of death. However, due to issues often beyond MassHealth’s control (e.g., inaccurate sources of death data and time lags in access to death data), it is possible for such payments to occur. As a result, MassHealth also has robust controls in place to identify and recover such claims post-payment.

Regarding recommendation [6], MassHealth has adjusted its program integrity processes to improve the identification and recovery of inappropriately paid claims for dates of service after a member’s date of death. Historically, it had been MassHealth’s process to use Department of Public Health (DPH) Vital Statistics data to identify claims that were incorrectly paid for dates [of] service after a member’s date of death; only members matching on the DPH Vital Statistics file would be included in any findings. MassHealth must balance the risk of missing potential overpayments with the risk of relying on less reliable sources of death data in pursuing recoupments of potential overpayments. In light of the OSA’s recommendation, as of January 2024, MassHealth has updated its program integrity efforts to no longer exclude members from post-death algorithms when members do not appear in the DPH Vital Statistics file.

Regarding recommendation [7], MassHealth agrees with this recommendation. MassHealth will review the claims identified by the OSA and carry out the recovery process as appropriate. MassHealth notes that 28 of the 109 claims have already been identified and included in initial notices of overpayment issued to the associated providers. MassHealth will ensure that all remaining overpayments identified are validated and recovered as appropriate.

Background and Reason for Audit

The purpose of this audit was to determine whether MassHealth monitored telehealth practices for AFC and GAFC services to ensure compliance with its regulations.

The audit was conducted as part of OSA’s ongoing independent statutory oversight of the state’s Medicaid program. Several of our previously issued audit reports disclosed weaknesses in MassHealth’s claim processing system and improper billing practices by MassHealth providers, which identified millions of dollars in potentially improper payments. As with any government program, public confidence is essential to the success and continued support for public expenditures, such as the state’s Medicaid program. Our audit is designed to identify issues that will help improve the Medicaid program so that taxpayers know that their dollars are spent prudently and that there is a system of continuous improvement to support improved efficiency and service over time.

Summary of Finding and Recommendation

OSA reported three findings in this audit:

1. MassHealth did not ensure that AFC and GAFC registered nurses / licensed practical nurses and care managers conducted required oversight visits.
2. MassHealth paid AFC and GAFC providers for services that did not have supporting caregiver / direct care aide log documentation.
3. MassHealth paid for AFC and GAFC caregiver / direct care aide services that were incorrectly coded as telehealth.

OSA’s recommendations to MassHealth were as follows:

4. MassHealth should establish effective monitoring controls to ensure that AFC and GAFC providers conduct the required oversight visits for MassHealth members and caregivers / direct care aides. To establish effective monitoring controls, we believe MassHealth should establish a goal for the number of AFC / GAFC providers it will audit each year. MassHealth should investigate and resolve all instances where its data matches indicate that a member is enrolled in another state’s Medicaid program.
5. MassHealth should establish an effective monitoring process to ensure that caregivers / direct care aides of AFC and GAFC providers properly document care in their logs.
6. MassHealth should add a system control in the Medicaid Management Information System to deny AFC and GAFC caregiver / direct care aide services in a telehealth setting.

EOHHS’s Comments

Regarding Finding 1, MassHealth stated the following:

MassHealth agrees with this recommendation. MassHealth is committed to ensuring AFC and GAFC providers’ compliance with federal and state requirements through clear and frequent outreach to the provider network via periodic trainings and provider meetings, as well as robust program integrity controls. Such program integrity controls include a comprehensive set of pre-pay edits, a prior authorization process that ensures services rendered are clinically appropriate, post-payment claims recoveries, and regularly scheduled audits of providers.

Program integrity initiatives developed and implemented since the period covered under this audit include instituting a temporary moratorium on new AFC providers from March 10, 2023, through September 10, 2023. The purpose of the temporary moratorium was to allow MassHealth to focus on enhanced training and education of existing AFC providers and the development of a more robust onboarding process for new AFC providers. Following the end of the moratorium, and in addition to instituting a more robust onboarding process, MassHealth schedules audits of every new AFC and GAFC provider within six months of their enrollment.

Additionally, to monitor compliance, and as part of MassHealth’s overall program integrity strategy, MassHealth initiates audits of 2 to 3 AFC and GAFC providers each month (approximately 24-36 audits per year). As part of these audits, MassHealth auditors review documentation submitted by providers to ensure [registered nurse / licensed practical nurse] and care manager visits are documented and occur within the timeframes required by the provider regulations. Where MassHealth identifies instances of non-compliance, MassHealth issues overpayments and sanctions as appropriate.

From 2022 to present, MassHealth has initiated 92 audits of AFC and GAFC providers (approximately 3 audits per month) and has issued 49 initial notices of overpayment and sanction, which outline MassHealth’s audit findings and initiates the recovery process for identified overpayments and sanctions.

Regarding Finding 2, MassHealth stated the following:

MassHealth agrees with this recommendation. As discussed above, MassHealth actively engages in provider education and program integrity activities to promote and monitor AFC and GAFC compliance with provider requirements. This includes the provision of provider education on requirements to train caregivers and direct care aides on care log documentation requirements, as well as provider audits to monitor compliance with program requirements, which includes review of caregiver / direct care aide logs.

As noted in response to Finding 1, above, from 2022 to present, MassHealth has initiated 92 audits of AFC and GAFC providers (approximately 3 audits per month) and has issued 49 initial notices of overpayment and sanction, which outline MassHealth’s audit findings and initiates the recovery process for identified overpayments and sanctions.

Regarding Finding 3, MassHealth stated the following:

MassHealth agrees with this recommendation. MassHealth will implement a system edit to prevent AFC and GAFC providers from submitting claims for AFC / GAFC services when coded as telehealth.

As noted above, because personal care is a type of care that cannot be delivered via telehealth, AFC and GAFC providers were not—and are not—permitted to use telehealth for the delivery of personal care. MassHealth appreciates that the [Office of the State Auditor] draft report acknowledges that the identified claims were billed as telehealth in error and that AFC / GAFC services were in fact rendered in person and based on the auditor’s review of provider documentation. MassHealth further notes this error appears to be concentrated to a small percentage of providers within the network with only 5 out of 268 providers having billed claims coded as telehealth. As noted above, MassHealth agrees with the recommendation and will implement an edit to prevent the ability for AFC / GAFC claims to be submitted when coded as telehealth.