Office of Medicaid (MassHealth) - Review of Capitation Payments with Multiple Identification Numbers - Finding 1

During the audit period, out of our sample of 115 members, MassHealth incorrectly made capitation payments on behalf of 107 members. Specifically, we determined that 67 members out of these 107 members had linked identification numbers (IDs) within MassHealth’s Medicaid Management Information System (MMIS), indicating that MassHealth was aware they were the same person. In addition, 14 members out of the 107 members had multiple IDs that were not linked in the system. Upon inquiry by the audit team, MassHealth agreed that they were the same person. Finally, 26 members out of the 107 members were not linked in MMIS, and MassHealth did not have supporting documentation to determine whether they were the same person.

Summary of Issues

*  For the remaining 8 cases in our sample population, which we knew had multiple member IDs, MassHealth made the capitation payments correctly.

Because we collaborated with the US Department of Health and Human Services Office of Inspector General (HHS OIG) to pull a statistical sample, HHS OIG’s statistician was able to project the results of our testing to the full population and, based on this sample, projected that MassHealth made an estimated $3,813,827 in capitation payments to managed care organizations on behalf of members who were assigned more than one member ID.

Not ensuring that all MassHealth members are assigned only one member ID creates a higher-than-acceptable risk that payments may be improper. MassHealth could have used this money to provide additional services to other MassHealth members or reduce the cost of its services to the Commonwealth.

Section 450.235(A) of Title 130 of the Code of Massachusetts Regulations (CMR) states,

Overpayments include . . . payments to a provider . . .

(7)  for services billed that result in a duplicate payment; or

(8)  in an amount that a federal or state agency (other than the MassHealth agency) has determined to be an overpayment.

According to 130 CMR 450.237, “The existence and amount of overpayment may be determined in an action to recover the overpayment. . . . The MassHealth agency may also determine the existence and amount of overpayments.”

Section 433.312(a) of Title 42 of the Code of Federal Regulations states,

(1)  The State Medicaid agency has 1 year from the date of discovery of an overpayment to a provider to recover or seek to recover the overpayment before the Federal share must be refunded to [the Centers for Medicare and Medicaid Services].

(2)  The State Medicaid agency must refund the Federal share of overpayments at the end of the 1-year period following discovery in accordance with the requirements of this subpart, whether or not the State has recovered the overpayment from the provider.

MassHealth does not have monitoring controls over its match criteria to prevent multiple IDs from being assigned when the Social Security number (SSN) matches. In addition, the MassHealth recovery process did not recoup capitation payments made on behalf of the same person even after MassHealth determined multiple IDs to be for the same person.

1. MassHealth should require that all members flagged by data matches submit documentation to confirm their identity. If the member does not provide documentation, then MassHealth should either pause the member’s coverage or move the member to its fee-for-service model until it can determine whether the member’s coverage should be terminated.
2. MassHealth should investigate and resolve all instances where its data matches indicate that a member has been assigned more than one member ID.
3. MassHealth should implement a match criterion that focuses solely on SSNs. Because an SSN should be unique to each individual, a targeted match criterion that only includes an SSN would reduce the prevalence of multiple IDs by 19%, based on our sample testing.

Specific to the three issues noted in the finding, MassHealth responded with the following:

Member IDs linked in MMIS: The majority of identified overpayments ($622,885 out of $672,946) result from capitation payments made for 67 cases where [member IDs (MIDs)] were linked by MassHealth after the implementation of our enhanced [master data management (MDM)] identification process. MassHealth has reviewed and addressed or is in the process of addressing these resulting overpayments. MassHealth’s use of MDM reports to identify and investigate potential cases of multiple MIDs in 2022 resulted in a significant number of cases being linked after the point in time when resulting duplicate capitation payments from 2019, 2020, and 2021 would have been recouped within MMIS. Overpayments made in 2019 and 2020 were not recoverable as MassHealth does not pursue overpayments nor account for underpayments made to managed care entities after the closure of its risk-sharing reconciliation process for that rate year. However, MassHealth was able to recoup [Office of the State Auditor (OSA)]-identified 2021 overpayments associated with linked members made to [accountable care organization] and MCO plans as part of its risk-sharing reconciliation process for rate year 2021. Finally, MassHealth will pursue recoupment for a small amount of 2022 capitation payments associated with three cases that were linked later in 2023 and 2024. Going forward, MassHealth’s timely identification and review of any multiple MID cases will result in duplicate capitation payments to be collected within MMIS.

Member IDs not linked in MMIS but determined to be the same person: Based upon MassHealth’s review of the OSA’s findings, 7 cases that remained unlinked were due to MIDs being associated with an inactive benefit. MassHealth’s review of duplicate MIDs is limited to cases where both MIDs are associated with active benefits that result in duplicate capitation payments. For these cases, by the time the MDM enhancements were implemented in 2022, at least one of the MIDs had an inactive benefit. MassHealth notes that these cases account for a smaller overpayment amount of $31,918 over the course of the four-year audit period.

MassHealth unable to determine whether member IDs were for the same person: MassHealth respectfully disagrees with the OSA characterization of the 26 cases under this category. While MassHealth recognizes these cases as instances of multiple MIDs being associated with the same individual, MassHealth is unable to link these cases due to privacy concerns. In certain cases, particularly for children in the care and custody of the Department of Children and Families (DCF), it has been MassHealth’s policy to not link certain MIDs. For example, in order to prevent the biological parent from having access to the new family’s information, multiple IDs for adopted children are not linked without prior authorization from DCF. MassHealth recognizes that the policy not to link these members may result in duplicate capitation payments made to managed care entities. MassHealth notes that these cases reflected the smallest share of identified overpayments at $18,143. While this policy affects a relatively small number of cases and associated capitation payments, MassHealth will explore new means of preventing and recouping these duplicate payments without risking the privacy of the associated members. 

Specific to our recommendations, MassHealth responded with the following:

Recommendation 1: MassHealth will investigate the feasibility of establishing a process to request further documentation where MassHealth is unable to determine if two [member IDs (MIDs)] are associated with the same individual. MassHealth notes that the majority of cases can be determined via the information submitted through members’ applications and external data sources. The cases where [the Office of the State Auditor (OSA)] determined the MIDs cannot be confirmed as the same person instead reflect a policy decision to not link members where there is a privacy concern as described above. MassHealth will explore an alternative course of action for this small subset members to prevent and recoup duplicate capitation payments made in these cases. . . .

Recommendation 2: MassHealth believes that it has established the system infrastructure as well as policies and procedures to comprehensively identify and investigate potential MID duplicates. As stated above, MassHealth’s MDM program both prevents the creation of multiple MIDs for the same individual as well as produces routine reports that MassHealth uses to link members with more than one MID. In addition, these routine reports allow MassHealth to investigate cases in a timely manner that ensures any duplicate capitation payments are recouped. . . .

Recommendation 3: MassHealth disagrees with this recommendation. Because MassHealth may receive inaccurate social security numbers due to typographical errors, preventing the creation of an MID due to a matching social security number with no other matches across personal information may result in delayed enrollment for members and impact their access to care. However, in most cases, MassHealth’s existing controls prevent the creation of multiple MIDs for an individual where the social security number matches. For those cases where multiple MIDs are created, MDM’s regular reporting of potential duplicates allow MassHealth to link MIDs in time to ensure any duplicate capitation payments are ultimately recouped and prevented going forward.

For the three different issues identified in the finding, MassHealth has provided additional information on how it plans to recoup the duplicative payments, the reasons for the multiple IDs, and enhancements to its procedures for identifying multiple IDs and recouping duplicative payments. MassHealth does disagree with our third issue, where MassHealth was unable to determine whether member IDs were for the same person. MassHealth believes that these individuals should not be linked in MMIS because of high privacy concerns associated with these types of members. We understand the level of privacy needed for these individuals and do not recommend that MassHealth link them. Rather, we recommend that MassHealth investigate these cases further, flag these members internally in the system, perform additional identifying procedures, and recoup duplicative payments. This would not result in providing any personal information to unauthorized personnel members. We do commend MassHealth as it agrees to explore new ways to prevent and recoup duplicative payments.

For our first recommendation, MassHealth agrees with our recommendation and is exploring new ways to prevent and recoup duplicative payments.

MassHealth believes that it has established policies and procedures that relate to our second recommendation and believes that the majority of our finding is from before the implementation of the master data management program; however, there were still 14 members who were not linked and should have been, resulting in $31,918 in duplicative payments. In addition, of the 67 cases linked, most of those duplicative payments have not been recouped. We encourage MassHealth to actively pursue recoupment for these payments and we will follow up in six months.

Lastly, MassHealth disagrees with our recommendation to implement a match criterion that focuses solely on SSNs because it may result in a delay of enrollment. We do not recommend delaying enrollment for any member; however, if an application comes in with the same SNN as an existing MassHealth member, MassHealth should perform additional procedures to investigate the reason for the two members having the same SSN.