Why Health Plans Should Conduct Internal Medicaid Risk Assessments and Where to Start

By Sonya Henderson
Wed, Oct, 18, 2017

Health plans that serve Medicaid beneficiaries are coming under increasing state regulatory scrutiny that exposes them to significant financial and contractual risks. For this reason, it’s important that each health plan develop a Medicaid Risk Assessment process to identify and mitigate risks and maintain contract compliance.

A Medicaid Risk Assessment is basically a proactive, internal review of your health plan’s operations, conducted at regular intervals, to see how well or not these comply with specific requirements contained in your state Medicaid contract. These reviews are important for two main reasons:

First, financial penalties for state Medicaid contract non-compliance can be quite steep, with some fines potentially totaling hundreds of thousands of dollars.

Second, non-compliance can lead to other sanctions levelled against your health plan by the state, including enrollment freezes and licensure disruption. These are costly, disruptive, and potentially damaging to your plan’s reputation in the market.

Many plans operate under the general assumption that they don’t have time or resources to adopt a proactive internal Medicaid risk assessment plan because they already have too many other compliance burdens on their plates – including regular state audits. But we have seen first-hand how not being proactive can lead to problems.

For example, regardless of the length of your state Medicaid contract (let’s assume it’s 3 years), the state can – and often does ---change specific terms of your contract while it’s in progress, sometimes as often as every six months or quarterly. Also, state Medicaid regulators often request specific changes without giving health plans a lot of lead time to operationalize these (60-day turnaround requests are not uncommon). Having a proactive Medicaid Risk Assessment program in place can help plans address such issues more promptly, and therefore, reduce their compliance risks.

In recent years, states have become more aggressive in the scope, frequency, and intensity of their Medicaid contract audits. This is largely due to increased pressures coming from the federal government and CMS -- and the fact that government is spending more Medicaid dollars annually than ever. This means state Medicaid auditors will look closely for wherever they can recoup precious dollars – including from your plan.

If your plan has never adopted or implemented a proactive Medicaid Risk Assessment program, here are four areas you should be focusing on initially.

  1. Take a close look at any recent financial penalties, sanctions, or notices of non-compliance your plan has received from Medicaid agencies in the past year or 18 months. These should give you good insights into the specific operational areas where your plan is at highest risk (for example, claims processing). Focus on correcting these areas first, before doing anything else.
  2. Review your Medicaid contract carefully and regularly and make sure you are aware of how it says the state will determine specific financial penalties. It is not uncommon for the state to impose a certain dollar amount penalty per day, or per episode of care. These can compound very rapidly to upwards of half a million dollars. Focus your assessment efforts on those areas in the contract that would pose the greatest potential financial risks.
  3. Look at member complaints to see if you can identify other areas that may need improving. The state will almost certainly be looking closely at this if they haven’t already.
  4. Finally, look at your processes for handling Medicaid appeals and grievances, as well as for capturing and reporting encounter data. These areas are often the most problematic ones for health plans.

If your plan has never done a Medicaid risk assessment, now is a good time to start.

Comments