Medicaid Program Integrity

Medicaid is Washington's largest public assistance program. It provides health coverage to about two million Washingtonians through a state-federal partnership, costing more than $14 billion in fiscal year 2020. The price-tag has risen during the last decade. Unsurprisingly, the program expands to meet rising needs that come during times of economic decline. Strengthening program integrity efforts helps ensure every Medicaid dollar stretches as far as possible to serve those insured through the program.

Given the size and importance of Medicaid, it needs a robust program integrity function to help ensure money is spent properly. In addition, gaps in program integrity efforts can have financial consequences for Washington. State programs that fail to comply with federal program integrity requirements risk paying back federal funding. This money makes up a substantial amount. About $9.5 billion of the $14.6 billion Washington spent on Medicaid in fiscal year 2020 came from the federal government.

Ensuring program integrity for a program this large and complicated is an inherently difficult task. Indeed, when the responsibility spans several state agencies and managed care organizations (MCOs), the task becomes even more difficult. But as the single state Medicaid agency, the Health Care Authority (HCA) is responsible for overseeing all program integrity efforts. This includes the work of other agencies and the MCOs. This audit examined two areas of HCA’s Medicaid oversight responsibilities:

  • How HCA executive management could improve its oversight over program integrity
  • How HCA’s Division of Program Integrity could improve its internal structure and processes. This included looking at how the Division might more effectively reduce fraud and other improper payments.

HCA suggested a performance audit of its program integrity efforts could be beneficial, because the agency is making improvements in this area.

Read a two-page summary of the report.

Report Number 1028710 Report Credits

Key results

The audit’s results fall into four broad areas:

  • HCA executives’ oversight responsibilities within their own agency. We found that HCA executives have taken steps to consolidate program integrity efforts. One important step was establishing the Division of Program Integrity in 2020. However, this work would benefit from improved strategic planning at the agency and division levels.
  • Oversight of Medicaid program integrity efforts at sister state agencies. Two state agencies – the Department of Social and Health Services (DSHS) and the Department of Children, Youth, and Families (DCYF) – spend substantial amounts of Medicaid funds. This makes them “sister state agencies.” Thus, their Medicaid spending is subject to HCA oversight. While these agencies said they have processes in place to ensure they spend Medicaid funding properly, HCA has not overseen their efforts.
  • The Division’s program integrity efforts with MCOs and corresponding oversight. The Division is establishing ways to hold MCOs accountable for their role in program integrity efforts. However, it could improve its oversight by directly auditing providers and recovering overpayments.
  • The Division’s processes to generate and evaluate the leads that become audits, reviews and investigations of Medicaid providers. The audit found that improving audit selection practices would help the Division prioritize resources for high-risk cases. Doing so would also help HCA meet federal requirements.


Medicaid is a large, high-risk program, serving millions of Americans. To ensure it operates properly, federal regulations set out numerous program integrity requirements. The Government Accountability Office considers Medicaid high risk due to:

  • Its diverse and expanding population of clients and providers
  • Large overall payment sums
  • Complex billing and coding systems

The Centers for Medicare and Medicaid Services (CMS) provides the federal regulatory framework for Medicaid program integrity. CMS attributed significant amounts of improper payments during 2019 to two primary reasons:

  • First, insufficient documentation to verify client eligibility
  • Second, state Medicaid agencies did not comply with federal requirements for screening and enrolling providers

Overall, these issues produced a nationwide Medicaid improper payment rate of 14.9 percent. This means approximately one in seven Medicaid payments lacked sufficient documentation or displayed some sort of error.

As Washington’s state Medicaid agency, HCA must oversee all program integrity efforts, including those at sister state agencies. Two such agencies – the Department of Social and Health Services (DSHS) and the Department of Children, Youth, and Families (DCYF) – spent more than $4 billion total in Medicaid funding in fiscal year 2020. Oversight forms a safety net to ensure policies are implemented and funding is spent as intended. Oversight tasks can include reviewing reports, monitoring results and implementing corrective action plans when necessary.

New Division highlights work

In the past, HCA’s organizational structure for program integrity efforts shifted repeatedly in response to concerns about decentralization, accountability and changing operations. The final organizational change, in January 2021, integrated provider enrollment with other crucial program integrity efforts. Provider enrollment is an important aspect of program integrity. Staff check federal exclusion lists to ensure providers with known histories of fraud, waste or abuse do not provide services for Medicaid. By moving provider enrollment to the new Division, HCA executives addressed a recommendation by CMS aimed at reducing the fragmented responsibility for program integrity.

The audit found HCA’s agencywide strategic plan makes only limited mention of program integrity. Furthermore, while the agencywide plan includes mention of provider enrollment and data analytics for program integrity, it does not set specific objectives for any program integrity effort. Clearly stating those objectives in the plan would emphasize the importance of program integrity to everyone in the agency.

HCA executives conduct some oversight of program integrity efforts. However, they can improve their monitoring through better use of performance measures. Current meetings and committees are insufficient to verify the agency is meeting all program integrity requirements. HCA has some program integrity measures but lacks others recommended by experts and used by other states. At present, Division managers actively monitor only one measure, concerning deadlines for draft audit reports. The lack of good performance measures also makes it harder to demonstrate success to the Legislature and other stakeholders.

Oversight of agencies lacking

Federal regulations require HCA to oversee program integrity efforts at sister state agencies: DSHS and DCYF. HCA executive leadership formalized oversight responsibilities in agency policy and interagency agreements, and assigned this responsibility to the Division.

However, the Division has not overseen program integrity efforts at sister state agencies. Nonetheless, CMS expects sound fiscal stewardship of Medicaid funding. The audit review of other states’ practices found useful examples of what this could look like. DSHS and DCYF said they have processes in place to ensure they spend Medicaid funding properly. However, the Division has not overseen those program integrity efforts for several reasons:

  • Division managers have not assigned oversight of sister state agencies to any of the units
  • The Division lacks a Statewide Medicaid Fraud and Abuse Prevention Plan outlining roles and responsibilities across key partners
  • Change, transition and the lack of a Plan left managers uncertain of their oversight responsibilities

For example, the audit found that instead of a single plan, HCA has multiple documents. Various agreements outline program integrity roles and responsibilities, but were created at different times and without reference to each other. The documentation that does exist fails to address several federal requirements, to include all program integrity oversight responsibilities, and to describe current practices.

Opportunities with MCOs

Managed care changed how Medicaid pays for services, requiring a different approach to program integrity efforts. Formerly, the Medicaid agency simply checked to make sure it paid the right amount, to the right provider, for the right service for an eligible client. Under managed care, managed care organizations (MCOs) act as contracted intermediaries between state Medicaid agencies and providers. The contracts spell out what each party must do to ensure program integrity. They also detail the consequences MCOs face if they do not live up to the requirements.

The Division is establishing ways to hold MCOs accountable for their role in program integrity efforts. For example, after the Division audited data used to set monthly payment rates, HCA executives sanctioned the five MCOs a total of nearly $1 million. Also, the Division requires MCOs to regularly report on their program integrity efforts. HCA staff discuss the results with the organizations on a quarterly basis. In addition, HCA recently updated the contract to allow additional financial penalties for failure to fulfill program integrity requirements.

However, the Division could improve its oversight of MCOs by directly auditing providers and recovering overpayments. In addition to auditing encounter data, the Division should also audit providers contracted with the MCOs. The Division started reviewing providers contracted with MCOs but never initiated formal audits due to uncertainty as to what to do with the results. Also, Division managers said they lacked guidance on how to handle identified overpayments. These processes are currently being finalized, with Division managers included as decision makers.

Audit selection practices

The Division can improve the ways it generates and evaluates the incoming leads that become reviews, audits and investigations of Medicaid providers. These leads include complaints and referrals of alleged fraud, waste or abuse concerning Medicaid contractors, providers, clients or programs. The Division receives leads from members of the public, MCOs and sister state agencies. It also identifies leads through its own data analytics.

Other states’ integrity programs provide examples of how to implement expert recommendations. These strategies include:

  • Conduct risk assessments or evaluate leads with established risk factors
  • Rely on data analytics to generate leads
  • Conduct a preliminary review of incoming leads. This review might include analyzing data about the lead and reviewing records like billing histories.
  • Determine the credibility of all allegations of potential fraud before referring to the state’s Medicaid Fraud Control Unit

Florida’s integrity program, for example, reported that shifting to a risk-based approach for identifying suspicious activity resulted in a significant increase in referrals to law enforcement.

The Division does not use risk assessments or formally established risk factors to guide its audit plans. While staff look for outliers and trends, only two of four units rely on proactive data analytics to develop workplans. The Division recently established a team to review and prioritize leads, but Division managers had different perspectives on whether the team consistently received necessary data. As the Division does not determine the credibility of fraud allegations for MCOs and DSHS, it cannot take appropriate action for many situations that merit scrutiny.


Our audit has identified a number of opportunities for HCA to improve both its own program integrity efforts and its oversight of other entities’ efforts. HCA agrees with our recommendations and has already begun implementing them.

The audit recommends HCA executives improve overall oversight, strategic planning and performance measurement. It also recommends Division of Program Integrity managers improve:

  • Strategic planning and performance measurement
  • Oversight of program integrity at sister state agencies and MCOs
  • Audit selection and assignment process within the Division