Frequently Asked Questions

In most cases once they are created, the documents will simply be updated to account for the additional modules being planned or developed. A new document is not necessarily created for each module. If a state calls a document by a different name, the state should inform CMS of the name difference.

FAQ ID:95076

Granting CMS direct access to the state's evidence repository is the preferred method for making evidence available to CMS. If that is not possible, the state may make other secure arrangements with CMS, such as using encrypted File Transfer Protocol (FTP). It is critical to follow all Health Insurance Portability and Accountability Act (HIPAA) regulations when submitting evidence that contains personal health information (PHI) and personally identifiable information (PII).

FAQ ID:95081

No. Only the checklists pertaining to the modules undergoing review need to be included, and that only for the report created in preparation for a milestone review. However, the IV&V progress report should include risks and recommendations for the entire project--not just those about to undergo a milestone review.

FAQ ID:95086

When streamlining the core checklists (IA, TA and S&C checklists), we found that some criteria fit better in other checklists, so they were moved. To keep traceability simple for the states, we chose to keep the original identifiers for any criteria that were moved. The same holds true for criteria moved to the programmatic tab of the IV&V progress report template.

FAQ ID:95091

No, E&E systems are not subject to certification. Though the Medicaid Eligibility and Enrollment Toolkit (MEET) was based on the MMIS toolkit, the MEET was created as a way to align how CMS reviews Medicaid enterprise systems and is a means for CMS to provide technical assistance to the states.

FAQ ID:95096

IV&V contractor activities must still be performed such as checklist evaluation, artifact review and preparation of IV&V Progress Reports. The state should provide a plan and timeline for how these activities will be supported and performed until the proper IV&V contract can be either procured or aligned with updated CMS guidance on IV&V.

FAQ ID:94866

MARS-E 2.0 compliance is not required by CMS for states' MMIS, but CMS recommends that states follow applicable national privacy and security standards and practices for their MMIS. MARS-E 2.0 compliance is required for states' Medicaid/CHIP Eligibility and Enrollment (E&E) systems in order to maintain their Authority to Connect with CMS. Link for more information about MARS-E 2.0: https://www.medicaid.gov/federal-policy-guidance/downloads/cib-09-23-2015.pdf (PDF, 105.5 KB).

FAQ ID:94871

For E&E and MMIS, enhanced FFP funding is available at 90 percent via the usual Advanced Planning Document process.

FAQ ID:94876

As contained in the MECT standard RFP/contract language required by CMS, CMS does not cover activities that the state may require of the IV&V contractor during ongoing O&M. However, as Medicaid is moving away from monolithic single applications, it is expected that states will continuously update and replace modules in their enterprise. Therefore, IV&V should always have a role to ensure successful integration and testing.

FAQ ID:94881

If an organization is performing another role (such as systems integrator, PMO, quality assurance, etc.) on the MMIS or E&E project, it may not perform the IV&V function on the same project. A state may contract the same vendor to perform the IV&V role for both its E&E and MMIS projects.

FAQ ID:94886