Frequently Asked Questions

The traditional MEQC program at 42 CFR § 431.810 through 431.822 was originally designed to implement sections 1902(a)(4) “Administration Methods for Proper and Efficient Operation of the State Plan” and 1903(u) “Limitation of FFP for Erroneous Medical Assistance Expenditures” of the Social Security Act (the Act). The program required annual state reviews of Medicaid cases identified through a statistically valid statewide sample of cases selected from the state’s eligibility files. The reviews were conducted to determine whether the sampled cases meet applicable Medicaid eligibility requirements. The program evolved over time to allow states the option of selecting specific areas of focus within the Medicaid program for their annual MEQC reviews.

On July 5, 2017, CMS published a final regulation entitled “Changes to the Payment Error Rate Measurement (PERM) and Medicaid Eligibility Quality Control (MEQC) Programs (CMS-Medicaid Coordination of Benefits8- F).” This final rule updated the MEQC and PERM programs based on the changes to Medicaid and Children’s Health Insurance Program eligibility requirements under the Patient Protection and Affordable Care Act. The new regulation has restructured the MEQC program into an ongoing series of pilots that states are required to conduct during the two off-years between triennial PERM review years. The MEQC portions of the regulation are now covered by 42 CFR §§ 431.800-820.

FAQ ID:93416

The regulation requires states to submit a pilot planning document to CMS by November 1 of the year in which each state’s PERM review year ends. The pilot planning document must describe how states will conduct their active and negative case reviews and must be approved by CMS before the MEQC pilots can begin. In addition, the regulation requires states to submit case-level reports and corrective action plans to CMS by August 1 of the year after the MEQC review period ends. The specifications for the MEQC pilot planning documents are provided in the MEQC sub-regulatory guidance effective August 29, 2018. More details on the specifications of the case-level reports and corrective action plans are included in a second round of guidance, MEQC sub-regulatory guidance effective October 22, 2018.

FAQ ID:93421

As reconfigured under the final regulation of July 5, 2017, MEQC will work in conjunction with the Payment Error Rate Measurement (PERM) program. In those years when states undergo their triennial PERM reviews, the states will not conduct MEQC pilots. The latter will only be required in the two off-years between PERM review years. CMS has restructured the MEQC program so that it more effectively complements the PERM program and provides states with the necessary flexibility and opportunity to target specific problems or high-interest areas during the two off-years of the PERM cycle.

FAQ ID:93146

The MEQC requirements on active case reviews generally mirror the requirements of the eligibility component of PERM reviews. The regulation requires that states perform reviews of a sample of active Medicaid and Children’s Health Insurance Program (CHIP) cases to identify new eligibility approvals and renewals that were made in error. As in PERM, states will be required to submit case-level reports on the sampled cases they review and corrective action plans that describe steps taken to remediate the errors found.

However, in contrast to PERM, when states identify errors in their active Medicaid and CHIP cases, they will be required to undertake a payment review. This will consist of a review of all claims paid over the first three months after an erroneous eligibility determination was made, and a summary of the overstated or understated liability. States will in turn be required to submit adjustments to the amount of federal financial participation (FFP) claimed through the CMS-64 reporting process for Medicaid and the CMS-21 reporting process for CHIP. The adjustments are required for identified claims in which too much or too little FFP was received. There is no payment review or re-crediting requirement in PERM, although disallowance of FFP can be taken in states whose PERM error rate exceeds the national threshold of 3% based on a formula described at 42 CFR 431.1010. MEQC contains no such disallowance provision.

The MEQC program also contains one other significant element that is not found in PERM. Besides the requirement that states review at least 400 cases in their active case universe (including a minimum of 200 cases), MEQC requires states to review at least 400 negative case actions. At least 200 of these must be Medicaid and 200 must be CHIP. Negative case actions involve erroneous denials of Medicaid or CHIP eligibility or erroneous terminations from Medicaid or CHIP. This is an area with no PERM counterpart in which states will be developing case-level reporting and corrective actions. Negative case action reviews will not be triggered by PERM findings. Largely for this reason, the regulation requires that states pull their sample of these from the entire Medicaid and CHIP universe of cases. By sampling from the full range of Medicaid and CHIP cases, states should be able to obtain an overview of those sectors in their programs that may be especially vulnerable to improper denials or terminations.

FAQ ID:93196

The PERM/MEQC dates/cycles are as follows:

*??
CMS = Centers for Medicare & Medicaid Services
CAP = ??

FAQ ID:95156

No, an upper payment limit demonstration considers all Medicaid payments (base and supplemental). States must conduct UPL demonstrations for the applicable services described in State Medicaid Director Letter (SMDL) 13-003 regardless of whether a state makes supplemental payments under the Medicaid state plan for the services.

FAQ ID:92191

State laws determine what information is required of the health plans. A health plan's disclosure and use of information that is required to be submitted under state law - such as, information from insurer eligibility files sufficient to determine during what period any individual may be, or have been, covered by a health insurer and the nature of the coverage that is or was provided by the health insurer — is consistent with the HIPAA privacy provisions.

Under HIPAA, both the state Medicaid agency and most health insurers are covered entities and must comply with the HIPAA Privacy Rule in 45 CFR Part 160 and Part 164, Subparts A and E. In their capacities as covered entities under HIPAA, the state Medicaid agency and health insurers are restricted from using and disclosing protected health information (PHI), as that term is defined in 45 CFR section 160.103, other than as permitted or required by the HIPAA Privacy Rule. However, as relevant here:

1. A covered entity may use or disclose PHI to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of the law. (45 CFR 164.512(a)(1)) Under this provision, each covered entity must be limited to disclosing or using only the PHI necessary to meet the requirements of the law that compels the use or disclosure. Anything required to be disclosed by a law can be disclosed without violating HIPAA under the "required by law" provisions. Therefore, health insurers may disclose data elements in addition to the four minimum data elements, up to and including submission of an entire insurer eligibility file, to the extent such information is required to be submitted by state law. (45 CFR 164.512(a))
2. Separately, a covered entity may use or disclose PHI, without the consent of an individual, for payment activities, including to facilitate payment. (45 CFR 164.502(a)(1) and 164.506) Under HIPAA, the term payment includes activities undertaken by a health plan to determine or fulfill its responsibility for coverage and provision of benefits under the health plan. These activities include determinations of eligibility or coverage, adjudication or subrogation of health benefits claims, and collection activities. (45 CFR 164.501) To the extent plans are releasing this information to the Medicaid program for payment purposes; this is a separate basis for disclosure under HIPAA.
3. The HIPAA Privacy Rule generally requires covered entities to take reasonable steps to limit the use and disclosure of PHI to the minimum necessary to accomplish the intended purpose. (45 CFR 164.502(b)(1)) However, among other limited exceptions, the minimum necessary requirements do not apply to uses or disclosures that are required by law under 45 CFR 164.512(a).

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB)

FAQ ID:91216

Yes. There is a significant amount of third party coverage derived from health plans licensed in a different state than where the Medicaid beneficiary resides. This can commonly happen when the policyholder works in one state and lives in another state. For example, there may be policyholders who are enrolled in Medicaid coverage in Maryland, or have dependents that are enrolled, who work in Delaware, the District of Columbia, Pennsylvania, Virginia, or West Virginia and also have coverage through their employer in that state. This highlights the need for Medicaid agencies to obtain plan eligibility information from contiguous states in addition to collecting information in their respective state.

Another example is when Medicaid-eligible children are covered by the insurance plan of non-custodial parents who live in a different state than their child(ren). This example is not limited to contiguous states because non-custodial parents could reside in any state in the country. Depending on the size, it may be beneficial for the state to obtain the plan's entire eligibility file. The specific geographical areas to be included in the data exchange should be negotiated with the plans. We recommend use of a Trading Partner Agreement in the exchange of electronic data.

Finally, section 1902(a)(25)(I)(i) of the Social Security Act directs states, as a condition of receiving federal financial participation (FFP) for Medicaid, to have laws in effect that require health insurers doing business in their state to provide the state with the requisite information with respect to individuals who are eligible for, or are provided medical assistance, i.e., Medicaid beneficiaries. State law cannot reach beyond the entities that are "doing business" in their states.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB)

FAQ ID:91221

Yes. State Medicaid programs may enter into data matching agreements directly with third parties or may obtain the services of a contractor to complete the required matches. Such arrangements should comply with Health Insurance Portability and Accountability Act of 1996 (HIPAA)'s "Business Associate" requirements, where applicable. When the state Medicaid program chooses to use a contractor to complete data matches, including matches as required by the Deficit Reduction Act of 2005 (DRA), the program delegates its authority to obtain the desired information from third parties to the contractor.

Third parties should generally treat a request from the contractor as a request from the state Medicaid agency. Third parties may request verification from the state Medicaid agency that the contractor is working on behalf of the agency and the scope of the delegated work.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB)

FAQ ID:91226

Yes. State Medicaid programs may contract with MCOs to provide health care to Medicaid beneficiaries, and may delegate responsibility and authority to the MCOs to perform third party liability TPL discovery and recovery activities, including data matches as required by the Deficit Reduction Act of 2005 (DRA). The Medicaid program may authorize the MCO to use a contractor to complete these activities. The contract language between the state Medicaid agency and the MCO dictates the terms and conditions under which the MCO assumes TPL responsibility. Generally, any TPL administration and performance standards for the MCO will be set by the state and should be accompanied by state oversight.

When TPL responsibilities are delegated to an MCO, third parties are required to treat the MCO as if it were the state Medicaid agency, including:

1. Providing access to third party eligibility and claims data to identify individuals with third party coverage;
2. Adhering to the assignment of rights from the state to the MCO of a Medicaid beneficiary's right to payment by such insurers for health care items or services; and,
3. Refraining from denying payment of claims submitted by the MCO for procedural reasons.

Third parties may request verification from the state Medicaid agency that the MCO or its contractor is working on behalf of the agency and the scope of the delegated work.

Supplemental Links:

• This FAQ was released as part of a larger set. View the full set. (PDF, 252.32 KB)

FAQ ID:91231