Medicaid Fraud Control Unit (MFCU) Reporting Accuracy: Then and Now

two people analyzing a group of charts and documents with pens in their hands

The Office of Inspector General (OIG) is not the only source for exclusions. Did you know that the state Medicaid agency and/or State Attorney General, if applicable, in each state must report its actions to the Federal OIG promptly after the agency takes a final action? (Social Security Act 1902(a)(41) and 42 CFR 1002.3(b)(3). In this article, we’ll take a look at how well reporting has taken place given the latest OIG research data, and compare Q1 2017 results from our latest CHIRP report.

On June 1, 2012, the Federal Register published an important mandate to measure the success of state Medicaid Fraud Control Units. OIG Exclusions Performance Standard 8(f) calls for all state Medicaid Fraud Control Units to transmit to the OIG for HHS, “for purposes of program exclusions under section 1128 of the Social Security Act, all pertinent information on MFCU convictions within 30 days of sentencing, including charging documents, plea agreements, and sentencing orders.” Id. p. 32648.

States perform these functions through their Medicaid Fraud Control Units (MFCU). Section 1128(b)(5) of the Social Security Act specifies that providers who are suspended or excluded from participation or otherwise sanctioned for reasons bearing on professional competence, professional performance, or financial integrity by state Medicaid agencies are subject to a permissive exclusion by the OIG.  

State agencies report such actions to the OIG within thirty (30) days so that the OIG can determine if it needs to add those persons or entities to the OIG List of Excluded Individuals and Entities (LEIE) list for mandatory or permissive purposes.  

Furthermore, state Medicaid agencies must notify the OIG whenever state or local courts convict providers of offenses related to participation in the Medicaid program unless the MFCU has already done so. State Medicaid agencies and other entities, such as the MFCUs and State Licensure Boards, refer providers with final actions to the OIG.

At the end of Q-1 2017, the 40 state data sets contained over 60,000 excluded individuals and entities. Take a look at the information below to see how state reporting stacked up when compared to exclusions being added to the OIG’s list. 

State State Exclusions OIG Exclusion List Percentage of  Exclusions on Both Lists
Arkansas 1,048 274 26.15%
California 15,967 7,683 48.12%
Illinois 1,606 655 40.78%
Iowa 364 55 15.11%
Michigan 1,321 365 27.63%
Minnesota 452 31 6.86%
New Jersey 2,525 1,202 47.6%
New York 5,555 3,136 56.45%
Texas 10,669 4,692 43.98%

OIG Historical Audit Findings for State Medicaid Reporting

The OIG is in charge of auditing the performance and compliance with these standards.  A report on the State Medicaid Agency Referrals to the OIG (OEI-01-06-00301) dated August 5, 2008, to the CMS Director of Program Integrity, found that the OIG received MFCU final actions from 2004-2005 in an untimely manner, and in some cases, not at all.  

Results:  About two-thirds of providers with final actions imposed by state Medicaid Agencies in 2004-2005 were not found in the OIG database.  


  • The OIG report found that eleven (11) states had a match rate of less than 25%
  • Nine (9) states had a match rate of greater than 75%   
  • The match ranged from 0 – 100%
  • The median was 43%

Although this report is the most recent OIG study on the subject, at ProviderTrust, we conduct a quarterly analysis of state exclusions (those that are reported by the MFCU to the state Medicaid list) to determine if those records appear on the OIG LEIE list, too. 

State MFCUs have listed various reasons as to why they did not know which cases to report or why they were late in informing the OIG. No matter the reason, the OIG has proposed to clarify what is required and presented the Revised Rules for MCFU, which was published in September 2016.

The proposed rules expand the MCFUs functions and responsibilities and propose to require the following:

  • Submit all convictions to the OIG for purposes of program exclusion within thirty (30) days of sentencing, or as soon as practicable if a unit encounters delays from the courts.
  • Make information available, to and coordinate with, OIG investigators and attorneys, other federal investigators, and federal prosecutors on Medicaid fraud information and investigations involving the same suspects or allegations.
  • Transmit to the OIG pertinent information on all convictions, including charging documents, plea agreements, and sentencing orders for purposes of program exclusion under section 1128 of the Social Security Act.

By referring convicted individuals or entities to the OIG for exclusion, MFCUs help to ensure that such individuals and entities do not have the opportunity to defraud Medicaid and other federal health programs or to commit patient abuse or neglect. Historically, referrals by MFCUs have constituted a significant part of the exclusions imposed each year by the OIG. As such, the proposed rule would require that such information, outlined above, be provided within thirty (30) days of sentencing. In assessing whether such additional time is substantiated to report, the OIG will determine the steps the MCFU has taken to obtain the court documents in a timely manner.

But, it is getting better: MFCU Referrals to the OIG Have Increased Since 2011.

OIG exclusions resulting from unit conviction referrals have grown since 2011. In FYs 2014 and 2015, the number of exclusions resulting from Unit referrals was significantly higher than the number of annual exclusions from Unit referrals in FYs 2011 through 2013, as shown in Chart 4.


Monthly Healthcare Exclusion Monitoring is Best Practice 

Best practice for effective exclusion monitoring includes not only searching the OIG LEIE each month for your individuals and entities, but also the available state Medicaid exclusion agency sources. If your compliance plan includes searching all 43 publicly accessible federal and state lists, you will reduce your healthcare organization’s risk for future fines and penalties.  


Written by Michael Rosen, ESQ

ProviderTrust Co-Founder,

Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as Inc Magazine’s Inc. 500 Award and Nashville Chamber of Commerce Small Business of the Year.

 Connect with Michael on LinkedIn

Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.