State Medicaid Fraud Control Units Must Inform OIG Within 30 Days

State Medicaid Fraud Control Units Must Inform OIG Within 30 Days

State Medicaid Fraud Control Units (MFCU) are responsible for investigating Medicaid fraud. This is part of the responsibility assigned to them from Centers for Medicare and Medicaid Services as a part of receiving federal healthcare dollars to reimburse those services and items covered by Medicaid.

What are Medicaid Fraud Control Units?

According to the Office of Inspector General HHS site, “Medicaid Fraud Control Units (MFCUs) investigate and prosecute Medicaid provider fraud as well as patient abuse or neglect in healthcare facilities and board and care facilities.” MFCUs operate in 49 states and the District of Columbia. The MFCUs, usually a part of the State Attorney General’s office, employ teams of investigators, attorneys, and auditors; are constituted as single, identifiable entities; and must be separate and distinct from the state Medicaid agency. OIG, in exercising oversight for the MFCUs, annually re-certifies each MFCU, assesses each MFCU’s performance and compliance with federal requirements, and administers a federal grant award to fund a portion of each MFCU’s operational costs.” Performance Standard 8(f) states that a unit should transmit to the federal OIG reports of all convictions for the purpose of exclusion from federal healthcare programs, within 30 days of sentencing.

How are Medicaid Fraud Control Units Evaluated?

On June 1, 2012, the Federal Register published an important mandate to measure the success of state Medicaid Fraud Control Units. OIG Exclusions Performance Standard 8(f) calls for all state Medicaid Fraud Control Units to transmit information to the OIG for HHS. The OIG published its annual review of state MFCU consistency with this required mandate:

OIG Requirement of Medicaid Fraud Control Units

for purposes of program exclusions under section 1128 of the Social Security Act, all pertinent information on MFCU convictions within 30 days of sentencing, including charging documents, plea agreements, and sentencing orders.”

Id. p. 32648.

The OIG reviews many components of a state MFCU compliance with 12 performance standards and monitors MFCU compliance with federal grant requirements. This can include the review of policies and procedures, documentation of the unit’s operations, staffing and caseload as well as financial documentation, structured interviews with key stakeholders, and review of the sample of cases worked by the unit.

State Medicaid Fraud Control Units (MFCUs) Poor Reporting Performance

State MFCUs have listed various reasons as to why they did not know which cases to report or why they were late in informing OIG. No matter the reason, OIG has proposed to clear up what is required and Revised Rules for MFCU, which was published on 9-9-16.

The proposed rules expand the MFCU’s functions and responsibilities and propose to require that MFCU adhere to the following:

  • Submit all convictions to OIG for purposes of program exclusion with thirty (30) days of sentencing, or as soon as practicable if a unit encounters delays from the courts.
  • Make information available, to and coordinate with, OIG investigators and attorneys, other federal investigators, and federal prosecutors on Medicaid fraud information and investigations involving the same suspects or allegations.
  • Transmit to OIG pertinent information on all convictions, including charging documents, plea agreements, and sentencing orders, for purposes of program exclusion under section 1128 of the SSA.

By referring convicted individuals or entities to OIG for exclusion, MFCUs help to ensure that such individuals and entities do not have the opportunity to defraud Medicaid and other federal health programs or to commit patient abuse or neglect. Historically, referrals by MFCUs have constituted a significant part of the exclusions imposed each year by OIG. As such, the proposed rule would require that such information, outlined above, be provided within thirty (30) days of sentencing. In assessing whether such additional time is substantiated to report, OIG will assess the steps the MFCU has taken to obtain the court documents in a timely manner.


Whatever results from these clarifying MFCU reporting rules, the OIG-LEIE can only receive those cases that resulted in a conviction, sentence or plea agreement that would require it to add the name of the individual or entity to the list from the MFCU. Without timely reporting, the OIG-LEIE list will not be all-encompassing and creates a big gap for exclusion compliance for your organization. Accordingly, make sure to cover the OIG-LEIE,, and all available state Medicaid exclusion lists in your monthly exclusion monitoring program in 2017.

Written by Michael Rosen, ESQ

ProviderTrust Co-Founder,

Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as Inc. Magazine’s Inc 500 Award and Nashville Chamber of Commerce Small Business of the Year.

 Connect with Michael on LinkedIn

Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.