Raleigh, N.C. — An audit released Thursday found problems with the way state health officials and a contractor approve health providers for Medicaid, saying they could open the door to possible abuse and fraud.
State Auditor Beth Wood didn't find any doctors, hospitals or other providers inappropriately enrolled in Medicaid, the health insurance program for the poor and disabled. But officials at the state Department of Health and Human Services say they're working on better safeguards in response to the audit, which found the agency "did not provide reasonable assurance" that only qualified providers were approved.
“As evidenced by Secretary (Aldona) Wos’ expansion of our internal audit staff, DHHS values audits that strengthen our processes and increase accountability,” spokesman Kevin Howell wrote in an emailed statement Thursday.
Before medical providers can receive payment for treating Medicaid patients, they need approval from the state. The first stage of the process is outsourced to Computer Sciences Corp., which the state paid $5.3 million in 2013 to screen each provider's application for past sanctions, licensure issues and criminal violations.
CSC can approve or deny applications on its own, but some "higher-risk" providers are sent back to DHHS when it's harder to make a clear call.
After examining provider approvals from 2012, auditors found DHHS employees failed to sufficiently document how they reached their decisions 65 percent of the time. That included a choice to approve one provider with past felony convictions for possession of controlled substances.
"These actions are potential reasons to deny a provider application," auditors wrote. "However, despite the severity or age of adverse actions, the Division approved these provider applications without sufficient, documented evidence to support the approval."
The audit also noted that a DHHS employee spent eight months approving high-risk providers without any additional research. The employee was fired, but only after a provider complaint prompted action from the agency.
DHHS implemented new rules last September after auditors shared some of their early findings. Auditors found those revised procedures "deficient," prompting state health officials to change things again in May.
"Most of the procedural weaknesses identified during 2012 have already been corrected as part of a larger effort to strengthen Medicaid operations across the board," Howell said in the email.
Auditors have not yet evaluated those new policies because DHHS didn't share them until after July 16, according to the report.
CSC also drew criticism in the audit for failing to document some of its required verification steps and for using flawed data such as misspelled provider names and incorrect Social Security numbers.
Like several other audits over the past few years critical of the health agency, investigators noted in Thursday's report that the state's contracts signed years ago are not strong enough to hold CSC accountable for coming up short.
That's true even for revised versions of the contract last year.
"The new contract terms implemented in 2013 include financial penalties for some performance measures, such as not meeting deadlines for processing applications," auditors wrote. "However, the existing performance measures are still deficient, as the contract does not include any requirements or standards for accuracy and reliability."
A WRAL News series in December detailed how weak contracts are often a major contributor to the problems with state-funded technology projects, only 12 percent of which come in on time and on budget.