If the Affordable Care Act (ACA) is repealed – the potential effect on program integrity protections remains unclear.

Over the last few years, the effect of an ACA repeal on health care and health plan coverage has been a topic of intense focus. This is especially true as the Supreme Court heard oral arguments on November 10, 2020 in a case seeking to repeal the ACA (California vs Texas, No. 19-840). The primary concern of ACA proponents is the impact on health care coverage for over 100 million Americans. However, the ACA and its progeny also include significant program integrity enhancements which appear to be above the political fray related to the contested legislation. Therefore, the outcome of the current ACA challenge may have consequences beyond the primary coverage and enrollment concerns. 

Among other things, the ACA program integrity provisions enable states to better protect their Medicaid beneficiaries and federal funds from providers terminated or excluded from participation in state or federally funded programs. Enhanced data sharing mechanisms created by CMS through the ACA (and accessible to states) created an avenue for states to report and identify providers terminated for cause from federal program contracts nationwide. Before the ACA was passed into law, a provider could easily slip through the cracks and just move to another state and apply to participate in that state’s Medicaid program.

The intent of the ACA program integrity provisions was twofold. First, they were meant to prevent payment of any federal funds, directly or indirectly, to providers excluded from participation in a federal health care program for serious offenses. The second goal was to enhance detection of excluded providers through a national process that could be accessed by all state Medicaid agencies.

Over the last decade, the federal legislative focus to eliminate participation of terminated or excluded providers from federal programs and access to federal funds has been consistent and progressive:

1) In 2011, the ACA was enacted. Section 6501 of the ACA required states to terminate the participation of any individual or entity if such individual or entity is terminated under Medicare or any other Medicaid State plan. In addition, Section 6401(b)(2) of the ACA required CMS to establish a process for making available to each State agency with responsibility for administering a State Medicaid plan the name, national provider identifier, and other identifying information for any provider of medical or other items or services or supplier under the Medicare or CHIP program that is terminated from participation under that program.  

2) In 2016, the Medicaid Managed Care Rule prohibited Medicaid/CHIP managed care organizations from employing or contracting with providers excluded from participation in federal health care programs. 42 CFR § 438.214.  These revised regulations required all states to mandate that Medicaid managed care providers directly enroll with state Medicaid agencies.  See 42 CFR 455.410. The revised Medicaid regulations also explicitly state that if a managed care provider enrolls with a state Medicaid agency, he or she is not required to serve Medicaid fee for service patients. 42 CFR 438.608 (8)(b). Once this requirement was in place, state agencies could compile more accurate and effective data on all providers participating in either fee for service or managed care programs. This change also facilitated availability of the data needed by CMS to track providers from state to state to further prevent terminated or excluded providers from participating in Medicaid undetected by just moving to another state.

3) In 2018, the Cures Act required that state contracts with managed care organizations include a provision prohibiting providers who were terminated from Medicare, Medicaid or CHIP from participating in their Medicaid managed care networks.  In addition, the Cures Act required that states notify CMS of provider terminations.  

Nevertheless, the success of these efforts to protect both federal funds and federal program beneficiaries depends on the effective enactment of processes to capture, share and take action on provider termination data at the state levels, and on state agencies submitting the required data to CMS.

CMS also established a reporting process to enable electronic data submissions by state Medicaid agencies. The web-based portal, known as the Medicaid and CHIP State Information Sharing System (MCSIS), was created to facilitate a consistent process for Medicaid state agencies to report terminations as well as to retrieve data submitted by other states. Then, CMS replaced MCSIS with the One Pi Portal in 2013. The vision and purpose of this enhanced portal was to provide a secure, centralized environment containing current, consistent and integrated Medicare and Medicaid health benefits data analyzed with standard tools, to detect fraud waste and abuse, and protect health care expenditures.

However, the full potential of the CMS delivery and storage tools has not been realized because state submission of provider termination data has not been consistently gathered among the states.

• Five years after the enactment of the ACA, a study issued by the DHHS OIG revealed that twelve percent of providers terminated for cause in 2011 were still participating in other States’ Medicaid programs and many continued to participate as late as January 2014. The OIG recommended that state reporting of provider terminations be mandatory, and CMS concurred.
• In March of 2020, two years after the Cures Act was promulgated, the OIG issued a report finding that six percent of terminated providers were still enrolled in at least one state Medicaid program. As such, despite data submission challenges, creation of a national data repository, introduced with the ACA and extended by the Cures Act, is a foundational component t of program integrity.

Clearly, in order to more comprehensively oversee provider participation in all Medicaid programs, a national roster of all providers was needed. This required states to report to CMS not only those providers who contracted directly with the states for fee for service payment but also providers providing services through managed care arrangements. However, state Medicaid agencies still struggled to enroll providers contracted with managed care plans that participate in Medicaid. The majority of states did not require providers participating in Medicaid managed care to directly enroll with their state Medicaid agencies. Also, providers resisted direct enrollment because of the low reimbursement rates offered under fee for service Medicaid. In addition, many were reluctant to open up their busy practices to Medicaid beneficiaries.

Once these ACA and Medicaid regulations were enacted, some states independently also changed state law to mirror these the new federal requirements and increasingly modified provider contract language designed to support these mandatory reporting and enrollment standards.  Additionally, states were explicitly allowed latitude to engage in provider and supplier screening as well as enhanced provider and supplier oversight activities beyond those required by CMS. As such, despite the potential repeal of the ACA, these state level requirements would likely remain in place to help assure that, excluded or terminated providers cannot move from plan to plan within a state without detection.

The Supreme Court may address the legal concerns related to the ACA in many ways – it may uphold the law in full or choose to repeal it in whole or in part. If the ACA is significantly or completely repealed, the impact to the program integrity aspects of the law, including those that impact provider termination and Federal OIG exclusion as discussed here, remains an open question. Nevertheless, effective exclusion checking of leie exclusion lists will remain key to compliance program integrity and Medicaid fraud control.

Please refer to this resource for more helpful information on OIG Exclusion Screening.