Skip all navigation Skip to page navigation
NC Department of Health and Human Services
NC Division of
Medical Assistance

Medicaid Integrity Program Provider Audit


The Deficit Reduction Act of 2005 (Section 1936 of the Social Security Act) provided for the creation of the Medicaid Integrity Program (MIP) and dramatically increased the Federal government's role and responsibility in combating Medicaid fraud, waste, and abuse. Section 1936 of the Social Security Act (the Act) requires the Centers for Medicare & Medicaid Services (CMS) to contract with eligible entities to review and audit Medicaid claims, to identify overpayments, and to provide education on program integrity issues. Additionally, the ACT requires CMS to provide effective support and assistance to states to combat provider fraud and abuse.

The Act also requires CMS to periodically publish its Comprehensive Medicaid Integrity Plan (CMIP). The CMIP is developed in consultation with Medicaid program integrity partners and stakeholders including, but not limited to, the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), the Health and Human Services Office of Inspector General (HHS-OIG), and the state Medicaid agencies and state Medicaid fraud control units.

In addition, the CMS Medicaid Integrity Group (MIG), which administers MIP, regularly consults with the Medicaid Fraud and Abuse Technical Advisory Group (TAG) and its MIP advisory committee. Both are comprised of representatives of the partners and stakeholders described above along with other SMS staff involved in program integrity.

Medicaid Integrity Contractors (MICs)

Section 1936 of the Act requires CMS to enter into contract with MICs to perform four key program integrity activities:

  1. Review provider actions;
  2. Audit claims;
  3. Identify overpayments; and
  4. Educate providers, managed care entities, beneficiaries, and others with respect to payment integrity and quality of care.

These contractors are known as the MICs. There are three types of MICs:

Review MICs

Review MICs analyze Medicaid claims data to identify aberrant claims and potential billing vulnerabilities, and provider leads to Audit MICs of Medicaid providers to be audited. There are five Review MICs:

  • Thomson Reuters
  • AdvanceMed Corporation
  • ACS Healthcare Analytics
  • IMS Government Solutions
  • SafeGuard Services

Audit MICs

Audit MICs conduct post-payment audits of all types of Medicaid providers and, where appropriate, identify overpayments. There are four Audit MICs:

  • Health Management Systems
  • Fox & Associates
  • Health Integrity
  • IPRO

Education MICs

Education MICs work with the Review and Audit MICs to educate Medicaid pProviders, managed care entities, recipients, and others about appropriate and accurate billings for services under the Medicaid Program and about quality of care issues affecting Medicaid recipients.

The Education MIC for North Carolina is Strategic Health Solutions, LLC.

The Education MIC will conduct education throughout North Carolina utilizing various means of education, e.g., in-person, distance learning, and independent learning mechanisms.

Which providers will be subject to audit?

Any Medicaid provider may be audited including, but not limited to, fee-for-service providers, institutional and non-institutional, as well as managed care entities.

How are providers selected?

Providers usually will be selected for audits based on data analysis by other CMS contractors. They also will be referred by state agencies. CMS will ensure that its audits neither duplicate state audits of the same providers nor interfere with potential law enforcement investigations.

What should a provider do if it receives a Notification Letter that it has been selected for audit?

Gather the requested documents as instructed in the letter. CMS contractors have the authority to request and review copies of provider records, interview providers and office personnel, and have access to provider facilities. Requested records must be made available to the Audit MICs within the requested timeframes. Generally, providers will have at least two weeks before the start of an audit to make their initial production of documents to the Audit MICs.

In obtaining documents, Audit MICs will be mindful of state-imposed requirements concerning record production. Moreover, Audit MICs may accommodate reasonable requests for extensions on document production so long as neither the integrity nor the timeliness of the audit is compromised.

The Audit MICs will also contact the provider to schedule an entrance conference. Notification Letters will identify a primary point of contact at the Audit MIC if there are specific questions about the Notification Letter or the audit process.

What process will follow the completion of the audit?

The Audit MIC will prepare a draft audit report, which will first be shared with the state and thereafter with the provider. The state and the provider each will have an opportunity to review and comment on the draft report’s findings. CMS will consider these comments and prepare a revised draft report. CMS will allow the State to review the revised draft report and make additional comments. Thereafter, CMS will finalize the audit report, specify any identified overpayment, and send the final report to the state.

The State will pursue the collection of any overpayment in accordance with state law. Providers have full appeal rights under state law. The Audit MICs will be available to provide support and assistance to the states throughout the state adjudication of the audit.

For information on the Medicaid Integrity Program, please email
 Ready NC Connect NC