Frequently Asked Questions

Unlike the UPLs for other Medicaid institutional payments, which rely on an aggregate approach by ownership category (private, state owned, non state government owned) to ensure Medicaid payments are consistent with efficiency and economy, the PRTF UPL is calculated for each facility. Specifically, the UPL relies on 42 CFR 447.325 which states that Medicaid agencies “may pay the customary charges of the provider but must not pay more than the prevailing charges in the locality for comparable services under comparable circumstances." The plain language meaning of this requirement is that a state may pay a PRTF no more than it charges for covered Medicaid services provided to Medicaid recipients.

FAQ ID:92416

Yes, the state is required to report the number of Medicaid days. This information is recorded at variable 310 – Medicaid days.

FAQ ID:92421

The UPL data for out of state providers does not need to be included in the UPL demonstration. If the state has provider level data then it may include it in the demonstration within the private ownership category of providers.

FAQ ID:92426

As contained in the MECT standard RFP/contract language required by CMS, CMS does not cover activities that the state may require of the IV&V contractor during ongoing O&M. However, as Medicaid is moving away from monolithic single applications, it is expected that states will continuously update and replace modules in their enterprise. Therefore, IV&V should always have a role to ensure successful integration and testing.

FAQ ID:94881

If an organization is performing another role (such as systems integrator, PMO, quality assurance, etc.) on the MMIS or E&E project, it may not perform the IV&V function on the same project. A state may contract the same vendor to perform the IV&V role for both its E&E and MMIS projects.

FAQ ID:94886

To reduce potential conflict of interest, CMS is ensuring that states are arranging IV&V services through contracts that should be owned outside of the agency that owns the MMIS or E&E project. The oversight organization for the IV&V contractor should not be involved in oversight of the development effort, a stakeholder in the business implementation, or the DDI contractor. The IV&V contract monitor should be aware of system development problem solving, reporting, and contractor management. This contract oversight provides true independence between the IV&V contractor and system development teams. This requirement is consistent with other HHS agencies' practices and industry best practices.

FAQ ID:94891

CMS encourages states to reuse modular solutions as much as possible. If a state can reuse a modular solution from another state with minimal changes or customization, CMS will work with the state to streamline the certification process as much as possible to leverage knowledge of the reused solution. However, CMS will still require a certification decision for each state implementation of reused solutions to ensure compliance with federal regulations.

FAQ ID:94896

All the criteria in the checklists (MITA, MMIS or Custom) are the same. The difference between checklists is the criteria organization within the checklists. If the services solution is innovative, unique, or an unconventional approach, then the custom checklist approach might be appropriate. The RO will work with the state and vendors to decide which checklist set is best suited for the state's certification. Both service and traditional-type solutions need to meet all certification criteria to ensure compliance with federal regulations.

FAQ ID:94901

Yes, CMS will support the costs for this kind of MMIS transition. We encourage states to ensure that both the current vendor's and new solutions provider's contracts account for this transition period and address a prorating of cost during this time. States should minimize the costs of transition by performing due diligence on the anticipated spending. The legacy system provider should be compensated for its role in ensuring a smooth transition, with a ramp-down of other operational costs. The new solutions provider should have deliverables in its contract that speak to the soft launch or phased launch approach, with an uptick in operational costs as the transition progresses.

FAQ ID:94906

State Medicaid agencies are required to have MMIS System Security Plan and Privacy Impact Assessment documents. State Medicaid agencies must perform regular routine security and privacy risk assessments to ensure the protection and safeguard of beneficiary data that is consistent with Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules. Please refer to the MECT for more details: https://www.medicaid.gov/medicaid/data-and-systems/mect/index.html

FAQ ID:94911