An audit of North Carolina’s Medicaid program has revealed numerous issues that the Office of the State Auditor says pose a threat to patient safety. Among them, how the North Carolina Department of Health and Human Services (NCDHHS) allowed providers with license limitations, suspensions, or other credential issues to remain in the program.
North Carolina State Auditor Dave Boliek released the audit on Thursday.
He said it was conducted to determine if DHHS had implemented changes for similar issues found in a 2021 audit. The 2025 audit found that leadership didn’t fully fix the issues, leaving those on Medicaid and taxpayers vulnerable to fraudulent and potentially dangerous behavior.
Auditors had four findings:
1. Did Not Fully Implement Recommendations to Identify and Remove Providers with Suspended or Terminated Licenses
Licensing boards can suspend or terminate provider licenses for negligence, professional misconduct, fraud, and sexual misconduct.
Auditors also noted that providers with non-practice agreements were not removed from the Medicaid program and continued to serve Medicaid patients, receiving payment from the state.
Auditors obtained lists of all Medicaid providers disciplined by four state professional licensing boards from Jan. 1 through Dec. 31, 2023, directly from the licensing boards. Of the 63 Medicaid providers who were disciplined by their licensing board, 20 (32%) had a suspended or terminated license. Auditors tested all 20 providers and determined that one (5%) provider was not removed from the Medicaid program at all, and one (5%) provider was not removed in a timely manner.
Auditors say the problems were caused in part because management from the Medicaid Division of NCDHHS did not remove providers who entered into non-practice agreements with licensing boards because it changed its position and stated it was not required to terminate them, a change in stance from the division in 2021.
RECOMMENDATIONS
Auditors recommend that division management should remove all providers whose professional licenses have been suspended, terminated, or who have entered into non-practice agreements.
Policies and procedures should also include identifying and removing providers who cannot practice or perform any act that requires a license.
Finally, in this and the following recommendations, auditors say management should fully implement prior audit recommendations in a timely manner to reduce risks.
2. Did Not Fully Implement Recommendations to Remove Providers with Professional License Limitations That Pose Threats to Medicaid Patients
The second finding was similar to the first in that management from the Medicaid Division agreed with the findings and recommendations in the 2021 audit but changed their position this time around, stating that they weren’t required to terminate them, according to Boliek’s office. Further, management did not remove providers with license limitations because it believed licensing boards monitored and enforced disciplinary actions imposed on providers.
Because the division allowed all providers with professional license limitations to remain enrolled in Medicaid, auditors say there may have been an increased risk to patient safety. They obtained lists of all Medicaid providers disciplined by four state professional licensing boards from Jan. 1 through Dec.31, 2023, directly from the licensing boards. Of those 63 Medicaid providers who were disciplined by their licensing board, 32 (51%) had current license limitations.
RECOMMENDATIONS
Auditors recommended that division management remove all providers with professional license limitations who threaten patients’ safety from the Medicaid program.
Also, policies and procedures for the continued enrollment of providers with license limitations should describe the types of limitations the division finds acceptable. The policy should also require adequate documentation to support decisions to either enroll or deny enrollment.
3. Did Not Fully Implement Recommendations to Strengthen Provider Credential Verification
Auditors say that the division did take some recommendations from a previous audit and updated its provider credential verification procedures during the Medicaid provider enrollment re-verification process.
The division now directly verifies most provider credentials (including accreditations and certifications) with the credentialing agency during the initial and re-verification process.
However, while the division has strengthened its processes by taking the above actions, it did not ensure enrolled providers possessed Drug Enforcement Administration (DEA) certification.
Auditors obtained and reviewed professional credentialing documentation for all 63 Medicaid providers who had disciplinary actions taken against their professional license from Jan. 1 through Dec. 31, 2023, to determine whether these providers’ credentialing requirements had been verified. Of these, 9 (14%) did not possess the required DEA certification, or the division could not provide evidence that the providers’ DEA certifications were verified.
Division management stated that it did not verify whether providers possessed required DEA certifications because it relied on providers to do so independently.
Management stated that it did not verify provider DEA certifications because pharmacies were required to confirm that providers possessed the required DEA certifications before filling prescriptions for controlled substances.
Federal regulation requires the division to verify that providers have all required professional licenses to participate in Medicaid.
Recommendations
Division management should verify that providers possess DEA certifications, given the potential risk posed to Medicaid patients from providers prescribing controlled substances without required DEA certification.
4. Did Not Fully Implement Recommendation to Corroborate Provider Ownership Information
The division did not fully implement recommendations to corroborate the accuracy of ownership information of Medicaid providers during the Medicaid provider enrollment process, including owners, managing employees, or others with controlling interest (collectively referred to as ownership information).
As part of the Medicaid provider enrollment process, the division performs criminal background checks on all disclosed owners and managing relationships associated with the provider record. Without corroborating ownership information, there is a risk that providers submitted inaccurate information, and undisclosed owners go without their credentials being evaluated and a background check performed.
In response to the 2021 audit, division management implemented a procedure performed during the Medicaid provider initial enrollment process to compare provider-disclosed ownership information to CMS’s Provider Enrollment, Chain, and Ownership System (PECOS)
As such, auditors found that the division’s comparison to PECOS does not always result in ownership corroboration.
Auditors tested a sample of 60 approved applications during initial enrollment from Jan. 1 through Dec. 31, 2023, to verify that the division confirmed and compared disclosed ownership information to PECOS. Auditors determined that 52 of the 60 (87%) tested providers did not have ownership information in PECOS or documentation to support that the ownership information was compared to PECOS.
The division did not corroborate the ownership information for any of the 4,860 reverification applications that were approved from Jan. 1 through Dec. 31, 2023, during the Medicaid provider enrollment re-verification process.
Division management stated it accepted the provider’s electronic signature on the NC DHHS Provider Administrative Participation Agreement as the provider’s attestation that all required ownership disclosures were provided.
Auditors said that, as a result, the division’s actions could have caused serious issues.
While division management acknowledged that ownership should be disclosed on Medicaid provider enrollment applications, they stated they did not always corroborate provider ownership information during the initial application or reverification because there was no required federal or state law.
Recommendations
The division should corroborate the accuracy of all provider ownership information with data available from state licensure boards or the Secretary of State. This should be completed so background checks can be performed and identified ineligible providers removed from Medicaid to protect the safety of Medicaid patients and prevent inappropriate payments from the state.
Auditors also found that the NCDHHS Division of Health Benefits management should increase the monitoring of the $1.5 billion contract with General Dynamics Information Technology (GDIT). The Department contracts with GDIT, a non-governmental organization, to perform most of the provider enrollment functions on behalf of the Division.
NCDHHS MEDICAID DIVISION RESPONSE
NCDHHS Medicaid Division agreed with the third finding but disagreed with the remaining three.
The post Audit: DHHS kept Medicaid providers on the program despite license limitations and suspensions first appeared on Carolina Journal.
The post Audit: DHHS kept Medicaid providers on the program despite license limitations and suspensions appeared first on First In Freedom Daily.
Click this link for the original source of this article.
Author: Theresa Opeka
This content is courtesy of, and owned and copyrighted by, https://firstinfreedomdaily.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.
