5160-26-06. Managed health care programs: program integrity - fraud, waste and abuse, audits, reporting, and record retention  

(A) Each managed care plan (MCP) must have administrative and management arrangements or procedures, including a mandatory compliance plan, to guard against fraud, waste and abuse as required in the managed care plan provider agreement located at http://medicaid.ohio.gov/.

(1) These arrangements or procedures must be made available to the Ohio department of medicaid (ODM) upon request.

(2) The MCP must annually submit to ODM a report that summarizes the MCP's fraud, waste and abuse activities for the previous year and identifies any proposed changes to the MCP's fraud, waste and abuse program for the coming year.

(B) ODM or its designee, the state auditor's office, the state attorney general's office, and the U.S. department of health and human services may evaluate or audit a contracting MCP's performance for the purpose of determining compliance with the requirements of Chapter 5160-26 of the Administrative Code, fraud, waste and abuse statutes, applicable state and federal regulations or requirements under federal waiver authority.

(C) ODM or its designee may conduct on-site audits and reviews as deemed necessary based on periodic analysis of financial, utilization, provider panel, and other information.

(D) The MCP must submit required reports and additional information, as requested by ODM, as related to its duties and obligations and where needed to ensure operation in accordance with all state and federal regulations or requirements.

(E) If the MCP fails to submit any ODM-requested materials, as specified in paragraph (D) of this rule, without cause as determined by ODM, on or before the due date, ODM may impose any or all of the sanctions listed in rule 5160-26-10 of the Administrative Code.

(F) Record retention.

The MCP and its subcontractors shall retain and safeguard all hard copy or electronic records originated or prepared in connection with the MCP's performance of its obligations under the provider agreement, including but not limited to working papers or information related to the preparation of reports, medical records, progress notes, charges, journals, ledgers, and fiscal reports, in accordance with applicable sections of the federal regulations, the Revised Code, and the Administrative Code. Records stored electronically must be produced at the MCP's expense, upon request, in the format specified by state or federal authorities. As specified in 42 C.F.R. 438.3 (October 1, 2018), such records must be maintained for a minimum of ten years from the renewal, amendment or termination date of the provider agreement. In the event the MCP has been notified that state or federal authorities have commenced an audit or investigation of the provider agreement, records must be maintained until such time as the matter under audit or investigation has been resolved. For the initial three years of the retention period, the MCP and its subcontractors must store the records in a manner and place that provides readily available access.