Georgia Medicaid Encounter Data and Program Integrity: A Complete Guide

By Brevy Care Team · Last verified May 12, 2026

::: hero Encounter data and program integrity are the backbone of Medicaid oversight. Encounter data is the claim-level record of every service delivered by a Medicaid managed care plan: who got what, when, where, by whom, at what cost. Program integrity is the broader oversight infrastructure: fraud detection, provider screening, audits, recoupments, and enforcement. Together, they protect the integrity of Georgia Medicaid spending each year and shape the experience of every beneficiary, provider, and managed care plan in the state.

This guide explains how Section 1903(m)(2)(A)(xi) and 42 CFR 438.242 require encounter data from managed care plans, how 42 CFR 438.818 sets submission and validation standards, how the federal Medicaid Integrity Program operates under Section 1936 SSA and DRA 2005 §6034, how Medicaid Recovery Audit Contractors operate under ACA 2010 §6411, how Medicaid Fraud Control Units operate under Section 1902(a)(61) and 42 CFR 455 Subpart B, how the OIG enforces exclusions under Section 1128 SSA, how provider screening under ACA 2010 §6401 and 42 CFR 455 Subpart E tiers providers as limited, moderate, or high risk, how T-MSIS modernizes federal Medicaid data, how the False Claims Act and the Anti-Kickback Statute create civil and criminal penalties, and how DCH Office of Program Integrity, the Georgia AG Medicaid Fraud Control Unit, and the Georgia State Inspector General coordinate. :::

::: callout title="Key takeaways"

• Encounter data is the claim-level record of every Medicaid managed care service. Under Section 1903(m)(2)(A)(xi) and 42 CFR 438.242, managed care plans must submit encounter data to the state.
• T-MSIS is the federal Medicaid data system. Georgia submits monthly to CMS through DCH, supporting MAX, CMS state reports, research, and program integrity analytics.
• Every state must have a Medicaid Recovery Audit Contractor. Under ACA 2010 §6411, RACs identify and recover improper payments on a contingency basis.
• Every state must have a Medicaid Fraud Control Unit. Under Section 1902(a)(61), MFCUs investigate and prosecute provider fraud and patient abuse. Georgia's MFCU is in the Attorney General's office at 404-463-2640.
• The False Claims Act (31 USC 3729-3733) permits qui tam whistleblower actions, and the OIG enforces program exclusions under Section 1128 SSA. Providers must check the LEIE before hiring or contracting; federal programs cannot pay for services from excluded individuals. :::

What is encounter data?

Encounter data is the claim-level record of every service that a Medicaid managed care plan provides to its members. It includes:

• Member identity (Medicaid ID, demographics)
• Provider identity (NPI, type, location)
• Service details (date, location, procedure codes, diagnosis codes)
• Quantity and pricing (units, dollar amounts)
• Authorization status
• Outcome (paid, denied, pended)

When the state contracts with managed care plans to deliver Medicaid benefits, the state pays the plan a monthly capitation amount per enrolled member. The plan in turn pays its provider network for services delivered. The encounter data is how the state knows what services were actually delivered. Without encounter data, the state has no visibility into the plan's operations.

Encounter data is used for:

• Capitation rate setting: Actuaries use encounter data to set capitation rates for the next contract year. Without accurate data, rates may be too high or too low.
• Access measurement: The state measures access to care (utilization, network adequacy) using encounter data.
• Quality measurement: HEDIS, CAHPS, and other quality measures are calculated from encounter data.
• Program integrity: Encounter data is the foundation for detecting fraud, waste, and abuse in managed care.
• Federal reporting: T-MSIS submissions to CMS are built from encounter data.
• Research and policy: Researchers, MACPAC, and Congress use encounter data via MAX (Medicaid Analytic Files).

Section 1903(m)(2)(A)(xi) and the encounter data mandate

Section 1903(m)(2)(A)(xi) of the Social Security Act requires that every state contract with a Medicaid managed care organization include provisions for the submission of encounter data. The statutory mandate is the foundation of the entire managed care oversight framework.

The implementing regulations are at 42 CFR 438.242 (Health Information Systems and Encounter Data) and 42 CFR 438.818 (Encounter Data Submission and Validation).

42 CFR 438.242: Health information systems

This regulation requires that:

• Every managed care plan (CMO, PCCM, PIHP, PAHP) maintain a health information system that collects, analyzes, integrates, and reports data
• The system must support encounter data collection, performance measurement, quality improvement, and program integrity
• The state must collect data on enrollee and provider characteristics, services furnished, and the use of utilization management
• The state must validate the encounter data through procedures including comparison to medical records, comparison to other data sources, and statistical testing

42 CFR 438.818: Encounter data submission and validation

This regulation establishes specific standards:

• States must submit complete, accurate, and timely encounter data to CMS through T-MSIS
• States must define and enforce submission timelines for managed care plans (typically within 30-90 days of service)
• States must validate encounter data through CMS-prescribed methodology including encounter data quality testing, claims-to-encounter reconciliation, and medical record audits
• Managed care plans must use national standard transaction formats (X12N HIPAA standards: 837P for professional, 837I for institutional, 837D for dental, NCPDP for pharmacy)
• States may impose financial sanctions on plans that submit incomplete or inaccurate encounter data

Georgia's CMO contracts incorporate these requirements with specific submission timelines, validation thresholds, and sanction triggers.

T-MSIS: The federal Medicaid data system

The Transformed Medicaid Statistical Information System (T-MSIS) is the federal Medicaid data infrastructure. T-MSIS succeeded MSIS (the legacy system) and is now operationally required for all states. The authority comes from Section 1903(r) of the Social Security Act and was advanced by ACA 2010 §6504.

T-MSIS requires states to submit monthly files including:

• Eligibility files: Every enrollee, every month, with demographic and eligibility category information
• Claims files: Every paid claim from fee-for-service Medicaid
• Managed care encounter files: Every service delivered by a managed care plan
• Provider files: Every Medicaid-enrolled provider with full credentialing information
• TPL files: Third-party liability records
• Aggregate financial files: State-level expenditure aggregates

T-MSIS data feeds:

• Medicaid Analytic Files (MAX): The federal analytic database used for research and policy analysis
• CMS state reports: Public-facing state performance reports
• Medicaid Innovation Accelerator Program
• Program integrity analytics: UPICs and OIG use T-MSIS for fraud detection
• Research: Academic researchers, MACPAC, Congressional Budget Office, and journalists use T-MSIS via MAX

Georgia submits T-MSIS to CMS monthly. Submission quality is evaluated by CMS; quality issues can trigger remediation requirements.

The federal Medicaid Integrity Program

Section 1936 of the Social Security Act, added by DRA 2005 §6034, established the federal Medicaid Integrity Program (MIP). MIP is the federal-side counterpart to state program integrity offices.

Medicaid Integrity Contractors (MICs)

The original MIP contracting structure included three types of MICs:

• Review MICs: Analyze Medicaid claims and encounter data to identify potential improper payments and patterns suggesting fraud or abuse. Reviews can target specific provider types, service categories, or geographic areas.

• Audit MICs: Conduct field audits of providers identified by Review MICs. Audit MICs review medical records, billing records, and other documentation to verify whether identified payments were appropriate. Audit findings can result in recoupment, education, or referral for fraud investigation.

• Education MICs: Educate providers and states on Medicaid integrity requirements. Education MICs publish guidance documents, conduct training, and provide technical assistance.

Unified Program Integrity Contractors (UPICs)

CMS has consolidated and modernized contractor structures. UPICs integrate Medicaid and Medicare program integrity work in jurisdictional zones. UPICs:

• Conduct data analysis across both Medicare and Medicaid
• Investigate suspected fraud in Medicare and Medicaid
• Coordinate with OIG, MFCUs, and state PI offices
• Operate in five jurisdictional zones (Northeast, Southeast, Midwest, Southwest, West)

Georgia is in the Southeast UPIC zone.

CMS Center for Program Integrity (CPI)

CPI is the CMS office that administers all of these contractor programs. CPI also operates:

• The Healthcare Fraud Prevention Partnership (HFPP): A public-private partnership that shares data across payers (Medicare, Medicaid, private insurers, state Medicaid agencies) to detect fraud patterns that cross payer boundaries
• The Fraud Prevention System (FPS): A predictive analytics system used to identify high-risk billing patterns

Medicaid Recovery Audit Contractors (RACs)

ACA 2010 §6411 made Medicaid RACs mandatory for every state. The implementing regulations are at 42 CFR 455.300 through 455.318.

Medicaid RACs:

• Conduct post-payment review of Medicaid claims and encounter data
• Identify improper payments through automated and complex (medical record) reviews
• Receive contingency-based compensation (a percentage of recovered overpayments)
• Are subject to limits on look-back period (typically three years) and review volume

RAC reviews focus on common improper payment categories:

• Coding errors: Incorrect procedure codes, modifiers, or units
• Documentation deficiencies: Services billed without adequate medical record support
• Medical necessity: Services billed that do not meet medical necessity criteria
• Duplicate payments: Same service paid twice
• Excluded providers: Payments to LEIE-listed individuals

Providers who are subject to RAC audits have appeal rights, including:

• The right to receive findings in writing
• The right to challenge identified overpayments through a multi-level appeal process
• The right to a fair hearing

Georgia's Medicaid RAC contract is administered by DCH. RAC findings flow to OPI for recoupment action and (where fraud is suspected) referral to MFCU.

Medicaid Fraud Control Units

Section 1902(a)(61) of the Social Security Act requires every state to maintain a certified Medicaid Fraud Control Unit. MFCUs investigate and prosecute Medicaid provider fraud and patient abuse and neglect in healthcare settings.

The implementing regulations are at 42 CFR 455 Subpart B. MFCUs are typically housed in the state Attorney General's office (as in Georgia). They are funded with federal financial participation under Section 1903(a)(6).

MFCU authorities

MFCUs have authority to:

• Investigate suspected provider fraud
• Investigate patient abuse and neglect in healthcare facilities (hospitals, nursing facilities, ICF/IIDs)
• Prosecute criminal cases under state law
• Pursue civil and administrative actions (under state false claims acts)
• Coordinate with federal investigators: OIG, FBI, DOJ
• Share data with the state Medicaid agency (DCH OPI in Georgia)

Georgia AG Medicaid Fraud Control Unit

The Georgia MFCU is in the Attorney General's office at 404-463-2640. The MFCU:

• Operates statewide
• Brings criminal cases under O.C.G.A. §49-4-146.1 (Medical Assistance Fraud)
• Brings civil cases under the Georgia State False Medicaid Claims Act (O.C.G.A. §23-3-120) and the federal False Claims Act (31 USC 3729)
• Investigates patient abuse and neglect in long-term care settings

The MFCU recovers tens of millions of dollars in Medicaid fraud each year. Major investigation areas include home health fraud, pharmacy fraud, durable medical equipment fraud, nursing facility fraud, and behavioral health fraud.

Section 1128 SSA and OIG exclusions

Section 1128 of the Social Security Act authorizes the OIG to exclude individuals and entities from all federal healthcare programs (Medicare, Medicaid, TRICARE). Exclusions are codified at 42 CFR 1001.

Mandatory exclusions (Section 1128(a))

The OIG must exclude an individual or entity convicted of:

• Program-related crimes (e.g., Medicaid fraud, Medicare fraud)
• Patient abuse or neglect
• Felony health care fraud
• Felony controlled substance offenses related to healthcare

Mandatory exclusions are typically five-year minimums.

Permissive exclusions (Section 1128(b))

The OIG may exclude for:

• Conviction of misdemeanor fraud, theft, or financial misconduct
• Conviction of obstruction of an investigation
• License revocation or suspension
• Default on health education loan repayment obligations
• Other categories specified in 42 CFR 1001

Permissive exclusions vary in length.

List of Excluded Individuals and Entities (LEIE)

Excluded individuals and entities are listed in the LEIE, which is publicly searchable. Providers must check LEIE:

• Before hiring or contracting with anyone
• At regular intervals (most compliance programs require monthly checks)

Federal healthcare programs cannot pay for any items or services furnished by an excluded individual or entity. This includes:

• Direct services by excluded providers
• Services rendered by employees or contractors of an enrolled provider, where any of those employees or contractors is excluded
• Items or services where the excluded individual played a role in the provision or billing

Providers who employ excluded individuals or who bill for services involving excluded individuals can be subject to civil monetary penalties under Section 1128A.

State exclusion authority

42 CFR 1002 authorizes states to exclude providers from their state Medicaid program. Georgia's DCH has authority to exclude providers; exclusion decisions trigger appeal rights under O.C.G.A. §50-13 and 42 CFR 431 Subpart E.

Federal fraud statutes

False Claims Act (FCA), 31 USC 3729-3733

The FCA is the principal federal civil enforcement statute for fraud against the government, including Medicaid fraud. Key features:

• Treble damages: Damages equal to three times the government's loss
• Per-claim penalties: Statutory per-claim penalties (adjusted annually for inflation)
• Qui tam provision (31 USC 3730(b)): Private citizens (relators) can file lawsuits on behalf of the United States and share in recoveries under 31 USC 3730(d)
• First-to-file rule: Generally, only the first relator to file a qui tam action on a particular set of allegations can pursue the case
• Anti-retaliation provision (31 USC 3730(h)): Protects employees who report fraud from retaliation

FCA cases are filed under seal and remain sealed while the government investigates. The government may intervene (take over the case) or decline (allowing the relator to proceed independently).

Major Medicaid fraud cases under the FCA have resulted in billion-dollar settlements with pharmaceutical companies, managed care organizations, and healthcare systems.

Federal Anti-Kickback Statute, 42 USC 1320a-7b

Criminal prohibition on offering, paying, soliciting, or receiving any "remuneration" in return for referring a patient or recommending an item or service for which payment is made by a federal healthcare program (Medicare, Medicaid, TRICARE).

Key features:

• Criminal felony (imprisonment and fines)
• Civil monetary penalties under Section 1128A
• Exclusion from federal healthcare programs
• "Remuneration" includes anything of value: cash, gifts, meals, travel, free services, market-rate payments for services not rendered
• Safe harbors at 42 CFR 1001.952 protect certain arrangements that would otherwise violate the statute

Stark Law, 42 USC 1395nn

Civil prohibition on physician self-referral for designated health services to entities with which the physician has a financial relationship. Stark applies to Medicare; the Anti-Kickback Statute and FCA reach Medicaid.

Civil Monetary Penalties (CMPs), Section 1128A

OIG can impose CMPs for:

• False claims (per-claim penalties + treble damages)
• Anti-kickback violations
• Employing excluded individuals
• Failure to grant access to records
• Other violations specified in Section 1128A

CMPs can be administrative (OIG-imposed) or judicial (court-imposed in connection with other actions).

Provider screening and enrollment

ACA 2010 §6401 and §6402 transformed provider screening. The implementing regulations are at 42 CFR 455 Subpart E.

42 CFR 455.410: Enrollment screening

Every Medicaid provider (including those in managed care networks) must be screened. Screening includes:

• Licensure verification: With the appropriate state licensing board
• Disclosure of ownership and control: Names of persons with 5+ percent ownership, names of managing employees, names of agents and managers
• Disclosure of business transactions: Information on certain business transactions
• Disclosure of conviction history: Including criminal convictions of owners and managing employees
• Federal database checks:
  • LEIE (OIG List of Excluded Individuals and Entities): Must not be excluded
  • SAM (System for Award Management): Must not be debarred from federal contracting
  • NPI registry: Confirms NPI is valid
  • Death Master File: Confirms the provider is alive

42 CFR 455.450: Categorical risk-based screening

CMS classifies provider types by risk tier:

Limited risk (lowest scrutiny):

• Physicians, dentists, pharmacies, hospitals, nursing facilities, ambulatory surgical centers, dialysis facilities, FQHCs, RHCs, and most physician group practices
• Screening: licensure verification, federal database checks, criminal background checks where required by state law

Moderate risk:

• Home health agencies (revalidating), hospices, independent diagnostic testing facilities, DMEPOS suppliers (existing enrollees)
• Screening: limited risk plus an unannounced site visit

High risk:

• Newly enrolling home health agencies, newly enrolling DMEPOS suppliers, prospective providers reactivating after revocation
• Screening: moderate risk plus a fingerprint-based criminal background check on persons with 5+ percent ownership

States may elevate risk categorization beyond CMS defaults. Georgia generally follows CMS risk categorization with state-specific additions for certain provider types.

Site visits (42 CFR 455.434)

Site visits are required for moderate and high-risk categories. CMS may also require site visits for specific providers based on risk factors. Georgia conducts site visits through DCH OPI and contracted vendors.

Cross-program termination (ACA 2010 §6501)

If a provider is terminated by Medicare or by another state Medicaid program for cause, Georgia must terminate too. This prevents providers from being dropped by one program and continuing to bill another. DCH OPI monitors cross-program terminations through CMS feeds and acts on them.

Out-of-country prohibition (ACA 2010 §6505)

Medicaid cannot pay for items or services delivered by entities located outside the United States, except in narrow exceptions (e.g., emergency services in certain situations).

Provider revalidation

42 CFR 455.460 requires periodic provider revalidation. Revalidation includes re-screening with current data, updated disclosure forms, and re-verification. Providers who fail to revalidate are terminated.

PERM and MEQC: Federal eligibility and payment error oversight

Payment Error Rate Measurement (PERM)

PERM measures improper payments in Medicaid and CHIP. Authorized originally under IPIA 2002, strengthened by IPERA 2010 and IPERIA 2012, PERM is implemented at 42 CFR 431.954 through 431.1015.

States are reviewed on a three-year rotating cycle (PERM Cycle 1, 2, 3). In each cycle, CMS reviews a sample of Medicaid and CHIP payments and eligibility determinations to calculate a state-level error rate. Errors include:

• Eligibility errors: Payments made on behalf of ineligible persons or with incorrect benefit determinations
• Medical review errors: Payments for services that do not meet medical necessity, documentation, or coding requirements
• Data processing errors: Errors in claims processing

The national Medicaid PERM error rate is published annually. CMS may require states with high error rates to develop and implement Corrective Action Plans (CAPs). Under Section 1903(u), FFP for payments made in error must be returned to the federal government.

Medicaid Eligibility Quality Control (MEQC)

42 CFR 431.860 establishes the MEQC program. States must conduct MEQC reviews to identify eligibility errors. The 2017 MEQC redesign created a pilot-based MEQC framework where states alternate between PERM cycles and MEQC pilot cycles. MEQC findings may result in FFP recovery under Section 1903(u).

Section 1903(u) and FFP recoupment

Section 1903(u) of the Social Security Act authorizes CMS to disallow federal financial participation for erroneous expenditures identified through MEQC, PERM, audits, or other reviews. Disallowances can be substantial, sometimes millions of dollars per state per year, and create a strong incentive for states to maintain rigorous program integrity.

Electronic Visit Verification (EVV)

The 21st Century Cures Act §5006, codified at Section 1903(l) of the SSA, requires Electronic Visit Verification for personal care services and home health care services. EVV captures six data elements electronically:

1. The type of service performed
2. The individual receiving the service
3. The date of the service
4. The location of service delivery
5. The individual providing the service
6. The time the service begins and ends

EVV is a key program integrity tool for home and community-based services. Georgia has implemented EVV statewide for personal care services and home health services. Providers must submit EVV visit data to the state's designated aggregator, which validates data before submitting to DCH.

Non-compliance with EVV requirements can result in claim denials, recoupments, and provider sanctions.

Third-Party Liability (TPL)

42 CFR 433.139 and 42 CFR 433 Subpart D establish Medicaid's payer-of-last-resort requirement. Where another payer (private insurance, Medicare, workers' compensation, motor vehicle insurance, etc.) is responsible for a service, Medicaid pays only the residual.

States must identify and pursue third-party payers. TPL is both a cost-saving function and a program integrity function (ensuring Medicaid only pays for what it is obligated to pay).

Georgia operates a robust TPL function. CMOs are required to coordinate with TPL identification. Providers must bill third-party payers before Medicaid.

DCH Office of Program Integrity (OPI)

DCH OPI is the primary state-side Medicaid program integrity function in Georgia. OPI activities include:

Provider investigations

OPI investigates suspected billing fraud, billing irregularities, and pattern abuse. Investigations may be triggered by:

• Data analysis (SURS, claims pattern review)
• Complaints from beneficiaries, employees, or other providers (Fraud Hotline: 1-800-533-0686)
• RAC referrals
• MFCU referrals
• CMS or OIG referrals

Recipient investigations

OPI conducts recipient utilization reviews through the Surveillance and Utilization Review Subsystem (SURS) and investigates suspected recipient fraud (card sharing, doctor shopping, eligibility misrepresentation).

Provider enrollment screening

OPI screens providers at enrollment and revalidation under 42 CFR 455 Subpart E.

Compliance with federal requirements

OPI ensures Georgia complies with federal program integrity mandates including MEQC, PERM, T-MSIS, RAC, and Cures Act EVV.

Coordination with the GA AG MFCU

OPI refers suspected criminal cases to MFCU. Coordination is governed by an MOU between DCH and the AG's office.

Coordination with CMS

OPI is the state-side counterpart to CMS Center for Program Integrity. Joint efforts include UPIC referrals, OIG referrals, and federal-state initiatives.

Surveillance and Utilization Review Subsystem (SURS)

SURS is the federal-required (under Section 1902(a)(37)) component of the state MMIS that tracks recipient utilization patterns to detect potential overutilization, doctor shopping, controlled substance abuse, and recipient fraud. In Georgia, SURS reviews are conducted by OPI using analytic tools provided by the MMIS contractor.

When a recipient appears in SURS as a potential outlier, OPI may conduct a review involving:

• Analysis of utilization patterns
• Outreach to the recipient and providers
• Education
• Restriction to a single primary care provider and pharmacy (Lock-In program) for recipients with significant utilization concerns
• Referral for criminal investigation if fraud is suspected

Lock-In program

The Lock-In program restricts certain recipients to designated providers and pharmacies for a defined period (typically one to two years) to address overutilization or controlled substance concerns. Lock-In is administrative, not criminal. Recipients placed in Lock-In retain Medicaid coverage; they just must use designated providers.

Recipients have due process rights for Lock-In:

• Written notice with reasons
• 30 days to request a fair hearing under 42 CFR 431 Subpart E
• Right to continued non-restricted access during the appeal if requested within 10 days
• Right to representation
• Right to present evidence

Lock-In is reviewed periodically and may be lifted if utilization patterns improve.

Georgia AG Medicaid Fraud Control Unit

The Georgia MFCU is at 404-463-2640. The MFCU:

• Investigates and prosecutes Medicaid provider fraud under O.C.G.A. §49-4-146.1
• Pursues civil cases under O.C.G.A. §23-3-120 (Georgia State False Medicaid Claims Act) and the federal FCA
• Investigates patient abuse and neglect in healthcare facilities
• Coordinates with OIG, FBI, DOJ, and other state agencies

Recent major Georgia MFCU recoveries have included multi-million-dollar settlements with home health agencies, pharmacy chains, durable medical equipment suppliers, and nursing facilities.

Georgia State Inspector General

The Office of the State Inspector General (OSIG) has authority to investigate fraud, waste, and abuse in state government, including state agencies' operation of Medicaid. OSIG coordinates with DCH OPI and the GA AG MFCU.

Georgia State False Medicaid Claims Act

O.C.G.A. §23-3-120 et seq. is Georgia's state false claims act focused on Medicaid. Key features:

• Mirrors the federal FCA structure
• Permits qui tam (whistleblower) actions filed by private relators
• Provides treble damages and per-claim penalties
• Allocates a percentage of recoveries to the relator under applicable law
• Has a six-year statute of limitations

Whistleblowers must file under seal with the GA AG. The state GA AG may intervene (take over the case) or decline (allowing the relator to proceed independently). Settlements often involve concurrent federal and state FCA actions, with proceeds allocated based on the federal/state funding share.

Worked example 1: Eleanor 78 Macon, Provider terminated for fraud

Eleanor, 78, has been seeing her primary care physician at a Macon clinic for 15 years. She has chronic conditions including hypertension, type 2 diabetes, and atrial fibrillation managed by this PCP. She learns from the local newspaper that the clinic was terminated from Georgia Medicaid for cause following a fraud investigation. The clinic's owner was indicted for billing for services not rendered and falsifying medical records.

Eleanor is concerned about continuity of her care. Options and protections:

Continuity of care: Federal regulations (42 CFR 438.62) and Georgia CMO contracts require continuity of care for a minimum period during provider transitions. For new CMO members, continuity is at least 90 days; for transitions due to provider termination, the period varies but is generally 60-90 days for chronic conditions. Eleanor's CMO must facilitate transfer to a new PCP.

Records transfer: Under HIPAA, Eleanor has the right to obtain copies of her medical records. The terminated clinic must provide records on request. The CMO can assist with records transfer.

Medication continuity: Eleanor's medications can be refilled through her CMO's standard process. The CMO's case management team helps coordinate the transition.

Appeal of any service disruption: If Eleanor's care is disrupted (e.g., a needed service is denied or delayed), she can file a grievance with her CMO and, for adverse benefit determinations, request an external review.

Process timeline:

• Day 1-7: Eleanor calls her CMO member services line and reports the situation
• Day 1-14: CMO case manager contacts Eleanor, identifies a new PCP within her network and within reasonable distance
• Day 14-30: New PCP appointment scheduled; records transferred
• Day 30+: Care continues with new PCP

No interruption in coverage. Eleanor's medications are continued, and she has a new PCP appointment within 30 days.

Worked example 2: Marcus 45 Atlanta, Recipient SURS review

Marcus has chronic lower back pain following a workplace injury two years ago. He has been prescribed opioids by three different physicians (his PCP, an orthopedist, and an ED physician on a recent visit) and fills at two different pharmacies. SURS flags him as a potential overutilization concern (multiple controlled substance prescribers, multiple pharmacies, daily morphine milligram equivalent above CDC guidance).

OPI conducts a review:

• Reviews prescription history through PDMP (Prescription Drug Monitoring Program) and pharmacy claims
• Outreach to the prescribing physicians to coordinate care
• Discussion with Marcus
• Determines coordination of care is the issue, not fraud

OPI offers Marcus enrollment in a pain management program. He is not placed in the Lock-In program at this time. His care is coordinated through a single primary care provider with a pain specialist consult. Future SURS reviews will track whether the coordination is effective.

If the situation had been more severe (e.g., clear pattern of doctor shopping for non-medical use, multiple opioid overdoses, criminal activity), Marcus could have been placed in Lock-In with appeal rights. The Lock-In would restrict him to a single PCP and a single pharmacy for one to two years.

Worked example 3: Aisha 32 Savannah, Whistleblower under federal and state false claims acts

Aisha is a registered nurse at a Savannah home health agency. Over six months, she observes systematic billing for services not rendered:

• Staff signing in for visits that did not occur
• Time sheets falsified
• Visits billed to patients who had been hospitalized at the time of the supposed visit
• Documentation of skilled nursing services that were not delivered

She has documented specific instances with dates, patient initials (to preserve privacy), and supporting records.

Aisha consults a private attorney specializing in qui tam cases. The attorney advises filing a qui tam complaint under both the federal False Claims Act and the Georgia State False Medicaid Claims Act.

Filing process:

1. The complaint is filed under seal in the U.S. District Court for the Southern District of Georgia and with the Georgia Attorney General's MFCU.
2. The seal allows the government to investigate without alerting the defendant.
3. The U.S. Attorney's Office, OIG, and MFCU jointly investigate.

Investigation:

• 18 months of investigation
• Document subpoenas, witness interviews, billing analysis, comparison to medical records
• Identification of $3.2 million in false claims (illustrative figure)

Resolution:

• The case is intervened (the federal government and Georgia AG take over)
• The home health agency settles for $4.8 million (illustrative figure) (treble damages plus penalties)
• The agency owner is excluded from Medicaid for five years under Section 1128(a) following a conviction for healthcare fraud
• Aisha receives 18 percent of the federal portion and 18 percent of the state portion of the recovery
• Aisha is protected from retaliation under 31 USC 3730(h) and the Georgia state equivalent

This is a typical pattern for False Claims Act enforcement in Georgia.

Worked example 4: Jamil 8 Albany, Encounter data error

Jamil receives speech therapy through his CMO. His mother, Diane, notices that an Explanation of Benefits (EOB) she received shows the speech therapy session from a month ago was denied. She is concerned because she knows the session was authorized and the therapist saw Jamil.

Investigation:

• The service was authorized (CMO authorization on file)
• The service was delivered (the therapist documented the visit)
• The provider submitted the claim
• The encounter data submitted to DCH from the CMO was rejected by DCH's edits for missing fields (NPI taxonomy mismatch)
• The provider has not yet corrected and resubmitted

The EOB showed the rejected encounter as "denied" rather than "pending correction", a confusing notation.

Resolution:

• Diane contacts the CMO member services line
• The CMO investigates and confirms the encounter data error
• The provider resubmits the corrected encounter
• The service shows as paid

Impact:

• No impact on Jamil's coverage or care
• The encounter data error would have affected DCH's measurement of access to therapy and the state's encounter data validation rates if not corrected
• Multiple errors like this from the same provider could trigger education or sanctions for the provider; multiple from the same CMO could trigger sanctions under the CMO's encounter data submission requirements

Worked example 5: Diana 72 Augusta, Provider exclusion

Diana, 72, receives Medicare and Medicaid (dual-eligible). She has been seeing a cardiologist for atrial fibrillation. The cardiologist is added to the OIG List of Excluded Individuals and Entities (LEIE) following a criminal conviction for healthcare fraud in another state where she practiced previously.

Diana's CMO is notified through CMS's automatic LEIE feed. The CMO must terminate the cardiologist from the network immediately (federal healthcare programs cannot pay for services from excluded providers).

Continuity of care:

• Diana's CMO has 30 days to facilitate a transfer to a new cardiologist with appropriate continuity
• The CMO arranges a transfer to a cardiologist within 25 miles of Diana's home
• Records transfer
• Diana's medications are continued under the new cardiologist

Compliance:

• The CMO cannot pay the excluded cardiologist for any services rendered after the date of exclusion
• The CMO must check LEIE monthly for all network providers
• Diana cannot continue seeing the excluded cardiologist on Medicaid; if she chose to see the cardiologist privately, she would have to pay out of pocket

Worked example 6: Tyrell 28 Columbus, Eligibility error from MEQC review

Tyrell, 28, is enrolled in Medicaid under the Pathways to Coverage Section 1115 work-requirement category (Georgia's narrow 1115 expansion). The category requires a minimum number of qualifying activity hours per month (work, school, training, volunteering).

A MEQC review by DCH identifies that Tyrell's documentation of qualifying activity hours for one month was incomplete. Based on the incomplete documentation, DCH terminates his Medicaid coverage retroactively to that month.

Notice and appeal rights:

• Tyrell receives written notice of the termination, including reasons
• He has 30 days to request a fair hearing under 42 CFR 431 Subpart E
• He can request continued benefits during the appeal if he requests within 10 days
• He can submit additional documentation

What happened:

• During the disputed month, Tyrell worked full-time at a warehouse
• The employer's payroll system had glitched during the reporting upload to Georgia Gateway, so DCH did not have current hours documentation
• Tyrell's HR department had a corrected upload available

Resolution:

• Tyrell submits documentation: employer letter confirming his work schedule, payroll records, time sheets
• DCH reviews and reinstates coverage retroactively
• The MEQC finding is corrected (eligibility was actually appropriate; the error was in documentation handling, not eligibility)

This is a common pattern with work-requirement categories: technical documentation issues can result in erroneous terminations that must be corrected through the appeal process. Free legal help from Georgia Legal Services (1-833-457-7529) is available.

Practical guidance for Georgia families and providers

If you suspect Medicaid fraud

To report provider fraud or other Medicaid integrity concerns:

• DCH Office of Program Integrity Fraud Hotline: 1-800-533-0686 (anonymous)
• OIG Hotline: 1-800-HHS-TIPS (1-800-447-8477)
• Georgia AG Medicaid Fraud Control Unit: 404-463-2640

Reports can be made anonymously. Whistleblowers who report fraud through qui tam actions under the False Claims Act or the Georgia state false claims act may share in recoveries.

If you receive a SURS or Lock-In notice

If you receive a notice from OPI about a SURS review or proposed Lock-In:

• Read the notice carefully
• You have 30 days to request a fair hearing
• Request continued non-restricted access during the appeal by requesting within 10 days
• Get free legal help from Georgia Legal Services: 1-833-457-7529
• Get help from Disability Rights Georgia (for disability-related Medicaid issues): 1-800-537-2329

If your provider is terminated from Medicaid

If your provider is terminated from Medicaid:

• Continuity of care protections apply (typically 60-90 days during transition)
• Your CMO must facilitate a transfer to a new provider
• Your medical records can be transferred under HIPAA
• Your medications continue under the new provider
• If care is disrupted, file a grievance with your CMO and consider external review

If you are a provider facing audit

If you are a provider facing a RAC, OPI, or MFCU audit:

• Engage healthcare counsel early
• Preserve all records (do not destroy or alter)
• Cooperate with reasonable requests
• Understand your appeal rights for any identified overpayments
• For criminal investigations, consult criminal defense counsel

If you are an employee who has observed fraud

If you have observed Medicaid fraud at your employer:

• Document what you observed (dates, specifics, supporting records)
• Consult a qui tam attorney (most accept these cases on contingency)
• File a qui tam complaint under federal and/or state false claims acts (under seal)
• Understand your anti-retaliation protections under 31 USC 3730(h)

CMS oversight

CMS Region IV (404-562-7150) oversees Georgia's Medicaid program. Region IV staff:

• Review state plan amendments and waivers
• Monitor compliance with federal Medicaid requirements
• Coordinate program integrity activities with DCH
• Engage with managed care plan oversight
• Coordinate PERM audits

::: accordion title="Frequently Asked Questions"

What is encounter data?

Encounter data is the claim-level record of every service that a Medicaid managed care plan provides to its members. It includes member identity, provider identity, service details (date, location, procedure codes, diagnosis codes), quantity, pricing, authorization status, and outcome. Under Section 1903(m)(2)(A)(xi) of the Social Security Act and 42 CFR 438.242, managed care plans must submit encounter data to the state. The state uses encounter data for capitation rate setting, access measurement, quality measurement, program integrity, federal reporting, and research.

What is the Medicaid Fraud Control Unit?

The Medicaid Fraud Control Unit (MFCU) is a state-level investigative and prosecutorial body required by Section 1902(a)(61) of the Social Security Act. MFCUs investigate and prosecute Medicaid provider fraud and patient abuse and neglect. They are typically housed in the state Attorney General's office (as in Georgia) and funded with federal financial participation under Section 1903(a)(6). The Georgia MFCU is at 404-463-2640.

How does the OIG List of Excluded Individuals and Entities (LEIE) work?

The OIG LEIE is the public list of individuals and entities excluded from federal healthcare programs under Section 1128 of the Social Security Act. Excluded individuals cannot be employed or contracted by Medicaid providers; federal healthcare programs cannot pay for any items or services involving excluded individuals. Providers must check LEIE before hiring or contracting and at regular intervals (most compliance programs require monthly checks).

What is the False Claims Act?

The False Claims Act (31 USC 3729-3733) is the principal federal civil enforcement statute for fraud against the government. The FCA imposes treble damages and per-claim penalties on those who submit false claims to federal healthcare programs. The qui tam provision (31 USC 3730(b)) allows private citizens (relators) to file lawsuits on behalf of the United States and share in recoveries under 31 USC 3730(d). Georgia has its own state false claims act focused on Medicaid (O.C.G.A. §23-3-120).

What should I do if I observe Medicaid fraud?

You can report Medicaid fraud anonymously through several channels: the DCH Office of Program Integrity Fraud Hotline at 1-800-533-0686, the OIG Hotline at 1-800-HHS-TIPS (1-800-447-8477), or the Georgia AG Medicaid Fraud Control Unit at 404-463-2640. If you are an employee with detailed knowledge of fraud at your workplace, you may also be able to file a qui tam action under the federal False Claims Act and/or the Georgia State False Medicaid Claims Act, with whistleblower share of any recovery. Consult a qui tam attorney for guidance. Federal anti-retaliation protections apply under 31 USC 3730(h).

:::

::: cta title="Important contacts for Georgia Medicaid encounter data and program integrity"

DCH Medicaid Member Services: 1-866-211-0950

DCH Office of Program Integrity: 404-463-7590

DCH Office of Program Integrity Fraud Hotline: 1-800-533-0686

Georgia AG Medicaid Fraud Control Unit: 404-463-2640

Georgia State Inspector General: 404-463-1325

OIG Hotline: 1-800-HHS-TIPS (1-800-447-8477)

Georgia Composite Medical Board (provider licensure): 404-656-3913

CMS Region IV: 404-562-7150

Medicare: 1-800-MEDICARE

Georgia Legal Services: 1-833-457-7529

Disability Rights Georgia: 1-800-537-2329

Georgia ADRC: 1-866-552-4464

Georgia AG Consumer Protection: 404-651-8600

DCH Provider Inquiry: 1-800-766-4456

DCH State Health Benefit Plan: 1-800-610-1863

DCH SHIP (Medicare counseling): 1-866-552-4464

For comprehensive information on Medicaid in Georgia, including encounter data, program integrity, the False Claims Act, MFCU, RAC, PERM, SURS, EVV, and how DCH OPI and the GA AG MFCU coordinate, visit brevy.com.

:::

Find personalized help understanding Georgia Medicaid program integrity and your rights at brevy.com.

This guide provides general information about Georgia Medicaid encounter data and program integrity. Individual circumstances vary. For application assistance, eligibility determination, and reporting suspected fraud, contact DCH Medicaid Member Services at 1-866-211-0950, the DCH OPI Fraud Hotline at 1-800-533-0686, or visit brevy.com. This is not legal advice. For legal questions about Medicaid eligibility, appeals, qui tam actions, or rights under federal and state false claims acts, consult Georgia Legal Services (1-833-457-7529), Disability Rights Georgia (1-800-537-2329), or a private healthcare attorney specializing in healthcare fraud and compliance.