Specifications include, but are not limited to: provide a full-risk, capitated Medicaid Managed Care program for physical health, behavioral health, pharmacy, and dental services; Audit Requirements The MCO must: Maintain books, records, documents, and other evidence pertaining to services rendered, equipment, staff, financial records, health records, and the administrative costs and expenses incurred pursuant to this contract, as well as medical information relating to members as required for purposes of audit; or administrative, civil, or criminal investigations or prosecution per all retention requirements of this RFP. The MCO must ensure that this provision also applies to subcontractors, providers, or other entities providing goods or services under this contract. The MCO must provide MLTC access to un-redacted contracts, subcontracts, and other agreements, upon request, to ensure compliance with this requirement; and Establish and maintain an internal audit function responsible for providing an independent review and evaluation of the MCO’s accuracy of financial recordkeeping, the reliability and integrity of information, the adequacy of internal controls, and compliance with applicable laws, policies, procedures, and regulations. The MCO’s internal audit function must perform audits to ensure the economical and efficient use of resources by all of its departments to accomplish the objectives and goals of each department. Further, the MCO’s internal audit department is responsible for performing the claims payment accuracy tests described in Section V.S.9. Claims Management - Claims Payment Accuracy. Department of Insurance Financial Report The MCO must obtain an audit of its business transactions from a licensed Certified Public Accountant (CPA) including, but not limited to, the financial transactions made under this contract. The MCO will provide MLTC with a SOC 1 audit annually, including management response letters and user controls. No later than June 1 of each year, the MCO must submit a full and complete copy of the audit report to MLTC per Attachment 13 – Reporting Requirements. MLTC and CMS may inspect and audit any records of the MCO or its subcontractors. There is no restriction on the right of MLTC or the federal government to conduct all inspections and audits necessary to ensure quality, appropriateness, or timeliness of services, and reasonableness of costs. The MCO shall be subject to an audit of Managed Care Data operations, finances, and underlying security, privacy, and isolation controls, no more often than every three (3) months, to ensure that the required controls for data isolation, access, and usage are operational. The audit will be conducted by a third party to be selected by MLTC and approved by the MCO. The MCO will provide open and complete access to the underlying systems, subject to appropriate security controls as required by law. Any and all relevant and/or necessary documentation to support the audit must be provided by the MCO no less than ten (10) calendar days prior to the on-site audit. The said audit will be conducted at MCO’s expense. Access to Records The MCO must allow Federal agencies to require changes, remedies, changed conditions, access and records retention, suspension of work, and other clauses approved by the Office of Federal Procurement Policy. In addition, the United States Department of Health and Human Services (HHS) awarding agencies, the Federal HHS Inspector General, the US Comptroller General, or any of their duly authorized representatives have the right of timely and unrestricted access to any books, documents, papers, or other records of the MCO that are pertinent to the contract in order to make audits, examinations, excerpts, transcripts, and copies of such documents.
