CMS Pub. 100-15, ch. 1
Table of Contents (Rev. 14275; Issued: 12-23-25)
1.1 Basis of Authority – Statutory/Regulatory Citation 1.2 Background 1.3 Definitions
(Rev. 13494; Issued: 12-23-25; Effective: 01-26-26; Implementation:01-26-26)
Section 1936 of the Social Security Act (the Act), established by the Deficit Reduction Act of 2005, is the statutory authority under which the Unified Program Integrity Contractors (UPICs) operate their Medicaid functions.
Section 1936(a) of the Act provides that the Secretary must enter into contracts with eligible entities to conduct certain activities specified at section 1936(b) of the Act.
Section 1936(b) of the Act provides that eligible entities under contract with the Centers for Medicare & Medicaid Services (CMS) will provide the following activities:
(1) Review the actions of individuals or entities furnishing items or services (whether fee-for-service, risk, or other basis) under a State plan or any waiver to determine whether fraud, waste, or abuse has occurred; is likely to occur; or whether such actions have any potential for resulting in an expenditure of funds which is not intended.
(2) Audit of claims for payment for items or services furnished, or administrative services rendered, under a State plan, including (A) cost reports; (B) consulting contracts; and (C) risk contracts under section 1903(m).
(3) Identification of overpayments to individuals or entities receiving federal funds under this title.
(4) Education or training, as the Secretary may establish, of certain individuals and entities with respect to payment integrity and quality of care.
Additionally, Section 6402 of the Patient Protection and Affordable Care Act (Affordable Care Act) provides guidance related to the Medicaid integrity program; health care fraud oversight and guidance; suspension of Medicaid payments pending investigation of credible allegations of fraud; and the increased funding associated with targeting and preventing Medicaid fraud, waste, and abuse.
Lastly, Section 6506 of the Affordable Care Act provides guidance related to Medicaid overpayment recoupment and federal repayment.
Section 1902(a)(69) of the Act entitled, 'State Requirement to Cooperate with Medicaid Integrity Program Efforts' requires that the Medicaid State plan 'provide that the State must comply with any requirements determined by the Secretary to be necessary for carrying out the Medicaid Integrity Program established under section 1936.'
Section 1893(g) of the Act established the Medicare-Medicaid Data Match Program, which stipulated that:
(A) In general.—The Secretary shall enter into contracts with eligible entities or otherwise for the purpose of ensuring that, beginning with 2006, the Medicare-Medicaid Data Match Program (commonly referred to as the “Medi-Medi Program”) is conducted with respect to the program established under this title and State Medicaid programs under title XIX for the purpose of—
(i) identifying program vulnerabilities in the program established under this title and the Medicaid program established under title XIX through the use of computer algorithms to review claims data to look for payment anomalies (including billing or billing patterns identified with respect to provider, service, time, or patient that appear to be suspect or otherwise implausible);
(ii) working with States, the Attorney General, and the Inspector General of the Department of Health and Human Services to coordinate appropriate actions to investigate and recover amounts with respect to suspect claims to protect the Federal and State share of expenditures under the Medicaid program under title XIX, as well as the program established under this title;
(iii) increasing the effectiveness and efficiency of both such programs through cost avoidance, savings, and recoupments of fraudulent, wasteful, or abusive expenditures; and
(iv) furthering the Secretary’s design, development, installation, or enhancement of an automated data system architecture—
(I) to collect, integrate, and assess data for purposes of program integrity, program oversight, and administration, including the Medi-Medi Program; and
(II) that improves the coordination of requests for data from States.
(B) Reporting requirements.—The Secretary shall make available in a timely manner any data and statistical information collected by the Medi-Medi Program to the Attorney General, the Director of the Federal Bureau of Investigation, the Inspector General of the Department of Health and Human Services, and the States (including a Medicaid fraud and abuse control unit described in section 1903(q)). Such information shall be disseminated no less frequently than quarterly.
(2) Limited waiver authority. The Secretary shall waive only such requirements of this section and of titles XI and XIX as are necessary to carry out paragraph (1).
(3) Incentives for states. The Secretary shall study and, as appropriate, may specify incentives for States to work with the Secretary for the purposes described in paragraph
(1)(A)(ii). The application of the previous sentence may include use of the waiver authority described in paragraph (2).
(Rev. 12871; Issued: 10-11-24; Effective: 11-14-24; Implementation: 11-14-24)
The UPICs are contracted entities with CMS that conduct investigations/audits (which may be referred to as “reviews” by certain state Medicaid agencies) of providers’ billing in an effort to reduce fraud, waste, and abuse in both the Medicare and Medicaid programs. The UPICs operate in geographic areas or “jurisdictions” defined by individual Task Orders.
The UPICs perform numerous functions to detect, prevent, and deter specific risks and broader vulnerabilities to the integrity of the Medicare and Medicaid programs including, but not limited to:
Refer cases that aligns with the Medicaid Major Case Coordination process to the HHS-OIG/Office of Investigations (OI) for consideration of civil and criminal prosecution and/or application of administrative sanctions.
Partner with state Medicaid Program Integrity Units to perform the above activities for Medicaid investigations/audits.
The UPICs utilize a variety of techniques to address any potentially fraudulent, wasteful, or abusive billing practices based on the various leads they receive. The UPICs integrate the program integrity functions for investigations/audits across Medicare and Medicaid and assure that CMS's national priorities for both Medicare and Medicaid are executed and supported at the state level or within the UPIC jurisdiction.
(Rev. 13494; Issued: 12-23-25; Effective: 01-26-26; Implementation:01-26-26)
The following definitions provide additional context for the UPICs to reference while collaborating with SMAs. However, CMS recognizes that each SMA may use other terms and definitions than those noted below. The UPIC shall consult with each SMA to determine the appropriate terms and definitions to utilize during the collaboration. In addition, the UPICs may refer to Exhibit 1 of the Medicare PIM for further definitions.
Abuse - Abuse means provider practices that are inconsistent with sound fiscal, business, or medical practices, and result in an unnecessary cost to the Medicaid program, or in reimbursement for services that are not medically necessary or that fail to meet professionally recognized standards for health care. It also includes beneficiary practices that result in unnecessary cost to the Medicaid program.
Case - A case is a work product that the UPIC opens as an investigation/audit after screening and vetting of a potential lead.
Closing Summary – The Closing Summary is completed when an investigation/audit reveals that there are low/no findings (LNF) to pursue or the investigation/audit is being closed for other reasons, e.g., discontinued by the SMA and no overpayment was identified that would normally trigger an Initial Findings Report (IFR). The UPICs shall use the “Closing Summary” template found at Appendix B to summarize the investigation/audit.
Dollars at Risk – For Medicaid leads and investigations, dollars at risk will be identified at two levels:
1. Total dollars at risk include only the dollars for the service code/scheme that are outliers on any specific data algorithm, and which will be the focus of the investigation/audit. This amount is required when submitting a potential lead to CMS for review/approval and for pre-vetting with CMS and vetting with the SMA.
2. Sample dollars at risk are those dollars associated with the sample to be selected for review. When extrapolation is not being used, and the focus of the investigation/audit is identifying an overpayment (unlike an opioid project, which may focus more on quality of care or prescribing behavior), the sample dollars at risk must meet the $50,000 threshold for a Medicaid investigation/audit. This amount is required in the Investigative Plan for review/approval by CMS and the SMA.
Fraud – Fraud means an intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person. It includes any act that constitutes fraud under applicable Federal or State law.
Investigation/Audit – An investigation/audit is the formal review of suspicious aberrancies in a provider’s submitted Medicaid claims to establish evidence that potential fraudulent activities or other improper payments have occurred. The UPIC shall focus its investigation/audit in an effort to establish the facts and the magnitude of the alleged fraud, waste, or abuse and take any appropriate action to protect Medicaid dollars.
Generally, the activities associated with an investigation/audit may include, but are not limited to:
Investigative Plan (IP) – The Investigative Plan (or Audit Test Plan, ATP) outlines the plan of action for conducting the investigation/audit of a provider. The plan shall include the steps and timeframes necessary to meet investigative objectives. Please refer to the TO SOW at 4.4.1.
The Investigative Plan should include, at a minimum, the following elements:
UCM Case Number
• Provider Address
Lead (“Initiation of an Issue”) - A lead is some indication that points toward a suspected instance of fraud, waste, or abuse. A lead can come in the form of either proactive or reactive efforts, typically through complaints, data analysis, SMAs, newspaper articles, anonymous tips, or some other channel.
Medicaid - The Medicaid program was established under title XIX of the Social Security Act. The program is a joint federal-state funded health insurance program that is the primary source of medical assistance for millions of low-income, disabled, and elderly Americans. The federal government establishes minimum requirements for the program, and states design, implement, administer, and oversee their own Medicaid programs. In general, states pay for the health benefits provided, and the federal government, in turn, matches qualified state expenditures based on the Federal Medical Assistance Percentage (FMAP), which can be no lower than 50 percent.
All states participate in the Medicaid program, and as a requirement for receipt of federal matching, payments must cover individuals who meet certain minimum financial eligibility standards. Additionally, the states must cover certain medical services, such as physician, hospital, and nursing home care, and are provided the flexibility to offer a large number of optional benefits to beneficiaries. States also have the option to expand their Medicaid programs to cover additional beneficiaries who have income above the minimum financial threshold, up to statutory limits on income levels. State governments have a great deal of programmatic flexibility within which to tailor their Medicaid programs to their unique political, budgetary, and economic environments.
Medicaid Initial Findings Report – The Medicaid Initial Findings Report (IFR), is a summary of findings resulting from a UPIC investigation/audit of a Medicaid provider or a Managed Care Plan (MCP). The IFR will detail the timeframe and summary of the initial findings from the claims/claim lines or financial review, along with any other findings discovered during the investigation.
Medicaid Final Findings Report – The Medicaid Final Findings Report (FFR) is a final summary of the findings resulting from a UPIC investigation/audit of a Medicaid provider or MCP when an overpayment has been identified and is being referred to the SMA for recovery. In addition, the FFR may include areas where provider education is recommended. The FFR is developed after CMS, the SMA, and the provider have fully reviewed the IFR, and the provider has had an opportunity to provide any rebuttal records to the initial findings, when applicable to the type of investigation/audit being conducted. Although the FFR is created by the UPIC, CMS is responsible for sending the FFR to the SMA. The FFR provides details on the time period of the review, findings discovered during the investigation, summary of the claims/claim lines or financial review findings, total computable overpayment, and the total federal financial participation overpayment. As part of the FFR, there is a transmittal letter attached to the report which contains details associated with the federal requirement for the state to remit the federal share of the overpayment to CMS within one year from the date of the letter.
Medicaid Major Case Coordination – The Medicaid Major Case Coordination (Medicaid MCC) is a collaborative meeting held with SMA staff, law enforcement (LE), the respective UPIC, and CMS whenever the UPIC has identified a potential case warranting a fraud referral to LE. It provides the opportunity for all entities to jointly discuss details of the investigation, determine whether LE will accept the referral, discuss any necessary administrative actions to be taken, and determine next steps following the MCC.
Medical Review - A medical review is a formal review of medical records by qualified UPIC personnel to determine if the documentation in the medical record supports what was billed by the provider and paid for by the Medicaid and/or Medicare programs. The process is used as part of an investigation/audit to determine potential fraud, waste, or abuse.
Overpayment – Overpayment means the amount paid by a Medicaid agency to a provider which is in excess of the amount that is allowable for services furnished under section 1902 of the Act and which is required to be refunded under section 1903 of the Act.
Referral - A referral is the formal presentation of an issue to the SMA or law enforcement, or the receipt of a potential fraud lead from an SMA or another source.
Reliable Information - Reliable information includes credible allegations, oral or written, and/or other material facts that would likely cause a non-interested third party to think that there is a reasonable basis for believing that a certain set of facts exists, for
example, that claims are or were false or were submitted for non-covered or miscoded services.
Reliable information of fraud exists if the following elements are found:
Reliable evidence includes, but is not limited to, the following:
Screening - Screening is the initial step in the review of a lead to determine whether further investigation/audit is warranted based on the potential for fraud, waste, or abuse. Screening shall be completed within 45 calendar days after receipt of the lead.
Activities that the UPIC may perform in relation to the screening process include, but are not limited to:
State Medicaid Agency (SMA) — This is the single state agency administering or supervising the administration of a state Medicaid plan. Each SMA establishes and administers their own Medicaid programs; they determine the type, amount, duration, and scope of benefits within broad federal guidelines.
Vetting - Vetting is the process of determining whether a provider, who has been selected for an investigation/audit, is clear to pursue. All leads and any new subjects that the UPIC determines warrants further investigation/audit are vetted through CMS and the SMA for approval before transitioning to an investigation/audit. Determinations are based on any ongoing law enforcement activity and/or current SMA activity with the provider
| Rev # | Issue Date | Subject | Impl Date | CR# |
|---|---|---|---|---|
| R13494MPI | 12/23/2025 | Updates of Chapters 1-5 in Publication (Pub.) 100-15, Including Updates to the Guidance Terminology, Existing Definitions, and Details to Standing Guidance | 01/26/2025 | 14275 |
| R12871MPI | 10/11/2024 | Updates of Chapter 1, Chapter 2, Chapter 3, Chapter 4, and Appendices in Publication (Pub.) 100-15, Including Auditing of Program Integrity Activities in Managed Care Plans | 11/14/2024 | 13720 |
| R12467MPI | 01/18/2024 | Updates of Chapter 1, Chapter 3, and Chapter 5 in Publication (Pub.) 100-15, Including Updates to the Definitions and Additional Clarification to the Proactive Project Development and Creation of Overpayment Records Guidance | 02/19/2024 | 13403 |
| R11948MPI | 04/13/2023 | Updates of Publication (Pub.) 100-15, Including Revisions to Chapters 1 and 2, and the Addition of Chapters 3, 4, 5, and Appendices | 05/15/2023 | 13141 |
| R10384MPI | 10/09/2020 | Updates to Chapter 1 of Publication (Pub.) 100-15 | 11/10/2020 | 12000 |
| R10185MPI | 06/19/2020 | Update to Chapter 1 of Publication (Pub.) 100-15 | 07/21/2020 | 11813 |
| R3MPI | 02/02/2018 | Update to the Medicaid Program Integrity Manual (PIM) | 04/03/2018 | 10340 |
| R1MPI | 09/23/2011 | Initial Publication of Manual | 09/23/2011 | NA |
Back to top of Chapter