S.B. No. 894         AN ACT   relating to auditing and verification of information under certain   health and human services programs, including the collection of   certain payments following an investigation.          BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:          SECTION 1.  Section 321.013, Government Code, is amended by   adding Subsection (m) to read as follows:          (m)  In devising the audit plan under Subsection (c), the   State Auditor shall consider the performance of audits of programs   operated by health and human services agencies that:                (1)  have not recently received audit coverage; and                (2)  have expenditures of less than $100 million per   year.          SECTION 2.  Section 531.024172, Government Code, is amended   to read as follows:          Sec. 531.024172.  ELECTRONIC VISIT VERIFICATION SYSTEM.   (a)  Not later than March 31, 2018, the commission shall conduct a   review of the electronic visit verification system in use under   this section on August 31, 2017. Notwithstanding any other   provision of this section, the commission is required to implement   a change in law made to this section by S.B. 894, Acts of the 85th   Legislature, Regular Session, 2017, only if the commission   determines the implementation is appropriate based on the findings   of the review. The commission may combine the review required by   this subsection with any similar review required to be conducted by   the commission.          (b)  Subject to Subsection (g), [In this section, "acute   nursing services" has the meaning assigned by Section 531.02417.          [(b)  If it is cost-effective and feasible,] the commission   shall, in accordance with federal law, implement an electronic   visit verification system to electronically verify [and document,]   through a telephone, global positioning, or computer-based system   that personal care services, attendant care services, or other   services identified by the commission that are provided to   recipients under Medicaid, including personal care services or   attendant care services provided under the Texas Health Care   Transformation and Quality Improvement Program waiver issued under   Section 1115 of the federal Social Security Act (42 U.S.C. Section   1315) or any other Medicaid waiver program, are provided to   recipients in accordance with a prior authorization or plan of   care. The electronic visit verification system implemented under   this subsection must allow for verification of only the following[,   basic] information relating to the delivery of Medicaid [acute   nursing] services[, including]:                (1)  the type of service provided [the provider's   name];                (2)  the name of the recipient to whom the service is   provided [the recipient's name]; [and]                (3)  the date and times [time] the provider began   [begins] and ended the [ends each] service delivery visit;                (4)  the location, including the address, at which the   service was provided;                (5)  the name of the individual who provided the   service; and                (6)  other information the commission determines is   necessary to ensure the accurate adjudication of Medicaid claims.          (c)  The commission shall inform each Medicaid recipient who   receives personal care services, attendant care services, or other   services identified by the commission that the health care provider   providing the services and the recipient are each required to   comply with the electronic visit verification system.  A managed   care organization that contracts with the commission to provide   health care services to Medicaid recipients described by this   subsection shall also inform recipients enrolled in a managed care   plan offered by the organization of those requirements.          (d)  In implementing the electronic visit verification   system:                (1)  subject to Subsection (e), the executive   commissioner shall adopt compliance standards for health care   providers; and                (2)  the commission shall ensure that:                      (A)  the information required to be reported by   health care providers is standardized across managed care   organizations that contract with the commission to provide health   care services to Medicaid recipients and across commission   programs;                      (B)  processes required by managed care   organizations to retrospectively correct data are standardized and   publicly accessible to health care providers; and                      (C)  standardized processes are established for   addressing the failure of a managed care organization to provide a   timely authorization for delivering services necessary to ensure   continuity of care.          (e)  In establishing compliance standards for health care   providers under Subsection (d), the executive commissioner shall   consider:                (1)  the administrative burdens placed on health care   providers required to comply with the standards; and                (2)  the benefits of using emerging technologies for   ensuring compliance, including Internet-based, mobile   telephone-based, and global positioning-based technologies.          (f)  A health care provider that provides personal care   services, attendant care services, or other services identified by   the commission to Medicaid recipients shall:                (1)  use an electronic visit verification system to   document the provision of those services;                (2)  comply with all documentation requirements   established by the commission;                (3)  comply with applicable federal and state laws   regarding confidentiality of recipients' information;                (4)  ensure that the commission or the managed care   organization with which a claim for reimbursement for a service is   filed may review electronic visit verification system   documentation related to the claim or obtain a copy of that   documentation at no charge to the commission or the organization;   and                (5)  at any time, allow the commission or a managed care   organization with which a health care provider contracts to provide   health care services to recipients enrolled in the organization's   managed care plan to have direct, on-site access to the electronic   visit verification system in use by the health care provider.          (g)  The commission may recognize a health care provider's   proprietary electronic visit verification system as complying with   this section and allow the health care provider to use that system   for a period determined by the commission if the commission   determines that the system:                (1)  complies with all necessary data submission,   exchange, and reporting requirements established under this   section;                (2)  meets all other standards and requirements   established under this section; and                (3)  has been in use by the health care provider since   at least June 1, 2014.          (h)  The commission shall create a stakeholder work group   comprised of representatives of affected health care providers,   managed care organizations, and Medicaid recipients and   periodically solicit from that work group input regarding the   ongoing operation of the electronic visit verification system under   this section.          (i)  The executive commissioner may adopt rules necessary to   implement this section.          SECTION 3.  Section 531.120, Government Code, is amended by   adding Subsection (c) to read as follows:          (c)  The commission shall provide the notice required by   Subsection (a) to a provider that is a hospital not later than the   90th day before the date the overpayment or debt that is the subject   of the notice must be paid.          SECTION 4.  Chapter 533, Government Code, is amended by   adding Subchapter B to read as follows:   SUBCHAPTER B. STRATEGY FOR MANAGING AUDIT RESOURCES          Sec. 533.051.  DEFINITIONS. In this subchapter:                (1)  "Accounts receivable tracking system" means the   system the commission uses to track experience rebates and other   payments collected from managed care organizations.                (2)  "Agreed-upon procedures engagement" means an   evaluation of a managed care organization's financial statistical   reports or other data conducted by an independent auditing firm   engaged by the commission as agreed in the managed care   organization's contract with the commission.                (3)  "Experience rebate" means the amount a managed   care organization is required to pay the state according to the   graduated rebate method described in the managed care   organization's contract with the commission.                (4)  "External quality review organization" means an   organization that performs an external quality review of a managed   care organization in accordance with 42 C.F.R. Section 438.350.          Sec. 533.052.  APPLICABILITY AND CONSTRUCTION OF   SUBCHAPTER. This subchapter does not apply to and may not be   construed as affecting the conduct of audits by the commission's   office of inspector general under the authority provided by   Subchapter C, Chapter 531, including an audit of a managed care   organization conducted by the office after coordinating the   office's audit and oversight activities with the commission as   required by Section 531.102(q), as added by Chapter 837 (S.B. 200),   Acts of the 84th Legislature, Regular Session, 2015.          Sec. 533.053.  OVERALL STRATEGY FOR MANAGING AUDIT   RESOURCES. The commission shall develop and implement an overall   strategy for planning, managing, and coordinating audit resources   that the commission uses to verify the accuracy and reliability of   program and financial information reported by managed care   organizations.          Sec. 533.054.  PERFORMANCE AUDIT SELECTION PROCESS AND   FOLLOW-UP.  (a)  To improve the commission's processes for   performance audits of managed care organizations, the commission   shall:                (1)  document the process by which the commission   selects managed care organizations to audit;                (2)  include previous audit coverage as a risk factor   in selecting managed care organizations to audit; and                (3)  prioritize the highest risk managed care   organizations to audit.          (b)  To verify that managed care organizations correct   negative performance audit findings, the commission shall:                (1)  establish a process to:                      (A)  document how the commission follows up on   negative performance audit findings; and                      (B)  verify that managed care organizations   implement performance audit recommendations; and                (2)  establish and implement policies and procedures   to:                      (A)  determine under what circumstances the   commission must issue a corrective action plan to a managed care   organization based on a performance audit; and                      (B)  follow up on the managed care organization's   implementation of the corrective action plan.          Sec. 533.055.  AGREED-UPON PROCEDURES ENGAGEMENTS AND   CORRECTIVE ACTION PLANS.  To enhance the commission's use of   agreed-upon procedures engagements to identify managed care   organizations' performance and compliance issues, the commission   shall:                (1)  ensure that financial risks identified in   agreed-upon procedures engagements are adequately and consistently   addressed; and                (2)  establish policies and procedures to determine   under what circumstances the commission must issue a corrective   action plan based on an agreed-upon procedures engagement.          Sec. 533.056.  AUDITS OF PHARMACY BENEFIT MANAGERS. To   obtain greater assurance about the effectiveness of pharmacy   benefit managers' internal controls and compliance with state   requirements, the commission shall:                (1)  periodically audit each pharmacy benefit manager   that contracts with a managed care organization; and                (2)  develop, document, and implement a monitoring   process to ensure that managed care organizations correct and   resolve negative findings reported in performance audits or   agreed-upon procedures engagements of pharmacy benefit managers.          Sec. 533.057.  COLLECTION OF COSTS FOR AUDIT-RELATED   SERVICES. The commission shall develop, document, and implement   billing processes in the Medicaid and CHIP services department of   the commission to ensure that managed care organizations reimburse   the commission for audit-related services as required by contract.          Sec. 533.058.  COLLECTION ACTIVITIES RELATED TO PROFIT   SHARING. To strengthen the commission's process for collecting   shared profits from managed care organizations, the commission   shall develop, document, and implement monitoring processes in the   Medicaid and CHIP services department of the commission to ensure   that the commission:                (1)  identifies experience rebates deposited in the   commission's suspense account and timely transfers those rebates to   the appropriate accounts; and                (2)  timely follows up on and resolves disputes over   experience rebates claimed by managed care organizations.          Sec. 533.059.  USE OF INFORMATION FROM EXTERNAL QUALITY   REVIEWS. (a)  To enhance the commission's monitoring of managed   care organizations, the commission shall use the information   provided by the external quality review organization, including:                (1)  detailed data from results of surveys of Medicaid   recipients and, if applicable, child health plan program enrollees,   caregivers of those recipients and enrollees, and Medicaid and, as   applicable, child health plan program providers; and                (2)  the validation results of matching paid claims   data with medical records.          (b)  The commission shall document how the commission uses   the information described by Subsection (a) to monitor managed care   organizations.          Sec. 533.060.  SECURITY AND PROCESSING CONTROLS OVER   INFORMATION TECHNOLOGY SYSTEMS. The commission shall:                (1)  strengthen user access controls for the   commission's accounts receivable tracking system and network   folders that the commission uses to manage the collection of   experience rebates;                (2)  document daily reconciliations of deposits   recorded in the accounts receivable tracking system to the   transactions processed in:                      (A)  the commission's cost accounting system for   all health and human services agencies; and                      (B)  the uniform statewide accounting system; and                (3)  develop, document, and implement a process to   ensure that the commission formally documents:                      (A)  all programming changes made to the accounts   receivable tracking system; and                      (B)  the authorization and testing of the changes   described by Paragraph (A).          SECTION 5.  (a)  As soon as practicable after March 31,   2018, and to the extent appropriate based on the review conducted by   the Health and Human Services Commission under Section   531.024172(a), Government Code, as amended by this Act, the   commission shall implement an electronic visit verification system   that complies with Section 531.024172, Government Code, as amended   by this Act.          (b)  As soon as practicable after the effective date of this   Act, the executive commissioner of the Health and Human Services   Commission shall adopt the rules necessary to implement Subchapter   B, Chapter 533, Government Code, as added by this Act.          SECTION 6.  If before implementing any provision of this Act   a state agency determines that a waiver or authorization from a   federal agency is necessary for implementation of that provision,   the agency affected by the provision shall request the waiver or   authorization and may delay implementing that provision until the   waiver or authorization is granted.          SECTION 7.  This Act takes effect September 1, 2017.               ______________________________ ______________________________      President of the Senate Speaker of the House                 I hereby certify that S.B. No. 894 passed the Senate on   April 18, 2017, by the following vote:  Yeas 31, Nays 0;   May 25, 2017, Senate refused to concur in House amendments and   requested appointment of Conference Committee; May 26, 2017, House   granted request of the Senate; May 28, 2017, Senate adopted   Conference Committee Report by the following vote:  Yeas 29,   Nays 1.       ______________________________   Secretary of the Senate                I hereby certify that S.B. No. 894 passed the House, with   amendments, on May 21, 2017, by the following vote:  Yeas 142,   Nays 0, one present not voting; May 26, 2017, House granted request   of the Senate for appointment of Conference Committee;   May 28, 2017, House adopted Conference Committee Report by the   following vote:  Yeas 141, Nays 0, one present not voting.       ______________________________   Chief Clerk of the House            Approved:     ______________________________               Date       ______________________________              Governor