OLA Warned Minnesota DHS for 18 Years — 81% Ignored

OLA Warnings DHS Ignored

The Minnesota Legislative Auditor identified critical Medicaid fraud risks across 11 reports from 2007–2025. Of 42 fraud-related recommendations, only 8 (19%) were fully implemented. 20 recommendations (48%) remain completely unaddressed.

At least 6 systemic vulnerabilities flagged by OLA remain unaddressed, leaving Medicaid's $23B budget exposed to organized fraud. Cross-program billing analysis (recommended 2007), real-time claims monitoring (2013), and modern fraud detection analytics (2013) were all flagged years ago and remain unresolved.

Recurring Themes Across OLA Reports

• IT Modernization (first flagged 2007, flagged 5 times) — Status: partially implemented. OLA has flagged MMIS/MAXIS obsolescence in every relevant report since 2007. Each time, DHS agrees the systems need replacement. Each time, funding is insufficient or delayed. The MNsure debacle ($300M+, years late) created lasting legislative resistance to DHS IT projects — but the consequence is that fraud detection runs on 1980s technology.
• Cross-Program Billing Analysis (first flagged 2007, flagged 4 times) — Status: not implemented. The ability to detect a provider billing PCA, EIDBI, interpreter services, and transportation for the same client on the same day has been recommended since 2007. It still doesn't exist. This is the single most actionable unfixed vulnerability.
• MCO Data Sharing (first flagged 2013, flagged 4 times) — Status: not implemented. MCOs manage 65% of Medicaid spending but treat their fraud analytics as proprietary. DHS cannot see billing patterns within MCO networks. OLA has recommended mandatory data sharing in every MCO-related report since 2013. MCOs have successfully resisted every attempt.
• Investigator Staffing (first flagged 2013, flagged 3 times) — Status: partially implemented. OIG investigator staffing has been flagged as inadequate since at least 2013. Recent hiring added ~20 positions, but the ratio of investigators to Medicaid spending ($157M per investigator) remains among the worst nationally. Turnover rates mean effective capacity is lower than headcount suggests.
• Outcome Measurement (first flagged 2012, flagged 4 times) — Status: not implemented. Minnesota spends $23B annually on Medicaid but cannot measure whether it improves health outcomes. OLA has recommended outcome measurement since 2012. Without it, DHS cannot distinguish between programs that work and programs that waste money — or enable fraud.
• County-Level Coordination (first flagged 2016, flagged 2 times) — Status: not implemented. Minnesota's 87-county administrative model creates seams that multi-county fraud schemes exploit. OLA recommended centralized cross-county data sharing in 2016. Counties still operate independent eligibility and oversight systems.

Audit Timeline

2007: Medical Assistance Program Integrity

• Implement cross-program billing analysis to detect providers billing multiple programs for the same clients — not implemented. DHS response: Agreed in principle; cited resource constraints. Consequence: Cross-program billing fraud became central to Feeding Our Future and PCA fraud schemes 15 years later. Same vulnerability exploited.
• Modernize provider screening to include real-time background checks and cross-state verification — partially implemented. DHS response: Implemented manual screening improvements; automated system not funded. Consequence: Background checks still average 127 days (policy requires 60). Providers with out-of-state fraud histories have enrolled in MN Medicaid.

2009: Evaluation of DHS Personal Care Assistance Program

• Develop electronic visit verification (EVV) system for PCA services — partially implemented. DHS response: Piloted EVV in 2017; statewide rollout delayed multiple times. Federal EVV mandate (21st Century Cures Act) finally forced partial implementation in 2023.. Consequence: 14 years without visit verification. Estimated $50–100M in PCA billing for services never delivered. EVV implementation remains incomplete for all service types.
• Establish utilization benchmarks for PCA hours and flag statistical outliers — not implemented. DHS response: DHS stated that individual care needs vary too widely for standard benchmarks. Consequence: Some PCA agencies bill 16+ hours/day for individual clients with no flags. No statistical model identifies outlier billing patterns. The absence of benchmarks makes it impossible to distinguish legitimate high-need cases from fraud.
• Audit a statistically significant random sample of PCA claims annually — not implemented. DHS response: DHS relies on complaint-driven audits due to staff limitations. Consequence: Less than 1% of PCA claims are audited. Complaint-driven auditing means fraud is only detected when someone reports it — the same vulnerability OLA flagged.

2012: State-Funded Health Care Programs: Background and Spending Growth

• Develop spending growth benchmarks tied to enrollment and medical inflation to identify abnormal growth patterns — not implemented. DHS response: DHS monitors aggregate spending but has not established program-level growth benchmarks. Consequence: Programs like EIDBI grew 180% (2018–2024) with no automatic trigger for review. Rapid growth in fraud-vulnerable programs goes unexamined until media attention or whistleblower tips force action.
• Implement outcome measurement for major Medicaid programs to determine whether spending produces measurable health improvements — not implemented. DHS response: DHS agreed but cited MMIS system limitations and lack of integrated data infrastructure. Consequence: Minnesota still cannot answer the basic question: does $23B in Medicaid spending improve health? The EIDBI program spent $800M+ without published outcome data. Waiver programs lack standardized outcome measures.

2013: Medicaid Fraud Prevention and Detection

• Invest in modern predictive analytics / machine learning fraud detection to supplement MMIS — not implemented. DHS response: DHS submitted IT modernization requests; legislature did not fund. MNsure cost overruns created political opposition to DHS IT projects.. Consequence: MMIS remains a 44-year-old COBOL system with no AI/ML fraud detection. Only 4 COBOL programmers maintain the system that processes $14B+ in annual claims. Minnesota uses the oldest Medicaid claims processing system in the nation.
• Require MCOs to share claims data and fraud analytics with DHS for cross-entity fraud detection — not implemented. DHS response: MCOs cited proprietary data concerns. DHS attempted contract language changes; MCOs resisted.. Consequence: MCOs control 65% of Medicaid spending but refuse to share fraud data with the state. DHS cannot detect fraud patterns that cross MCO boundaries. Each MCO's SIU operates in isolation.
• Increase OIG investigator staffing to meet recommended caseload ratios — partially implemented. DHS response: Some positions added post-FOF; still below recommended levels. Consequence: OIG has 89 investigators for a $14B+ program. National standards suggest 150+. Post-FOF hiring added ~20 positions but turnover and training delays mean effective capacity remains inadequate.
• Establish real-time claims monitoring to flag suspicious billing patterns before payment — not implemented. DHS response: DHS agreed this is critical; cited MMIS limitations as barrier. Consequence: Claims are paid first and investigated later — if at all. Pre-payment review would have caught FOF-style billing anomalies (e.g., feeding 2,000 children at a single site daily) before $250M was disbursed.

2016: Medicaid Program Eligibility Determination

• Create centralized cross-county data sharing for eligibility and provider enrollment to detect multi-county fraud schemes — not implemented. DHS response: DHS acknowledged the gap; stated county IT systems are not interoperable. Consequence: PCA agencies and other Medicaid providers bill in multiple counties without coordinated oversight. Multi-county fraud schemes exploit seams in the 87-county administrative model. The structural vulnerability remains open.

2018: DHS Oversight of Managed Care Organizations

• Increase MCO oversight staffing commensurate with contract values — partially implemented. DHS response: Small staff increases approved; still well below levels needed for $9B+ in contracts. Consequence: DHS has 4 staff monitoring 8 MCO contracts worth $9B+. One of the worst oversight-to-contract-value ratios in the nation.
• Require independent verification of MCO quality and performance data — not implemented. DHS response: DHS relies on MCO self-reported data; independent audit capacity not funded. Consequence: MCOs grade their own performance. Encounter data submissions are incomplete. DHS cannot independently verify whether MCOs are delivering the care they're paid to provide.
• Publish standardized MCO performance comparisons to enable accountability — not implemented. DHS response: DHS cited data comparability challenges across different MCO reporting formats. Consequence: No public dashboard compares MCO performance. Enrollees cannot make informed choices. Legislators cannot evaluate whether MCOs deliver value for $9B+ in public spending.

2020: DHS Information Technology Systems

• Develop a funded, phased MMIS replacement plan with legislative buy-in — partially implemented. DHS response: DHS submitted modernization proposals; partial funding approved for modular components. Consequence: Piecemeal modernization without a comprehensive plan. Core MMIS remains COBOL-based. Every year of delay compounds technical debt and extends fraud vulnerability.
• Implement interim fraud detection tools that can operate alongside legacy MMIS — partially implemented. DHS response: Some supplemental analytics tools deployed; coverage remains limited. Consequence: Supplemental tools address narrow fraud patterns but don't cover the full spectrum of Medicaid fraud schemes. No comprehensive pre-payment review system exists.

2022: MNIT Services Evaluation — DHS Operations

• Consolidate IT vendor management and establish enterprise-level data integration — partially implemented. DHS response: Consolidation efforts underway; MNIT merger with DHS IT ongoing. Consequence: Progress on vendor consolidation but data silos persist. Cross-program fraud detection still not possible because systems don't share data.

2023: DHS Fraud Prevention Capacity Assessment

• Implement comprehensive Medicaid fraud prevention reforms addressing all OLA findings — partially implemented. DHS response: DHS implemented targeted reforms (moratorium powers, enhanced provider screening); broader systemic reforms pending. Consequence: Minnesota fixed the last fraud pattern, not the next one. The structural vulnerabilities — ancient IT, no MCO data sharing, inadequate staffing, no outcome measurement — remain largely unchanged.