
Resources for State and Territory Program Integrity Directory
We developed a centralized location for program integrity directors to find the resources to be successful in their day-to-day management of their state's or territory's Medicaid program integrity work. These resources include promising practices on a variety of topics, informative resources about provider requirements, and frequent findings from state program integrity reports. We have also created one-page infographics on relevant topics that are useful for training and education.
Do you know of a great resource we should include? Submit it to us at Medicaid_Integrity_Program@cms.hhs.gov.

Quick Guides for Commonly Requested Information
The quick guides below provide commonly requested information by program integrity directors.
Center for Program Integrity (CPI) Overview Statements
The Secretary of the Department of Health and Human Services (HHS) created the Center for Program Integrity (CPI) to align Medicare and Medicaid activities in March 2010. CPI is organized as 7 Groups and 33 Divisions. The seven groups that make up CPI are: Audits and Vulnerabilities Group, Contract Management Group, Data Analytics & Systems Group, Executive Support Group, Fraud Investigations Group, Provider Compliance Group, and the Provider Enrollment & Oversight Group.
- Audits and Vulnerabilities Group (AVG)
AVG conducts program integrity (PI) functions related to Medicare Part C, Medicare Part D, Medicaid, the Children’s Health Insurance Program (CHIP), and the Marketplaces. As part of its oversight work, AVG maintains partnerships with federal and state partners, such as other CMS components, Office of Inspector General (HHS-OIG), Department of Justice (DOJ), Federal Bureau of Investigation (FBI), state Departments of Insurance (DOI), state Attorney Generals (AG), Internal Revenue Service (IRS), Federal Trade Commission (FTC), U.S. Treasury, state-based individual markets among others, as well as collaboration with private plans.
- Contract Management Group (CMG)
CMG serves as the primary CPI point of contact for procurement activities, functional administration and oversight of the Medicare and Medicaid program integrity contractors. CMG is responsible for contract pre-award, contract administration, and contractor performance and assessment.
- Data Analytics & Systems Group (DASG)
DASG is responsible for modeling and analytics, investigative systems management, provider systems management, and outcomes measurement. DASG is CMS’ primary focal point for Medicare and Medicaid data analytics and systems related to fraud, waste, and abuse; as such they are responsible for the management and oversight of fourteen systems including National Plan & Provider Enumeration System (NPPES), Open Payments and Provider Enrollment, Chain, and Ownership System (PECOS) to name a few.
- Division of Modeling & Analytics (DMA)
DMA provides statistical and data analysis for program integrity issues in the Medicaid, original Medicare, Medicare Advantage, and Prescription Drug Plan programs. They are responsible for identifying emerging fraud trends through data mining and other advanced analytical techniques to prevent and detect fraud, waste and abuse in the Medicaid and Medicare programs. DMA also leads the model and edit development for the Fraud Prevention System (FPS).
- Executive Support Group (ESG)
Within ESG the Division of Clearance and Correspondence (DCC) along with other CPI groups coordinate the resolution process for the single state audits. https://www.ecfr.gov/current/title-2/subtitle-A/chapter-II/part-200/subpart-F
- Fraud Investigations Group (FIG)
FIG serves as the primary group within CPI for Medicare and Medicaid investigations. FIG works closely with CMS contractors and law enforcement partners to uncover new healthcare fraud schemes develop investigative strategies to address those fraud schemes and take action to safeguard the Medicare Trust Fund. In addition, FIG also monitors Part D plan sponsor self-audits, oversees Part D overprescribing investigations, and engages in efforts to mitigate the opioid epidemic. To complete this important work, FIG is comprised of four divisions based primarily in the Baltimore region and four field operation divisions that are in strategically important areas of the United States.
- Division of Field Operations (DFO-North, South, and West)
The Division of Field Operations (DFO) develops FIG national strategies and investigative processes for Medicare and Medicaid and provides technical assistance to Medicaid state program integrity components on audits and investigations for their region. The DFO serves as the Medicaid and Medi-Medi Business Function Lead for CMS unified program integrity contractors (UPICs) and conducts regional program integrity activities in Medicare and Medicaid.
- Division of Fraud Prevention Partnerships (DFPP)
DFPP implements and supports the technologies, informatics/reporting, and innovative data-exchange tools for the Healthcare Fraud Prevention Partnership. Functions include the development of strategic and operational plans for the necessary technologies and supporting tools required by the program. Designs and implements innovative solutions to improve Medicare and Medicaid related data accuracy to ease stakeholder burden and encourage engagement with the information technology systems and direct the development and maintenance of technical requirements. DFPP also manages the technical aspects of the partnership and its contractors, as well as provides education and training on software capabilities and functionalities.
- Provider Compliance Group (PCG)
PCG coordinates with the Center for Medicare and the Center for Clinical Standards and Quality in the development of contractor medical review policy. PCG is responsible for the planning, development, and implementation of recovery auditing techniques and prior authorization activities in the Medicare fee-for-service program. This group works closely with CMS Centers, Offices, and the Chief Operating Officer to identify and monitor program vulnerabilities and affect changes in policy as necessary.
- Provider Enrollment & Oversight Group (PEOG)
PEOG serves as CMS’s primary source for all Medicare provider and supplier enrollment compliance functions. PEOG develops the integrated and coordinated national framework for program integrity related enrollment policy and procedures across the Medicare and Medicaid programs. Some of PEOG duties include making determinations on provider and supplier adverse action requests, including revocations, and deactivations; developing budget guidelines, cost estimates, and processing guidelines for Medicare provider and supplier enrollment activities; and maintaining definitive record of providers and suppliers enrolled in Medicare, and enforces compliance.
- Division of Quality & Compliance (DQC)
DQC is responsible for developing enrollment policies and procedures across the Medicaid program and working with State Medicaid programs and other stakeholders on provider enrollment and program integrity related issues. DQC maintains and renews Interagency Agreements as it relates to provider enrollment and oversees the contracts for the Data Exchange System (DEX) and Indefinite Delivery Indefinite Quantity (IDIQ), including NPE (East & West), National Site Visit Contractor, the National Fingerprinting contractor, the Provider Ownership Verification (POV) contractor, and the Adverse Legal Action (ALA) contractor. In addition, DQC oversees the process of identifying and reporting provider enrollment related vulnerabilities and ensuring implementation of necessary policies directed at preventing fraud and abuse and to improve administrative efficiencies in Medicare and Medicaid enrollment of providers and suppliers. DQC develops, launches, and manages an enhanced collection, storage, and delivery process for Medicaid termination notifications through the DEX and is responsible for reviewing Medicaid Termination submissions.
The CMS organizational chart can be found at:
https://www.cms.gov/about-cms/who-we-are/organizational-chart.
CPI Resource Email Contacts
CPI supports state Medicaid agencies’ efforts to enhance and strengthen the integrity of their programs. To support this need, the following shared resource mailboxes are available to support different areas related to Medicaid program integrity.
Medicaid_Integrity_Program@cms.hhs.gov | This resource box is used to receive all inquiries and/or requests related to Medicaid program integrity. |
PERMCAPS@cms.hhs.gov | This resource box is used to receive all inquiries and/or requests related to Payment Error Rate Measurement (PERM) Corrective Action Plans (CAPs). |
CMS-MEQC-Inquiries@cms.hhs.gov | This resource box is used to receive all inquiries and/or requests related to Medicaid Eligibility Quality Control (MEQC) program. |
MIIResource@cms.hhs.gov | This resource box is used to share MII course announcements, nominations, and acceptances, as well as receive all inquiries and/or requests related to the MII program. |
MedicaidProviderEnrollment@cms.hhs.gov | This resource box is used to receive all Medicaid provider enrollment and termination inquiries. |
Fraud, Waste, and Abuse Technical Advisory Group (FWA-TAG)
The FWA-TAG exists as a forum for sharing issues, solutions, resources, and experiences among the states and territories to develop best practices; provide input to CMS based on state experience related to implementation of CMS policies, procedures, and program development.
The FWA-TAG's primary partners are CMS (Medicaid) and all state and territory Medicaid programs; however, Medicaid Fraud Control Units (MFCU) and other federal and state enforcement agencies are pivotal to the success of the FWA-TAG's efforts.
The FWA-TAG serves as a joint forum among state/territory and federal partners to develop and implement methods of reducing or eliminating fraud and abuse in the Medicaid program and does this by developing beneficial relationships, broadening participation, and gathering input from all stakeholders and customers. The FWA-TAG then shares this information and recommendations with its partners and stakeholders.
Membership of the Official FWA-TAG
Regional representation is a priority for composition of the FWA-TAG. Representation is based on one state or territory employee from each of CMS' ten regions. Additionally, there is a chairperson. Program integrity (PI) employees of each state may also participate on the monthly calls.
Chair: Member of the PI community identified by CMS.
Region 1 - ME, NH, VT, MA, CT, RI
Region 2 - NY, NJ, Puerto Rico, Virgin Islands
Region 3 - PA, WV, MD, VA, DE, DC
Region 4 - FL, GA, KY, TN, NC, SC, MS, AL
Region 5 - IL, WI, MN, MI, OH, IN
Region 6 - TX, NM, OK, AR, LA
Region 7 - NE, IA, KS, MO
Region 8 - CO, UT, WY, MT, ND, SD
Region 9 - CA, NV, AZ, HI, Commonwealth of the Northern Mariana Islands, Guam, American Samoa
Region 10 - WA, OR, ID, AK
The FWA-TAG meets monthly on the third Tuesday via conference call for ALL state and territory program integrity directors and their staff. There are also sub-group TAG calls. Participating in the FWA-TAG is a great way to receive updates and is a tool for states and territories to pose questions to their peers to address challenges they are facing and share successes.
Sub-Groups of the FWA-TAG
Small States TAG call (monthly): Established to bring small states (based on Medicaid budget and Medicaid population size) together to address specific areas and concerns that small states and the territories encounter that may not be as relevant to larger states with larger resources. Typically, program integrity directors and staff attend. The small states and territories are Alaska, American Samoa, Commonwealth of the Northern Mariana Islands, Delaware, District of Columbia, Guam, Hawaii, Idaho, Indiana, Maine, Montana, Nebraska, Nevada, New Hampshire, North Dakota, Puerto Rico, Rhode Island, South Dakota, Utah, Vermont, Virgin Islands, West Virginia, and Wyoming.
Provider Enrollment TAG call (monthly): For ALL states to discuss provider enrollment needs, concerns, regulations, etc. Typically, both program integrity and provider enrollment staff attend.
Data Analytics TAG call (monthly): For ALL states to discuss data analytics pertaining to fraud, waste and abuse algorithms, successes, and more. Typically, data and statistical program integrity staff attend.
Beneficiary Fraud TAG call (monthly): For ALL states and territories to come together to discuss beneficiary Medicaid eligibility and fraud concerns. States and territories bring challenges, successes, and questions to address preventing and combating Medicaid beneficiary eligibility fraud. Typically, program integrity directors and beneficiary fraud staff and occasional eligibility and enrollment staff attend this call.
To join any TAG, submit a request to Medicaid_Integrity_Program@cms.hhs.gov.
Resource Materials
Statutes, Regulations, and Sub-Regulatory Guidance
- Affordable Care Act (ACA) Program Integrity Statutory Provisions
- Includes ACA provisions related to provider enrollment, provider participation, pending investigations of credible allegations of fraud, National Correct Coding Initiative (NCCI), Recovery Audit Contractors (RACs), and Home Health.
- Federal Regulations
- See below for links to important federal regulations for program integrity directors.
- 42 CFR 431 Subpart P – Quality Control
- 42 CFR 431 Subpart Q – Requirements for Estimating Improper Payments in Medicaid and CHIP
- 42 CFR 433 Subpart F – Refunding of Federal Share of Medicaid Overpayments to Providers
- 42 CFR 438 – Managed Care
- 42 CFR 447 – Payment for Services
- 42 CFR 455 – Program Integrity: Medicaid
- 42 CFR 1001 – Program Integrity – Medicare and State Health Care Programs
- 42 CFR 1002 – Program Integrity – State-Initiated Exclusions from Medicaid
- 42 CFR 1007 – State Medicaid Fraud Control Units
- See below for links to important federal regulations for program integrity directors.
- Medicaid and CHIP Managed Care Final Rules
- Provides information on the 2016, 2020, and 2024 Medicaid and CHIP Managed Care Access, Finance, and Quality Final Rules and the 2017 Use of New or Increased Pass-Through Payments in Medicaid Managed Care Delivery Systems Final Rule. Includes fact sheets, charts of applicability dates, CMCS informational bulletins (CIBs), frequently asked questions (FAQs), summary of key provisions, and presentations.
Medicaid Federal Policy Guidance
- Provides policy and sub-regulatory guidance (i.e. State Medicaid Director Letters, CIBs, State Health Official Letters, and FAQs) that CMS has issued to describe how laws related to Medicaid, the Children’s Health Insurance Program (CHIP), and the Basic Health Program will be implemented and how to comply.
Audits and Oversight Initiatives
- Program Integrity Reviews
- State Program Integrity offices are on the front line of the fight to combat fraud, waste, and abuse in Medicaid. CMS supports those efforts with regular state-level reviews.
- MEQC
- Information on the history and background of the MEQC program. Provides links to MEQC guidance, sub-regulatory guidance, and historical documents.
- PERM
- Includes the PERM Manual, background on the PERM program, laws and regulations, Medicaid and CHIP rolling national improper payment rates, PERM reference documents, description of the Corrective Action Plan (CAP) process, information for providers, and PERM contact information.
- Medicaid Fraud Control Units (MFCUs)
- Provides information on MFCU program requirements and standards, MFCU activities and Office of Inspector General (OIG) oversight, as well as other resources such as training and a directory of MFCU Directors.
- Review Contractor Directory - Interactive Map
- Provides contact information for national and state-specific CMS contractors.
- Unified Program Integrity Contractors (UPICs) are contracted by CMS to perform program integrity tasks to detect fraud, waste, and abuse in Medicaid and Medicare.
- UPICs operate in five geographical jurisdictions and the location of your state determines your UPIC – Midwest (CoventBridge), Northeast (SafeGuard Services), Western (Qlarant Integrity Solutions), Southeast (SafeGuard Services), and Southwestern jurisdiction (Qlarant Integrity Solutions). The Review Contractor Directory lists which UPIC jurisdiction your state is in.
- Federal Audit Clearinghouse (FAC)
- A central location to submit and review federal grant audits. The FAC maintains a government-wide database of single audit results and related federal award information, serves as the federal repository for single audit reports, and distributes single audit reports to federal agencies.
- The Medicaid National Correct Coding Initiative (NCCI)
- Provides information on the Medicaid NCCI program and how it allows for states to reduce improper payments in Medicaid and CHIP.
- The Compliance Supplement is a document published by the Office of Management and Budget (OMB) each year that contains the audit objectives for most federal programs and identifies existing compliance requirements that the federal government expects to be considered as part of an audit required by the 1996 Amendments to the Single Audit Act.
Provider Enrollment
- Medicaid Provider Enrollment Compendium (MPEC)
- Provides sub-regulatory guidance and clarification to help with compliance with federal regulations at 42 CFR 455 (specifically Subparts B and E - Disclosure of Information by Providers and Fiscal Agents, and Provider Screening and Enrollment).
- Do Not Pay (DNP)
- An online portal for federal agencies and states with federally funded state administered programs to check various data sources at once to verify a recipient’s eligibility before issuing federal funds.
- Exclusion Authorities
- OIG has the authority to exclude individuals and entities from federally funded health care programs. Lists the mandatory and permissive exclusions under the Social Security Act imposed by OIG.
List of Excluded Individuals and Entities (LEIE) Database
- OIG has the authority to exclude individuals and entities from federally funded health care programs for a variety of reasons, including a conviction for Medicare or Medicaid fraud, and maintains a list of all currently excluded individuals and entities.
Education and Partnership
- Medicaid Integrity Institute (MII)
- MII offers in-person and virtual training, technical assistance, and support to state Medicaid agency program integrity personnel.
Healthcare Fraud Prevention Partnership (HFPP)
- A voluntary public-private partnership made up of the federal government, state agencies, law enforcement, private health insurance plans, and anti-fraud associations that helps detect and prevent healthcare fraud through data and information sharing.
Medicaid Managed Care
- Medicaid Managed Care Authorities
- Describes the different types of federal authorities that states can use to implement a managed care delivery system (Section 1932(a) State plan authority, Section 1915 (a) and (b) waiver authority, and Section 1115 waiver authority).
Medicaid Managed Care Monitoring and Oversight Initiative
- Provides helpful reporting templates and technical assistance toolkits in support of strengthening the monitoring and oversight of Medicaid and CHIP managed care programs.
Section 1115 demonstrations and Section 1915 waivers
- State Waivers List
- Includes a list of all the current and concluded state programs authorized under Section 1115 demonstrations and Section 1915 waiver authorities.
Home & Community Based Services Authorities
- States have the option to receive a waiver of Medicaid rules governing institutional care to provide Home and Community Based Services (HCBS). State Medicaid agencies have several HCBS options:
- 1915(c) Home and Community-Based Waivers
- 1915(i) State Plan Home and Community-Based Services
- 1915(j) Self-Directed Personal Assistance Services Under State Plan
- 1915(k) Community First Choice
Reports
- Comprehensive Medicaid Integrity Plan (CMIP) for Fiscal Years 2024 - 2028 (PDF)
- Annual Report to Congress – Medicaid and Medicare Program Integrity Programs - FY 2023 (PDF)
- State Program Integrity Reviews