Quick Navigation

Provider Assigned Risk Categories

State and federal regulations (13 CSR 65-2 and 42 CFR 455.450) require all Medicaid (MO HealthNet) providers to be screened during their initial enrollments and revalidations, according to their assigned risk level category. The categories are defined by federal regulations based on the risk of fraud, waste, and abuse to the MO HealthNet Program.

The three risk level categories are:

  • Limited
  • Moderate
  • High

To determine which category is assigned to your provider type, review the Provider Risk Category Table. Any provider who is not categorized by state and federal regulations within one of the risk categories shall be screened as a moderate risk provider per 13 CSR 65-2.020(10)(G). Additionally, per 13 CSR 65-2.020(10)(D) if a provider could fit within more than one (1) screening level, the highest risk category of screening is applicable.

Providers in the limited category are subject to the following screening requirements:

  1. Verification that the applying provider, and all persons disclosed or required to be disclosed, meet all applicable federal regulations and MO HealthNet Program requirements for the provider type;
  2. Verification that the applying provider, and all persons disclosed, have a valid license, operating certificate, or certification if required for the provider type, and that there are no current limitations on such licensure, operating certificate, or certification which would preclude enrollment;
  3. Verification that the applying provider’s, and that of all persons disclosed, license(s) held in any other state has/have not expired and that there is/are no current limitations on such license(s) which would preclude enrollment;
  4. Confirmation of the identity of the applying provider and determination of the exclusion status of the applying provider and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of the following federal databases:
    • a. Social Security Administration’s Death Master File;
    • b. National Plan and Provider Enumeration System;
    • c. List of Excluded Individuals/Entities;
    • d. The Excluded Parties List System;
    • e. Medicare Exclusion Database; and
    • f. Any such other databases as the Secretary of the United States Department of Health and Human Services has prescribed as of September 30, 2021, pursuant to section 455.436 of Title 42, Code of Federal Regulations, which is incorporated by reference and made part of this rule as published by the Office of the Federal Register, 7 G Street NW, Suite A-734, Washington, DC 20401, and available at its website: https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-C/part-455/subpart-E/section-455.436. This rule does not incorporate any subsequent amendments and additions.
  5. Database check of the National Sex Offender Public Website;
    • The information from these databases shall be used to determine eligibility of the MO HealthNet provider and for verification of the identity of the applying person, the Social Security number, the National Provider Identifier (NPI), the National Practitioner Data Bank (NPDB) licensure, and any exclusion by the Department of Health and Human Services, Office of Inspector General; and
  6. The information from these databases shall be used to determine eligibility of the MO HealthNet provider and for verification of the identity of the applying person, the Social Security number, the National Provider Identifier (NPI), the National Practitioner Data Bank (NPDB) licensure, and any exclusion by the Department of Health and Human Services, Office of Inspector General; and
  7. MMAC may conduct preapproval site visits prior to acceptance of an applying provider’s application.

Providers assigned in the moderate category are subject to the following screening requirements, in addition to the screening requirements for the limited risk category:

  • Site visits prior to acceptance of an applying provider’s application. Visit Site Visits for more information.
  • Unannounced post-enrollment site visits

Providers assigned in the high risk category are subject to the following screening requirements, in addition to the screening requirements for the limited and moderate risk categories:

  • Fingerprint-based criminal background check of individual providers or in the case of an institutional provider, every person with a 5% or more ownership interest in the provider. For more information, review Fingerprint Based Criminal History Checks.

For additional information for each risk level, review 13 CSR 65-2 and 42 CFR 455.450.

Per 13 CSR 65-2 and 42 CFR 424.518, the categorical risk level may be adjusted when any of the following occurs:

  • MMAC imposes a payment suspension on a provider based on a credible allegation of fraud, waste or abuse by the provider
  • Provider has an existing Medicaid overpayment
  • Provider has been excluded by the federal Department of Health and Human Services (DHHS), Office of the Inspector General or another state’s Medicaid program within the previous 10 years

The upward adjustment of the provider’s categorical risk level for a payment suspension or overpayment shall continue only so long as the payment suspension or overpayment continues or when both of the following occurs:

  • MMAC or the Centers for Medicare & Medicaid Services (CMS) lifted a temporary moratorium for the provider type in the previous six (6) months
  • Provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within six (6) months of the date the moratorium was lifted

Any questions regarding assigned risk categories may be submitted to MMAC.ProviderEnrollment@dss.mo.gov.