DEPARTMENT OF HEALTH & HUMAN SERVICES
Centers for Medicare & Medicaid Services
7500 Security Boulevard, Mail Stop S2-26-12
SMD # 22-001
RE: Updated Medicaid Information
Technology Systems Guidance: Streamlined
Modular Certification for Medicaid
Enterprise Systems
April 14, 2022
Dear State Medicaid Director:
This State Medicaid Director Letter (SMDL) provides updated Medicaid Information Technology
(IT) project guidance and discusses requirements for states as the Centers for Medicare & Medicaid
Services (CMS) continues to streamline the certification approach and move toward Outcomes-
Based Certification (OBC) for Medicaid Enterprise Systems (MES). This SMDL introduces a
Streamlined Modular Certification (SMC) process and, effective immediately, sunsets the existing
processes known as the Medicaid Enterprise Certification Toolkit (MECT) and the Medicaid
Eligibility and Enrollment Toolkit (MEET).
Pursuant to 42 CFR § 433.116, Federal Financial Participation (FFP) is available at 75 percent of
expenditures for operation of a Mechanized Claims Processing and Information Retrieval Systems
(MCPIRS) approved by CMS. To obtain approval for any MES or MES component going forward,
states should follow the guidance for the streamlined modular certification process described
herein, including the supporting Streamlined Modular Certification (SMC) for MES Guidance
(Certification Guidance) document. The Certification Guidance document provides a detailed
description of the certification process and the regulatory citations for all certification requirements.
States should not use MECT and MEET, which are discussed in the State Medicaid Director Letter
released August 16, 2016,
1
for MES IT projects initiated after the publication date of this SMDL.
CMS has been working with states to test and refine proposed processes and tools while
incrementally expanding the use of OBC across the entire MES. CMS views Streamlined Modular
Certification as the next interim step in that evolutionary process that will promote effective
stewardship of Medicaid funding, well into the future.
Overview
In an effort to provide consistency and accountability in CMS’s certification processes, this SMDL
establishes a MES certification process for each modular component system of the MES. In
general, each MES module is an integral component of a state’s mechanized claims processing and
information retrieval system (MCPIRS) (as defined at 42 C.F.R. § 433.111(b)). The MES represents
a system composed of the sum total of MES modules, which are the discrete Medicaid IT systems
or services used by the Medicaid agency to manage, monitor, and administer the state’s Medicaid
program. The MES modules that support a state’s Medicaid operations typically include the
modules described in Table 1 and their general functions (non-exhaustive list):
1
https://www.medicaid.gov/federal-policy-guidance/downloads/smd16010.pdf.
Page 2 – State Medicaid Director
The contents of this document do not have the force and effect of law and are not meant to bind the public in any way,
unless specifically incorporated into a contract. This document is intended only to provide clarity to the public
regarding existing requirements under the law.
Table 1: Examples of MES Modules
Module (Typical Function)
Eligibility and Enrollment (including online application, verification, and renewal processing)
Claims Processing (including validations, prior authorizations, and submission status)
Financial Management (including provider payments, capitation payments, value-based payments,
and drug rebates)
Decision Support/Data Warehouse (including data analytics and reporting)
Encounter Processing (including encounter data reporting, and calculation of capitation rates)
Long-term Services and Supports (including home and community-based services (HCBS) waiver
enrollment, person-centered plans, and grievance tracking)
Member Management (including managed care enrollment, enrollee information)
Prescription Drug Monitoring Program (including prescribing history, and provider workflow
integration)
Pharmacy Benefit Management (including pharmacy claims, manufacturer rebates, and prior
authorization)
Provider Management (including provider screening and enrollment, provider communications, and
network adequacy)
Third-party Liability (including collection of information, electronic data exchanges, and avoidance
and recovery)
Program Integrity (including claims validation, recoupments, improper payment recoveries)
Health Information Exchange (including patient identification, data standards and security)
For all systems that comprise the MES, the SMC approach is designed to:
• Demonstrate measurable improvements to a state’s Medicaid program resulting from the
delivery of a new module or enhancement to an existing module;
• Leverage data and testing to inform CMS’s assessment of the success of delivered systems
and system investments, and inform decisions about future MES investments;
• Enable operational data reporting for system performance, operations monitoring, and
functionality to demonstrate the continuous achievement of required outcomes measures;
• Reduce burden on states and CMS during the certification process without compromising
CMS’s responsibility to ensure that federally supported systems satisfy all applicable
statutory and regulatory requirements; and
• Advance incrementally toward a fully realized, OBC process for the entirety of the MES.
Background
Under section 1903(a)(3)(A)(i) of the Social Security Act (the Act) and 42 C.F.R. § 433.112, states
are eligible to receive enhanced 90 percent FFP for their expenditures attributable to the design,
development, or installation (DDI) of MCPIRS.
2
For expenditures for DDI activities for an MES
module to qualify for this enhanced match, all applicable requirements, including the conditions at
2
Section 1903(a)(3)(A)(i) also specifies that such systems are those that “the Secretary determines are likely to provide
more efficient, economical, and efficient operation of the plan. . .”.
Page 3 – State Medicaid Director
The contents of this document do not have the force and effect of law and are not meant to bind the public in any way,
unless specifically incorporated into a contract. This document is intended only to provide clarity to the public
regarding existing requirements under the law.
42 C.F.R § 433.112 and 45 C.F.R. part 95, subpart F, must be met. After the system has been in
production for at least six months, states may request system certification by CMS in order to be
eligible to receive enhanced 75 percent FFP for operations. After a system is certified, states may
submit an Operations Advanced Planning Document (OAPD) requesting approval for 75 percent
operations funding on the basis of successful certification, as provided under section 1903(a)(3)(B)
of the Act and 42 C.F.R. § 433.116, as long as required conditions continue to be met, as described
in 42 C.F.R. § 433.119.
Elements of Streamlined Modular Certification
Streamlining the modular certification process depends on an engagement model that a) relies on a
close, ongoing partnership between CMS and the state throughout the IT investment lifecycle, and
b) involves regular discussions and check-ins on state progress toward achieving shared goals for
the project. In piloting this model for Electronic Visit Verification system certification, both states
and CMS found tremendous value in ongoing collaboration. CMS will continue working with states
to enhance the ongoing partnership model on which OBC depends. States should regularly engage
with their CMS State Officers throughout the IT investment lifecycle, especially as states begin to
plan their IT investments.
The streamlined modular certification process for MES is structured around the following three
elements:
• Conditions for Enhanced Federal Matching – As a condition of receiving enhanced
federal matching funds for state expenditures on MES as described above, states must
ensure that the system complies with all of the conditions for enhanced DDI matching as
provided in 42 C.F.R. § 433.112 and that the system remains compliant with federal
Medicaid requirements for enhanced operations matching once it is in operation as provided
in 42 C.F.R. § 433.116.
• Outcomes – Outcomes describe the measurable improvements to a state’s Medicaid
program that should result from the delivery of a new module or enhancement to an existing
module. Outcomes should support Medicaid program priorities, be directly enabled by the
state’s IT project, and be clearly stated in the Advance Planning Document (APD) as
required under 45 C.F.R. part 95, subpart F. CMS will work closely with the state to identify
and ensure that intended project outcomes are achieved. CMS encourages states to develop
measurable, achievable outcomes that reflect the MES project’s goals.
The SMC process identifies two types of outcomes, CMS-Required and State-Specific:
o CMS-required outcomes are based on statutory or regulatory requirements and
provide a baseline for what is required of an MES, including its contribution to the
efficient, economical, and effective administration of the state’s Medicaid program.
o State-specific outcomes reflect the unique circumstances or characteristics of the
state or territory and its Medicaid program and focus on improvements to the
Page 4 – State Medicaid Director
The contents of this document do not have the force and effect of law and are not meant to bind the public in any way,
unless specifically incorporated into a contract. This document is intended only to provide clarity to the public
regarding existing requirements under the law.
program and its administration that are not specifically addressed by the CMS-
required outcomes.
• Metrics – Metrics provide evidence about whether the intended outcomes are achieved
through the delivery of a new module or enhancement to an existing module. States must
submit operational reports to CMS containing metrics annually in support of a state’s
Operational Advanced Planning Documents (OAPD) request. CMS may determine the need
for some metrics requiring states to report more frequently; this will be coordinated with the
state through the State Officer. In accordance with 42 C.F.R. §§ 433.112(b)(15) and
433.116(b), (c), and (i), states must be capable of producing data, reports, and performance
information from and about their MES modules to facilitate evaluation, continuous
improvement in business operations, and transparency and accountability, as a condition for
receiving enhanced federal matching for MES expenditures. Metrics reporting enhances
transparency and accountability of IT solutions, to help ensure the MES and its modules are
meeting statutory and regulatory requirements, as well as the state’s program goals. State
reporting also gives states and CMS early and ongoing insight into program evaluation and
opportunities for continuous improvement.
States will be required to provide the following data, reports, and performance information,
pursuant to 42 C.F.R. §§ 433.112(b)(15) and 433.116(b), (c), and (i), as applicable. This
documentation will help demonstrate whether conditions for enhanced federal matching are met,
intended outcomes are being achieved, and metrics are being successfully collected and reported.
• Evidence to support production-ready status and outcome achievement may include, but is
not limited to:
o Demonstrations of system functionality;
o Testing results;
o Production reports; and
o Plans for organizational change management (e.g., managing stakeholders and users,
training, help desk).
States should provide the evidence they use to determine their module is production-ready
(that is, ready to be put into operation; this could include test results and other data
illustrating the module’s capability of achieving intended outcomes). States should also
demonstrate that their operations staff are implementation-ready (e.g., documentation of
trainings and other relevant organizational change management activities that have been
conducted and/or are ongoing) to support the successful delivery of the module and ongoing
operations. In addition, once the module is in operations, states should provide the evidence
that they continue to comply with applicable regulations and meet programmatic outcomes.
• Evidence from the metrics that are collected and reported from the state will be evaluated by
CMS to determine whether the system is achieving the identified outcomes. As required by
42 C.F.R. §§ 433.112(b)(15) and 433.116(b), (c), and (i), throughout the IT investment
lifecycle, states will continue reporting on metrics to ensure that solutions meet regulatory
requirements and are measurably supporting desired program outcomes. CMS State Officers
Page 5 – State Medicaid Director
The contents of this document do not have the force and effect of law and are not meant to bind the public in any way,
unless specifically incorporated into a contract. This document is intended only to provide clarity to the public
regarding existing requirements under the law.
will collaborate with states to conduct reviews and assessments based on metric reports,
helping to ensure continued success and improvement of MES solutions. CMS will
coordinate with states to use existing data sources and reporting systems, such as
Transformed Medicaid Statistical Information System (T-MSIS) and
Medicaid and CHIP
Performance Indicators,
3
to avoid redundancy and minimize administrative burden
whenever possible.
In addition, CMS has found that properly tested systems – and, in particular, those tested by actual
users throughout the entire development process – have a better chance of successful
implementation. Therefore, CMS is putting an emphasis on testing in the certification process. The
Testing Guidance Framework document, which accompanies this SMDL within the appendices,
offers specific MES testing expectations and recommendations. CMS plans to release additional
materials describing updated software development best practices in the future, which CMS
anticipates states will incorporate into their future MES development efforts.
Operational Reporting
To efficiently demonstrate ongoing, successful system operations, states must submit operational
reports to CMS containing data and/or other evidence that modules are meeting all applicable
requirements for the state’s claimed federal matching funds. States should submit these reports
annually in support of the OAPD request; however, more frequent reporting on key operational
metrics may be necessary. CMS may require more frequent reporting for key operational metrics
such as timely eligibility determinations or timely claims payment, wherein early detection for
problems is critical. This is especially critical for COVID unwinding, when major system changes
and eligibility redeterminations are occurring in tandem. State operational reports should include
metric data corresponding to the agreed-upon intended outcomes for each applicable MES module.
In addition to operational reports, states must submit an OAPD per 45 C.F.R. §§ 95.610(c)(3) and
96.611(c), for enhanced funding authorized through certification at 42 C.F.R. § 433.116 for any
module or system for which the state requests enhanced federal matching funds for the state’s
expenditures on operations of an existing system.
States should coordinate with their CMS State Officers to determine which modules and metrics
may need more frequent reporting. The operational reports should include the same level of
streamlined information described above, including compliance with the conditions for enhanced
funding required under 42 C.F.R. §§ 433.112 and 433.116, outcomes, metrics, and related
supporting evidence.
States should look to standardize frequency of reported metrics over time. States should submit all
data in table form, with numerators and denominators present, that can be tracked longitudinally
with new columns added each reporting period and which explains contextual information about the
metric and data used in the calculation. CMS will leverage an online repository through GitHub
4
to
3
See the CMCS Informational Bulletin dated January 24, 2013, for information on Performance Indicators for
Medicaid and CHIP Business Functions, available at: https://www.medicaid.gov/Federal-Policy-
Guidance/downloads/CIB-01-24-13.pdf
4
GitHub is a hosting platform for version control and collaboration. No coding is necessary; however, users mus t
register for a GitHub.com account in order to access the CMS Certification Repository.
Page 6 – State Medicaid Director
The contents of this document do not have the force and effect of law and are not meant to bind the public in any way,
unless specifically incorporated into a contract. This document is intended only to provide clarity to the public
regarding existing requirements under the law.
provide an example template for operational reporting, along with additional certification materials.
More information on use of GitHub is provide in this letter below.
For previously certified systems, those operating as a system of record, and/or those for which the
state is claiming enhanced federal matching funds for DDI or operations, states should coordinate
with their respective CMS State Officers to agree upon an approach and timeline to begin
operational reporting.
Regulations at 42 C.F.R. § 433.119 indicate that CMS may periodically review and reapprove each
system initially approved under 42 C.F.R.§ 433.114 for 75 percent enhanced federal matching for
state expenditures on the system’s ongoing operations. CMS may review an entire system’s or
module’s operation or focus the review on the operation of limited parts of the system or module.
However, at a minimum, CMS reviews under 42 C.F.R. § 433.119 will look to validate that the
system is operating in alignment with all applicable regulatory requirements, and may give
particular attention to regulatory reapproval conditions on which the system or module
demonstrated weakness in previous reviews. In general, the reapproval process will be consistent
with the streamlined modular certification process outlined in this SMDL.
Transition
Replacing the MECT and MEET
The MECT was first implemented in 2007 through CMS guidance, which was updated in 2016
5
and contains business areas relevant to the Medicaid Management Information System (MMIS)
functions to process claims for services furnished to beneficiaries and to perform other functions
necessary for the Medicaid program’s economic and efficient operations, management, monitoring,
and administration. CMS guidance on MECT was also designed to assist states as they plan,
develop, test, and implement their MMIS. In 2017, CMS issued the MEET to assist states in
streamlining and modernizing their Eligibility and Enrollment (E&E) systems.
6
Since the release of the MECT and MEET, feedback to CMS provided by states through system
reviews, certifications, and other channels have indicated that the MECT and MEET have been
overly burdensome for states. CMS learned that MECT and MEET lack the flexibility states need to
best implement systems to support program priorities, and are not adequately focused on how the
projects will improve a state’s Medicaid program. As a result of this state feedback, as well as
lessons learned from the OBC experience (which significantly reduced burden for states and CMS),
similar lessons learned from state pilots, and other CMS experience, CMS will no longer be relying
on the MECT and MEET frameworks for system certification.
7
With the release of the updated Certification Guidance accompanying this SMDL replacing the
5
https://www.medicaid.gov/medicaid/data-systems/medicaid-enterprise-certification-toolkit/index.html.
6
https://www.medicaid.gov/medicaid/data-systems/medicaid-eligibility-enrollment-toolkit/index.html.
7
Based on evidence gathered during a pilot test of the initial OBC process, the pilot state saw an 87% burden reduction
in terms of staff time for certification. CMS anticipates that the SMC process will see similar levels of burden
reductio n.
Page 7 – State Medicaid Director
The contents of this document do not have the force and effect of law and are not meant to bind the public in any way,
unless specifically incorporated into a contract. This document is intended only to provide clarity to the public
regarding existing requirements under the law.
MECT and MEET, CMS and states will begin transitioning to the Streamlined Modular
Certification process for current and future MES projects. CMS understands and acknowledges the
MES environment is not static. In addition to the activities necessary to support responding to the
current public health emergency (PHE), states often having several competing system projects and
program priorities. In order to minimize impact, states should work with their CMS State Officers
to determine the best path forward and smoothest transition process. States that are significantly far
along in their preparations for module certification under the MECT or MEET framework may
elect to proceed with certification under the relevant legacy certification toolkit. However, states
that elect to do so will also be expected to produce and submit operational reports for their systems,
as discussed in this SMDL and outlined in the updated Certification Guidance.
This updated Certification Guidance contains several key elements that were not present in the
MECT and MEET. These elements include outcomes, metrics, and operational reporting
requirements (including indicators of project health). In addition, milestone reviews under
streamlined modular certification differ substantially from those required under the legacy toolkits.
As such, states should consider these key elements and differences in transition planning efforts.
States should work with their CMS State Officers to coordinate the transition to streamlined
modular certification.
Certification Guidance
The Certification Guidance accompanying this SMDL is a critical component in further
streamlining and improving the certification process and promoting better outcomes for state and
federal investments in each state’s MES. It reflects the reduced burden and increased flexibility that
CMS seeks to foster in collaboration with states, while ensuring states meet all applicable federal
requirements and are best positioned to achieve state-specific intended outcomes for these systems
and modules. Adherence to these improved processes will not only help ensure that state and
federal investments are worthwhile, but also that Medicaid beneficiaries and other stakeholders
benefit from the efficient, economical, and effective administration of the state’s Medicaid program
through a modern and highly capable MES.
The full Streamlined Modular Certification (SMC) Guidance can be found on Medicaid.gov at the
following URL:
https://www.medicaid.gov/medicaid/data-systems/certification/streamlined-modular-
certification/index.html
As shown in Figure 1, engagement during each phase of the IT investment lifecycle might include
the following touchpoints:
Page 8 – State Medicaid Director
The contents of this document do not have the force and effect of law and are not meant to bind the public in any way,
unless specifically incorporated into a contract. This document is intended only to provide clarity to the public
regarding existing requirements under the law.
Figure 1. Streamlined Modular Certification Process Timeline
CMS Certification Repository
Because intended outcomes and metrics are likely to evolve over time, CMS will leverage a
Certification Repository on GitHub
8
for additional materials, including identifying the specific
outcomes derived from regulatory requirements, state-proposed outcomes, and metrics.
The CMS Certification Repository on GitHub will provide a collaborative space where states can
learn, share, and contribute information about the MES Certification process and its related
documentation. CMS created this repository for CMS, states, and vendors to:
• Access current information about CMS-required outcomes and recommended metrics;
• Create and contribute to a community of state-specific outcomes and metrics; and
• Access examples of well-defined outcomes and metrics.
States can visit the Certification Repository on GitHub to access resources such as the Certification
Guidance, information about the regulatory conditions for enhanced funding, outcomes, metrics,
and related supporting evidence/examples to help inform how states approach their IT investment
planning, development, operations, and certification.
Please access the CMS Certification Repository on GitHub at:
https://cmsgov.github.io/CMCS-
DSG-DSS-Certification/
Requesting A Certification Review
To request a Certification Review (CR), states must submit a formal Certification Request Letter.
The letter should include:
8
GitHub is a hosting platform for version control and collaboration. No coding is necessary; however, users must
register for a GitHub.com account in order to access the CMS Certification Repository.
Page 9 – State Medicaid Director
The contents of this document do not have the force and effect of law and are not meant to bind the public in any way,
unless specifically incorporated into a contract. This document is intended only to provide clarity to the public
regarding existing requirements under the law.
• Date at which the state formally began operating the system as the system of record,
• Retroactive certification date (date back to which the state is requesting the system be
certified), and
• Proposed date for CMS to begin its certification review.
The CR letter should be accompanied by evidence that demonstrates the system is properly
prepared for the certification review process to begin. To demonstrate the system is properly
prepared, the state should have:
• Established a document repository that has been successfully tested by the CMS State
Officer (the default repository is CMS Box),
• Sub mitted a copy of the System Acceptance Letter (the state’s letter to the vendor contractor
or state development team accepting the system/modules(s)),
• Submitted all required operational metrics related to the module, beginning from the time
the system became operational as the system of record and up until the end of the most
recent quarter, and
• Demonstrated that the system/module for which the state is requesting certification complies
with most current T-MSIS requirements, when applicable.
The CR will also focus on system demonstrations, review of testing results, and outcomes and
metrics. Outcomes and metrics, along with any underlying data and explanatory or contextual
information, should be sent to the CMS State Officer and to MES@cms.hhs.gov
. The state and
CMS State Officer will agree upon the format for reporting. In the future, CMS may issue a
template for reporting on metrics. CMS may send questions about the metrics to the state prior to
beginning or completing the CR. If after the review it is determined the States system does not meet
certification requirements, CMS will work with the state on remediation of the findings and next
steps, and will coordinate with the state to determine any impact to the certification decision. This
does not constitute a change from how such instances have been handled under MEET & MECT.
CMS continues to work with states to gain more experience and inform OBC development. States
are encouraged to discuss MES plans with their CMS State Officers, who can provide state-specific
advice for the SMC process. As this process evolves, CMS will continue to provide guidance and
work collaboratively with states.
Additional Information
For additional information about this SMDL, please contact Edward Dolly, Director Division of
State Systems at Edward.Dolly@cms.hhs.gov
.
Sincerely,
Daniel Tsai
Deputy A
dministrator and Director
