42 CFR § 455.21 - Cooperation with State Medicaid fraud control units.
(a) The agency must -
(1) Refer all cases of suspected provider fraud to the unit;
(2) If the unit determines that it may be useful in carrying out the unit's responsibilities, promptly comply with a request from the unit for -
(i) Access to, and free copies of, any records or information kept by the agency or its contractors;
(ii) Computerized data stored by the agency or its contractors. These data must be supplied without charge and in the form requested by the unit; and
(iii) Access to any information kept by providers to which the agency is authorized access by section 1902(a)(27) of the Act and § 431.107 of this subchapter. In using this information, the unit must protect the privacy rights of beneficiaries; and
(3) On referral from the unit, initiate any available administrative or judicial action to recover improper payments to a provider.
(b) The agency need not comply with specific requirements under this subpart that are the same as the responsibilities placed on the unit under subpart D of this part.
(c) The agency must enter into a written agreement with the unit under which:
(1) The agency will agree to comply with all requirements of § 455.21(a);
(2) The unit will agree to comply with the requirements of § 1007.11(c) of this title; and
(3) The agency and the unit will agree to -
(i) Establish a practice of regular meetings or communication between the two entities;
(ii) Establish procedures for how they will coordinate their efforts;
(iv) Establish procedures by which the unit will receive referrals of potential fraud from managed care organizations, if applicable, either directly or through the agency, as required at § 438.608(a)(7) of this title; and
(v) Review and, as necessary, update the agreement no less frequently than every five (5) years to ensure that the agreement reflects current law and practice.