KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to Hawaii

HB2133 • 2026

RELATING TO MEDICAID.

RELATING TO MEDICAID.

Budget Healthcare
Active

The official status still shows this bill as active or still awaiting another formal step.

Sponsor
BELATTI, COCHRAN, GRANDINETTI, OLDS, PERRUSO, PIERICK, SOUZA, TAKAYAMA, TEMPLO
Last action
2026-01-28
Official status
Referred to HSH, LMG, FIN, referral sheet 4
Effective date
Not listed

Plain English Breakdown

The official source material does not specify whether funds are appropriated for the audits, only that they are required.

Medicaid Audit Requirements

This bill requires the State Auditor to conduct biennial audits of Medicaid health care insurance contractors and the Department of Human Services' Med-QUEST division.

What This Bill Does

  • Requires the State Auditor to perform audits every two years on Medicaid health care insurance contractors and the Department of Human Services (DHS) and its Med-QUEST division.
  • Specifies that the first audits must be completed by January 1, 2027.
  • Sets a deadline for submitting audit reports no later than twenty days before the start of the Regular Session in 2027.

Who It Names or Affects

  • The State Auditor
  • Medicaid health care insurance contractors
  • Department of Human Services and its Med-QUEST division

Terms To Know

Medicaid
A federal program that helps with medical costs for some people with limited income and resources.
Managed Care Organizations (MCOs)
Companies that provide health care services to Medicaid beneficiaries under contract with the government.

Limits and Unknowns

  • The bill does not specify how many audits will be conducted beyond the first one in 2027.
  • It is unclear what specific actions will be taken based on the audit findings.

Bill History

  1. 2026-01-28 H

    Referred to HSH, LMG, FIN, referral sheet 4

  2. 2026-01-26 H

    Introduced and Pass First Reading.

  3. 2026-01-23 H

    Pending introduction.

Official Summary Text

RELATING TO MEDICAID.
Auditor; DHS; Med-QUEST Division; Medicaid; Managed Care Organizations; Medicaid Health Care Insurance Contracts; Management and Financial Audits; Biennial Audit Schedule; Reports; Rules; Guidance; Appropriation ($)
Requires the State Auditor to conduct audits of Medicaid health care insurance contractors and the Department of Human Services and its Med-QUEST division at least once every two years, with the first audits to be conducted by 1/1/2027, and the reports to be submitted no later than twenty days prior to the Regular Session of 2027. Requires the Auditor to conduct audits. Appropriates funds.

Current Bill Text

Read the full stored bill text 
HB2133

HOUSE OF REPRESENTATIVES

H.B. NO.

2133

THIRTY-THIRD LEGISLATURE, 2026

STATE OF HAWAII

A BILL FOR AN ACT

relating
to medicaid
.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:

����
SECTION 1.
�
The
legislature finds that effective oversight of managed care organizations
contracted under the State's medicaid managed care program is essential to
ensure the proper use of public funds and the delivery of quality health care
services to medicaid beneficiaries.
�
The
legislature further finds that independent oversight of the department of human
services is necessary to verify the department's reporting, data governance,
internal reconciliation processes, and its execution of federal program integrity
obligations.

����
The legislature believes that transparency,
accountability, and program integrity can be strengthened through two distinct,
biennial audit tracks conducted by the auditor, consisting of a contractor and provider
audit and a department audit.

����
The legislature finds that the contractor
and provider audit could examine managed care contractors, their
subcontractors, provider networks, encounter and claims data, and external quality
review work products.
�
The legislature further
finds that the department audit would examine the department of human services
and its med-QUEST division's reporting, data governance, internal
reconciliation processes, secret shopper implementation, advisory council
functioning, and compliance with federal program integrity and reporting
obligations.
�
The legislature also finds
that each audit track would have a tailored scope, methodology, access, and
reporting requirements and that where audits overlap, the auditor would require
cross-track reconciliation and coordinated findings.

����
The legislature additionally finds that
although the auditor has held statutory authority since 1975 to audit medicaid
health care insurance contractors, this authority has not been exercised in a
regular, scheduled way.
�
The absence of
systematic, periodic audits of the State's medicaid program has left the State
vulnerable to undetected mismanagement, diminished quality of care, and erosion
of public trust.
�
The legislature further
finds that the auditor is authorized to audit state departments, divisions, and
offices that administer, oversee, or receive federal or state funds for medicaid
programs, including the department of human services and its med-QUEST division.
�
The legislature also finds that for the purposes
of this measure's proposed audits, the auditor should have authority to access
and examine records, working papers, contracts, data submissions, reporting
templates, and supporting documentation, to interview relevant personnel, and
to coordinate audit activities with federal and other state auditors.

����
The legislature finds that the department
of human services documented multiple cases of medicaid overpayments in 2021
and 2022 attributable to provider ineligibility, payment for noncovered
services, and failures of prior authorization controls, resulting in recoupment
actions, tax offsets, and court judgments.
�

The legislature further finds that additional examples of medicaid
overpayment include payments continued after provider enrollment lapses, claims
paid without required prior authorization, and duplicate payments later
identified through administrative review, each requiring recovery efforts and,
in some instances, civil collection activity.

����
The legislature additionally finds that
state-level procurement and contract oversight reviews identified inconsistent
encounter data reconciliation practices between contractors and the State, with
a memoranda of understanding and interagency correspondence documenting delays
and gaps in data exchange and reconciliation protocols.
�
These financial oversight gaps increased the
risk of payment errors and hindered timely corrective action.

����
The legislature further finds that a
Centers for Medicare and Medicaid Services program integrity review of the
State in 2023 identified operational weaknesses, including inaccurate encounter
reporting, insufficient provider screening, and inadequate reconciliation of
capitation versus fee-for-service payments.
�

The legislature believes that these weaknesses create ongoing fiscal and
programmatic risk if left unaddressed.

����
The legislature additionally finds that the
contracted external quality review report (EQR) states that med-QUEST plans
meet the State primary care provider standard and supplies plan-level
provider-to-enrollee metrics.
�
State
workforce and physician shortage reports identify persistent provider shortages
in multiple counties and specialties.
�
The
legislature finds that the EQR work product, med-QUEST division reporting
templates used to collect contractor data, and related verification activities
contain item gaps and procedural interruptions that may materially affect
provider capacity conclusions.
�
Because
the EQR findings and independent workforce assessments present materially
inconsistent representations of provider capacity, and because data collection
instruments and verification activities appear to be misaligned or incomplete,
the EQR report alone is insufficient to establish reliable provider capacity
conclusions for policy or payment determinations.
�
The legislature finds that the department of
human services may be reporting incomplete or inaccurate data to federal
oversight entities, which could compromise program integrity and hinder
effective oversight.

����
The legislature believes that the auditor should
prepare and report on the performance of the department of human services with
respect to federal and state medicaid requirements, including compliance with
reporting requirements; the functioning of required advisory councils; secret shopper
surveys; and the existence of a qualified external quality review as required
under federal law.

����
The legislature finds that the department
of human services has demonstrated recurring failures that warrant an
independent auditor review, including documented medicaid overpayments and
uneven recovery actions that have not fully protected public funds.

����
The legislature further finds that State
and contract oversight materials reveal inconsistent and delayed encounter data
reconciliation between contractors and the State, creating risks of payment
errors and undermining timely corrective action.
�
Med-QUEST division reporting templates and
verification activities contain procedural gaps and interruptions that
materially impair conclusions about provider capacity and network
adequacy.
�
In addition, there is evidence
of incomplete or inaccurate reporting to federal oversight entities, suspended
or inadequately executed timely access and secret shopper verification
activities, and insufficient provider screening that allows duplicate,
inactive, or misclassified provider records.
�

These weaknesses increase the likelihood of improper payments and
compromised beneficiary access.

����
The legislature finds that contract
oversight shortcomings and data governance failures prevent reliable assessment
of managed care performance and obstruct effective remediation.
�
The legislature believes that an impartial,
statutorily empowered audit is necessary to identify root causes, reconcile
contractor and department records, and recommend remedies to protect program
integrity and ensure timely, high-quality care for medicaid beneficiaries.

����
The legislature further finds that multiple
states have codified or institutionalized biennial or recurring medicaid audit
requirements for contractors and that numerous additional states conduct
recurring audits or targeted reviews through their state auditors, medicaid
agencies, or inspector general offices.
�
The
legislature additionally finds that state auditors in multiple jurisdictions
conduct audits of the departments that administer the medicaid program,
examining program administration, eligibility and enrollment controls, data
governance, federal reporting, and internal recovery and program integrity
functions.
�
These departmental audits
complement contractor focused audits by validating state processes, reconciling
contractor submissions with state reporting, and identifying systemic control
weaknesses that require statutory, administrative, or funding remedies.

����
The legislature also finds that state
auditors nationwide report hundreds of medicaid audit findings annually, with a
substantial percentage being repeat findings, indicating persistent control
weaknesses that risk ongoing improper payments and underscoring the value of
sustained independent auditing to achieve durable remediation.

����
The legislature further finds that federal
payment accuracy reporting estimates medicaid improper payments in the tens of
billions of dollars annually, reflecting documentation, eligibility, and
payment processing vulnerabilities that audits can help detect and correct.
�
The legislature believes that enforcement and
recovery activity by medicaid fraud control units demonstrates that a portion
of improper payments is the result of prosecutable provider fraud.
�
Strengthened state auditing and program
integrity controls would materially support recoveries, exclusions, and
deterrence of medicaid fraud.

����
The legislature further finds that the Medicaid
Program Integrity Manual, published by the Centers for Medicare and Medicaid
Services, underscores the importance of audits in identifying fraud, waste, and
abuse and calls for proactive collaboration between auditors and state agencies
to ensure program integrity.
�
Regular,
risk informed audits are a recognized control that supports accurate payments,
eligibility determinations, appropriate utilization management, and timely
corrective action.

����
The legislature believes that the
aforementioned two distinct biennial medical program audits--a contractor and
provider audit and a department audit--conducted by the auditor are necessary
to ensure financial integrity, compliance with federal and state regulations,
appropriate utilization and delivery of services, and the delivery of
high-quality health care.
�
These audits
will restore transparency, reinforce public trust, and strengthen the efficacy
of the State's medicaid managed care program.

����
Accordingly, the purpose of this Act is to
require the auditor to conduct a separate biennial audit for all medicaid
health care insurance contractors and the department of human services and its med-QUEST
division.

����
SECTION 2.
�

Chapter 23, Hawaii Revised Statutes, is amended by adding a new part to
be appropriately designated and to read as follows:

"
Part
.
�
REVIEW OF THE
STATE medicaid PROGRAM

����
�
23-A
�
Definitions.
�

As used in this part:

����
"Audit track" means one of the audits
established under sections 23-B or 23-C.

����
"Department" means the department
of human services.

����
"Encounter data" means data
submitted by a medicaid health care insurance contractor to the State that
describes services provided to members, including but not limited to dates of
service, procedure codes, diagnosis codes, service provider identifiers, units
of service, and billed and allowed amounts.

����
"External quality review work
product" means the external quality review deliverables produced or
retained by contractors or their external quality review vendors.

����
"Medicaid health care insurance
contractor" means any managed care organization, prepaid health plan, or
other entity under contract with the department of human services to provide medicaid
managed care services, whether directly or through subcontract, including
wholly-owned subsidiaries, related parties, or third-party administrators that
perform claims adjudication, care management, or network administration
functions.

����
"Overpayment" means any funds
disbursed or paid by the State that are in excess of the amount due and payable
under program rules, contract terms, or applicable law, including payments made
to ineligible providers, for noncovered services, for duplicate claims, or due
to calculation errors.

����
"Program integrity" means the
processes, controls, and systems used to detect, prevent, and recover improper
payments, fraud, waste, and abuse.

����
"Protected health information"
has the same meaning as defined in title 45 Code of Federal Regulations section
160.103, as may be amended.

����
"Reconciliation" means the State's
enrollment, payment, and licensure records used to validate contractor
encounter submissions.

����
"Risk-based methodology" means a
documented approach used by the auditor to prioritize audits based on objective
risk indicators including financial exposure, prior findings, complaint and
hotline data, contract changes, or other indicators the auditor determines
relevant.

����
"Subcontractor" means any entity
that has been delegated contractual authority by a medicaid health care
insurance contractor to perform services or functions, including but not
limited to utilization management, prior authorization, claims processing,
pharmacy benefit management, behavioral health services, long term services and
supports, or provider network management.

����
�
23-B
�
Medicaid contractor and provider audit.
�
(a)
�

The auditor shall conduct at least once every two years a management, financial,
performance, and data audit of each medicaid health care insurance contractor,
their subcontractors, and provider networks under contract with the department.
�
The first audit shall be conducted no later
than January 1, 2027, with the first audit report to be submitted to the
governor, legislature, and director of human services no later than twenty days
prior to the regular session of 2027.

����
(b)
�
The
audits shall:

����
(1)
�
Examine
claims and encounter data, provider enrollment and credentialing practices,
network adequacy and provider-to-enrollee metrics, external quality review
reports and processes, contract compliance, and program integrity safeguards
applied by contractors;

����
(2)
�
Review
financial management, claims adjudication, and contract compliance by the
contractor and its subcontractors;

����
(3)
�
Reconcile
contractor enrollee rosters and provider lists with med-QUEST enrollment files
and state licensure and credentialing records to identify mismatches,
duplicates, inactive records, and misclassified providers;

����
(4)
�
Reproduce
and validate provider-to-enrollee ratio calculations, including sampling
frames, weighting methods, and any formulae used to generate plan-level metrics;

����
(5)
�
Verify
encounter data completeness and accuracy and document data sources,
reconciliation steps, provider definitions, and inclusion and exclusion
criteria;

����
(6)
�
Conduct
an independent performance and data audit of the contractor's external quality
review work product, including methodological critique and reconciliation with
independent workforce data; and

����
(7)
�
Produce
a public audit report for each contractor and provider audit containing
itemized reconciliations, methodological critiques, corrective recommendations,
and suggested contractual or statutory remedies.

����
(c)
�

All medicaid health care insurance contractors and their subcontractors shall
cooperate with and assist the auditor as needed in conducting the audit,
including promptly providing all records, documents, and any other information
requested by the auditor in the course of the audit.

����
(d)
�

The auditor shall submit a report of its findings and recommendations to
the governor, legislature, and director of human services no later than twenty
days prior to the convening of the regular session following the year in which
the audit is conducted.

����
Each contractor and provider audit report
shall be at the plan level, clearly identify contractor responsibilities, and
be made publicly available with redactions only as required by law.
�
Each report shall include an executive
summary that identifies which entity or entities are subject to the auditor's recommendations,
cross referenced reconciliations where applicable, office of the auditor budget
utilization, and a timetable for recommended corrective actions.
�
The auditor shall provide notice to any affected
contractor of major findings no later than thirty days before public release.

����
(e)
�

The auditor may conduct additional audits as deemed necessary based on
risk assessments or at the request of the governor, legislature, or director of
human services.
�
The auditor may initiate
expedited audits for credible allegations of fraud, waste, or abuse.
�
Initiation criteria, scope, and timelines for
expedited reviews shall be documented in the auditor's published audit schedule.

����
�
23-C
�
Medicaid department audit.
�
(a)
�

The auditor shall conduct at least once every two years a management and
performance audit of the department and its med-QUEST division.
�
The first audit shall be conducted no later
than January 1, 2027, with the first audit report to be submitted to the
governor, legislature, and director of human services no later than twenty days
prior to the regular session of 2027.

����
(b)
�
The
audits shall:

����
(1)
�
Examine
the department's data governance, internal reconciliation processes,
functioning of required advisory councils, contracting oversight practices, and
actions taken by the department to detect, recover, and prevent improper
payments;

����
(2)
�
Review
the department's reporting accuracy to federal and state oversight entities,
timeliness of submissions, and evidence of internal validation and
reconciliation;

����
(3)
�
Evaluate
med-QUEST division reporting templates, their implementation, and alignment
with contractual network adequacy standards;

����
(4)
�
Review
secret shopper survey design, sampling methodology, implementation protocols,
data collection instruments, timeliness of execution, result validation and
reconciliation, and documentation of corrective actions;

����
(5)
�
Reproduce,
where feasible, a statistically valid sample of secret shopper calls or visits
and assess whether secret shopper findings were incorporated into contractor
oversight and corrective action;

����
(6)
�
Assess
timely access verification activities, including identification of periods when
verification was suspended or materially limited, quantification of
verification gaps, and evaluation of their effect on access conclusions;

����
(7)
�
Review
departmental contract oversight practices, provider screening procedures,
overpayment detection and recovery processes, and data governance controls; and

����
(8)
�
Produce
a public audit report for the department audit containing itemized
reconciliations, methodological critiques, corrective recommendations, and
suggested statutory, administrative, or funding remedies.

����
(c)
�
The
department and its med-QUEST division shall cooperate with and assist the
auditor as needed in conducting the audit, including promptly providing all
records, documents, and any other information requested by the auditor in the
course of the audit.

����
(d)
�

The auditor shall submit a report of its findings and recommendations to
the governor, legislature, and director of human services no later than twenty
days prior to the convening of the regular session following the year in which
the audit is conducted.

����
Each department audit report shall be at
the state level, clearly identify department responsibilities, and be made
publicly available with redactions only as required by law.
�
Each report shall include an executive
summary that identifies which entity or entities are subject to the auditor's recommendations,
cross referenced reconciliations where applicable, office of the auditor budget
utilization, and a timetable for recommended corrective actions.
�
The auditor shall provide notice to the department
of major findings no later than thirty days before public release.

����
(e)
�

The auditor may conduct additional audits as deemed necessary based on
risk assessments or at the request of the governor, legislature, or director of
human services.
�
The auditor may initiate
expedited audits for systemic reporting failures.
�
Initiation criteria, scope, and timelines for
expedited review shall be documented in the auditor's published audit schedule.

����
�
23-D
�
Audit methodology; access and evidence;
cross-track reconciliation; multi-year audit schedule.
�
(a)
�

The auditor shall perform audits in accordance with generally accepted
government auditing standards and shall have authority to review and test
contractor and department policies, examine records, interview personnel, use
sampling and analytics, and coordinate with federal and state auditors.

����
(b)
�
For
contractor and provider audits under section 23-B, the auditor's access shall
include, where applicable and subject to lawful protections, contractor claims
systems, adjudication logs, subcontractor agreements, pharmacy benefit
management records, external quality review vendor working papers, and other
contractor evidence necessary to validate contractor submissions.

����
(c)
�
For
department audits under section 23-C, the auditor's access shall include department
enrollment files, med-QUEST division reporting templates and submission logs,
internal reconciliation logs, secret shopper instruments and results,
interagency correspondence, and other state records necessary to validate
departmental reporting and reconciliation activities.

����
(d)
�
When requested evidence contains protected
health information or proprietary contractor materials, the auditor shall
obtain appropriate data use agreements and handle the information and materials
in accordance with federal and state privacy laws.
�
The auditor shall apply uniform redaction
standards and publish a redaction matrix with each public report identifying
legal bases for redactions.

����
(e)
�
The
Auditor shall develop and publish a multi-year audit schedule no later than
, 2026.
�
The schedule shall identify sequencing,
projected audit periods, and estimated completion windows for each audit track.

�
The auditor shall use a risk-based
methodology to prioritize audits and shall structure the schedule to include
coordination windows that require cross track reconciliation for audits
addressing the same reporting periods.
�
For
matters that overlap both audit tracks, including reconciliation between
contractor encounter submissions and department reporting, the auditor shall
coordinate findings across tracks, require joint reconciliation workpapers
where necessary, and include cross referenced reconciliations in each relevant
report.

����
�
23-E
�
Confidentiality; data protection; redaction
protocol.
�
(a)
�
The auditor shall handle protected health
information in accordance with federal and state privacy laws and obtain
necessary data use agreements for secure handling and limited disclosure for
both audit tracks.

����
(b)
�

The auditor shall adopt and publish a redaction matrix accompanying each
public report that documents the legal authority for each redaction and
identifies the supplying party.

����
(c)
�

Where contractor proprietary information is necessary for audit
validation but is lawfully protected, the auditor shall require contractors to
provide summaries or independent attestations where feasible to preserve audit
transparency without disclosing confidential trade secrets.

����
�
23-F
�
Coordination authorization.
�
(a)
�

The auditor may coordinate audit activities and share nonconfidential
findings with federal oversight entities and other state auditors when
relevant.

����
(b)
�

For contractor billing practices or claims integrity matters, the
auditor shall note federal coordination actions in the contractor audit report
under section 23-B.
�
For state reporting,
reconciliation, or compliance matters, the auditor shall note federal
coordination actions in the department audit report under section 23-C.
�
All coordination actions shall be recorded in
the public audit record to the extent permitted by law.

����
�
23-G
�
Response to audit report; follow up reviews.
�
(a)
�

For department audits pursuant to section 23-C, the director of human
services shall provide a written response and corrective action plan within
sixty days of report issuance.
�
For
contractor and provider audits pursuant to section 23-B, contractors shall
provide written responses and corrective action plans within sixty days of
report issuance and shall deliver remediation certifications to both the
auditor and the department where remediation affects State reporting.

����
(b)
�

Where contractor remediation affects department reporting or federal
submissions, the department and contractor shall jointly certify
reconciliations and corrective steps within specified timelines established in
the auditor's report.

����
(c)
�

The auditor shall include follow up reviews of prior audit
recommendations for both audit tracks to verify implementation.
�
Repeat findings of noncompliance or areas of
concerns shall be classified and systemic weaknesses highlighted.

����
�
23-H
�
Rules; guidance.
�
(a)
�

The auditor shall adopt rules pursuant to chapter 91 necessary for the
purposes of this part.

(b)
�
The auditor shall publish separate guidance
annexes for contractor evidence submissions and for department med-QUEST
division templates and reconciliation protocols.

����
(c)
�

The auditor, in consultation with the department, may issue guidance on
documentation standards, secure data transfer protocols, evidence submission
formats, and analytic specifications.
�

The guidance shall not alter statutory or contractual obligations."

����
SECTION 3.
�

There is appropriated out of the general revenues of the State of Hawaii
the sum of $ or so
much thereof as may be necessary for fiscal year 2026-2027 for the auditor to:

����
(1)
�
Implement
a multi-year audit schedule;

����
(2)
�
Conduct
the provider and contactor audit and department audit under sections 23-B and
23-C, Hawaii Revised Statutes, respectively;

����
(3)
�
Procure
necessary expertise or consulting services;

����
(4)
�
Acquire
data analytic tools; and

����
(5)
�
Support
secure data handling.

����
The sum appropriated shall be expended by
the office of the auditor for the purposes of this Act.

����
SECTION 4.
�

If any provision of this Act, or the application thereof to any person
or circumstance, is held invalid, the invalidity does not affect other
provisions or applications of the Act that can be given effect without the
invalid provision or application, and to this end the provisions of this Act
are severable.

����
SECTION 5.
�

In codifying the new sections added by section 2 of this Act, the
revisor of statutes shall substitute appropriate section numbers for the
letters used in designating the new sections in this Act.

����
SECTION 6.
�

This Act shall take effect on July 1, 2026.

INTRODUCED BY:

_____________________________

Report Title:

Auditor; DHS;
Med-QUEST Division; Medicaid; Managed Care Organizations; Medicaid Health Care
Insurance Contracts; Management and Financial Audits; Biennial Audit Schedule;
Reports; Rules; Guidance; Appropriation

Description:

Requires
the State Auditor to conduct audits of Medicaid health care insurance
contractors and the Department of Human Services and its Med-QUEST division at
least once every two years, with the first audits to be conducted by 1/1/2027,
and the reports to be submitted no later than twenty days prior to the Regular
Session of 2027.
�
Requires the Auditor to
conduct audits.
�
Appropriates funds.

The summary description
of legislation appearing on this page is for informational purposes only and is
not legislation or evidence of legislative intent.