Executive Summary
New Mexico's Medicaid program spends $8.1 billion annually. Its integrity apparatus, the Medicaid Fraud Control Unit, the MMIS, the MCO oversight framework, and the legislative infrastructure around it, has failed at every level simultaneously.
This is not a characterization. It is a conclusion supported by federal audit data, MACPAC's April 2026 report to Congress, HHS Office of Inspector General reviews, and the state's own budget documents. When a fraud control unit recovers two cents for every dollar it spends, when an MMIS replacement runs $242 million over budget and eight years past deadline, when federal auditors identify $174 million in unrecouped payments and nothing changes, and when the state legislature produces zero bills addressing fraud detection technology in three consecutive sessions, that is not underperformance. That is systemic failure.
This paper conducts a forensic analysis of each pillar of New Mexico's integrity system, quantifies the cost of the combined failures, and identifies the structural lessons that apply to every state Medicaid program in the country.
Introduction: What Does a Failed Integrity System Look Like?
Program integrity in Medicaid is not a single function. It is an ecosystem of interdependent components: the fraud control unit that investigates and prosecutes, the management information system that processes and tracks, the managed care organizations that administer and report, the federal auditors that review and recommend, and the legislature that funds and oversees.
When one component underperforms, the others can compensate. When two components fail, the system degrades. When every component fails simultaneously, the result is not a gap in oversight, it is the absence of oversight. Money moves through the system without meaningful accountability, and the entities most affected, hospitals, providers, and taxpayers, bear the cost.
New Mexico in 2026 represents this total-system failure. What follows is a component-by-component analysis of how it happened, what it costs, and what it means.
The Seven Pillars of Failure
1. The MFCU: Underfunded, Understaffed, Leaderless
The Medicaid Fraud Control Unit is the frontline investigative and prosecutorial body for Medicaid fraud in every state. In New Mexico, the MFCU has effectively ceased to function as a deterrent.
Recovery rate: $0.02 per dollar spent. The national average MFCU recovery rate is $3.46 per dollar of operational expenditure. New Mexico's $0.02 makes it the second-lowest performing MFCU in the continental United States.
Declining recoveries. FY2022 fraud recoveries totaled $3.3 million, a 62% decline from $8.6 million the prior fiscal year. This is not a single bad year; it is a trajectory.
Investigative futility. In FY2024, the MFCU conducted 353 investigations. These produced five indictments and two fraud convictions. A 0.6% conviction rate is not a law enforcement outcome, it is a statistical artifact. At this rate, the investigative function has no deterrent effect.
Leadership vacuum. Since October 2025, the MFCU has operated under an interim director. No permanent leadership transition has been announced. An agency without permanent leadership cannot execute strategic priorities, cannot make long-term staffing decisions, and cannot credibly engage with federal oversight partners.
The MFCU's failure is not merely operational. It is existential. The agency exists in name but does not function as an integrity mechanism.
2. The MMIS: $418 Million and Counting
Every state's Medicaid Management Information System is the transactional backbone of its program, processing claims, verifying eligibility, tracking payments, and generating the data that integrity operations depend on. New Mexico's MMIS replacement, contracted to Conduent, is one of the most troubled health IT projects in American government.
| Metric | Original Plan | Current Reality |
|---|---|---|
| Budget | $175.8 million | $418 million (+138%) |
| Timeline | Complete by 2019 | Estimated FY2027 |
| Federal Designation | Routine | "High-risk" |
The implications for program integrity are profound. Legacy MMIS infrastructure cannot support real-time analytics, cannot interface efficiently with modern MCO platforms, cannot perform the cross-referencing necessary to identify payment anomalies at scale, and cannot generate the data quality that effective oversight requires. Every integrity function downstream of the MMIS is degraded by the MMIS's failure.
3. MCO Oversight: The 1-FTE-per-100K Standard
New Mexico transitioned to the Turquoise Care managed care model in July 2024, assigning Medicaid administration for 823,000+ members to four MCOs: Blue Cross Blue Shield of New Mexico, Presbyterian Health Plan, Molina Healthcare, and UnitedHealthcare.
Governor Lujan Grisham's December 2023 Letter of Direction 109 established the program integrity staffing floor: MCOs with fewer than 100,000 members are required to maintain one full-time employee dedicated to fraud, waste, and abuse.
One employee per 100,000 members is not an oversight standard. It is a filing requirement.
For context: a single FTE reviewing claims at the rate of one per hour, eight hours per day, 250 working days per year, can review 2,000 claims annually. MCOs processing hundreds of thousands of claims per year are structurally incapable of meaningful integrity review at this staffing level.
The directive creates the appearance of oversight without the substance. MCOs can report compliance with the staffing requirement while lacking the capacity to perform the function the requirement is supposed to ensure.
4. Federal Audit Response: Findings Without Fixes
The HHS Office of Inspector General conducted multiple audits of New Mexico's Medicaid program in 2024. The findings were severe:
| Audit Finding | Dollar Impact |
|---|---|
| Unrecouped MCO overpayments | $139.2M ($98.6M federal share) |
| Nursing facility LOC payment errors | $35.2M ($20.5M federal share) |
| PCS attendant qualification failures | 69% non-compliant |
| Total identified problematic payments | $174.4M+ |
These findings carry recommendations but not enforcement mechanisms. OIG identifies the problem, issues a report, and publishes recommendations. The state is expected to respond with a corrective action plan. In practice, corrective action plans are administrative documents that describe intended improvements. They do not guarantee execution, do not carry penalties for non-compliance, and do not recover the identified dollars.
The federal audit system is designed to illuminate problems. It is not designed to solve them. The $174.4 million remains unrecouped. The 69% non-compliance rate persists. The findings become part of the public record, and the cycle continues.
5. The Legislative Void
In the 2024 to 2025, and 2026 New Mexico legislative sessions, no bill was introduced addressing:
- Fraud detection technology or data analytics for program integrity
- Hospital reimbursement protection mechanisms
- MFCU modernization or capacity expansion
- MCO oversight technology requirements
- Cross-agency data matching for eligibility verification
The legislature has focused its Medicaid-related activity on coverage expansion and provider rate adjustments, politically visible initiatives that expand access and increase reimbursement levels. These are legitimate policy goals. But increasing the volume of money flowing through a system without investing in the integrity of that system is the policy equivalent of increasing water pressure through leaking pipes.
For comparison: Kansas introduced Senate Bill 363 in the same period, proposing a 288-person Medicaid oversight team with dedicated data analytics capabilities. Whether SB 363 was the right approach is debatable. That the Kansas legislature engaged with the integrity question at all distinguishes it from New Mexico's complete legislative silence on the subject.
6. Provider Qualification Failures
The OIG's finding that 69% of personal care service attendants did not meet qualification requirements represents a different kind of integrity failure, not financial fraud, but systemic non-compliance with the basic standards that protect patients and justify billing.
When more than two-thirds of service providers in a category do not meet qualification standards, the problem is not individual non-compliance. It is a system that does not verify, does not enforce, and does not correct. This is an oversight infrastructure failure, the same infrastructure that is supposed to protect hospitals from improper denials and ensure that legitimate claims are properly adjudicated.
7. The Data Infrastructure Gap
Underlying all six failures above is a common root cause: New Mexico lacks the data infrastructure to operate an effective integrity program. The MMIS is broken. The MFCU has no advanced analytics capability. MCO data is siloed within each managed care organization. There is no cross-agency data matching. There is no real-time claims analytics. There is no fraud vector mapping.
Modern program integrity requires the ability to analyze claims data across multiple dimensions simultaneously, provider patterns, beneficiary eligibility, service utilization, geographic distribution, temporal patterns, billing code anomalies, and cross-program overlap. New Mexico's current infrastructure cannot perform any of these analyses at scale.
The Cost of Inaction
MACPAC's April 2026 report to Congress establishes the national baseline: $31.1 billion in improper Medicaid payments across the country, representing approximately 5% of total Medicaid spending (PERM Review Year 2024). Of these improper payments, 74% are attributable to insufficient documentation and 16% to beneficiary ineligibility.
Applied to New Mexico's $8.1 billion program, a 5% improper payment rate yields an estimated $405 million in annual improper payments.
The vast majority of these are not fraud in the criminal sense, they are payments made incorrectly due to documentation failures, eligibility errors, billing mistakes, and system gaps. They represent services that were either improperly billed, improperly denied, or improperly adjudicated.
Combined with the $174.4 million in specific findings from the 2024 OIG audits and the MFCU's $0.02-per-dollar recovery rate, the picture is clear: New Mexico is losing hundreds of millions of dollars annually to integrity failures that its current infrastructure cannot detect, cannot investigate, and cannot correct.
The Accountability Question
Who is responsible for this systemic failure? The answer is structural, not individual.
The MFCU is underfunded because the legislature has not appropriated additional resources. The legislature has not acted because the issue has not been brought before it with sufficient urgency. The MMIS is failing because a vendor contract was mismanaged over nearly a decade. MCO oversight is minimal because the standards were set low. Federal auditors identify problems but lack enforcement authority.
No single actor caused this failure. The system as a whole failed because no single actor had both the authority and the incentive to prevent it. This is the essential lesson for other states: Medicaid integrity does not fail in a single dramatic event. It degrades incrementally, across multiple institutions, over years, until the cumulative effect becomes a crisis that everyone can see but no one can easily fix.
What Other States Should Be Asking Right Now
New Mexico is an extreme case, but the structural vulnerabilities that created it are not unique. Every state legislature, every inspector general's office, and every Medicaid agency director should be asking:
About the MFCU: What is our recovery rate per dollar spent? How does it compare to the national average? What is our investigation-to-conviction ratio? Is there permanent leadership in place?
About the MMIS: What is the status of our MMIS modernization? Is it on budget and on schedule? Has it been flagged by CMS? What analytics capabilities does our current system support?
About MCO oversight: What are our MCO program integrity staffing requirements? Are they sufficient for the member volume? How do we independently verify MCO payment accuracy?
About legislative engagement: When was the last time our legislature considered fraud detection technology legislation? Is there a standing committee or working group focused on program integrity?
About data infrastructure: Can we perform cross-agency data matching? Do we have real-time claims analytics? Can we map fraud vectors using IG audit data?
If the answers to these questions are unsatisfying, the state is on the same trajectory as New Mexico, the only question is how far along it is.
The Alternative: Intelligent Oversight
The traditional model of program integrity, large investigative teams, manual review, case-by-case prosecution, was designed for a different era. When Medicaid programs were smaller, when claims volumes were lower, when billing complexity was manageable by human reviewers, the model worked adequately.
Today, an $8.1 billion program generating millions of claims across four MCOs, hundreds of provider types, and thousands of billing codes cannot be overseen by a handful of investigators and a legacy IT system. The math does not work.
Modern integrity infrastructure uses AI to analyze claims data across all dimensions simultaneously, processing millions of claims against federal and state policy rules, IG-audit-grounded fraud vectors, provider behavioral patterns, and cross-program eligibility data. This is not a future capability. It exists today.
| Metric | Traditional Model | AI-Powered Oversight |
|---|---|---|
| Annual Cost | $17–18.5M (SB 363 model) | $1.8–2.5M |
| Staff Required | 288 FTEs | Zero new hires |
| Cost Reduction | — | 87% |
The question for state legislators is no longer whether intelligent oversight is possible. It is whether they can justify continuing to fund an integrity model that recovers two cents per dollar when alternatives exist that can recover multiples of their cost.
Conclusion: $8.1 Billion Reasons to Act
New Mexico's Medicaid integrity failure is not a single broken component. It is the simultaneous failure of every component, the MFCU, the MMIS, the MCO oversight framework, the federal audit response mechanism, the legislative process, the provider qualification system, and the data infrastructure that connects them all.
The total cost is not knowable with precision, but the available data points toward hundreds of millions of dollars annually in improper payments, unrecouped overpayments, undetected fraud, and hospital revenue that disappears into a system without the capacity to account for it.
Other states will look at New Mexico and assume it is an outlier. Some will be right. Most will be wrong. The structural dynamics that produced this failure, underfunded integrity programs, aging MMIS systems, minimal MCO oversight, legislative inattention to detection technology, exist in the majority of state Medicaid programs. The difference is degree, not kind.
The $8.1 billion question is not whether other states have these vulnerabilities. It is whether they will address them before their own audits confirm what New Mexico's data has already proven.
Sources
- MACPAC, "Medicaid Program Integrity," Report to Congress, April 10, 2026
- HHS Office of Inspector General, New Mexico MFCU Performance Review, 2021
- HHS OIG, Medicaid Fraud Control Units Annual Report FY2024 to 2025
- HHS OIG, Audit of New Mexico Nursing Facility Level-of-Care Payments, 2024
- HHS OIG, Audit of New Mexico Personal Care Service Attendant Qualifications, 2024
- HHS OIG, Audit of New Mexico Managed Care Organization Overpayments, 2024
- Kaiser Family Foundation, "Medicaid in New Mexico," May 2025
- New Mexico Human Services Department / Health Care Authority FY2026 Budget Request
- New Mexico Department of Justice, Criminal Affairs Division Records
- Conduent, New Mexico MMIS Contract Documentation, February 2023
- Governor Michelle Lujan Grisham, Letter of Direction 109, December 2023
- CMS Leadership Remarks, NAMD Conference 2025
- Kansas Legislature, Senate Bill 363, 2025 Session
- Sentinel Integrity Group, "AI Replaces Bureaucracy," March 2026
About Sentinel Integrity Group
Sentinel Integrity Group is a Division of High Value Change serving state and federal agencies, legislatures, and managed care organizations with AI-powered fraud prevention and program integrity solutions.
Contact:
David Thorne, CEO & Founder
sentinelintegritygroup.com