The Medicaid Program Improvement Act directs states to implement a regular process for obtaining reliable address information for people enrolled in Medicaid and for acting on any changes the process identifies. It also amends managed-care contracting rules so that managed care entities must pass along address details they receive or verify from enrollees.
The statutory language ties the requirement to existing federal regulatory standards for 'reliable data sources.'
For policy and program managers this rewrites part of the operational playbook: states must build or expand data-matching and intake processes, update MCO contracts and IT interfaces, and decide how to translate third‑party address data into administrative action without triggering improper notices or terminations. The bill aims to reduce lost communications and improve program integrity but creates immediate implementation, privacy, and operational trade-offs for states and their contractors.
At a Glance
What It Does
Requires State Medicaid plans to put in place a recurring process to obtain beneficiary address information from reliable data sources and to act on any changes in accordance with applicable federal regulation; extends the requirement into CHIP; and requires managed care entities to transmit to states address information they obtain or verify directly from enrollees.
Who It Affects
State Medicaid agencies, Medicaid managed care organizations holding contracts under section 1903(m), CHIP administrators, and vendors that supply address-matching or enrollment systems. Medicaid and CHIP beneficiaries are indirectly affected through contact and continuity-of-care implications.
Why It Matters
Standardizes an operational step that most states perform unevenly today, creating a single statutory reference point for beneficiary address updates. That concentrates responsibility (and cost) at the state/MCO level, changes contracting requirements, and increases reliance on commercial or administrative data sources for enrollment maintenance.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill inserts a new requirement into section 1902(a) of the Social Security Act directing State Medicaid plans to establish a recurring process to obtain address information for enrolled individuals from ‘reliable data sources’ and to act on changes consistent with the referenced federal regulation. Rather than prescribing a specific vendor or source, the statute cross‑references the existing regulatory standard for reliability, which means implementation detail will be driven by CMS regulation and by each state's interpretation of that regulation.
To bring CHIP under the same framework, the bill amends the CHIP statutory list of required plan elements so that the new Medicaid address‑reliability requirement also applies to CHIP programs. The text achieves that by inserting a reference to the new Medicaid provision into the enumeration of CHIP plan requirements, rather than writing a separate CHIP procedure.
Practically, that merges the administrative approach to address updates across both programs where the state operates both Medicaid and CHIP.The bill also adds a targeted managed-care obligation to section 1932: any managed care entity with a Medicaid contract must transmit to the State address data that it either received directly from an enrollee or verified directly with the enrollee. That shifts visibility and some responsibility for beneficiary contact data onto MCOs and creates a statutory duty to share that information with the state, which in turn will need intake and reconciliation processes to incorporate those updates.Taken together, the act creates three operational steps states and their contractors must coordinate: selecting or validating reliable external address data sources under the cited regulation; setting business rules for when and how to act on an address change (including notice, verification, and timing); and amending managed‑care contracts and data feeds to ensure prompt transmission of enrollee‑provided address information.
The bill leaves important implementation choices to states and CMS regulation, so much of the program impact will depend on how the referenced regulatory standard is interpreted and enforced.
The Five Things You Need to Know
The statute takes effect for compliance starting January 1, 2026 — that is the date states and MCOs must begin following the new requirements.
The new Medicaid requirement is implemented by adding paragraph (88) to section 1902(a), and it requires use of ‘reliable data sources’ defined by 42 C.F.R. 435.919(f)(1)(iii) (or any successor regulation).
The amendment explicitly limits the paragraph to the 50 States and the District of Columbia, excluding U.S. territories from this statutory requirement.
Section 1932 is amended to add subsection (j), which obligates managed care entities under 1903(m) contracts to transmit to the State any address information provided to, or directly verified by, the entity with the enrollee.
CHIP is brought under the same rule by inserting a new subparagraph into section 2107(e)(1) that references the new Medicaid address requirement rather than creating a separate CHIP procedure.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Names the measure the "Medicaid Program Improvement Act." This is a pure captioning provision and has no operational effect, but it signals congressional intent that the bill's purpose is program management improvement rather than substantive eligibility reform.
State process to obtain and act on address information
Adds paragraph (88) to section 1902(a), directing State plans to regularly obtain address data for enrolled individuals from ‘reliable data sources’ and to act on any changes in accordance with the federal regulation cited. The practical import is that states must adopt a documented, recurring workflow for address updates and reconcile those updates with their eligibility files. Because the text references an existing Code of Federal Regulations provision, the implementing detail (what sources count as reliable, match thresholds, retention policies, and permissible uses) will be driven by CMS guidance or updates to the successor regulation.
Extends the Medicaid address requirement to CHIP
Modifies the statutory list of CHIP plan elements by inserting a new subparagraph that references the newly created Medicaid address requirement. Instead of drafting a parallel CHIP standard, the bill ties CHIP compliance to the Medicaid provision, which reduces duplication but requires states administering separate CHIP arrangements to ensure alignment of processes and contracts with the Medicaid rule.
Managed care entities must send enrollees' address information to States
Adds subsection (j) to section 1932 requiring that contracts with managed care entities include a term obligating the entity to transmit to the State any address information it obtained directly from, or verified directly with, an enrollee. This is a specific, contract‑level requirement that will need to be written into all 1903(m) managed care contracts and implemented through claims/encounter or enrollee data feeds; states must decide how quickly they integrate those feeds into their eligibility systems and what reconciliation rules to use when MCO-submitted addresses differ from other sources.
This bill is one of many.
Codify tracks hundreds of bills on Healthcare across all five countries.
Explore Healthcare in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Medicaid and CHIP enrollees who move or change contact details — they are more likely to receive notices, care-coordination outreach, and managed-care communications if addresses are updated more systematically.
- State Medicaid and CHIP programs seeking cleaner enrollment data — improved address data reduces returned mail, supports accurate rates and audits, and can lower administrative costs from resubmissions or follow‑ups over time.
- Healthcare providers and care coordinators — better contact information improves appointment reminders, care transitions, and outreach efforts aimed at continuity of care.
- CMS and federal overseers — a uniform statutory hook for address-matching allows CMS to set consistent regulatory standards and monitor state practice for program integrity and auditability.
Who Bears the Cost
- State Medicaid agencies — they must design, procure, or modify processes and IT systems to ingest, validate, and act upon third‑party address feeds and to change business rules, all of which will generate implementation and ongoing operational expenses.
- Managed Care Organizations under 1903(m) contracts — MCOs must change contracts and operational workflows to transmit verified enrollee address data to states, including potential IT interface work and personnel time.
- IT vendors and enrollment system integrators — vendors that run eligibility systems or data‑matching services will see demand for modifications, conversions, and new interfaces; those costs will be borne ultimately by states or contractors.
- Beneficiaries and privacy advocates — while not a direct fiscal cost, there is a privacy risk and potential reputational cost if commercial address data are used improperly or if erroneous updates disrupt benefits or communications.
Key Issues
The Core Tension
The central dilemma is between administrative accuracy and program integrity on one hand, and beneficiary protection and privacy on the other: forcing routine address updates from external sources can reduce lost communications and flag fraud, but it also risks erroneous changes that interrupt benefits or expose sensitive enrollment data—there is no risk‑free way to maximize both.
The bill relies on a regulatory cross‑reference rather than articulating technical standards in statute. That accelerates implementation by pointing states to 42 C.F.R. 435.919(f)(1)(iii) (or a successor), but it also delegates key definitional decisions—what constitutes a reliable source, acceptable match thresholds, and required verification steps—to CMS or future regulation.
States will need to interpret when an address match is sufficient to ‘act’ and what procedural protections—such as notices and opportunities to contest—must accompany automated updates.
There are also competing risks. Using external address-matching services can improve outreach but increases exposure to incorrect matches, stale commercial records, and privacy concerns when consumer data brokers are involved.
If a state adopts a rule that automatically updates an enrollee's address without robust verification or notice, that could lead to missed benefits or improperly routed notices; if the state requires strict verification, the administrative burden could nullify the intended efficiency gains. The statute’s explicit exclusion of territories creates an uneven national patchwork and may complicate multi‑jurisdictional managed care organizations' compliance approach.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.