Medicaid Program Integrity: State and Federal Efforts to Prevent 
and Detect Improper Payments (16-JUL-04, GAO-04-707).		 
                                                                 
During fiscal year 2002, Medicaid--a program jointly funded by	 
the federal government and the states--provided health care	 
coverage for about 51 million low-income Americans. That year,	 
Medicaid benefit payments reached approximately $244 billion, of 
which the federal share was about $139 billion. The program is	 
administered by state Medicaid agencies with oversight provided  
by the Centers for Medicare & Medicaid Services (CMS) in the	 
Department of Health and Human Services. Medicaid's size and	 
diversity make it vulnerable to improper payments that can result
from fraud, abuse, or clerical errors. States conduct program	 
integrity activities to prevent, or detect and recover, improper 
payments. This report provides information on (1) the types of	 
provider fraud and abuse problems that state Medicaid programs	 
have identified, (2) approaches states take to ensure that	 
Medicaid funds are paid appropriately, and (3) CMS's efforts to  
support and oversee state program integrity activities. To	 
address these issues, we compiled an inventory of states'	 
Medicaid program integrity activities, conducted site visits in  
eight states, and interviewed CMS's Medicaid program integrity	 
staff.								 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-04-707 					        
    ACCNO:   A10898						        
  TITLE:     Medicaid Program Integrity: State and Federal Efforts to 
Prevent and Detect Improper Payments				 
     DATE:   07/16/2004 
  SUBJECT:   Claims processing					 
	     Data integrity					 
	     Erroneous payments 				 
	     Federal/state relations				 
	     Financial management				 
	     Fraud						 
	     Health care programs				 
	     Health insurance cost control			 
	     Losses						 
	     Program abuses					 
	     State-administered programs			 
	     Crime prevention					 
	     Medicaid Program					 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-04-707

United States Government Accountability Office

GAO

           Report to the Chairman, Committee on Finance, U.S. Senate

July 2004

MEDICAID PROGRAM INTEGRITY

       State and Federal Efforts to Prevent and Detect Improper Payments

GAO-04-707

Highlights of GAO-04-707, a report to the Chairman, Committee on Finance,
U.S. Senate

During fiscal year 2002, Medicaid- a program jointly funded by the federal
government and the states-provided health care coverage for about 51
million low-income Americans. That year, Medicaid benefit payments reached
approximately $244 billion, of which the federal share was about $139
billion. The program is administered by state Medicaid agencies with
oversight provided by the Centers for Medicare & Medicaid Services (CMS)
in the Department of Health and Human Services. Medicaid's size and
diversity make it vulnerable to improper payments that can result from
fraud, abuse, or clerical errors. States conduct program integrity
activities to prevent, or detect and recover, improper payments. This
report provides information on (1) the types of provider fraud and abuse
problems that state Medicaid programs have identified, (2) approaches
states take to ensure that Medicaid funds are paid appropriately, and (3)
CMS's efforts to support and oversee state program integrity activities.
To address these issues, we compiled an inventory of states' Medicaid
program integrity activities, conducted site visits in eight states, and
interviewed CMS's Medicaid program integrity staff.

www.gao.gov/cgi-bin/getrpt?GAO-04-707.

To view the full product, including the scope and methodology, click on
the link above. For more information, contact Leslie G. Aronovitz at (312)
220-7600.

July 2004

MEDICAID PROGRAM INTEGRITY

State and Federal Efforts to Prevent and Detect Improper Payments

Various forms of fraud and abuse have resulted in substantial financial
losses to states and the federal government. Fraudulent and abusive
billing practices committed by providers include billing for services,
drugs, equipment, or supplies not provided or not needed. Providers have
also been found to bill for more expensive procedures than actually
provided. In recent cases, 15 clinical laboratories in one state billed
Medicaid $20 million for services that had not been ordered, an optical
store falsely claimed $3 million for eyeglass replacements, and a medical
supply company agreed to repay states nearly $50 million because of
fraudulent marketing practices.

States report that their Medicaid program integrity activities generated
cost savings by applying certain measures to providers considered to be at
high risk for inappropriate billing and by generally strengthening their
program controls for all providers. Thirty-four of the 47 states that
completed our inventory reported using one or more enrollment controls
with their high-risk providers, such as on-site inspections of the
applicant's facility, criminal background checks, or probationary or
time-limited enrollment. States also reported using information technology
to integrate databases containing provider, beneficiary, and claims
information and conduct more efficient utilization reviews. For example,
34 states reported conducting targeted claims reviews to identify unusual
patterns that might indicate provider abuse. In addition, states cited
legislation that directed the use of certain preventive or detection
controls or authorized enhanced enforcement powers as lending support to
their Medicaid program integrity efforts.

At the federal level, CMS is engaged in several initiatives designed to
support states' program integrity efforts; however, its oversight of these
state efforts is limited. CMS initiatives include two pilots, one to
measure the accuracy of each state's Medicaid claims payments and another
to identify aberrant provider billing by linking Medicaid and Medicare
claims information. CMS also provides technical assistance to states by
sponsoring monthly teleconferences where states can discuss emerging
issues and propose policy changes. To monitor Medicaid program integrity
activities, CMS teams conduct on-site reviews of states' compliance with
federal requirements, such as referring certain cases to the state agency
responsible for investigating Medicaid fraud. In fiscal year 2004, CMS
allocated $26,000 and eight staff positions nationally for overseeing the
states' Medicaid program integrity activities, including the cost of
compliance reviews. With this level of resources, CMS aims to review 8
states each year until all 50 states and the District of Columbia have
been covered. From January 2000 through December 2003, CMS has conducted
reviews of 29 states and, at its current pace, would not begin a second
round of reviews before fiscal year 2007. This level of effort suggests
that CMS's oversight of the states' Medicaid program integrity efforts may
be disproportionately small relative to the risk of serious financial
loss.

Contents

  Letter

Results in Brief
Background
Provider Schemes and Improper Billing Siphon Medicaid Dollars
States Report a Variety of Approaches to Prevent and Detect

Improper Payments
CMS Has Activities to Support States' Program Integrity Efforts but

Conducts Little Oversight
Concluding Observations
Agency Comments and Our Evaluation

1

2 4 5

8

14 20 21

Appendix I States' Approaches to Medicaid Program Integrity

Appendix II 	Comments from the Centers for Medicare & Medicaid Services

  Appendix III GAO Contact and Staff Acknowledgments 27

GAO Contact 27
Acknowledgments 27

  Table

Table 1: Recent Medicaid Fraud and Abuse Cases

Abbreviations

CMS Centers for Medicare & Medicaid Services
DME durable medical equipment
FBI Federal Bureau of Investigation
FTE full-time equivalent
HHS Department of Health and Human Services
MMIS Medicaid Management Information System
OIG Office of Inspector General
PAM Payment Accuracy Measurement
PERM Payment Error Rate Measurement
SCHIP State Children's Health Insurance Program
SURS Surveillance and Utilization Review Subsystem
TAG Technical Assistance Group

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

United States Government Accountability Office Washington, DC 20548

July 16, 2004

The Honorable Charles E. Grassley
Chairman
Committee on Finance
United States Senate

Dear Mr. Chairman:

During fiscal year 2002, Medicaid-a program jointly funded by the federal
government and the states-provided health care coverage for about
51 million low-income Americans, most of whom were children, elderly,
blind, or disabled. That year, Medicaid benefit payments reached
approximately $244 billion, of which the federal share was about $139
billion. Administration of the program is conducted by the states and is
overseen at the federal level by the Centers for Medicare & Medicaid
Services (CMS) in the Department of Health and Human Services (HHS).
The challenges inherent in overseeing a program of Medicaid's size and
diversity make the program vulnerable to improper payments. As a result,
we added Medicaid to our list of high-risk programs in January 2003.1

Improper payments in government health programs drain vital program
dollars, to the detriment of beneficiaries and taxpayers. Such payments
include those made for services not covered by program rules, not
medically necessary, or billed but never actually provided. Improper
payments can result from inadvertent errors as well as fraud and abuse.
Inadvertent errors are typically due to clerical mistakes or a
misunderstanding of program rules, whereas fraud is an intentional act of
deception to benefit the provider or another person. Abuse typically
involves actions that are inconsistent with acceptable business and
medical practices. States conduct program integrity activities designed to
prevent, or detect and recover, improper payments resulting from fraud,
abuse, and error.

1U.S. General Accounting Office, Major Management Challenges and Program
Risks: Department of Health and Human Services, GAO-03-101 (Washington,
D.C.: January 2003).

Given the large expenditure of federal dollars and the risk of improper
payments, we reviewed the Medicaid program integrity activities conducted
by the states and monitored by CMS. This report provides information on
(1) the types of provider fraud and abuse problems that state Medicaid
programs have identified in recent years, (2) approaches taken by states
to ensure that Medicaid funds are paid appropriately, and (3) CMS's
efforts to support and oversee state program integrity activities.

To address these issues, we compiled an inventory of the states' Medicaid
program integrity activities addressing providers' improper billing
practices.2 (For details on state responses to the inventory, see app. I.)
The inventory also provided states the opportunity to comment on CMS's
Medicaid program integrity efforts. To supplement our inventory analysis,
we conducted site visits in eight states-Florida, Illinois, Louisiana, New
Jersey, New York, North Carolina, Texas, and Wisconsin-and interviewed
officials at state Medicaid agencies, state inspector general offices,
state fraud control units, and private companies that contract with the
states to perform specialized claims reviews or other program integrity
activities. We selected these states based on geographic diversity and
differences in program size. In addition, national health care fraud and
abuse experts with whom we consulted cited these states as particularly
active in identifying and responding to improper payment issues. Finally,
we interviewed CMS's Medicaid program integrity staff and reviewed recent
studies by federal agencies and national organizations involved with
antifraud efforts. Our work was conducted from August 2003 through July
2004 in accordance with generally accepted government auditing standards.

Results in Brief 	Various forms of Medicaid fraud and abuse have resulted
in substantial financial losses to states and the federal government.
Fraudulent and abusive billing practices committed by providers include
billing for services, drugs, equipment, or supplies not provided or not
needed. Providers have also been found to bill for more expensive
procedures than were actually provided. In recent cases, 15 clinical
laboratories in one state billed Medicaid $20 million for services that
had not been ordered, an optical store falsely claimed $3 million for
eyeglass replacements, and a

2Officials in the 50 states and the District of Columbia were asked to
complete our inventory; we received 47 responses. Although we did not
validate the information received, we contacted several states to verify
responses that appeared inconsistent with information previously reported
to us.

medical supply company agreed to repay states nearly $50 million because
of fraudulent marketing practices.

States report that their Medicaid program integrity activities generated
cost savings by applying certain measures to providers considered to be at
high risk for inappropriate billing and by generally strengthening their
program controls for all providers. Thirty-four of the 47 states that
completed our inventory reported using one or more measures to control
enrollment of high-risk providers. Such controls include on-site
inspections of the applicant's facility prior to enrollment, criminal
background checks, requirements to obtain surety bonds that protect the
state against certain financial losses, and policies to enroll providers
on a probationary or time-limited basis. States also report using
information technology to integrate databases containing provider,
beneficiary, and claims information and conduct more efficient utilization
reviews. For example, 34 states reported conducting targeted claims
reviews to identify unusual patterns that might indicate provider abuse.
In addition, states cited legislation that directed the use of certain
preventive or detection controls or authorized enhanced enforcement powers
as lending support to their Medicaid program integrity efforts.

At the federal level, CMS has initiatives designed to support states'
program integrity efforts; however, its oversight of state efforts is
limited. CMS initiatives include two pilots. One pilot seeks to develop a
methodology for measuring the accuracy of each state's Medicaid claims
payments. Its most recent results show that Medicaid fee-for-service
accuracy rates for 11 states ranged from 81 percent to nearly 100 percent.
The other pilot is designed to identify aberrant provider billing by
linking Medicaid and Medicare claims information. This pilot resulted in a
reported $58 million in savings and over 80 cases against suspected
fraudulent providers after the first year of testing in California. CMS
also provides technical assistance to states by sponsoring monthly
teleconferences where states can discuss emerging issues and propose
policy changes. To monitor Medicaid program integrity activities, CMS
teams conduct on-site reviews of states' compliance with federal
requirements, such as referring certain cases to the state agency
responsible for investigating Medicaid fraud. In fiscal year 2004, CMS
allocated $26,000 and eight staff positions nationally for overseeing the
states' Medicaid program integrity activities, including the cost of
compliance reviews. With this level of resources, CMS aims to review 8
states each year until all 50 states and the District of Columbia have
been covered. From January 2000 through December 2003, CMS has conducted
reviews of 29 states and, at its current pace, would not begin a second

Background

round of reviews before fiscal year 2007. This level of effort suggests
that CMS's oversight of the states' Medicaid program integrity efforts may
be disproportionately small relative to the risk of serious financial
loss.

Commenting on a draft of this report, CMS officials stated that because
our report focused on program integrity activities, it did not reflect the
full range of financial management oversight activities that are ongoing
or planned. They noted the agency's intention to add 100 new financial
management staff and its contract with the HHS Office of Inspector General
(OIG) for additional audits. Although we consider both to be crucial
Medicaid oversight functions, the goals and approaches to financial
management and program integrity are not the same, and staff dedicated to
these two functions are not interchangeable. We continue to believe that
the resources allocated to supporting and overseeing states' Medicaid
program integrity activities may not be commensurate with the financial
risks at hand. CMS's written comments are reprinted in appendix II.

The Medicaid program is one of the largest social programs in the federal
budget, and one of the largest components of state budgets. Although it is
one federal program, Medicaid consists of 56 distinct state-level programs
created within broad federal guidelines and administered by state Medicaid
agencies.3 Each state develops its own Medicaid administrative structure
for carrying out the program. It also establishes eligibility standards;
determines the type, amount, duration, and scope of covered services; and
sets payment rates. Each state is required to describe the nature and
scope of its program in a comprehensive plan submitted to CMS, with
federal funding depending on CMS's approval of the plan.

In general, the federal government matches state Medicaid spending for
medical assistance according to a formula based on each state's per capita
income. The federal contribution ranges from 50 to 77 cents of every state
dollar spent on medical assistance in fiscal year 2004. For most state
Medicaid administrative costs, the federal match rate is 50 percent. For
skilled professional medical personnel engaged in program integrity
activities, such as those who review medical records, 75 percent federal
matching is available.

3The 56 Medicaid programs include one for each of the 50 states, the
District of Columbia, Puerto Rico, and the U.S. territories of American
Samoa, Guam, Northern Mariana Islands, and Virgin Islands. Hereafter, all
56 entities are referred to as states.

States and CMS share responsibility for protecting the integrity of the
Medicaid program. States are responsible for ensuring proper payment and
recovering misspent funds. CMS has a role in facilitating states' program
integrity efforts and seeing that states have the necessary processes in
place to prevent and detect improper payments.

With varying levels of staff and resources, states conduct Medicaid
program integrity activities that include screening providers and
monitoring provider billing patterns. CMS requires that states collect and
verify basic information on potential providers, including whether they
meet state licensure requirements and are not prohibited from
participating in federal health care programs. CMS also requires that each
state Medicaid agency have certain information processing capabilities,
including a Medicaid Management Information System (MMIS) and a
Surveillance and Utilization Review Subsystem (SURS).4 The SURS staff use
claims data to develop statistical profiles on services, providers, and
beneficiaries to identify potential improper payments. They refer
suspected overpayments or overutilization cases to other units in the
Medicaid agency for corrective action and potential fraud cases to their
state's Medicaid Fraud Control Unit for investigation and prosecution.
Medicaid Fraud Control Units can, in turn, refer some cases to the HHS
OIG, the Federal Bureau of Investigation (FBI), and the Department of
Justice for further investigation and prosecution.

State Medicaid programs have experienced a wide range of abusive and
fraudulent practices by providers. States have prosecuted providers that
bill for services, drugs, and supplies that are not authorized or are not
provided. States' investigators have also uncovered deliberate provider
upcoding-billing for more expensive procedures than were actually
provided-to increase their Medicaid reimbursement. In some cases, they
have prosecuted providers for marketing irregularities, such as offering
cash, free services, or gifts to induce referrals. While the covert nature
of these schemes makes it difficult to quantify the dollars lost to
Medicaid fraud or abuse, recent cases provide examples of substantial
financial losses. As shown in table 1, these range from a nearly $1.6
million state

4MMIS is an automated claims payment and information retrieval system,
with which states verify the accuracy of claims, the correct use of
payment codes, and patients' Medicaid eligibility. States are required by
law to have such a system. See Social Security Act, S: 1903(r). A system
such as SURS is also required by statute. See Social Security Act, S:
1902(a)(30).

  Provider Schemes and Improper Billing Siphon Medicaid Dollars

case that involved billing for transportation services never provided and
deliberate upcoding to a $50 million nationwide settlement with a major
pharmaceutical and equipment supplier over illegal marketing practices.

Table 1: Recent Medicaid Fraud and Abuse Cases

Provider and violation

Case

Clinical laboratories A California Medicaid fraud scheme involved more
than 15 clinical laboratories that illegally Billing for unauthorized
services billed over $20 million for tests that were never authorized by
physicians. The defendant paid medical clinic employees to draw extra
samples of blood from unsuspecting patients and purchased blood from
runaway children, homeless individuals, and drug addicts. He had the blood
tested at laboratories he controlled, and then billed California's
Medicaid program using stolen patient identities. The scheme also involved
the theft of physicians' identities to create false records showing that
the physicians authorized the laboratories to perform the tests.

Optical store Owners of a California optical store defrauded the Medicaid
program of nearly $3 million by Billing for services not provided filing
false claims for eyeglasses they said were replacements for Medicaid
patients whose eyeglasses were lost, stolen, or destroyed. The
investigation revealed that the owners used personal information that they
had obtained from previous patients-about 6,341 Medicaid beneficiaries-to
fraudulently bill the program for 59,574 pairs of eyeglasses from 1995 to
2001.

Transportation company Nearly $1.6 million in Medicaid funds was recovered
from six defendants who falsely Billing for services not provided charged
the Virginia Medicaid program for services never performed or improperly
coded. A Virginia transportation company purchased patient identity
information from other Deliberate upcoding transportation companies or
assisted living homes and billed Medicaid for services to patients it
never served. The defendants also improperly billed Medicaid using a
reimbursement code for wheelchair-bound patients that pays three times
higher than the code used for transporting ambulatory patients.

Hospital A 2-year investigation into Medicaid billing practices at a
Florida hospital found $2.9 million Deliberate upcoding in estimated
overpayments. Investigators reviewed a sample of Medicaid claims for
nonemergency, routine medical services-such as well-baby care and flu
shots-that were billed under a code reserved for more advanced procedures
performed exclusively at a hospital. An audit of the hospital's claims
revealed that 99 percent of the claims were for procedures that did not
qualify to be reimbursed under this more advanced code.

Durable medical equipment (DME) The owner of a pharmaceutical and DME
company admitted to defrauding the Indiana supplier Medicaid program of
nearly $2 million. The company used higher reimbursement codes Upcoding
than allowed and, in some instances, substantially inflated the cost of
the drugs that were provided to Medicaid beneficiaries. The owner also
paid kickbacks to nurses for referringKickbacks cancer patients in need of
expensive drugs and supplies to the company.

Medical supply company Illegal marketing practices

Medicaid programs throughout the country will share nearly $50 million
recovered as part of a settlement with Abbott Laboratories over fraudulent
marketing of its enteral feeding pumps, which are used to feed patients
directly through the intestines. The marketing practices included
providing free enteral feeding pumps to nursing homes and DME suppliers in
exchange for those buyers agreeing to purchase a specific number of pump
sets, which are necessary for the pumps to function. Abbott's marketing
division staff told nursing homes and DME suppliers they could bill
Medicare or Medicaid for the pumps, which had been supplied for free.
Abbott also offered money to encourage DME suppliers and nursing homes to
buy products from the company. As part of the settlement, Abbott also
agreed to pay nearly $365 million in damages and penalties to the Medicare
program.

Source: GAO.

Note: Based on state attorney general offices' summaries of closed cases.

  States Report a Variety of Approaches to Prevent and Detect Improper Payments

States take various approaches to conducting program integrity activities
that can result in substantial cost savings. Tightened enrollment controls
allow states to more closely scrutinize those providers considered to be
at high risk for improper billing. Through provider screening, stricter
enrollment procedures, and reenrollment programs, states may prevent
high-risk providers from enrolling or remaining in their Medicaid
programs. Some states require providers to use advanced technologies to
confirm beneficiary eligibility before services are rendered. States also
use information systems that afford them the ability to query multiple
databases efficiently in order to identify improper claims and types of
providers and services most likely to foster problems. In addition, state
legislatures have assisted their Medicaid agencies by directing that
certain preventive or detection controls be used, or by broadening the
sanctions they can use against providers that bill improperly.

    Most States Tighten Enrollment Controls to Keep Abusive Providers Out of
    Their Programs

On-site Inspections

In general, states target their program integrity procedures to those
providers that pose the greatest financial risk to their Medicaid
programs. They may focus on types of providers whose billing practices
have exhibited unusual trends or that are not subject to state licensure.5
States may also focus on individual providers that have been excluded from
the program in the past or for other reasons. For such providers, most
states impose more rigorous enrollment checks than the minimum required by
CMS.6 Expanded measures applied to high-risk providers include on-site
inspections of the applicant's facility prior to enrollment, criminal
background checks, requirements to obtain surety bonds that protect the
state against certain financial losses, and time-limited enrollment.
Thirtyfour of the states that completed our inventory reported using at
least one of these enrollment controls.

Twenty-nine states reported conducting on-site inspections for providers
considered at high-risk for inappropriate billing before allowing them to

5For example, Illinois officials said their analysis of Medicaid claims
showed providers in unregulated industries-nonemergency transportation and
some durable medical equipment suppliers-presented a higher risk for
abusive billing behavior than those subject to the oversight of
professional licensure boards.

6CMS requires that states screen applicants by asking if they have ever
been convicted of a crime related to their involvement in Medicare,
Medicaid, or Title XX Block Grants programs. See 42 C.F.R. S:
455.106(a)(2)(2003).

enroll or reenroll in their Medicaid programs.7 Such visits help validate
a provider's existence and generate information on its service capacity.
Illinois and Florida officials reported that performing on-site
inspections of some providers' facilities is a valuable part of their
statewide Medicaid provider enrollment control efforts.

o  	For each targeted provider group, Illinois Medicaid staff inspect the
facilities, inventory, and vehicles (in the case of nonemergency
transportation providers).8 Officials told us that their on-site
inspections

prevented 49 potential providers that did not meet requirements from
enrolling. By not approving these providers to bill Medicaid, Illinois
officials estimated that the state avoided a total of $1 million in
potentially improper payments for 2001 and 2002.

o  Florida uses a contractor to conduct on-site inspections of potential

Criminal Background Checks and Surety Bonds

providers. Since April 2003, Florida Medicaid officials have required its
contractor to randomly select and inspect 10 percent of all new
applicants, including pharmacies, physicians, billing agents, nurses, and
other types of providers.

Thirteen states reported that they conduct criminal background checks for
certain high-risk providers rather than relying solely on applicants'
selfdisclosures. These background checks entail verifying with law
enforcement agencies the information given in provider enrollment
applications regarding criminal records. As of December 2003, states
conducting criminal background checks included New Jersey (for employees
of pharmacies, clinical laboratories, transportation services, adult
medical day care, and physician group practices), Wisconsin (for employees
of licensed agencies, such as home health care agencies), and Illinois
(for employees of nonemergency transportation providers).

7Seventeen states reported conducting on-site inspections in June 2001.
See U.S. General Accounting Office, Medicaid: State Efforts to Control
Improper Payments Vary, GAO-01-662 (Washington, D.C.: June 7, 2001). Since
our 2001 report, 14 additional states have begun to conduct on-site
investigations for certain targeted types of providers, while 2 states no
longer conduct them.

8Nonemergency transportation is a ride, or reimbursement for a ride,
provided to Medicaid beneficiaries with no other transportation resources
so that they can receive services from a medical provider.

Four states that conduct criminal background checks also have the
authority to require surety bonds for the targeted providers.9 Surety
bonds, also known as performance bonds, protect the state against
financial loss in case the terms of a contract are not fulfilled. Florida
officials established a $50,000 bonding requirement for durable medical
equipment (DME) suppliers, independent laboratories, certain
transportation companies, and non-physician-owned physician groups. In
Washington, home health agencies must be Medicare-certified to participate
in the state's Medicaid program. Medicare requires a surety bond of
$50,000 or 15 percent of annual Medicare payments to the home health
agency based on the agency's most recent cost report to CMS, whichever is
greater.10

Twenty-five states require all of their Medicaid providers to periodically
reapply for enrollment. This process allows state officials to verify
provider information such as medical specialty credentials and ownership
and licensure status. Eleven states reported having probationary and
timelimited enrollment policies specifically for high-risk providers, with
reenrollment requirements ranging from 6 months to 3 years. Examples of
their probationary and reenrollment policies follow:

Probationary and Reenrollment Policies

o  	California officials estimated avoiding over $200 million in Medicaid
expenditures in state fiscal year 2003 by increasing scrutiny of new
provider applications and placing providers in provisional status for the
first 12 to 18 months of their enrollment. Those who continue to meet the
standards for enrollment and have not been terminated are converted
automatically to enrolled provider status.

o  	In Illinois, nonemergency transportation providers are on probation
for the first 180 days of their enrollment. Medicaid officials explained
that this probationary period gives the state time to monitor the
provider's billing patterns and conduct additional on-site inspections, as
needed. They said that any negative findings uncovered during the
probationary period would result in a provider's immediate termination
without cause, meaning the provider could not grieve the termination
decision.

9Illinois officials reported that they are drafting surety bond
requirements for nonemergency transportation providers. California, North
Carolina, Texas, and Wisconsin reported that they either have or are
seeking state legislation to require surety bonds for various types of
providers.

10CMS requires that home health agencies annually submit financial
documents supporting their costs in order to receive Medicare payments.

o  	Nevada officials reported that certain types of providers located in
the state-including dentists, DME suppliers, and home health agencies-are
permitted to enroll for only a 1-year period and must reapply each year to
continue billing Medicaid. Out-of-state providers are limited to a 3-month
enrollment period and must reapply to continue to bill the Nevada program.

o  	Wisconsin officials reported that the state requires nonemergency
transportation providers to reenroll annually, while all other types of
providers must submit new enrollment applications every 3 years.

    Some States Have Strengthened Controls to Avoid Paying Inappropriate Claims

Using Advanced Technology

Many states deter fraud, abuse, and error by using advanced technologies
and keeping their provider rolls up to date. States seek to enhance
program integrity activities by investing in information technologies that
enable them to preauthorize services and improve their data processing
capabilities. They also contract with companies that specialize in claims
and utilization review-analyses of claims to identify aberrant billing
patterns-to augment their in-house capabilities. In addition, nearly all
states take steps to eliminate paying claims billed under unauthorized
provider numbers.

Most states use advanced technology to prevent improper payments by
requiring providers to validate beneficiary eligibility before services
are rendered. For example, 32 states use online systems that require
pharmacies to obtain state approval confirming a beneficiary's eligibility
before filling a prescription. Using a different technology, New York
implemented a system that stores information on the magnetic strip of a
beneficiary's Medicaid card, which also includes the beneficiary's photo.
By swiping the card, providers are able to verify eligibility before
providing a service.

In another application, New York uses technology to track prescribing
patterns and curb overutilization. New York officials told us that
physicians ordering drugs and medical supplies must use the state's
interactive telephone system to obtain payment authorization numbers. This
system leads physicians through a menu-driven series of questions about
patient diagnosis and treatment alternatives before an authorization
number is given. Officials estimated that during the 6-month period from
April to September 2003, the state saved $15.4 million by using its
interactive phone system for prior approvals.

In addition to verifying beneficiary eligibility and controlling
utilization, many states also use technology to better target their claims
review efforts. Of the 47 states that completed our inventory, 34 reported
targeting their reviews to claims from high-risk providers. These reviews
entail verifying the appropriateness of the services billed by, and
payments made to, a provider within a certain period. Twenty-one of the 34
states reported using advanced information technology to more effectively
pinpoint aberrant billing patterns. These states developed data warehouses
to store several years of information on claims, providers, and
beneficiaries in integrated databases, and they use data-mining software
to look for unusual patterns that might indicate provider abuse.
Additional software detects claims with incongruous billing code
combinations. For example, a state can link related service claims, such
as emergency transportation invoices and hospital emergency department
claims for the same client. States that use these technologies to enhance
their targeted reviews include the following:

o  	New York officials reported that targeted reviews of claims submitted
by part-time clinics,11 mobile radiology service providers, midwives, and

physician assistants saved an estimated $24.9 million in state fiscal
years 2002 through 2003.

o  	Ohio officials reported that targeted reviews by Ohio's in-house
utilization review staff saved an estimated $14 million in state fiscal
years 2000 through 2002.

o  	Texas officials reported recouping over $18.9 million in state fiscal
year 2003. Officials also noted that the state's targeted reviews and
queries enabled them to identify weaknesses in state payment safeguards.
For example, the state identified hospital "unbundling"-billing separately
for services that were already included in a combined reimbursement-
through its analysis of claims data.

Some states rely on contractors to supply claims review expertise that
either is lacking in-house or that supplements existing staff resources.
Of the states completing our national inventory, 24 states use contractors
to

11According to New York Medicaid officials, part-time clinics involve
providers who work out of multiple locations. The state permits providers
to work and claim Medicaid reimbursements from up to 20 clinic locations.
New York identified part-time clinics as a type of provider with a high
probability of improper billing after finding one provider with 694
part-time locations.

Purging Inactive Billing Numbers

review Medicaid claims either before or after payments are made.12
Colorado used contractors to increase the volume of claims reviewed.
Kansas reported that its contractor's 2003 review of hospital inpatient
claims resulted in recovering over $4.7 million. North Carolina officials
estimated that since 1999, the state's contractors' reviews of inpatient
claims resulted in an estimated 4-to-1 return on investment.

Out-of-date information increases the risk that Medicaid will pay
individuals who are not eligible to bill the program. For instance, in
California, individuals were found to have falsely billed the Medicaid
program using the provider billing numbers of retired practitioners.
Fortythree states reported that, at a minimum, they cancel or suspend
inactive provider billing numbers.13 For example:

o  	New Jersey deactivates billing numbers that have been inactive for 12
months. To reactivate their numbers, providers must submit their requests
using their office letterhead. If a number is reactivated and there is no
billing activity within 6 months, New Jersey will again deactivate the
number.

o  	North Carolina notifies providers with billing numbers that have been
inactive for 12 months before taking any action. The state terminates the
number if the provider does not respond within 30 days and updates the
state's provider database each month, listing which billing numbers have
been terminated.

    In Some States, Legislative Initiatives Have Played an Important Role in
    Medicaid Program Integrity Efforts

Many states have made Medicaid program integrity a priority, either
through directives to employ certain preventive or detection controls or
by expanding enforcement authority to use against providers that bill
improperly. In some states, legislative initiatives have encouraged
Medicaid program integrity units to adopt information technology; in
others, legislation has expanded Medicaid agencies' authority to
investigate providers and beneficiaries and impose sanctions. Of the
states that completed our inventory, 24 reported having legislation
mandating

12Prepayment reviews typically include verifying the mathematical accuracy
of claims, the correct use of payment codes, and patients' Medicaid
eligibility. Such reviews help ensure that services listed on claims are
covered, medically necessary, and paid in accordance with state and
federal requirements. Postpayment reviews may be more comprehensive, to
include scrutiny of the medical records used to support the claimed
service.

13This represents an increase of 14 states since our last state inventory
in June 2001.

sanctions against fraudulent providers or beneficiaries. Examples of
legislative activities from 2 states are as follows:

o  	New Jersey: Under a 1996 law, all licensed prescribers and certain
licensed health care facilities are required to use tamper-proof,
nonreproducible prescription order blanks. State Medicaid officials
estimated annual savings of at least $6 million since the law's
implementation in 1997. The law also made prescription forgery a
third-degree felony.

o  Texas: In September 2003, Texas law consolidated responsibility for

Medicaid program integrity in the Office of Inspector General in the
Health and Human Services Commission and funded 200 additional positions
to investigate Medicaid fraud. The legislation also expanded the state's
powers to conduct claims reviews, impose prior authorization and surety
bond requirements, and issue subpoenas. The law also required that the
state explore the feasibility of using biometric technology-such as
fingerprint imaging-as an eligibility verification tool. Texas budget
officials estimated that over a 2-year period, net savings would exceed $1
billion.

CMS has provided states with information, tools, and training to improve
their Medicaid program integrity efforts. The agency has funded a pilot
that measures payment accuracy rates and another pilot that analyzes
provider billing patterns across the Medicare and Medicaid programs. In
addition, CMS has facilitated states' sharing of information on program
integrity issues and related federal policies. Also, CMS has conducted
occasional reviews of state program integrity operations. However, these
reviews are infrequent and limited in scope.

  CMS Has Activities to Support States' Program Integrity Efforts but Conducts
  Little Oversight

CMS Fielding a Multiyear CMS is conducting a 3-year Payment Accuracy
Measurement (PAM) pilot Pilot to Measure Medicaid to develop estimates of
the level of accuracy in Medicaid claims payments, Payment Accuracy Rates
taking into account administrative error and estimated loss due to abuse

or fraud.14 At its conclusion, in fiscal year 2006, PAM will become a
permanent, mandatory program-to be known as the Payment Error Rate
Measurement (PERM) initiative-satisfying requirements of the Improper

14The Health Care Fraud and Abuse Control program-designed to coordinate
federal, state, and local antifraud efforts under the joint direction of
HHS and the Department of Justice-funded all 3 years of the PAM pilot at a
total of about $11.7 million.

Payments Information Act of 2002.15 Under PERM, states will be expected to
ultimately reduce their payment error rates by better targeting program
integrity activities in their Medicaid programs and the State Children's
Health Insurance Program (SCHIP) and tracking their performance over
time.16

PERM is intended to develop an aggregate measure of states' claims payment
errors as well as error rates for seven health care service areas-
inpatient hospital services, long-term care services, independent
physicians and clinics, prescription drugs, home and community-based
services, primary care case management, and other services and supplies.17
CMS proposes developing annual national error rate estimates from rates
developed by one-third of the states rather than requiring each state to
compute an error rate each year.18 CMS further proposes that in the 2-year
period after a state determines its error rate, the state develop and
implement a plan to address the causes of improper payments uncovered in
its review.

CMS is in the third and final year of PAM. Each year, CMS tested various
measurement methodologies and expanded participation to additional
states.19 CMS used information from the 9 states participating in PAM's
first year, fiscal year 2002, to help refine the measurement methodologies
for subsequent years. CMS also constructed a single model to be used by
all 12 states participating in the second year of PAM, which began in
fiscal

15The Improper Payments Information Act of 2002, Pub. L. No. 107-300, 116
Stat. 2350, requires that each agency responsible for federal programs and
activities with estimated improper payments exceeding $10 million annually
report the estimates and planned corrective actions to the Congress.
Office of Management and Budget guidance on the act limits this reporting
requirement to programs and activities with estimated payments exceeding
both $10 million and 2.5 percent of annual program payments.

16SCHIP, Pub. L. No. 105-33, S: 4901, 111 Stat. 251, 552-70 (1997), is a
jointly funded federal/state program that provides health insurance to
children in low-income families who do not qualify for Medicaid and are
not covered by other health insurance.

17Under primary care case management, providers are paid a monthly per
capita fee to coordinate care for beneficiaries.

18CMS proposes using a stratified random sample, without replacement, to
determine which states will be selected for measurement. The random sample
is intended to ensure that each cycle will have similar proportions of
large, medium, and small states.

19CMS reimbursed the states for 100 percent of their costs for the pilot.
When PERM is implemented, in fiscal year 2006, the states will be
reimbursed at their customary administrative matching rate of 50 percent.

year 2003. Those states that reported on Medicaid fee-for-service payment
accuracy had rates ranging from 81.4 percent to 99.7 percent.20 Sources of
inaccurate payments included incomplete documentation of a service,
inappropriate coding, clerical errors, as well as provision of medically
unnecessary services. In PAM's final year, fiscal year 2004, the 27
participating states will include in their claims reviews payments made
under SCHIP and verification of recipient eligibility, among other things.
Beginning in fiscal year 2006, the PAM pilot will transition into the PERM
initiative to produce both state-specific and national estimates of
Medicaid program error rates.

Although state responses to CMS's pilot were generally positive, program
integrity officials raised concerns about the cyclical nature of the
permanent program. Officials in several states-including Illinois,
Louisiana, and North Carolina-indicated concern that the 3-year cycle
presents significant staffing challenges. They contend that it is
impractical for a state to employ sufficient staff, with the necessary
expertise, to perform these functions only once every 3 years.21 Officials
in other states, such as New York and Washington, expressed concern that
the measurement effort might result in diverting staff from ongoing, and
potentially more productive, program integrity activities. In its April
2004 final report on the second year of the pilot, CMS identified high
state staff turnover and limited availability of medical records as
obstacles that kept some states from completing their pilots on time.

20In calculating payment accuracy rates, CMS determined that overpayments
and underpayments would "offset" each other in a manner that is similar to
the way that both the HHS OIG Chief Financial Officers Audit and the
Comprehensive Error Rate Testing program have defined payment error for
the Medicare program. States were asked to subtract the value of
underpayments from overpayments to determine the net value of inaccurate
payments. See Centers for Medicare & Medicaid Services, Center for
Medicaid and State Operations, Finance, Systems and Budget Group, Payment
Accuracy Measurement Project: Year 2 Final Report (Baltimore: April 2004).

21In response to the states' concerns about the PERM 3-year cycle and the
OIG's concerns regarding the stratified random selection of which states
conduct PERM studies, CMS has proposed that all states be required to
conduct such studies annually. This proposal is pending in the federal
rule-making process.

    CMS Pilot Links Information on Providers That Bill Both Medicare and
    Medicaid

In another effort to support states' program integrity activities, CMS
facilitates the sharing of health benefit and claims information between
the Medicaid and Medicare programs. For example, it arranged for state
Medicaid agency officials to gain access to confidential provider
information contained in Medicare's restricted fraud alerts (a warning
against emerging schemes), provider suspension notices, and databases.22
One of the Medicare-Medicaid information-sharing activities is a data
match pilot that received funding from several sources.23 The purpose of
this state-operated pilot is to identify improper billing and utilization
patterns by matching Medicare and Medicaid claims information on providers
and beneficiaries. Such matching is important, as fraudulent schemes can
cross program boundaries.

CMS initiated the Medicare-Medicaid data match pilot in California in
September 2001.24 CMS estimated that in its first year, the pilot achieved
a 21-to-1 return on investment, with about $58 million in cost avoidance,
savings, and overpayment recoupments to the Medicaid and Medicare
programs. In addition, over 80 cases were opened against suspected
fraudulent providers. For example, the pilot identified the following:

o  	One provider billed more than 24 hours a day. Although the Medicare
claims alone were not implausible, once the Medicare and Medicaid dates of
service were matched, the provider showed up as billing for more than a
reasonable number of hours in a day.

o  	Several providers serving beneficiaries eligible for both programs
purposely submitted flawed Medicare bills, received full payment from
Medicaid based on the denied Medicare claims, then resubmitted corrected
Medicare bills and were paid again.

22Specifically, CMS facilitated state access to two confidential databases
that Medicare contractors developed to assist in their program integrity
efforts. The Fraud Investigation Database contains detailed information on
providers involved in potential fraud and abuse cases. The Medicare
Exclusion Database contains information on provider exclusions, sanctions,
and reinstatements in a standard, cumulative format with monthly updates.

23CMS's Medicare Integrity Program largely funded the initial pilot, with
supplemental funding-$1 million in fiscal year 2002 and $2.4 million in
fiscal year 2003-from the FBI. Most of the funding for the data match
pilot comes from the Health Care Fraud and Abuse Control Program.

24California has more Medicare and Medicaid beneficiaries than any other
state-7 million enrolled in Medicaid and 4 million in Medicare. Combined
state and federal annual expenditures for both programs are about $47.6
billion.

In assessing the results of the California pilot, CMS officials noted
challenges that delayed implementation for about a year. These included
time-consuming activities such as negotiating data-sharing agreements with
the contractors that process Medicare claims and reconciling data
formatting differences in Medicare and Medicaid claims. CMS officials
believe that these challenges were largely due to the novel nature of the
effort and that implementation should proceed more smoothly in other
states. In fiscal year 2003, CMS expanded the data match pilot to six
additional states: Florida, Illinois, New Jersey, North Carolina,
Pennsylvania, and Texas.

    CMS Arranges Teleconferences for States to Share Information on Program
    Integrity Issues

CMS also sponsors a Medicaid fraud and abuse technical assistance group
(TAG), which provides a forum for states to discuss issues, solutions,
resources, and experiences. TAG meets monthly by teleconference and
convenes annually in one location. Each of four geographic areas- Midwest,
Northeast, South, and West-has two TAG delegates from state Medicaid
program integrity units who participate in the teleconferences. Any state
may participate in the teleconferences and 18 do so regularly. Delegates
discuss concerns raised by the states in their geographic regions and
convey information on agenda items to their states. For example, state
officials told us that they have discussed issues such as new data systems
and other fraud and abuse detection tools.

TAG members also use this forum to alert one another to emerging schemes.
In one instance, TAG members discussed a drug diversion operation
involving serostim-a drug used to treat AIDS patients for degenerative
weight loss-from a Pennsylvania mail-order pharmacy. Serostim-which costs
about $5,000 for a month's supply-was being sold to body builders to
enhance muscle tissue. According to New York officials, over a 2-year
period, the state's Medicaid expenditures for serostim increased from $4
million to $50 million. Following this discovery, several states,
including New York, instituted prior authorization policies for the drug.

In addition, states use TAG to communicate and propose policy changes to
CMS. For example, through TAG, the states proposed that CMS modify the
federal 60-day repayment rule. This rule implements a statutory
requirement that state Medicaid agencies refund the federal portion of any
identified overpayments within 60 days of discovery, except in cases

where providers or other entities have filed for bankruptcy or gone out of
business.25 Some states participating in TAG contend that complying with
the 60-day repayment rule discourages states from pursuing complex cases
for which recoveries may prove difficult and instead gives them an
incentive to focus on easy overpayment cases. CMS has supported and
endorsed legislative proposals to amend the statute in the case of
overpayments resulting from fraud or abusive practices, proposing that the
federal share be returned 60 days after recovery versus 60 days after
discovery. However, CMS's efforts to change the policy have not been
successful.

    CMS Conducts Few Onsite Reviews of State Program Integrity Activities

CMS officials point to compliance reviews of the states' program integrity
activities as the agency's principal means for exercising oversight. CMS
conducts on-site reviews to assess whether state Medicaid program
integrity efforts comply with federal requirements, such as those
governing provider enrollment, claims review, utilization control, and
coordination with each state's Medicaid Fraud Control Unit. Such on-site
reviews typically last 5 days and are announced 30 days in advance. If
reviewers find states significantly out of compliance, they may revisit
the states to verify that they have taken corrective action. However,
teams conducting these reviews do not evaluate the effectiveness of state
activities on reducing improper payments.

Staffing and funding constraints have limited this oversight effort. From
January 2000 through December 2003, CMS completed reviews of 29 states. At
its current pace of conducting eight state compliance reviews each year,
CMS would not begin a second round of nationwide reviews before fiscal
year 2007. CMS officials explained that the agency can conduct only eight
reviews per year, given the resources allocated for Medicaid program
integrity.26 For fiscal year 2004, CMS allocated eight staff
nationally-about four full-time equivalent (FTE) staff in headquarters and
four FTEs distributed across the agency's 10 regional offices-and an
operating budget of $26,000 for overseeing the states' Medicaid program
integrity activities, including the cost of conducting compliance reviews.
This level of funding represents a $14,000, or

25Section 1903(d)(2) of the Social Security Act and 42 C.F.R. S:S: 433.300
et seq. (2003).

26Review teams are composed of one person from CMS headquarters and two
staff members from a region that does not have oversight responsibility
for the state under review.

35 percent, decline from the previous year. At the peak of its funding in
fiscal year 2002, CMS's operating budget for these activities was about
$80,000.27 According to agency officials, the size of the federal Medicaid
program integrity group relative to its responsibilities has resulted in
its use of Medicare's program integrity resources to help implement pilot
projects and conduct technical assistance activities.

From the states' perspective, compliance reviews have provided useful
information for identifying needed areas of improvement and potential best
practices. For example, Michigan officials told us that after CMS's
review, they took steps to strengthen their provider enrollment
activities. In another state, CMS discovered numerous areas of
noncompliance. The state agency's provider enrollment processes did not
require applicants to disclose prior criminal convictions or business
ownership and control. The state agency also did not investigate potential
instances of fraud and abuse identified by its SURS unit or beneficiary
complaints, or make the required referrals to the state Medicaid Fraud
Control Unit. As a result of these findings, CMS required the state to
develop a corrective action plan. About a year later, the review team
revisited the state and learned that it had begun to implement corrective
actions.

CMS has pointed to its compliance reviews of the states' program integrity
activities as providing the agency with information on the states'
strengths and vulnerabilities to improper payments. However, as we
reported in February 2002, these structured site reviews focus on state
compliance and do not evaluate the effectiveness of the states' fraud and
abuse prevention and detection activities for reducing improper
payments.28

Concluding 	The varied and substantial cases of Medicaid fraud or abuse
that have been uncovered around the country reaffirm the need for Medicaid

Observations 	agencies to safeguard program dollars. Such losses have
prompted program integrity units and legislatures in many states to take
active roles in prevention and detection efforts. In their attempts to
limit improper

27Until fiscal year 2003, oversight activities were funded through CMS's
Southern Consortium, composed of the Atlanta and Dallas regional offices.
Financial responsibility shifted to CMS headquarters in fiscal year 2004,
when the agency abandoned its consortia approach to fraud and abuse
control.

28U.S. General Accounting Office, Medicaid Financial Management: Better
Oversight of State Claims for Federal Reimbursement Needed, GAO-02-300
(Washington, D.C.: Feb. 28, 2002).

payments, states have pursued a broad range of methods, such as tightened
provider enrollment and advanced claims review techniques. As some states
report identifying substantial cost savings, further enhancements in
program integrity activities are likely to generate positive returns on
such investments.

At the same time, there may be a disparity between the level of CMS
resources devoted to Medicaid program integrity and the program's
vulnerability to financial losses. On its current schedule for conducting
state program integrity compliance reviews, CMS will not obtain a
programwide picture of states' prevention and detection activities more
than once every 6 years. Moreover, because these reviews are limited in
scope, CMS does not evaluate states' effectiveness in addressing improper
payments. In addition, findings from the payment accuracy pilot indicate a
need for CMS to further enhance state efforts to prevent and detect
payment errors.

                                Agency Comments
                               and Our Evaluation

In written comments on a draft of this report, CMS officials took issue
with our observation that the level of resources devoted to federal
oversight of states' program integrity activities may be inconsistent with
the financial risks to the program. They pointed out that the agency's
program integrity work should be viewed as part of its broader financial
management of state Medicaid programs. Officials noted that 65 financial
management staff in CMS regional offices review Medicaid expenditures,
conduct financial management reviews, provide technical assistance to
states on financial policy issues, and analyze state cost allocation and
administrative claiming plans. Officials also stated that the agency
expects to hire 100 new Medicaid financial management staff this fiscal
year and has contracted with HHS OIG to perform additional auditing. (See
app. II.)

We commend CMS for the actions it has begun to take to address its
Medicaid financial management challenges. As we have reported in recent
years, CMS had fallen short in providing the level of oversight required
to ensure states' Medicaid financial responsibility.29 When fully
implemented, CMS's efforts to increase the number of staff dedicated to
reviewing the states' financial management reports should help it
strengthen the fiscal integrity of Medicaid's state and federal
partnership.

29GAO-03-101.

However, financial management and program integrity, while related
functions, are not interchangeable. Financial management focuses on the
propriety of states' claims for federal reimbursement, such as the
matching, administrative, and disproportionate share funds that CMS
provides the states. In contrast, program integrity-the focus of this
report-addresses federal and state efforts to ensure the propriety of
payments made to providers. Unlike the commitment to expand resources for
Medicaid financial management activities, CMS has not indicated a similar
commitment to enhancing its support and oversight of states' program
integrity efforts.

CMS officials also provided technical comments, which we incorporated into
the report where appropriate.

As agreed with your office, unless you publicly announce the contents of
this report earlier, we plan no further distribution until 30 days after
its
date. At that time, we will send copies of this report to the Secretary of
HHS, Administrator of CMS, appropriate congressional committees, and
other interested parties. In addition, this report will be available at no
charge on GAO's Web site at http://www.gao.gov. We will also make copies
available to others upon request. If you or your staff have any questions
about this report, please call me at (312) 220-7600. Another contact and
key contributors to this report are listed in appendix III.

Sincerely yours,

Leslie G. Aronovitz
Director, Health Care-Program

Administration and Integrity Issues

                 Page 23 GAO-04-707 Medicaid Program Integrity

Note: We asked officials in 50 states and the District of Columbia to
provide information on their Medicaid program integrity activities. We
received 47 responses and did not verify the accuracy of the responses.
Indiana, Nebraska, Rhode Island, and Vermont did not participate.

Page 24 GAO-04-707 Medicaid Program Integrity

Appendix I: States' Approaches to Medicaid Program Integrity

aA surety bond may protect the state against certain financial losses.

bA data warehouse stores information on claims, providers, and
beneficiaries in an integrated database.

cData mining is the analysis of large databases to identify unusual
utilization patterns.

dData matching and modeling are techniques that allow comparisons of
providers within specialties to determine normative patterns in claims
data so that aberrant patterns can be identified.

eSmart technology is software that analyzes patterns in claims data and
feeds the information back into the system to identify new patterns.

fA drug formulary is a list of prescription medications approved for
coverage.

gNational Association of Surveillance and Utilization Review Officials.

Appendix II: Comments from the Centers for Medicare & Medicaid Services

Appendix III: GAO Contact and Staff Acknowledgments

GAO Contact Rosamond Katz, (202) 512-7148

Acknowledgments 	In addition to the contact named above, Enchelle Bolden,
Helen Chung, Hannah Fein, Shirin Hormozi, and Geri Redican made key
contributions to this report.

GAO's Mission	The Government Accountability Office, the audit, evaluation
and investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents at no cost

is through GAO's Web site (www.gao.gov). Each weekday, GAO postsGAO
Reports and newly released reports, testimony, and correspondence on its
Web site. To Testimony have GAO e-mail you a list of newly posted products
every afternoon, go to

www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone	The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: 	Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

  To Report Fraud, Contact:
  Waste, and Abuse in Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: [email protected] Programs Automated answering system: (800)
424-5454 or (202) 512-7470

Congressional 	Gloria Jarmon, Managing Director, [email protected] (202)
512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125

Relations Washington, D.C. 20548

Public Affairs Jeff Nelligan, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

      Presorted StandardEURPostage & Fees PaidEURGAOEURPermit No. GI00EUR

United StatesEURGovernment Accountability OfficeEURWashington, D.C.
20548-0001EUR

Official BusinessEURPenalty for Private Use $300EUR

Address Service RequestedEUR
*** End of document. ***