Medicaid Fraud and Abuse: CMS's Commitment to Helping States
Safeguard Program Dollars Is Limited (28-JUN-05, GAO-05-855T).
Today's hearing addresses fraud and abuse control in Medicaid, a
program that provides health care coverage for eligible
low-income individuals and is jointly financed by the federal
government and the states. In fiscal year 2003, Medicaid covered
nearly 54 million people and the program's benefit payments
totaled roughly $261 billion, of which the federal share was
about $153 billion. States are primarily responsible for ensuring
appropriate payments to Medicaid providers through provider
enrollment screening, claims review, overpayment recoveries, and
case referrals. At the federal level, the Centers for Medicare &
Medicaid Services (CMS) is responsible for supporting and
overseeing state fraud and abuse control activities. Last year,
GAO reported that CMS had initiatives to assist states, but the
dollar and staff resources allocated to oversight suggested that
CMS's level of effort was disproportionately small relative to
the risk of federal financial loss. Concerned about the
stewardship of federal Medicaid funds, Congress has raised
questions about CMS's commitment to Medicaid fraud and abuse
control. This statement focuses on (1) the level of resources CMS
currently applies to helping states prevent and detect fraud and
abuse in the Medicaid program and (2) the implications of this
level of support for CMS fraud and abuse control activities.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-05-855T
ACCNO: A28237
TITLE: Medicaid Fraud and Abuse: CMS's Commitment to Helping
States Safeguard Program Dollars Is Limited
DATE: 06/28/2005
SUBJECT: Financial management
Fraud
Health care programs
Internal controls
Medicaid
Program abuses
Program management
Risk management
State-administered programs
Strategic planning
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-05-855T
* Background
* CMS Expends Limited Resources and Lacks Coherent Plan to Imp
* Disparity Exists between Level of Resources and Program's Fi
* CMS Structure and Lack of Planning Suggest Weak Commitment t
* Lack of Priority Threatens CMS's Medicaid Fraud and Abuse Co
* Concluding Observations
* Contact and Acknowledgments
* Order by Mail or Phone
Testimony
Before the Committee on Finance, U.S. Senate
United States Government Accountability Office
GAO
For Release on Delivery Expected at 10:00 a.m. EDT
Tuesday, June 28, 2005
MEDICAID FRAUD AND ABUSE
CMS's Commitment to Helping States Safeguard Program Dollars Is Limited
Statement of Leslie G. Aronovitz
Director, Health Care
GAO-05-855T
Mr. Chairman and Members of the Committee:
I am pleased to be here today as you discuss fraud and abuse control in
Medicaid, a program that provides health care coverage for eligible
low-income individuals and is jointly financed by the federal government
and the states. In fiscal year 2003, Medicaid covered nearly 54 million
people, and the program's benefit payments totaled $261 billion, of which
the federal share was about $153 billion. Because fraud and abuse by their
nature are unknown until detected, the amount of Medicaid funds lost
through health care providers' inappropriate billings cannot be precisely
quantified. Some states have made estimates of their respective programs'
improper Medicaid payment rates that reflect not only fraudulent and
abusive billings but also inadvertent billing errors, such as clerical
mistakes. A nationwide improper payment rate for Medicaid has not been
made, but even a rate as low as 3 percent would mean a loss of almost $4.6
billion in federal funds in fiscal year 2003. To put this hypothetical
figure in perspective, it is roughly the amount that the federal
government spent in fiscal year 2003 on the State Children's Health
Insurance Program (SCHIP).1
Such a drain of vital program dollars is a detriment to both taxpayers and
beneficiaries. For example, paying for services billed but not provided
wastes funds that could have been used for health care. For example, in
2004, the owners of a Louisiana health care clinic were found guilty of
billing the program more than $400,000 for health care screening services,
nurse consultations, and nutrition consultations never provided.
Alternatively, paying for unnecessary services can have a substantial, if
not quantifiable, impact on health care quality. Consider the charge in
2004 against 20 dentists in California for conspiracy to defraud the
state's Medicaid program of $4.5 million. As part of the conspiracy, the
dentists billed Medicaid for unnecessary or inappropriate services that
placed patients at risk by reusing dental instruments without sterilizing
them, performing dental surgeries without adequate anesthesia, developing
treatment plans that called for unneeded root canals and fillings, and
forcibly restraining children during dental operations.
1SCHIP is a jointly funded federal-state program that provides health
insurance to children in low-income families who do not qualify for
Medicaid and are not covered by other insurance.
States are primarily responsible for the fight against Medicaid fraud and
abuse. Specifically, they are responsible for ensuring the legitimacy of
providers billing the program, detecting improper payments, recovering
overpayments, and referring suspected cases of fraud and abuse to law
enforcement authorities. At the federal level, the Centers for Medicare &
Medicaid Services (CMS) in the Department of Health and Human Services
(HHS) is responsible for supporting and overseeing state fraud and abuse
control activities. Last year, we reported that CMS had initiatives to
assist states in combating fraud and abuse in their Medicaid programs, but
its oversight of states' activities in this area was limited.2 The dollar
and staff resources allocated to compliance reviews suggested that CMS's
level of effort was disproportionately small relative to the risk of
serious financial loss.
Concerned about the stewardship of federal Medicaid funds, this Committee
has raised questions about CMS's commitment to Medicaid fraud and abuse
control. It is important to note that activities designed to prevent,
detect, and recover improper payments made to providers resulting from
fraud and abuse are a component of ensuring Medicaid program integrity.
These activities are valuable not only from a financial standpoint but
also have a sentinel effect on providers that may otherwise consider
billing the program inappropriately. Another component is financial
management activities, which involve the oversight of state claims for
federal reimbursement, including the matching, administrative, and
disproportionate share funds that CMS provides the states.3 While these
program integrity functions are related, they are not interchangeable. My
remarks today will focus on (1) the level of resources CMS currently
applies to helping states prevent and detect fraud and abuse in the
Medicaid program and (2) the implications of this level of support for CMS
fraud and abuse control activities.
2GAO, Medicad Program Integrity: State and Federal Eforts to Prevent and
DetectImproper Payments, GAO-04-707 (Washington, D.C.: July 16, 2004).
3Since fiscal year 2004, CMS has nearly completed the hiring of new staff
accounting for 100 full-time equivalent positions to support its financial
management review activities. Located largely in CMS regional offices,
these staff review state budget and expenditure reports for accuracy,
identify unallowable program costs, and provide guidance to the states on
Medicaid financial management matters. Although financial management
reviews are not intended to identify inappropriate billings by providers,
they can identify fraud and abuse leads on an incidental basis.
To do this work, we reviewed agency documents on Medicaid program
safeguard support and oversight activities as well as our issued reports
on this topic. We also interviewed officials at headquarters and CMS's 10
regional offices. We conducted our work in May and June 2005 in accordance
with generally accepted government auditing standards.
In summary, since we reported last year, the resources CMS expends to
support and oversee states' Medicaid fraud and abuse control activities
remain out of balance with the amount of federal dollars spent annually to
provide Medicaid benefits.4 In fiscal year 2005, CMS's total staff
resources allocated to these activities was about 8.1 full-time equivalent
(FTE) staffing units-approximately 3.6 FTEs at headquarters and 4.5 FTEs
in the regional offices. Among CMS's 10 regional offices-each of which
oversees states whose Medicaid outlays include billions of federal
dollars-7 offices each have less than 1 FTE and the rest each have less
than 2 FTEs allocated to Medicaid fraud and abuse control efforts.
Moreover, the placement of the Medicaid fraud and abuse control staff at
headquarters-apart from the agency's office responsible for other
antifraud and abuse activities-as well as a lack of specified goals for
Medicaid fraud and abuse control raise questions about the agency's level
of commitment to improving states' activities in this area.
CMS's support and oversight initiatives include a pilot project for states
to enhance claims scrutiny activities by coordinating with the Medicare
program. Despite the project's positive results in several states, less
than one-fifth of the states currently participate in the project, and
resource constraints may require CMS to scale back these efforts instead
of expanding them to additional states that are seeking to participate.
Similarly, some of CMS's other support activities-such as conducting
national conferences, regional workshops, and training-have been
terminated altogether. The frequency of CMS's on-site reviews of states'
fraud and abuse control activities remains about seven to eight visits a
year. This means that federal oversight of a state's Medicaid program
safeguards will not occur, at best, more than once every 7 years.
In discussing the facts in this statement with a CMS Medicaid official, he
stated that the agency does not view antifraud and abuse initiatives as
separate from financial oversight, an area that has received substantial
resources in recent years. While we agree that financial management is
important to program integrity, we believe that an increased commitment to
helping states fight fraud and abuse is warranted.
4 GAO-04-707 .
Background
Although jointly financed by the states and the federal government,
Medicaid is administered directly by the states and consists of 56
distinct state-level programs.5 Within broad federal guidelines, each
program establishes its own eligibility standards; determines the type,
amount, duration, and scope of covered services; and sets payment rates.
In general, the federal government matches state Medicaid spending for
medical assistance according to a formula based on each state's per capita
income. In fiscal year 2004, the federal contribution ranged from 50 to 77
cents of every state dollar spent on medical assistance. For most state
Medicaid administrative costs, the federal match rate is 50 percent.6
As program administrators, states have primary responsibility for
conducting program integrity activities that address provider enrollment,
claims review, and case referrals. Specifically, federal statute or CMS
regulations require states to
o collect and verify basic information on potential providers,
including whether the providers meet state licensure requirements
and are not prohibited from participating in federal health care
programs;
o have an automated claims payment and information retrieval
system-intended to verify the accuracy of claims, the correct use
of payment codes, and patients' Medicaid eligibility-and a claims
review system-intended to develop statistical profiles on
services, providers, and beneficiaries to identify potential
improper payments;7 and
o refer suspected overpayments or overutilization cases to other
units in the Medicaid agency for corrective action and potential
fraud cases, generally, to the state's Medicaid Fraud Control Unit
for investigation and prosecution.8
As noted in our 2004 report,9 states use a variety of controls and
safeguards to stem improper provider payments. For example, states
target high-risk providers seeking to bill Medicaid with on-site
facility inspections, criminal background checks, and probationary
or time-limited enrollment. States also reported using information
technology to integrate databases containing provider,
beneficiary, and claims information and to increase the
effectiveness of their utilization reviews. Various states
individually attributed cost savings or recoupments to these
efforts valued in the millions of dollars.
In contrast, CMS's role in curbing fraud and abuse in the Medicaid
program is largely one of support to the states. As we reported
last year,10 CMS administers two pilot projects-one focused on
measuring the accuracy of a state's Medicaid claims payments
(Payment Accuracy Measurement (PAM)) and the other focused on
improper billing detection and utilization patterns by linking
Medicare and Medicaid claims information (Medi-Medi). CMS also
sponsors general technical assistance and information-sharing
through its Medicaid fraud and abuse technical assistance group
(TAG). In addition, CMS performs oversight of states' Medicaid
fraud and abuse control activities. (See table 1.)
Table 1: CMS Activities to Support and Oversee States' Fraud and
Abuse Control Efforts, Fiscal Year 2004
Source: GAO, Medicaid Program Integrity: State and Federal Efforts
to Prevent and Detect Improper Payments, GAO-04-707 (Washington,
D.C.: July 16, 2004).
aPub. L. No. 107-300, 116 Stat. 2350.
A wide disparity exists between the level of resources CMS expends
to support and oversee states' fraud and abuse control activities
and the amount of federal dollars at stake in Medicaid benefit
payments. In addition, CMS's organizational placement of staff and
lack of strategic planning suggest a limited commitment to
improving states' Medicaid fraud and abuse control efforts.
The resources CMS devotes to working with states to fight Medicaid
fraud and abuse do not appear to be commensurate with the size of
the program's financial risk. In fiscal year 2005, CMS's Medicaid
staff resources allocated to supporting or overseeing states'
anti-fraud and abuse operations was an estimated 8.1 FTEs-3.6 FTEs
at headquarters and 4.5 FTEs in the regional offices.11 Staff at
headquarters are engaged in arranging and conducting the on-site
compliance reviews of states' fraud and abuse control efforts and
in information-sharing activities. Staff at the regional offices
also participate in the state compliance reviews and respond to
state inquiries. Canvassing the 10 regional CMS offices, we found
that 7 regions each have a fraction of an FTE and the rest each
have less than 2 FTEs devoted to providing assistance on fraud and
abuse issues. For example, Region IV-which covers eight states and
accounted for $33 billion of federal funds for Medicaid benefits
in fiscal year 2004-reported having 1 FTE devoted to Medicaid
fraud and abuse control activities. (See table 2.)
Table 2: Federal Share of Medicaid Benefit Dollars and CMS Staff
Devoted to States' Fraud and Abuse Control Efforts
Source: GAO compilation of CMS information.
Note: Federal outlays do not add up to the total due to rounding.
For fiscal year 2006, CMS's budget has no line item devoted to
Medicaid fraud and abuse control activities. The project to
estimate payment error rates known as PAM/PERM (required by
statute) and the Medi-Medi pilot project (with benefits accruing
to both programs) are financed through a statutorily established
fund-the Health Care Fraud and Abuse Control (HCFAC) account.12
(See table 3.) The HCFAC monies from which these two projects are
largely financed are known as "wedge" funds. As CMS's distribution
of these funds varies from year to year, the level of support for
fraud and abuse control initiatives is uncertain and depends on
the priorities set by the agency. For example, fiscal year 2005
funds allocated from the HCFAC account for PAM/PERM and Medi-Medi
were less than half the funds allocated in fiscal year 2004. In
contrast, Medicare fraud and abuse control activities at CMS are
financed primarily through earmarked funds from another HCFAC
component-the Medicare Integrity Program.
Table 3: HCFAC Wedge Funds Allocated for CMS Activities That
Address Medicaid Fraud and Abuse
Source: CMS.
Note: We estimated that, in addition to the wedge funds, FBI
funding (Medicaid share) was about $1.5 million in fiscal year
2004 and about $500,000 in fiscal year 2005.
CMS's Medicaid compliance reviews are funded through a different
source-HHS's budget appropriation. In fiscal year 2004, the budget
for this activity was $26,000, down from $40,000 in fiscal year
2003 and $80,000 in fiscal year 2002.13
The placement of Medicaid's antifraud and abuse function in CMS's
organizational structure and a lack of stated goals and objectives
suggests a limited institutional commitment to Medicaid fraud and
abuse control activities. Currently, two different headquarters
offices are charged with working with states on fraud and abuse
issues. CMS's Office of Financial Management staffs the PAM/PERM
and Medi-Medi initiatives, while the Center for Medicaid and State
Operations (CMSO) staffs the state compliance reviews and TAG
functions. Under this organizational structure, the Medicaid fraud
and abuse staff in CMSO are not in an optimal position to leverage
the resources allocated to the office with responsibility for
developing tools and strategies for combating fraud and abuse.
As further evidence of the low priority assigned to Medicaid fraud
and abuse control, the planning, outreach, and building of staff
expertise lacks leadership continuity. From 1997 to 2003, the
leadership and funding of CMS's support for states' antifraud and
abuse efforts resided in a consortium of two regional offices. The
consortium led a network of regional fraud and abuse coordinators
and state Medicaid representatives, sponsoring telephone
conferences and workshops, seminars, and training sessions aimed
at sharing best practices for fighting fraud and abuse. Medicaid
staff based at headquarters reported to a national network
coordinator located at one of the consortium's regional offices.
With the retirement of the national coordinator in 2003, the
consortium relinquished its leadership and funding role and the
Medicaid antifraud and abuse activities were reassigned to CMSO
without additional resources. Since then, no nationwide meetings
with state program integrity officials have been held.
At the same time, CMS lacks a strategic plan to drive its Medicaid
antifraud and abuse operations. Goals for the long term, as well
as plans on how to achieve them, have not been specified in any
public department or agency planning documents. For example, HHS's
fiscal year 2004 performance and accountability report cited
Medicaid's high risk of payment errors as the department's
management challenge for fighting Medicaid fraud and abuse.14 To
address this challenge, the report cited the PAM/PERM initiative
for estimating payment error rates, as this activity is required
in federal statute. But there was no mention of any other fraud
and abuse support or oversight activities or goals. Similarly, the
discussion of Medicaid program integrity in the Administration's
Budget for Fiscal Year 2006 covers activities to curb states'
inappropriate financing mechanisms but makes no mention of federal
support or oversight of states' fraud and abuse efforts. At the
agency level, CMS officials were unable to provide any publicly
available planning documents specifying short- or long-term
Medicaid program goals that target fraud and abuse.
The low priority given to CMS activities in support of states'
fraud and abuse control efforts is having serious consequences for
current projects. CMS's distribution of resources may require some
activities to be scaled back and others to be eliminated.
Specifically, the expansion of the Medi-Medi data match project
has been slow, leaving potentially millions of dollars in cost
avoidance and cost savings unrealized. This project enables claims
data analysts to detect patterns that may not be evident when
providers' billings for either Medicare or Medicaid are viewed in
isolation. For example, by combining data from each program,
analysts can identify "time bandits," or providers who bill for
more than 24 hours in a single day. As of March 31, 2005, seven
states with fully operational projects reported returns to the
Medicaid and Medicare programs of $133.1 million in provider
payments under investigation, $59.7 million in program
vulnerabilities identified, and $2.0 million in overpayments to be
recovered. In addition, 240 investigations had been initiated and
28 cases referred to law enforcement agencies. Two additional
states, Ohio and Washington, have begun Medi-Medi projects that
are expected to be operational later this year.
Because of anticipated unmet funding needs, existing Medi-Medi
data match activities are in jeopardy of being scaled back
considerably. As CMS stated in its fiscal year 2005 second quarter
report on Medi-Medi projects, "Eliminating certain Medi-Medi
projects in their entirety and/or dramatically reducing the level
of effort across all of the projects are among the approaches
under consideration. Beyond FY 2006, the entire project will
terminate if additional funding is not identified." Agency
officials noted that several additional states have expressed
interest in participating but expanding the program to more states
will not occur without a new allocation or realignment of
resources. Plans for additional activities that involve
coordination with Medicare have been put on hold, pending budget
decisions. These include enhanced oversight of prescription drug
fraud when Medicare begins covering Medicaid beneficiaries' drug
benefits in 2006 and the use of a unified provider enrollment form
instead of separate forms for Medicare and Medicaid.
Similarly, CMS's role as provider of technical assistance and
disseminator of states' best practices has been severely limited
because of competing priorities. At a health care fraud and abuse
conference sponsored by HHS and the Department of Justice in 2000,
participants from states and CMS regional offices articulated
their common unmet needs with regard to fraud and abuse
technology. The top three areas cited were information-sharing and
access to data; training in data analysis and use of technology;
and staffing, hardware, and software resources. CMS has not
sponsored a national conference with state program integrity
officials since 2003 and has not sponsored any fraud and abuse
workshops or training since 2000. According to a CMS official,
such information-sharing and technical assistance activities would
not be expensive to support-less than $100,000 annually-and could
result in returns that would exceed this relatively low amount.
Resource shortages also account for CMS's limited oversight of
states' Medicaid prevention, detection, and referral activities
for improper payments. Since January 2000, CMS's Medicaid staff
from headquarters and regional offices have been conducting
compliance reviews of about seven to eight states a year. The
reviews are aimed at ensuring that states have processes and
procedures in place, in compliance with federal requirements for
enrolling providers, reviewing claims, and referring cases. These
compliance reviews have been effective at identifying weaknesses
in states' efforts to combat fraud and abuse. For example, in the
course of these reviews, CMS has found instances in which
o a state had no process in place to prevent payments to excluded
providers,
o states did not use their authority to evaluate providers'
professional or criminal histories as part of the provider
enrollment process, and
o a state did not follow appropriate procedures for referring a
case to state law enforcement authorities.
States have reported making positive modifications in their
programs as a result of the CMS compliance reviews. Nevertheless,
at the currently scheduled pace, states' programs will be reviewed
once in 7 years at the earliest. Because the compliance reviews
are infrequent, CMS's knowledge of states' fraud and abuse
activities is, for many states, substantially out-of-date at any
given time.
Relatively few and questionably aligned resources and an absence
of strategic planning underscore the limited commitment CMS has
made to strengthening states' ability to curb fraud and abuse.
Despite the millions of dollars CMS receives annually from a
statutorily established fund for fraud and abuse control, the
agency has not allocated these resources to sufficiently fund
initiatives that can help states increase the effectiveness of
their Medicaid fraud and abuse control efforts. Developing a
strategic plan for Medicaid fraud and abuse control activities
would give CMS a basis for providing resources that reflect the
financial risk to the federal government.
We discussed facts in this statement with a relevant CMS official.
He noted that CMS does not view fraud and abuse control activities
as separate from its financial management responsibilities. He
indicated that CMS has invested substantial resources in program
integrity activities that focus on the financial oversight of the
Medicaid program. While we agree that financial oversight of
Medicaid is a key component of program integrity, we maintain that
the other component-fraud and abuse control activities-warrants a
greater commitment than it currently receives.
Mr. Chairman, this concludes my prepared remarks. I would be happy
to answer any questions that you or other Members of the Committee
may have.
For further information regarding this testimony, please contact
Leslie G. Aronovitz at (312) 220-7600. Hannah Fein, Sandra Gove,
and Janet Rosenblad contributed to this statement under the
direction of Rosamond Katz.
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in
meeting its constitutional responsibilities and to help improve
the performance and accountability of the federal government for
the American people. GAO examines the use of public funds;
evaluates federal programs and policies; and provides analyses,
recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
The fastest and easiest way to obtain copies of GAO documents at
no cost is through GAO's Web site ( www.gao.gov ). Each weekday,
GAO posts newly released reports, testimony, and correspondence on
its Web site. To have GAO e-mail you a list of newly posted
products every afternoon, go to www.gao.gov and select "Subscribe
to Updates."
The first copy of each printed report is free. Additional copies
are $2 each. A check or money order should be made out to the
Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are
discounted 25 percent. Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax:
(202) 512-6061
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
[email protected] Automated answering system: (800) 424-5454 or
(202) 512-7470
Gloria Jarmon, Managing Director, [email protected] (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548
Paul Anderson, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW,
Room 7149 Washington, D.C. 20548
5The 56 Medicaid programs include one for each of the 50 states, the
District of Columbia, Puerto Rico, and the U.S. territories of American
Samoa, Guam, Northern Mariana Islands, and Virgin Islands. Hereafter, all
56 entities are referred to as states.
6For skilled professional medical personnel engaged in program integrity
activities, such as those who review medical records, 75 percent federal
matching is available.
7CMS requires that states have certain information processing
capabilities, including a Medicaid Management Information System and a
Surveillance and Utilization Review Subsystem.
8Medicaid Fraud Control Units can, in turn, refer some cases to the HHS
Office of Inspector General (OIG), the Federal Bureau of Investigation
(FBI), and the Department of Justice (DOJ) for further investigation and
prosecution.
9 GAO-04-707 .
10 GAO-04-707 .
CMS initiatives Description
PAM/PERM CMS conducted a 3-year pilot called PAM to develop
estimates of the accuracy of Medicaid claims payments.
In fiscal year 2006, PAM will become a permanent,
mandatory program-to be known as the Payment Error Rate
Measurement (PERM) initiative-as required by the
Improper Payments Information Act of 2002.a Under PERM,
states will be expected to ultimately reduce their
payment error rates over time by better targeting
program integrity activities in their Medicaid and
SCHIP programs.
Medi-Medi Under this program, CMS facilitates the sharing of
information between the Medicaid and Medicare programs.
Medi-Medi is a data match pilot designed to identify
improper billing and utilization patterns by matching
Medicare and Medicaid claims information on providers
and beneficiaries. Such matching is important, as
fraudulent schemes can cross program boundaries.
TAG Through telephone conferencing, CMS provides a forum
for states to discuss issues, solutions, resources, and
experiences on fraud and abuse issues. Any state may
participate; roughly one-third do so regularly. States
have also used the TAG to propose policy changes to
CMS.
Compliance reviews CMS conducts on-site reviews to assess whether state
Medicaid fraud and abuse control efforts comply with
federal requirements, such as those governing provider
enrollment, claims review, utilization control, and
coordination with each state's Medicaid Fraud Control
Unit. If reviewers find states significantly out of
compliance, they may revisit the states to verify that
they have taken corrective action.
CMS Expends Limited Resources and Lacks Coherent Plan to Improve States'
Medicaid Fraud and Abuse Control Activities
Disparity Exists between Level of Resources and Program's Financial Risk
Fiscal year Fiscal year 2005
2004 federal CMS staff
share of devoted to
Medicaid Medicaid fraud
benefit outlays and abuse
(dollars in control
CMS office Office jurisdiction billions) (estimated FTEs)
Region I Connecticut, Maine,
Massachusetts, New
Hampshire, Rhode Island,
and Vermont $9.2 Less than 1
Region II New York, New Jersey,
the U.S. Virgin Islands,
and Puerto Rico 26.0 Less than 1
Region III Delaware, Maryland,
Pennsylvania, Virginia,
West Virginia, and the
District of Columbia 15.2 Less than 1
Region IV Alabama, North Carolina,
South Carolina, Florida,
Georgia, Kentucky,
Mississippi, and
Tennessee 33.0 Less than 2
Region V Illinois, Indiana,
Michigan, Minnesota,
Ohio, and Wisconsin 25.9 Less than 2
Region VI Arkansas, Louisiana, New
Mexico, Oklahoma, and
Texas 19.2 Less than 2
Region VII Iowa, Kansas, Missouri,
and Nebraska 7.4 Less than 1
Region VIII Colorado, Montana, North
Dakota, South Dakota,
Utah, and Wyoming 3.8 Less than 1
Region IX Arizona, California,
Hawaii, Nevada, the
territories of American
Samoa, Guam, and the
Commonwealth of the
Northern Mariana Islands 20.9 Less than 1
Region X Alaska, Idaho, Oregon,
and Washington 5.6 Less than 1
All regions 4.5
CMS headquarters 3.6
Total CMS $166.1 8.1
11In addition, three to four Medicare FTEs located in both headquarters
and regional offices support joint Medicaid and Medicare fraud and abuse
projects.
12Since fiscal year 2003, this account dedicates $1.075 billion annually
from the Medicare part A Trust Fund for combating health care fraud and
abuse. The money is allocated in three major parts: (1) up to $720 million
for the Medicare Integrity Program, (2) $114 million to the FBI, and (3)
up to $240.6 million in "wedge" funds. In fiscal years 2004 and 2005,
wedge funds were allocated as follows: $160.0 million to the HHS OIG,
$49.4 million to DOJ, and $31.1 million to CMS and other HHS agencies.
Dollars in thousands
Fiscal year 2004 Fiscal year 2005
PAM/PERM $4,121 $1,200
Medi/Medi (Medicaid share) 3,691 2,439
Total $7,812 $3,639
CMS Structure and Lack of Planning Suggest Weak Commitment to Supporting States'
Medicaid Fraud and Abuse Control Efforts
13Information on the amount of fiscal year 2005 funds for compliance
reviews was not available at the time of our review.
14HHS, Performance and Accountability Report, Fiscal Year 2004
(Washington, D.C.: Dec. 13, 2004).
Lack of Priority Threatens CMS's Medicaid Fraud and Abuse Control Activities,
While Potential to Do More Goes Untapped
Concluding Observations
Contact and Acknowledgments
(290467)
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
GAO's Mission
Obtaining Copies of GAO Reports and Testimony
Order by Mail or Phone
To Report Fraud, Waste, and Abuse in Federal Programs
Congressional Relations
Public Affairs
www.gao.gov/cgi-bin/getrpt? GAO-05-855T .
To view the full product, including the scope
and methodology, click on the link above.
For more information, contact Leslie G. Aronovitz at (312) 220-7600.
Highlights of GAO-05-855T , a testimony before the Committee on Finance,
U.S. Senate
June 28, 2005
MEDICAID FRAUD AND ABUSE
CMS's Commitment to Helping States Safeguard Program Dollars Is Limited
Today's hearing addresses fraud and abuse control in Medicaid, a program
that provides health care coverage for eligible low-income individuals and
is jointly financed by the federal government and the states. In fiscal
year 2003, Medicaid covered nearly 54 million people and the program's
benefit payments totaled roughly $261 billion, of which the federal share
was about $153 billion.
States are primarily responsible for ensuring appropriate payments to
Medicaid providers through provider enrollment screening, claims review,
overpayment recoveries, and case referrals. At the federal level, the
Centers for Medicare & Medicaid Services (CMS) is responsible for
supporting and overseeing state fraud and abuse control activities. Last
year, GAO reported that CMS had initiatives to assist states, but the
dollar and staff resources allocated to oversight suggested that CMS's
level of effort was disproportionately small relative to the risk of
federal financial loss.
Concerned about the stewardship of federal Medicaid funds, this Committee
has raised questions about CMS's commitment to Medicaid fraud and abuse
control. This statement focuses on (1) the level of resources CMS
currently applies to helping states prevent and detect fraud and abuse in
the Medicaid program and (2) the implications of this level of support for
CMS fraud and abuse control activities.
Since GAO reported last year, the resources CMS expends to support and
oversee states' Medicaid fraud and abuse control activities remain out of
balance with the amount of federal dollars spent annually to provide
Medicaid benefits. In fiscal year 2005, CMS's total staff resources
allocated to these activities was about 8.1 full-time equivalent (FTE)
staffing units-approximately 3.6 FTEs at headquarters and 4.5 FTEs in the
regional offices. Among CMS's 10 regional offices-each of which oversees
states whose Medicaid outlays include billions of federal dollars-7
offices each have a fraction of an FTE and the rest each have less than 2
FTEs allocated to Medicaid fraud and abuse control efforts. Moreover, the
placement of the Medicaid fraud and abuse control staff at
headquarters-apart from the agency's office responsible for other
antifraud and abuse activities-as well as a lack of specified goals for
Medicaid fraud and abuse control raise questions about the agency's level
of commitment to improve states' activities in this area.
CMS's support and oversight initiatives include a pilot project for states
to enhance claims scrutiny activities by coordinating with the Medicare
program. Despite the project's positive results in several states, less
than one-fifth of the states currently participate in the project and
resource constraints may require CMS to scale back these efforts instead
of expanding them to additional states that are seeking to participate.
Similarly, CMS's support activities-such as conducting national
conferences, regional workshops, and training-have been terminated
altogether. The frequency of CMS's on-site reviews of states' fraud and
abuse control activities-about seven to eight visits a year-has not
changed since GAO reported on this last year. This means that federal
oversight of a state's Medicaid program safeguards will not occur, at
best, more than once every 7 years.
Relatively few and questionably aligned resources and an absence of
strategic planning underscore the limited commitment CMS has made to
strengthening states' ability to curb fraud and abuse. Despite the
millions of dollars CMS receives annually from a statutorily established
fund for fraud and abuse control, the agency has not allocated these
resources to sufficiently fund initiatives that can help states increase
the effectiveness of their Medicaid fraud and abuse control efforts.
Developing a strategic plan for Medicaid fraud and abuse control
activities would give CMS a basis for providing resources that reflect the
financial risk to the federal government.
In discussing the facts in this statement with a CMS Medicaid official, he
stated that the agency does not view antifraud and abuse initiatives as
separate from financial oversight, an area that has received substantial
resources in recent years. While we agree that financial management is
important to program integrity, we believe that an increased commitment to
helping states fight fraud and abuse is warranted.
*** End of document. ***