Medicaid Fraud and Abuse: CMS's Commitment to Helping States	 
Safeguard Program Dollars Is Limited (28-JUN-05, GAO-05-855T).	 
                                                                 
Today's hearing addresses fraud and abuse control in Medicaid, a 
program that provides health care coverage for eligible 	 
low-income individuals and is jointly financed by the federal	 
government and the states. In fiscal year 2003, Medicaid covered 
nearly 54 million people and the program's benefit payments	 
totaled roughly $261 billion, of which the federal share was	 
about $153 billion. States are primarily responsible for ensuring
appropriate payments to Medicaid providers through provider	 
enrollment screening, claims review, overpayment recoveries, and 
case referrals. At the federal level, the Centers for Medicare & 
Medicaid Services (CMS) is responsible for supporting and	 
overseeing state fraud and abuse control activities. Last year,  
GAO reported that CMS had initiatives to assist states, but the  
dollar and staff resources allocated to oversight suggested that 
CMS's level of effort was disproportionately small relative to	 
the risk of federal financial loss. Concerned about the 	 
stewardship of federal Medicaid funds, Congress has raised	 
questions about CMS's commitment to Medicaid fraud and abuse	 
control. This statement focuses on (1) the level of resources CMS
currently applies to helping states prevent and detect fraud and 
abuse in the Medicaid program and (2) the implications of this	 
level of support for CMS fraud and abuse control activities.	 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-05-855T					        
    ACCNO:   A28237						        
  TITLE:     Medicaid Fraud and Abuse: CMS's Commitment to Helping    
States Safeguard Program Dollars Is Limited			 
     DATE:   06/28/2005 
  SUBJECT:   Financial management				 
	     Fraud						 
	     Health care programs				 
	     Internal controls					 
	     Medicaid						 
	     Program abuses					 
	     Program management 				 
	     Risk management					 
	     State-administered programs			 
	     Strategic planning 				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-05-855T

     

     * Background
     * CMS Expends Limited Resources and Lacks Coherent Plan to Imp
          * Disparity Exists between Level of Resources and Program's Fi
          * CMS Structure and Lack of Planning Suggest Weak Commitment t
     * Lack of Priority Threatens CMS's Medicaid Fraud and Abuse Co
     * Concluding Observations
     * Contact and Acknowledgments
          * Order by Mail or Phone

Testimony

Before the Committee on Finance, U.S. Senate

United States Government Accountability Office

GAO

For Release on Delivery Expected at 10:00 a.m. EDT

Tuesday, June 28, 2005

MEDICAID FRAUD AND ABUSE

CMS's Commitment to Helping States Safeguard Program Dollars Is Limited

Statement of Leslie G. Aronovitz

Director, Health Care

GAO-05-855T

Mr. Chairman and Members of the Committee:

I am pleased to be here today as you discuss fraud and abuse control in
Medicaid, a program that provides health care coverage for eligible
low-income individuals and is jointly financed by the federal government
and the states. In fiscal year 2003, Medicaid covered nearly 54 million
people, and the program's benefit payments totaled $261 billion, of which
the federal share was about $153 billion. Because fraud and abuse by their
nature are unknown until detected, the amount of Medicaid funds lost
through health care providers' inappropriate billings cannot be precisely
quantified. Some states have made estimates of their respective programs'
improper Medicaid payment rates that reflect not only fraudulent and
abusive billings but also inadvertent billing errors, such as clerical
mistakes. A nationwide improper payment rate for Medicaid has not been
made, but even a rate as low as 3 percent would mean a loss of almost $4.6
billion in federal funds in fiscal year 2003. To put this hypothetical
figure in perspective, it is roughly the amount that the federal
government spent in fiscal year 2003 on the State Children's Health
Insurance Program (SCHIP).1

Such a drain of vital program dollars is a detriment to both taxpayers and
beneficiaries. For example, paying for services billed but not provided
wastes funds that could have been used for health care. For example, in
2004, the owners of a Louisiana health care clinic were found guilty of
billing the program more than $400,000 for health care screening services,
nurse consultations, and nutrition consultations never provided.
Alternatively, paying for unnecessary services can have a substantial, if
not quantifiable, impact on health care quality. Consider the charge in
2004 against 20 dentists in California for conspiracy to defraud the
state's Medicaid program of $4.5 million. As part of the conspiracy, the
dentists billed Medicaid for unnecessary or inappropriate services that
placed patients at risk by reusing dental instruments without sterilizing
them, performing dental surgeries without adequate anesthesia, developing
treatment plans that called for unneeded root canals and fillings, and
forcibly restraining children during dental operations.

1SCHIP is a jointly funded federal-state program that provides health
insurance to children in low-income families who do not qualify for
Medicaid and are not covered by other insurance.

States are primarily responsible for the fight against Medicaid fraud and
abuse. Specifically, they are responsible for ensuring the legitimacy of
providers billing the program, detecting improper payments, recovering
overpayments, and referring suspected cases of fraud and abuse to law
enforcement authorities. At the federal level, the Centers for Medicare &
Medicaid Services (CMS) in the Department of Health and Human Services
(HHS) is responsible for supporting and overseeing state fraud and abuse
control activities. Last year, we reported that CMS had initiatives to
assist states in combating fraud and abuse in their Medicaid programs, but
its oversight of states' activities in this area was limited.2 The dollar
and staff resources allocated to compliance reviews suggested that CMS's
level of effort was disproportionately small relative to the risk of
serious financial loss.

Concerned about the stewardship of federal Medicaid funds, this Committee
has raised questions about CMS's commitment to Medicaid fraud and abuse
control. It is important to note that activities designed to prevent,
detect, and recover improper payments made to providers resulting from
fraud and abuse are a component of ensuring Medicaid program integrity.
These activities are valuable not only from a financial standpoint but
also have a sentinel effect on providers that may otherwise consider
billing the program inappropriately. Another component is financial
management activities, which involve the oversight of state claims for
federal reimbursement, including the matching, administrative, and
disproportionate share funds that CMS provides the states.3 While these
program integrity functions are related, they are not interchangeable. My
remarks today will focus on (1) the level of resources CMS currently
applies to helping states prevent and detect fraud and abuse in the
Medicaid program and (2) the implications of this level of support for CMS
fraud and abuse control activities.

2GAO, Medicad Program Integrity: State and Federal Eforts to Prevent and
DetectImproper Payments, GAO-04-707 (Washington, D.C.: July 16, 2004).

3Since fiscal year 2004, CMS has nearly completed the hiring of new staff
accounting for 100 full-time equivalent positions to support its financial
management review activities. Located largely in CMS regional offices,
these staff review state budget and expenditure reports for accuracy,
identify unallowable program costs, and provide guidance to the states on
Medicaid financial management matters. Although financial management
reviews are not intended to identify inappropriate billings by providers,
they can identify fraud and abuse leads on an incidental basis.

To do this work, we reviewed agency documents on Medicaid program
safeguard support and oversight activities as well as our issued reports
on this topic. We also interviewed officials at headquarters and CMS's 10
regional offices. We conducted our work in May and June 2005 in accordance
with generally accepted government auditing standards.

In summary, since we reported last year, the resources CMS expends to
support and oversee states' Medicaid fraud and abuse control activities
remain out of balance with the amount of federal dollars spent annually to
provide Medicaid benefits.4 In fiscal year 2005, CMS's total staff
resources allocated to these activities was about 8.1 full-time equivalent
(FTE) staffing units-approximately 3.6 FTEs at headquarters and 4.5 FTEs
in the regional offices. Among CMS's 10 regional offices-each of which
oversees states whose Medicaid outlays include billions of federal
dollars-7 offices each have less than 1 FTE and the rest each have less
than 2 FTEs allocated to Medicaid fraud and abuse control efforts.
Moreover, the placement of the Medicaid fraud and abuse control staff at
headquarters-apart from the agency's office responsible for other
antifraud and abuse activities-as well as a lack of specified goals for
Medicaid fraud and abuse control raise questions about the agency's level
of commitment to improving states' activities in this area.

CMS's support and oversight initiatives include a pilot project for states
to enhance claims scrutiny activities by coordinating with the Medicare
program. Despite the project's positive results in several states, less
than one-fifth of the states currently participate in the project, and
resource constraints may require CMS to scale back these efforts instead
of expanding them to additional states that are seeking to participate.
Similarly, some of CMS's other support activities-such as conducting
national conferences, regional workshops, and training-have been
terminated altogether. The frequency of CMS's on-site reviews of states'
fraud and abuse control activities remains about seven to eight visits a
year. This means that federal oversight of a state's Medicaid program
safeguards will not occur, at best, more than once every 7 years.

In discussing the facts in this statement with a CMS Medicaid official, he
stated that the agency does not view antifraud and abuse initiatives as
separate from financial oversight, an area that has received substantial
resources in recent years. While we agree that financial management is
important to program integrity, we believe that an increased commitment to
helping states fight fraud and abuse is warranted.

4 GAO-04-707 .

                                   Background

Although jointly financed by the states and the federal government,
Medicaid is administered directly by the states and consists of 56
distinct state-level programs.5 Within broad federal guidelines, each
program establishes its own eligibility standards; determines the type,
amount, duration, and scope of covered services; and sets payment rates.
In general, the federal government matches state Medicaid spending for
medical assistance according to a formula based on each state's per capita
income. In fiscal year 2004, the federal contribution ranged from 50 to 77
cents of every state dollar spent on medical assistance. For most state
Medicaid administrative costs, the federal match rate is 50 percent.6

As program administrators, states have primary responsibility for
conducting program integrity activities that address provider enrollment,
claims review, and case referrals. Specifically, federal statute or CMS
regulations require states to

           o  collect and verify basic information on potential providers,
           including whether the providers meet state licensure requirements
           and are not prohibited from participating in federal health care
           programs;
           o  have an automated claims payment and information retrieval
           system-intended to verify the accuracy of claims, the correct use
           of payment codes, and patients' Medicaid eligibility-and a claims
           review system-intended to develop statistical profiles on
           services, providers, and beneficiaries to identify potential
           improper payments;7 and
           o  refer suspected overpayments or overutilization cases to other
           units in the Medicaid agency for corrective action and potential
           fraud cases, generally, to the state's Medicaid Fraud Control Unit
           for investigation and prosecution.8

           As noted in our 2004 report,9 states use a variety of controls and
           safeguards to stem improper provider payments. For example, states
           target high-risk providers seeking to bill Medicaid with on-site
           facility inspections, criminal background checks, and probationary
           or time-limited enrollment. States also reported using information
           technology to integrate databases containing provider,
           beneficiary, and claims information and to increase the
           effectiveness of their utilization reviews. Various states
           individually attributed cost savings or recoupments to these
           efforts valued in the millions of dollars.

           In contrast, CMS's role in curbing fraud and abuse in the Medicaid
           program is largely one of support to the states. As we reported
           last year,10 CMS administers two pilot projects-one focused on
           measuring the accuracy of a state's Medicaid claims payments
           (Payment Accuracy Measurement (PAM)) and the other focused on
           improper billing detection and utilization patterns by linking
           Medicare and Medicaid claims information (Medi-Medi). CMS also
           sponsors general technical assistance and information-sharing
           through its Medicaid fraud and abuse technical assistance group
           (TAG). In addition, CMS performs oversight of states' Medicaid
           fraud and abuse control activities. (See table 1.)

           Table 1: CMS Activities to Support and Oversee States' Fraud and
           Abuse Control Efforts, Fiscal Year 2004

           Source: GAO, Medicaid Program Integrity: State and Federal Efforts
           to Prevent and Detect Improper Payments, GAO-04-707 (Washington,
           D.C.: July 16, 2004).

           aPub. L. No. 107-300, 116 Stat. 2350.

           A wide disparity exists between the level of resources CMS expends
           to support and oversee states' fraud and abuse control activities
           and the amount of federal dollars at stake in Medicaid benefit
           payments. In addition, CMS's organizational placement of staff and
           lack of strategic planning suggest a limited commitment to
           improving states' Medicaid fraud and abuse control efforts.

           The resources CMS devotes to working with states to fight Medicaid
           fraud and abuse do not appear to be commensurate with the size of
           the program's financial risk. In fiscal year 2005, CMS's Medicaid
           staff resources allocated to supporting or overseeing states'
           anti-fraud and abuse operations was an estimated 8.1 FTEs-3.6 FTEs
           at headquarters and 4.5 FTEs in the regional offices.11 Staff at
           headquarters are engaged in arranging and conducting the on-site
           compliance reviews of states' fraud and abuse control efforts and
           in information-sharing activities. Staff at the regional offices
           also participate in the state compliance reviews and respond to
           state inquiries. Canvassing the 10 regional CMS offices, we found
           that 7 regions each have a fraction of an FTE and the rest each
           have less than 2 FTEs devoted to providing assistance on fraud and
           abuse issues. For example, Region IV-which covers eight states and
           accounted for $33 billion of federal funds for Medicaid benefits
           in fiscal year 2004-reported having 1 FTE devoted to Medicaid
           fraud and abuse control activities. (See table 2.)

           Table 2: Federal Share of Medicaid Benefit Dollars and CMS Staff
           Devoted to States' Fraud and Abuse Control Efforts

           Source: GAO compilation of CMS information.

           Note: Federal outlays do not add up to the total due to rounding.

           For fiscal year 2006, CMS's budget has no line item devoted to
           Medicaid fraud and abuse control activities. The project to
           estimate payment error rates known as PAM/PERM (required by
           statute) and the Medi-Medi pilot project (with benefits accruing
           to both programs) are financed through a statutorily established
           fund-the Health Care Fraud and Abuse Control (HCFAC) account.12
           (See table 3.) The HCFAC monies from which these two projects are
           largely financed are known as "wedge" funds. As CMS's distribution
           of these funds varies from year to year, the level of support for
           fraud and abuse control initiatives is uncertain and depends on
           the priorities set by the agency. For example, fiscal year 2005
           funds allocated from the HCFAC account for PAM/PERM and Medi-Medi
           were less than half the funds allocated in fiscal year 2004. In
           contrast, Medicare fraud and abuse control activities at CMS are
           financed primarily through earmarked funds from another HCFAC
           component-the Medicare Integrity Program.

           Table 3: HCFAC Wedge Funds Allocated for CMS Activities That
           Address Medicaid Fraud and Abuse

           Source: CMS.

           Note: We estimated that, in addition to the wedge funds, FBI
           funding (Medicaid share) was about $1.5 million in fiscal year
           2004 and about $500,000 in fiscal year 2005.

           CMS's Medicaid compliance reviews are funded through a different
           source-HHS's budget appropriation. In fiscal year 2004, the budget
           for this activity was $26,000, down from $40,000 in fiscal year
           2003 and $80,000 in fiscal year 2002.13

           The placement of Medicaid's antifraud and abuse function in CMS's
           organizational structure and a lack of stated goals and objectives
           suggests a limited institutional commitment to Medicaid fraud and
           abuse control activities. Currently, two different headquarters
           offices are charged with working with states on fraud and abuse
           issues. CMS's Office of Financial Management staffs the PAM/PERM
           and Medi-Medi initiatives, while the Center for Medicaid and State
           Operations (CMSO) staffs the state compliance reviews and TAG
           functions. Under this organizational structure, the Medicaid fraud
           and abuse staff in CMSO are not in an optimal position to leverage
           the resources allocated to the office with responsibility for
           developing tools and strategies for combating fraud and abuse.

           As further evidence of the low priority assigned to Medicaid fraud
           and abuse control, the planning, outreach, and building of staff
           expertise lacks leadership continuity. From 1997 to 2003, the
           leadership and funding of CMS's support for states' antifraud and
           abuse efforts resided in a consortium of two regional offices. The
           consortium led a network of regional fraud and abuse coordinators
           and state Medicaid representatives, sponsoring telephone
           conferences and workshops, seminars, and training sessions aimed
           at sharing best practices for fighting fraud and abuse. Medicaid
           staff based at headquarters reported to a national network
           coordinator located at one of the consortium's regional offices.
           With the retirement of the national coordinator in 2003, the
           consortium relinquished its leadership and funding role and the
           Medicaid antifraud and abuse activities were reassigned to CMSO
           without additional resources. Since then, no nationwide meetings
           with state program integrity officials have been held.

           At the same time, CMS lacks a strategic plan to drive its Medicaid
           antifraud and abuse operations. Goals for the long term, as well
           as plans on how to achieve them, have not been specified in any
           public department or agency planning documents. For example, HHS's
           fiscal year 2004 performance and accountability report cited
           Medicaid's high risk of payment errors as the department's
           management challenge for fighting Medicaid fraud and abuse.14 To
           address this challenge, the report cited the PAM/PERM initiative
           for estimating payment error rates, as this activity is required
           in federal statute. But there was no mention of any other fraud
           and abuse support or oversight activities or goals. Similarly, the
           discussion of Medicaid program integrity in the Administration's
           Budget for Fiscal Year 2006 covers activities to curb states'
           inappropriate financing mechanisms but makes no mention of federal
           support or oversight of states' fraud and abuse efforts. At the
           agency level, CMS officials were unable to provide any publicly
           available planning documents specifying short- or long-term
           Medicaid program goals that target fraud and abuse.

           The low priority given to CMS activities in support of states'
           fraud and abuse control efforts is having serious consequences for
           current projects. CMS's distribution of resources may require some
           activities to be scaled back and others to be eliminated.

           Specifically, the expansion of the Medi-Medi data match project
           has been slow, leaving potentially millions of dollars in cost
           avoidance and cost savings unrealized. This project enables claims
           data analysts to detect patterns that may not be evident when
           providers' billings for either Medicare or Medicaid are viewed in
           isolation. For example, by combining data from each program,
           analysts can identify "time bandits," or providers who bill for
           more than 24 hours in a single day. As of March 31, 2005, seven
           states with fully operational projects reported returns to the
           Medicaid and Medicare programs of $133.1 million in provider
           payments under investigation, $59.7 million in program
           vulnerabilities identified, and $2.0 million in overpayments to be
           recovered. In addition, 240 investigations had been initiated and
           28 cases referred to law enforcement agencies. Two additional
           states, Ohio and Washington, have begun Medi-Medi projects that
           are expected to be operational later this year.

           Because of anticipated unmet funding needs, existing Medi-Medi
           data match activities are in jeopardy of being scaled back
           considerably. As CMS stated in its fiscal year 2005 second quarter
           report on Medi-Medi projects, "Eliminating certain Medi-Medi
           projects in their entirety and/or dramatically reducing the level
           of effort across all of the projects are among the approaches
           under consideration. Beyond FY 2006, the entire project will
           terminate if additional funding is not identified." Agency
           officials noted that several additional states have expressed
           interest in participating but expanding the program to more states
           will not occur without a new allocation or realignment of
           resources. Plans for additional activities that involve
           coordination with Medicare have been put on hold, pending budget
           decisions. These include enhanced oversight of prescription drug
           fraud when Medicare begins covering Medicaid beneficiaries' drug
           benefits in 2006 and the use of a unified provider enrollment form
           instead of separate forms for Medicare and Medicaid.

           Similarly, CMS's role as provider of technical assistance and
           disseminator of states' best practices has been severely limited
           because of competing priorities. At a health care fraud and abuse
           conference sponsored by HHS and the Department of Justice in 2000,
           participants from states and CMS regional offices articulated
           their common unmet needs with regard to fraud and abuse
           technology. The top three areas cited were information-sharing and
           access to data; training in data analysis and use of technology;
           and staffing, hardware, and software resources. CMS has not
           sponsored a national conference with state program integrity
           officials since 2003 and has not sponsored any fraud and abuse
           workshops or training since 2000. According to a CMS official,
           such information-sharing and technical assistance activities would
           not be expensive to support-less than $100,000 annually-and could
           result in returns that would exceed this relatively low amount.

           Resource shortages also account for CMS's limited oversight of
           states' Medicaid prevention, detection, and referral activities
           for improper payments. Since January 2000, CMS's Medicaid staff
           from headquarters and regional offices have been conducting
           compliance reviews of about seven to eight states a year. The
           reviews are aimed at ensuring that states have processes and
           procedures in place, in compliance with federal requirements for
           enrolling providers, reviewing claims, and referring cases. These
           compliance reviews have been effective at identifying weaknesses
           in states' efforts to combat fraud and abuse. For example, in the
           course of these reviews, CMS has found instances in which

           o  a state had no process in place to prevent payments to excluded
           providers,
           o  states did not use their authority to evaluate providers'
           professional or criminal histories as part of the provider
           enrollment process, and
           o  a state did not follow appropriate procedures for referring a
           case to state law enforcement authorities.

           States have reported making positive modifications in their
           programs as a result of the CMS compliance reviews. Nevertheless,
           at the currently scheduled pace, states' programs will be reviewed
           once in 7 years at the earliest. Because the compliance reviews
           are infrequent, CMS's knowledge of states' fraud and abuse
           activities is, for many states, substantially out-of-date at any
           given time.

           Relatively few and questionably aligned resources and an absence
           of strategic planning underscore the limited commitment CMS has
           made to strengthening states' ability to curb fraud and abuse.
           Despite the millions of dollars CMS receives annually from a
           statutorily established fund for fraud and abuse control, the
           agency has not allocated these resources to sufficiently fund
           initiatives that can help states increase the effectiveness of
           their Medicaid fraud and abuse control efforts. Developing a
           strategic plan for Medicaid fraud and abuse control activities
           would give CMS a basis for providing resources that reflect the
           financial risk to the federal government.

           We discussed facts in this statement with a relevant CMS official.
           He noted that CMS does not view fraud and abuse control activities
           as separate from its financial management responsibilities. He
           indicated that CMS has invested substantial resources in program
           integrity activities that focus on the financial oversight of the
           Medicaid program. While we agree that financial oversight of
           Medicaid is a key component of program integrity, we maintain that
           the other component-fraud and abuse control activities-warrants a
           greater commitment than it currently receives.

           Mr. Chairman, this concludes my prepared remarks. I would be happy
           to answer any questions that you or other Members of the Committee
           may have.

           For further information regarding this testimony, please contact
           Leslie G. Aronovitz at (312) 220-7600. Hannah Fein, Sandra Gove,
           and Janet Rosenblad contributed to this statement under the
           direction of Rosamond Katz.

           The Government Accountability Office, the audit, evaluation and
           investigative arm of Congress, exists to support Congress in
           meeting its constitutional responsibilities and to help improve
           the performance and accountability of the federal government for
           the American people. GAO examines the use of public funds;
           evaluates federal programs and policies; and provides analyses,
           recommendations, and other assistance to help Congress make
           informed oversight, policy, and funding decisions. GAO's
           commitment to good government is reflected in its core values of
           accountability, integrity, and reliability.

           The fastest and easiest way to obtain copies of GAO documents at
           no cost is through GAO's Web site ( www.gao.gov ). Each weekday,
           GAO posts newly released reports, testimony, and correspondence on
           its Web site. To have GAO e-mail you a list of newly posted
           products every afternoon, go to www.gao.gov and select "Subscribe
           to Updates."

           The first copy of each printed report is free. Additional copies
           are $2 each. A check or money order should be made out to the
           Superintendent of Documents. GAO also accepts VISA and Mastercard.
           Orders for 100 or more copies mailed to a single address are
           discounted 25 percent. Orders should be sent to:

           U.S. Government Accountability Office 441 G Street NW, Room LM
           Washington, D.C. 20548

           To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax:
           (202) 512-6061

           Contact:

           Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
           [email protected] Automated answering system: (800) 424-5454 or
           (202) 512-7470

           Gloria Jarmon, Managing Director, [email protected] (202) 512-4400
           U.S. Government Accountability Office, 441 G Street NW, Room 7125
           Washington, D.C. 20548

           Paul Anderson, Managing Director, [email protected] (202)
           512-4800 U.S. Government Accountability Office, 441 G Street NW,
           Room 7149 Washington, D.C. 20548

5The 56 Medicaid programs include one for each of the 50 states, the
District of Columbia, Puerto Rico, and the U.S. territories of American
Samoa, Guam, Northern Mariana Islands, and Virgin Islands. Hereafter, all
56 entities are referred to as states.

6For skilled professional medical personnel engaged in program integrity
activities, such as those who review medical records, 75 percent federal
matching is available.

7CMS requires that states have certain information processing
capabilities, including a Medicaid Management Information System and a
Surveillance and Utilization Review Subsystem.

8Medicaid Fraud Control Units can, in turn, refer some cases to the HHS
Office of Inspector General (OIG), the Federal Bureau of Investigation
(FBI), and the Department of Justice (DOJ) for further investigation and
prosecution.

9 GAO-04-707 .

10 GAO-04-707 .

CMS initiatives    Description                                             
PAM/PERM           CMS conducted a 3-year pilot called PAM to develop      
                      estimates of the accuracy of Medicaid claims payments.  
                      In fiscal year 2006, PAM will become a permanent,       
                      mandatory program-to be known as the Payment Error Rate 
                      Measurement (PERM) initiative-as required by the        
                      Improper Payments Information Act of 2002.a Under PERM, 
                      states will be expected to ultimately reduce their      
                      payment error rates over time by better targeting       
                      program integrity activities in their Medicaid and      
                      SCHIP programs.                                         
Medi-Medi          Under this program, CMS facilitates the sharing of      
                      information between the Medicaid and Medicare programs. 
                      Medi-Medi is a data match pilot designed to identify    
                      improper billing and utilization patterns by matching   
                      Medicare and Medicaid claims information on providers   
                      and beneficiaries. Such matching is important, as       
                      fraudulent schemes can cross program boundaries.        
TAG                Through telephone conferencing, CMS provides a forum    
                      for states to discuss issues, solutions, resources, and 
                      experiences on fraud and abuse issues. Any state may    
                      participate; roughly one-third do so regularly. States  
                      have also used the TAG to propose policy changes to     
                      CMS.                                                    
Compliance reviews CMS conducts on-site reviews to assess whether state    
                      Medicaid fraud and abuse control efforts comply with    
                      federal requirements, such as those governing provider  
                      enrollment, claims review, utilization control, and     
                      coordination with each state's Medicaid Fraud Control   
                      Unit. If reviewers find states significantly out of     
                      compliance, they may revisit the states to verify that  
                      they have taken corrective action.                      

    CMS Expends Limited Resources and Lacks Coherent Plan to Improve States'
                  Medicaid Fraud and Abuse Control Activities

Disparity Exists between Level of Resources and Program's Financial Risk

                                                 Fiscal year Fiscal year 2005 
                                                2004 federal        CMS staff 
                                                    share of       devoted to 
                                                    Medicaid   Medicaid fraud 
                                             benefit outlays        and abuse 
                                                 (dollars in          control 
CMS office       Office jurisdiction            billions) (estimated FTEs) 
Region I         Connecticut, Maine,                                       
                    Massachusetts, New                       
                    Hampshire, Rhode Island,                 
                    and Vermont                         $9.2      Less than 1
Region II        New York, New Jersey,                                     
                    the U.S. Virgin Islands,                 
                    and Puerto Rico                     26.0      Less than 1
Region III       Delaware, Maryland,                                       
                    Pennsylvania, Virginia,                  
                    West Virginia, and the                   
                    District of Columbia                15.2      Less than 1
Region IV        Alabama, North Carolina,                                  
                    South Carolina, Florida,                 
                    Georgia, Kentucky,                       
                    Mississippi, and                         
                    Tennessee                           33.0      Less than 2
Region V         Illinois, Indiana,                                        
                    Michigan, Minnesota,                     
                    Ohio, and Wisconsin                 25.9      Less than 2
Region VI        Arkansas, Louisiana, New                                  
                    Mexico, Oklahoma, and                    
                    Texas                               19.2      Less than 2
Region VII       Iowa, Kansas, Missouri,                                   
                    and Nebraska                         7.4      Less than 1
Region VIII      Colorado, Montana, North                                  
                    Dakota, South Dakota,                    
                    Utah, and Wyoming                    3.8      Less than 1
Region IX        Arizona, California,                                      
                    Hawaii, Nevada, the                      
                    territories of American                  
                    Samoa, Guam, and the                     
                    Commonwealth of the                      
                    Northern Mariana Islands            20.9      Less than 1
Region X         Alaska, Idaho, Oregon,                                    
                    and Washington                       5.6      Less than 1
All regions                                                            4.5 
CMS headquarters                                                       3.6 
Total CMS                                          $166.1              8.1 

11In addition, three to four Medicare FTEs located in both headquarters
and regional offices support joint Medicaid and Medicare fraud and abuse
projects.

12Since fiscal year 2003, this account dedicates $1.075 billion annually
from the Medicare part A Trust Fund for combating health care fraud and
abuse. The money is allocated in three major parts: (1) up to $720 million
for the Medicare Integrity Program, (2) $114 million to the FBI, and (3)
up to $240.6 million in "wedge" funds. In fiscal years 2004 and 2005,
wedge funds were allocated as follows: $160.0 million to the HHS OIG,
$49.4 million to DOJ, and $31.1 million to CMS and other HHS agencies.

Dollars in thousands                        
                              Fiscal year 2004 Fiscal year 2005 
PAM/PERM                             $4,121           $1,200 
Medi/Medi (Medicaid share)            3,691            2,439 
Total                                $7,812           $3,639 

CMS Structure and Lack of Planning Suggest Weak Commitment to Supporting States'
Medicaid Fraud and Abuse Control Efforts

13Information on the amount of fiscal year 2005 funds for compliance
reviews was not available at the time of our review.

14HHS, Performance and Accountability Report, Fiscal Year 2004
(Washington, D.C.: Dec. 13, 2004).

 Lack of Priority Threatens CMS's Medicaid Fraud and Abuse Control Activities,
                    While Potential to Do More Goes Untapped

                            Concluding Observations

                          Contact and Acknowledgments

(290467)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

Obtaining Copies of GAO Reports and Testimony

Order by Mail or Phone

To Report Fraud, Waste, and Abuse in Federal Programs

Congressional Relations

Public Affairs

www.gao.gov/cgi-bin/getrpt? GAO-05-855T .

To view the full product, including the scope

and methodology, click on the link above.

For more information, contact Leslie G. Aronovitz at (312) 220-7600.

Highlights of GAO-05-855T , a testimony before the Committee on Finance,
U.S. Senate

June 28, 2005

MEDICAID FRAUD AND ABUSE

CMS's Commitment to Helping States Safeguard Program Dollars Is Limited

Today's hearing addresses fraud and abuse control in Medicaid, a program
that provides health care coverage for eligible low-income individuals and
is jointly financed by the federal government and the states. In fiscal
year 2003, Medicaid covered nearly 54 million people and the program's
benefit payments totaled roughly $261 billion, of which the federal share
was about $153 billion.

States are primarily responsible for ensuring appropriate payments to
Medicaid providers through provider enrollment screening, claims review,
overpayment recoveries, and case referrals. At the federal level, the
Centers for Medicare & Medicaid Services (CMS) is responsible for
supporting and overseeing state fraud and abuse control activities. Last
year, GAO reported that CMS had initiatives to assist states, but the
dollar and staff resources allocated to oversight suggested that CMS's
level of effort was disproportionately small relative to the risk of
federal financial loss.

Concerned about the stewardship of federal Medicaid funds, this Committee
has raised questions about CMS's commitment to Medicaid fraud and abuse
control. This statement focuses on (1) the level of resources CMS
currently applies to helping states prevent and detect fraud and abuse in
the Medicaid program and (2) the implications of this level of support for
CMS fraud and abuse control activities.

Since GAO reported last year, the resources CMS expends to support and
oversee states' Medicaid fraud and abuse control activities remain out of
balance with the amount of federal dollars spent annually to provide
Medicaid benefits. In fiscal year 2005, CMS's total staff resources
allocated to these activities was about 8.1 full-time equivalent (FTE)
staffing units-approximately 3.6 FTEs at headquarters and 4.5 FTEs in the
regional offices. Among CMS's 10 regional offices-each of which oversees
states whose Medicaid outlays include billions of federal dollars-7
offices each have a fraction of an FTE and the rest each have less than 2
FTEs allocated to Medicaid fraud and abuse control efforts. Moreover, the
placement of the Medicaid fraud and abuse control staff at
headquarters-apart from the agency's office responsible for other
antifraud and abuse activities-as well as a lack of specified goals for
Medicaid fraud and abuse control raise questions about the agency's level
of commitment to improve states' activities in this area.

CMS's support and oversight initiatives include a pilot project for states
to enhance claims scrutiny activities by coordinating with the Medicare
program. Despite the project's positive results in several states, less
than one-fifth of the states currently participate in the project and
resource constraints may require CMS to scale back these efforts instead
of expanding them to additional states that are seeking to participate.
Similarly, CMS's support activities-such as conducting national
conferences, regional workshops, and training-have been terminated
altogether. The frequency of CMS's on-site reviews of states' fraud and
abuse control activities-about seven to eight visits a year-has not
changed since GAO reported on this last year. This means that federal
oversight of a state's Medicaid program safeguards will not occur, at
best, more than once every 7 years.

Relatively few and questionably aligned resources and an absence of
strategic planning underscore the limited commitment CMS has made to
strengthening states' ability to curb fraud and abuse. Despite the
millions of dollars CMS receives annually from a statutorily established
fund for fraud and abuse control, the agency has not allocated these
resources to sufficiently fund initiatives that can help states increase
the effectiveness of their Medicaid fraud and abuse control efforts.
Developing a strategic plan for Medicaid fraud and abuse control
activities would give CMS a basis for providing resources that reflect the
financial risk to the federal government.

In discussing the facts in this statement with a CMS Medicaid official, he
stated that the agency does not view antifraud and abuse initiatives as
separate from financial oversight, an area that has received substantial
resources in recent years. While we agree that financial management is
important to program integrity, we believe that an increased commitment to
helping states fight fraud and abuse is warranted.
*** End of document. ***