Medicaid: Federal and State Leadership Needed to Control Fraud And Abuse
(Testimony, 11/09/1999, GAO/T-HEHS-00-30).
Medicaid fraud schemes cross state lines and enforcement jurisdictions,
engaging the different or competing priorities of federal, state, and
local agencies in efforts to investigate, prosecute, and enforce program
compliance. Essential components of an effective strategy with program
integrity include coordinating the efforts of the multiple players,
investing in preventive strategies, and dedicating adequate resources to
fraud control units. The Health Care Financing Administration, the
federal agency that runs Medicaid, established a fraud and abuse
national initiative in 1997 to bring together groups at the state level
to provide training, share information, and address common concerns.
Despite HCFA's efforts to facilitate the states' activities, questions
remain about its role as a steward of Medicaid funds.
--------------------------- Indexing Terms -----------------------------
REPORTNUM: T-HEHS-00-30
TITLE: Medicaid: Federal and State Leadership Needed to Control
Fraud And Abuse
DATE: 11/09/1999
SUBJECT: Health care programs
Federal/state relations
Fraud
Health insurance cost control
Program abuses
Internal controls
State-administered programs
IDENTIFIER: Medicaid Program
HHS Operation Restore Trust
FBI Operation Goldpill
Medicare program
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Testimony. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO/T-HEHS-00-30
* For Release on Delivery
Expected at 10:30 a.m.
Tuesday, November 9, 1999
MEDICAID
Federal and State Leadership Needed to Control Fraud and Abuse
Statement of Leslie G. Aronovitz, Associate Director
Health Financing and Public Health Issues
Health, Education, and Human Services Division
Testimony
Before the Subcommittee on Oversight and Investigations, Committee on
Commerce, House of Representatives
United States General Accounting Office
GAO
TC ": MEDICAID: Federal and State Leadership Needed to Control Fraud and
Abuse: " \l 3
Medicaid: Federal and State Leadership Needed to Control Fraud and Abuse
Mr. Chairman and Members of the Subcommittee:
We are pleased to be here today as you discuss ways to combat fraud and
abuse in the Medicaid program. Some 40 million Americans-not only poor
mothers and children but also poor elderly, blind, and disabled
individuals-depend on health care services made possible by the Medicaid
program. With total expenditures of over $177 billion in fiscal year 1998,
Medicaid is the third largest social program in the federal budget and
represents a significant share of individual state budgets as well.
Fraud and abuse drains away vital program dollars and exploits taxpayers and
vulnerable beneficiaries. As we recently reported, consumers and legitimate
health care providers have been victimized by the fraud schemes of career
criminals and organized criminal groups. While the Department of Health and
Human Services (HHS) and the Department of Justice have recently augmented
their program integrity activities for Medicare, the Congress is concerned
that a similar emphasis be placed on fraud and abuse control in Medicaid. We
have just launched a study to better understand the scope and effectiveness
of Medicaid program integrity efforts at the federal and state levels and
will report our results next spring. Today, my remarks will focus on a brief
overview of the problem, several key components of fraud control, and the
importance of federal and state cooperation. My comments are based on
observations gleaned from our prior work addressing both Medicaid and
Medicare program integrity issues and from our ongoing Medicaid study.
In summary, our body of work on health care fraud and abuse indicates that
programs the size and structure of Medicaid are inherently vulnerable to
exploitation. Fraud schemes often cross state lines and enforcement
jurisdictions, entailing a number of federal, state, and local agencies that
may have different or competing priorities in their efforts to investigate,
prosecute, and enforce compliance. Experience shows that coordinating the
efforts of the multiple players, investing in preventive strategies, and
dedicating adequate resources to fraud control units are essential
components of an effective program integrity strategy. Finally, our work
shows that the Health Care Financing Administration (HCFA), the agency in
HHS responsible for administering Medicaid federally, is in a position to
work in partnership with the states to ensure an appropriate level of
commitment in states' efforts to control Medicaid fraud and abuse.
Background
Medicaid is a jointly funded federal-state health insurance program for
eligible low-income and needy people. Although it is one federal program, as
a practical matter, it consists of 56 separate programs (including the
District of Columbia, Puerto Rico, and the U.S. territories). Within broad
federal guidelines, each state establishes its own eligibility standards;
determines the type, amount, duration, and scope of services; sets the rate
of payment for services; and administers its own program. For fiscal year
1998, federal Medicaid expenditures were over $101 billion, with the states
contributing about $76 billion. For each state, the federal share varies
according to a statutory formula. The federal government picks up at least
half the cost for medical services, and in nine states, it pays for more
than 70 percent.
Medicaid fraud and abuse control entails a complex mix of actors and
entities. At the federal level, HCFA and the HHS Office of Inspector General
(OIG) have program oversight responsibilities. The Federal Bureau of
Investigation (FBI) and the U.S. Attorneys in the Department of Justice are
responsible for enforcement under certain conditions. However, front line
oversight and enforcement reside primarily with the states. Each state
administers its Medicaid program through a state Medicaid agency-variously
situated in departments such as health, welfare, or human services. In
addition to paying claims and performing other administrative duties, the
state Medicaid agencies conduct program integrity activities. Many state
Medicaid agencies have a "data mining" unit-a surveillance and utilization
review subsystem (SURS) unit-dedicated to reviewing paid claims to identify
suspect billing practices or other aberrations indicating potential
wrongdoing. Separate from the state Medicaid agency, 47 states have Medicaid
Fraud Control Units (MFCU), generally located in the state's attorney
general's office, which carry out investigations and prosecutions. For a
composite view of the multiple agencies involved in Medicaid fraud and abuse
control, see table 1.
Table 1: Overview of Medicaid Fraud and Abuse Control Efforts
Agency Responsibility Related activities
Federal
Department of Health and Human Services (HHS)
Health Care Among other activities, through
Financing Oversees state Medicaid its Medicaid Fraud and Abuse
Administration agencies National Initiative, HCFA provides
(HCFA) an ongoing forum and training for
state officials on fraud control.
Oversees state Medicaid The OIG can sanction fraudulent
Office of Fraud Control Units providers by imposing exclusions
Inspector and civil monetary penalties. It
General (OIG) Investigates federal refers investigative findings to
Medicaid fraud cases Department of Justice.
Department of Justice
Prosecute Medicaid The U.S. Attorneys also indict,
U.S. Attorneys fraud cases referred by negotiate settlements, and make
FBI and HHS OIG recoveries.
Federal Bureau
of Investigates federal The FBI refers investigative
Investigation fraud cases but cannot findings to the U.S. Attorneys.
(FBI) impose sanctions
State
State Medicaid
agency
Administers state The state Medicaid agency's
(located in Medicaid program and activities may include conducting
such oversees Medicaid pre- and postpayment claims
departments as program integrity reviews and administering the
health, human activities provider enrollment process.
services, and
welfare)
Program
integrity/
Reviews claims data to
surveillance detect and investigate SURS units refer suspected fraud
and aberrant payment cases to the state's MFCU and
patterns and conducts noncriminal cases to the state
utilization other types of Medicaid agency's collection unit.
review integrity activities
subsystem
(SURS)a unit
Investigates and
Medicaid Fraud prosecutes cases
Control Unit involving fraudulent
(MFCU)b Medicaid activities The MFCU may refer cases that will
(generally in not be prosecuted to the state
state attorney Investigates and acts Medicaid agency or other authority
general's on complaints of abuse for administrative action.
office) or neglect of patients
in facilities receiving
Medicaid funding
Local
Prosecutes Medicaid
District fraud cases in states
attorney where MFCUs do not have
prosecutorial authority
aStates vary in how their program integrity activities are organized and in
what the units are called.
bThree states do not have MFCUs-Idaho, Nebraska, and North Dakota.
Fraud and Abuse Are a Persistent Problem in Medicaid Program
Several Types of Fraud and Abuse Are Common in Medicaid
Table 2: Examples of Medicaid Fraud and Abuse
Type of fraud Example
A psychiatrist operated a "psychotherapy mill," in
which parents were enticed to enroll their children
in "free" enrichment programs such as after-school
tutoring, field trips, and supervised recreation in
exchange for their children's Medicaid numbers. Using
these numbers, the psychiatrist billed Medicaid for
Billing fraud psychotherapy services not provided. A psychologist
he employed discovered the scam and negotiated a
higher salary from him. The psychologist also set up
her own copycat operation. State officials estimated
that the two fraudulently obtained $421,000 from
Medicaid. The defendants pleaded guilty, were ordered
to pay fines and restitution, and received probation.
Source: Georgia State Health Care Fraud Control Unit.
Two businessmen pleaded guilty to felony charges
related to a complex scheme of submitting fraudulent
nursing home cost reports to the state's Medicaid
program. The scheme involved a nursing home chain and
a shell corporation that the chain allegedly
contracted with, enabling the owners to bill Medicaid
for inflated expenses related to phony contracts with
the nursing homes. Through a complex web of bank and
investment accounts, the owners laundered payments.
Business practices The scheme, which netted the owners nearly $10
fraud million in excess Medicaid reimbursements, was
discovered when a state auditor became suspicious of
high payments to the shell company. One of the
defendants received 50 months in prison and a $70,000
fine; the other, 36 months in prison and a $50,000
fine. Both received an additional 3 years of
supervised release. As restitution, the pair agreed
to pay about $6 million to the state Medicaid program
and to forfeit an additional $2-million-plus in
assets. Source: Georgia State Health Care Fraud
Control Unit.
A woman, who had never attended, graduated, or
received a degree from a nursing school, presented a
false nursing license to several nursing homes that
employed her. She also contracted with a county Board
of Mental Retardation and Developmental Disabilities
to provide nursing and counseling services. The
misrepresentation was discovered when substandard
Fraudulent care she provided led to complaints and a subsequent
misrepresentation of investigation. A state nursing board determined that
qualifications the woman had posed as a nurse for at least 5 years.
She was charged with felony Medicaid fraud, felony
forgery, and misdemeanor practice of unlicensed
nursing. She pleaded guilty and was sentenced to 5
years' probation and was ordered to either pay some
$3,850 in restitution or perform 84 days of community
service. Source: Ohio Attorney General's Health Care
Fraud Section.
Fee-for-service providers do not have a monopoly on fraudulent and abusive
health care practices. Under managed care, providers intending to exploit
the program have adapted to new financial incentives. Whereas receiving a
fee for each service enables providers to enhance revenues by ordering too
many services, receiving a lump-sum payment in advance for each enrollee can
encourage dishonest providers to enhance their profits by stinting on
patient care. Consistent with this incentive are examples of Medicaid
managed care fraud and abuse by prepaid health plans: avoiding expensive
treatments, underfinancing plan operations, providing poor quality care,
using deceptive marketing practices, and claiming phony enrollments. In a
specific instance in Tennessee, a managed care plan used a homeless shelter
as the address for nearly 4,500 fictitious enrollees-a scheme that was
generating nearly $450,000 a month in fraud losses to Medicaid. The scheme
came to light once the shelter tipped off the state Medicaid agency. Managed
care plans can also engage in fraudulent business practices similar to those
in fee-for-service health care-such as providing kickbacks for referrals or
having unqualified personnel provide services.
Fraud and abuse schemes also cross jurisdictional and program boundaries,
complicating the task of pursuing the perpetrators. In our October 1999
correspondence on health care fraud, we noted that criminal groups have
created interstate health care fraud schemes and have used associates in
foreign countries to transfer ill-gotten proceeds out of the United States.
For example, a group with ties to a New Jersey scheme purchased a lab in
Illinois and began bilking Medicaid and Medicare there. In another case, two
individuals investigated for Medicaid fraud in south Florida were tied to
three individuals in North Carolina who used a similar scheme to falsely
bill Medicare. Proceeds from this scam were laundered through associates in
Mexico.
Medicaid Is Vulnerable to Fraudulent and Abusive Practices
* As a third-party payer, Medicaid pays for services provided by others
and cannot, as a practical matter, police each claim for reimbursement
submitted. In a state like New York, the very size of the program
invites exploitation. In fiscal year 1998, New York's Medicaid program,
covering roughly 2 million beneficiaries, cost an estimated $27
billion. Medicaid consumes, on average, 20 percent of a state's budget.
* The impermanence of the population, owing to beneficiaries' changing
eligibility status, makes the program a target for such schemes as
billing for services provided to ineligible or deceased individuals.
* Because many states pay considerably less under Medicaid than
providers' customary charges, Medicaid providers are often in short
supply. Thus, program administrators are reluctant to impose controls
that are perceived as burdensome for fear of discouraging provider
participation.
Coordination, Prevention, and Adequate Resources Are Key Fraud Control
Elements
Our prior health care program integrity work has shown that strong federal
and state leadership is needed to ensure that three essential fraud control
elements are in place. First, the multiple agencies involved must coordinate
their efforts effectively. Second, HCFA and the states must focus on
preventive strategies, since detection and prosecution efforts alone cannot
stem program losses. Finally, state agencies need the administrative and
technical tools and resources to accomplish their mission.
Coordination Essential, but Difficult to Achieve
Two examples illustrate the payoff resulting from agency cooperation. One is
the FBI's Operation Goldpill. Working with other federal agencies and with
state MFCUs and regulators, approximately 1,000 FBI agents participated in
the FBI's largest health care undercover operation at that time, involving
50 cities nationwide. This initiative reflected a new strategy focusing on
multidefendant conspiracy indictments rather than single-defendant
prosecutions. Through this effort, law enforcement agencies were able to
charge 254 defendants; seize $10.8 million in assets, including 11
pharmacies; and levy $6.6 million in fines.
The second example-Operation Restore Trust (ORT)-represented a cornerstone
in recent health care fraud coordination, which focused on Medicare and
Medicaid fraud and abuse. ORT brought together the HHS OIG and other
federal, state, and local agencies to target wrongdoing by home health,
nursing home, and durable medical equipment providers, initially in five
states. In its first 2 years of operation, ORT identified $188 million in
inappropriate payments. Among the lessons learned was the importance of
coordination among the various program and enforcement agencies involved at
the federal, state, and local levels. For example, coordination between
Medicare claims administration contractors and state licensing inspectors in
the project states resulted in the decertification of many of the targeted
home health agencies and the recovery of substantial sums in inappropriate
payments. Through the Medicare contractors' efforts to train state
inspectors on specific billing and beneficiary coverage issues, the
inspectors were able to provide the contractors information they might not
otherwise have been able to obtain on beneficiaries who were not eligible or
home health agencies that billed for services not provided. Through this
mutual exchange of information, contractors were able to identify an array
of billing abuses costing the government millions of dollars.
As obvious as the benefits are from interagency coordination, several
barriers exist that discourage such cooperative efforts. Among these are the
following:
* Labor-intensity of building a case with uncertain outcome. The level of
resources and interagency coordination required for case development
can stall the pursuit of a case at many junctures and delay the
resolution of a case for many years. The pursuit of fraud often begins
with the state Medicaid agency, which, to refer the case to a MFCU,
must typically prepare careful documentation through data analyses,
claims audits, interviews with patients, and medical record reviews.
The MFCU may reject cases because of its backlog, insufficient
evidence, or estimated dollar losses below a certain threshold. At the
time of our drug diversion study, one state's MFCU typically rejected
more than 90 percent of the Medicaid agency's fraud referrals because
of staffing constraints. For cases accepted, MFCU investigations can
involve, among other things, additional interviews or analyses of
medical records and subpoena of financial records. If the case enters
federal jurisdiction, the MFCU may forward the case to a U.S. Attorney.
If the case is prosecuted and convictions are obtained, further work
also may be necessary to establish administrative sanctions and recover
overpayments.
* Timing of actions to maximize administrative as well as criminal
sanctions. In our drug diversion study, we reported that the state
agencies and MFCUs made little effort to time audits and criminal
investigations so that civil recoveries could be made without
compromising criminal prosecution. When poor communication exists
between a MFCU and the state Medicaid agency, the state agency may be
delayed in taking civil action before the statute of limitations has
expired. In such cases, the agency may have to forgo the opportunity to
assess monetary penalties or obtain recoveries that can restore
financial losses to the Medicaid program.
* Competing productivity goals between agencies. One state's MFCU
officials told us that a state Medicaid agency's SURS unit, for
example, may be reluctant to classify cases as fraud. Fraud cases must
generally be referred to the state MFCU. Cases classified as
overpayments generally remain the within the SURS' jurisdiction, and
recoveries are credited to the SURS' performance results.
* Federal payback rules. Federal law creates a fiscal incentive for
states to avoid finding fraud. The law requires that the state pay back
the federal share of these overpayments within 60 days of discovery,
regardless of whether the state has recouped its losses.
We are currently reviewing states' efforts to enhance coordination in our
ongoing study for the Committee. In Georgia, the MFCU has established
working teams consisting of members from three state agencies-prosecutors
from the Attorney General's office, investigators from the Georgia Bureau of
Investigation, and auditors from the Department of Audits.
Prevention Is Key to Avoiding Program Losses
Preventive strategies can be embedded in the design of provider enrollment
procedures, payment methods, coverage policies, and beneficiary eligibility
verification. As we concluded from previous work, states' emphasis on
developing preventive measures were well-placed because efforts to recover
losses were often unsuccessful. In our ongoing study, we will examine
states' approaches to fraud control prevention. One example-provider
enrollment controls in the Medicare program-illustrates how such approaches
help avert fraud.
Until recently, when new requirements were established, Medicare procedures
for certifying home health agencies were seriously flawed. For example, in a
1997 report, we noted that becoming a Medicare-certified home health agency
had been too easy, particularly in light of the number of problem agencies
that had been identified in past years. There had been little screening of
those seeking Medicare certification. For example, Medicare certified an
agency owned by an individual with no home health experience who turned out
to be a convicted drug felon and who later pleaded guilty with an associate
to having defrauded Medicare of over $2.5 million. Rarely did new home
health agencies fail the program's certification requirements. HCFA has
since developed procedures to better scrutinize the qualifications and
background of home health agency applicants.
Adequate Resources Include Qualified Staff and Modern Technology
In recent interviews, officials in several states have expressed concerns
that the lack of effective data systems has hampered their efforts to
identify fraud. For example, one state official said that the state's
Medicaid automated detection system is 15 years old and not well designed
for the types of analysis needed today. Another official noted that the
state lacked a system to perform electronic prepayment screening of claims,
a tool that we have reported on in Medicare reports as a fundamental payment
safeguard. Reflecting these concerns, a MFCU official stated that service
data, staff capable of mining them, and state-of-the-art detection software
are important tools for fraud control. Our ongoing study will examine the
extent of states' capacity to identify fraud or abuse.
HCFA's Role in Medicaid Fraud Control
In 1997, HCFA established the Medicaid fraud and abuse national initiative
designed to bring different components among and within states together at
meetings and to provide training, share information, and address common
concerns. As part of the initiative, individual committees have been created
to work on specific problems and solutions. For example, a state legislation
committee developed a database on a Web site that all states can access that
catalogues states' program integrity legislation. This serves states seeking
models for anti-fraud-and-abuse legislation and contacts for further
information. A federal legislation committee has developed proposals to
increase state effectiveness that have been added to HHS' legislative
proposals. HCFA has also formed and funded a technical advisory group that
meets regularly to discuss Medicaid program integrity issues.
Despite HCFA's positive efforts to facilitate states' activities, we are
concerned about the agency's efforts to ensure that all states have
effective program integrity strategies. In our June 1999 testimony on
Medicaid payments for school-based services, we raised concerns about HCFA's
role as steward of Medicaid funds. We noted that the agency's regional
offices, lacking specific guidance, were inconsistent in their
determinations of whether a given state's practices for claiming
administrative costs were appropriate. Practices that HCFA had allowed in
one state had not been allowed in others, resulting in confusion. It also
created an environment in which school systems "pushed the envelope" into
the realm of questionable billing practices.
From this particular work we made observations that apply to Medicaid fraud
and abuse control in general. First, striking a balance between the
stewardship of Medicaid and the need for flexible approaches in dealing with
50-plus Medicaid programs is difficult. However, mindful of that balance,
HCFA is in a position to explore, in partnership with states, the
appropriate level of commitment to preventing and detecting fraud and abuse.
We think this is important because both have a fiduciary responsibility to
administer Medicaid efficiently and effectively.
GAO Contact and Acknowledgments
TC ": RELATED GAO PRODUCTS: " \l 3
Related GAO Products
Financial Management: Increased Attention Needed to Prevent Billions in
Improper Payments (GAO/AIMD-00-10, Oct. 29, 1999).
Health Care: Fraud Schemes Committed by Career Criminals and Organized
Criminal Groups and Impact on Consumers and Legitimate Health Care Providers
(GAO/OSI-00-1R, Oct. 5, 1999).
Medicaid: Questionable Practices Boost Federal Payments for School-Based
Services (GAO/T-HEHS-99-148, June 17, 1999).
Fraud, Waste, and Abuse: The Cost of Mismanagement (GAO/AIMD-98-265R, Sept.
14, 1998).
Nursing Homes: Too Early to Assess New Efforts to Control Fraud and Abuse
(GAO/T-HEHS-97-114, Apr. 16, 1997).
Medicaid Fraud and Abuse: Stronger Action Needed to Remove Excluded
Providers From Federal Health Programs (GAO/HEHS-97-63, Mar. 31, 1997).
Fraud and Abuse: Providers Excluded From Medicaid Continue to Participate in
Federal Health Programs (GAO/T-HEHS-96-205, Sept. 5, 1996).
Medicare and Medicaid: Opportunities to Save Program Dollars by Reducing
Fraud and Abuse (GAO/T-HEHS-95-110, Mar. 22, 1995).
Prescription Drugs: Automated Prospective Review Systems Offer Potential
Benefits for Medicaid (GAO/AIMD-94-130, Aug. 5, 1994).
Medicaid: A Program Highly Vulnerable to Fraud (GAO/T-HEHS-94-106, Feb. 25,
1994).
Medicaid Drug Fraud: Federal Leadership Needed to Reduce Program
Vulnerabilities (GAO/HRD-93-118, Aug. 2, 1993).
(201006)
*** End of document. ***