Medicaid Integrity Program:

CMS Should Take Steps to Eliminate Duplication and Improve Efficiency

GAO-13-50: Published: Nov 13, 2012. Publicly Released: Dec 10, 2012.

Additional Materials:

Contact:

Carolyn L. Yocom
(202) 512-7114
YocomC@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Medicaid Integrity Group's (MIG) hiring of separate review and audit contractors for its National Medicaid Audit Program (NMAP) was inefficient and led to duplication because key functions were performed by both entities. Review contractors analyze state claims data to identify aberrant claims or billing anomalies while audit contractors conduct postpayment audits to determine if payments to providers were improper. Because both types of contractors had to assess whether payments were improper under state Medicaid policies, having separate contractors doubled states' burden in ensuring that state policies were being correctly applied. Also, poor coordination and communication between the two types of contractors resulted in duplicative data analysis. In turn, these inefficiencies added to the length of audits, which on average took almost 23 months to complete. By contrast, the average duration of six audits using a more collaborative and coordinated approach was 16 months, and the amount of identified overpayments increased significantly.

Other MIG oversight and support activities--the free training provided to state officials through the Medicaid Integrity Institute, the evaluation of state program integrity procedures through triennial comprehensive reviews, and the collection of data from states through annual assessments--show mixed results in enhancing program integrity efforts. According to state officials, the modest expenditures on the institute result in valuable training and networking opportunities. The MIG, however, has not taken advantage of the potential for comprehensive reviews to inform the selection of states for federal audits. Although the MIG's comprehensive reviews yield considerable information about state program integrity vulnerabilities, states with serious program integrity vulnerabilities often had few NMAP audits. Furthermore, the data collected through state program integrity assessments (SPIA) duplicate data collected through comprehensive reviews and other reports, are not validated, and, even if the data were accurate, are less current than similar data from other sources.

Reporting by the Centers for Medicaid & Medicaid Services (CMS) on the return on investment (ROI) from the activities of the MIG is inadequate. CMS's annual reports to Congress provide a limited picture of ROI for NMAP audits, which account for over half of the MIG's annual expenditures, and it is difficult to calculate an ROI with the expenditure and activity information provided. The Department of Health and Human Services (HHS) recently announced that it will discontinue reporting a separate ROI for NMAP. In addition, CMS's ROI methodology includes a percentage of state-identified overpayments reported on the SPIA, which is questionable. To date, CMS has not published an ROI methodology. Regarding state reporting of recoveries, we found that most states were not fully reporting recoveries according to specific program integrity activities and that a sizable number appeared to underreport aggregate recoveries compared to other sources. For example, one state reported aggregate recoveries of about $195,000 over 3 years to CMS but about $36 million in its annual report to the governor for 2 of these years. The apparent gaps in state reporting of such recoveries make it difficult to determine whether states are returning the federal share of recovered overpayments. A full accounting of state and NMAP related recoveries is vital for measuring the effectiveness of efforts to reduce improper payments.

Why GAO Did This Study

Medicaid has the second-highest estimated improper payments of any federal program that reports such data. The Deficit Reduction Act of 2005 created the Medicaid Integrity Program to oversee and support state program integrity activities. CMS, the federal agency within HHS that oversees Medicaid, established the MIG to implement this new program. This report assesses (1) the MIG's use of two types of contractors to review and audit state Medicaid claims, (2) the MIG's implementation of other oversight and support activities, and (3) CMS and state reporting on the results of their program integrity activities. GAO analyzed MIG data on its contractors' audits, training program for state officials, comprehensive state reviews, and state assessments; analyzed reports that summarized the monetary returns from MIG and state program integrity activities; and interviewed MIG officials, contractors, and state program integrity officials.

What GAO Recommends

GAO recommends that the CMS Administrator (1) eliminate duplication by merging contractor functions, (2) use comprehensive reviews to better target audits, (3) follow up with states to ensure reliable reporting of their program integrity recoveries, (4) discontinue the SPIA, and (5) reevaluate and publish its ROI methodology. In response, HHS concurred with three of GAO's recommendations and partially concurred with the need to eliminate SPIA-related duplication and to reevaluate CMS's ROI methodology. As discussed in this report, GAO continues to believe that its recommendations are valid.

For more information, contact Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In 2013, the agency let the review contract expire, and reconfigured the NMAP to eliminate the review contractor function altogether. By eliminating duplication in the review function, CMS will realize greater efficiencies in its audits and reduce state burden.

    Recommendation: To strengthen the Medicaid Integrity Program, and to eliminate duplication and more efficiently use audit resources, the CMS Acting Administrator should merge the functions of the federal review and audit contractors within a state or geographic region.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  2. Status: Closed - Implemented

    Comments: Both the comprehensive reviews and NMAP audits have evolved. The agency has eliminated the NMAP MSIS audits that were selected by contractors on the basis of faulty MSIS data. The agency has also redesigned the comprehensive reviews to shift away from a regulatory compliance framework to a more targeted risk assessment model and has conducted an integrated program integrity review and audit in at least one state. These actions fulfill the intent of our recommendation.

    Recommendation: To strengthen the Medicaid Integrity Program, and to ensure that the MIG's comprehensive reviews inform its management of NMAP, the CMS Acting Administrator should use the knowledge gained from the comprehensive reviews as a criterion for focusing NMAP resources towards states that have structural or data-analysis vulnerabilities.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  3. Status: Closed - Implemented

    Comments: CMS has indefinitely suspended the state program integrity assessments to avoid duplication and the reporting of inaccurate data, as GAO recommended in November 2012. In June 2013, CMS reported that it had suspended the state program integrity assessments and planned to redesign the assessment to integrate and coordinate with other CMS reporting mechanisms to reduce the duplication of data collection and the reporting burden on the states, eliminate the time lag in reporting data, and institute more rigorous data validation. In June 2014, the agency confirmed that the state program integrity assessments have been suspended indefinitely.

    Recommendation: To strengthen the Medicaid Integrity Program, and to avoid unnecessary duplication overlap with other efforts, as well as the reporting of unverified and inaccurate data, the CMS Acting Administrator should discontinue the annual state program integrity assessments.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  4. Status: Open

    Comments: In January 2015, CMS officials told us the agency disagrees with our recommendation that the agency should report a separate return on investment (ROI) for the NMAP. CMS officials confirmed that the agency is developing a methodology for measuring and calculating a single ROI that reflects the Center for Program Integrity's (CPI) program integrity initiatives for both Medicare and Medicaid, and they expect to have their methodology finalized later this year. Given the restructuring of the Medicaid Integrity Program, in particular the shift to collaborate audits and the coordination of program integrity activities, we agree that a separate ROI may not be an appropriate measure to ensure the most effective use of federal Medicaid program integrity funds. We will assess the finalized ROI methodology when it is available.

    Recommendation: To strengthen the Medicaid Integrity Program, and to ensure the most effective use of federal Medicaid program integrity funding, the CMS Acting Administrator should reevaluate the agency's methodology for calculating an ROI for the Medicaid Integrity Program, including reporting separately on the NMAP, and share its methodology with Congress and the states.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  5. Status: Closed - Implemented

    Comments: In 2012, GAO found that reporting by CMS on the its program integrity efforts was inadequate, in part because most states were not fully reporting recoveries according to specific program integrity activities and that a sizable number appeared to underreport aggregate recoveries compared to other sources. The apparent gaps in state reporting of such recoveries made it difficult to determine whether states were returning the federal share of recovered overpayments. Therefore, we recommended that CMS increase the agency's efforts to hold states accountable for reliably reporting program integrity recoveries as a part of their quarterly expenditure reporting. CMS agreed with our recommendation, and in 2014, provided training through the Medicaid Integrity Institute on correct reporting of recoveries. Efforts to ensure correct reporting of recoveries will make it easier for CMS to determine whether states are returning the federal share of recovered overpayments.

    Recommendation: To strengthen the Medicaid Integrity Program, and to ensure the appropriate tracking of the results of states' program integrity activities, the CMS Acting Administrator should increase the agency's efforts to hold states accountable for reliably reporting program integrity recoveries as a part of their quarterly expenditure reporting.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

 

Explore the full database of GAO's Open Recommendations »

Jun 29, 2015

Jun 24, 2015

Jun 22, 2015

Jun 11, 2015

Jun 10, 2015

Jun 2, 2015

Jun 1, 2015

Looking for more? Browse all our products here