Medicaid:

Additional Actions Needed to Help Improve Provider and Beneficiary Fraud Controls

GAO-15-313: Published: May 14, 2015. Publicly Released: May 29, 2015.

Multimedia:

Additional Materials:

Contact:

Seto J. Bagdoyan
(202) 512-6722
bagdoyans@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

GAO found thousands of Medicaid beneficiaries and hundreds of providers involved in potential improper or fraudulent payments during fiscal year 2011—the most-recent year for which reliable data were available in four selected states: Arizona, Florida, Michigan, and New Jersey. These states had about 9.2 million beneficiaries and accounted for 13 percent of all fiscal year 2011 Medicaid payments. Specifically:

About 8,600 beneficiaries had payments made on their behalf concurrently by two or more of GAO's selected states totaling at least $18.3 million.

The identities of about 200 deceased beneficiaries received about $9.6 million in Medicaid benefits subsequent to the beneficiary's death.

About 50 providers were excluded from federal health-care programs, including Medicaid, for a variety of reasons that include patient abuse or neglect, fraud, theft, bribery, or tax evasion.

Since 2011, the Centers for Medicare & Medicaid Services (CMS) has taken regulatory steps to make the Medicaid enrollment process more rigorous and data-driven; however, gaps in beneficiary-eligibility verification guidance and data sharing continue to exist. These gaps include the following:

In October 2013, CMS required states to use electronic data maintained by the federal government in its Data Services Hub (hub) to verify beneficiary eligibility. According to CMS, the hub can verify key application information, including state residency, incarceration status, and immigration status. However, additional guidance from CMS to states might further enhance program-integrity efforts beyond using the hub. Specifically, CMS regulations do not require states to periodically review Medicaid beneficiary files for deceased individuals more frequently than annually, nor specify whether states should consider using the more-comprehensive Social Security Administration Death Master File in conjunction with state-reported death data when doing so. As a result, states may not be able to detect individuals that have moved to and died in other states, or prevent the payment of potentially fraudulent benefits to individuals using these identities.

In 2011, CMS issued regulations to strengthen Medicaid provider-enrollment screening. For example, CMS now requires states to screen providers and suppliers to ensure they have active licenses in the state where they provide Medicaid services. CMS's regulations also allow states to use Medicare's enrollment database—the Provider Enrollment, Chain and Ownership System (PECOS)—to screen Medicaid providers so that duplication of effort is reduced. In April 2012, CMS gave each state manual access to certain information in PECOS. However, none of the four states GAO interviewed used PECOS to screen all Medicaid providers because of the manual process. In October 2013, CMS began providing interested states access to a monthly file containing basic enrollment information that could be used for automated screening, but CMS has not provided full access to all PECOS information, such as ownership information, that states report are needed to effectively and efficiently process Medicaid provider applications.


Why GAO Did This Study

Medicaid is a significant expenditure for the federal government and the states, with total federal outlays of $310 billion in fiscal year 2014. CMS reported an estimated $17.5 billion in potentially improper payments for the Medicaid program in 2014.

GAO was asked to review beneficiary and provider enrollment-integrity efforts at selected states. This report (1) identifies and analyzes indicators of improper or potentially fraudulent payments in fiscal year 2011, and (2) examines the extent to which federal and state oversight policies, controls, and processes are in place to prevent and detect fraud and abuse in determining eligibility.

GAO analyzed Medicaid claims paid in fiscal year 2011, the most-recent reliable data available, for four states: Arizona, Florida, Michigan, and New Jersey. These states were chosen because they were among those with the highest Medicaid enrollment; the results are not generalizable to all states. GAO performed data matching with various databases to identify indicators of potential fraud, reviewed CMS and state Medicaid program-integrity policies, and interviewed CMS and state officials performing oversight functions.

What GAO Recommends

GAO recommends that CMS issue guidance for screening deceased beneficiaries and supply more-complete data for screening Medicaid providers. The agency concurred with both of the recommendations and stated it would provide state-specific guidance to address them.

For more information, contact Seto J. Bagdoyan at (202) 512-6722 or bagdoyans@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: HHS considers this recommendation closed because they have worked with SSA to address timeliness information and that all states now have access to the federal Data Services Hub. Additionally, HHS states it will continue to work with states to determine additional approaches to better identify deceased individuals. However, we disagree that this action closes the recommendation. CMS has not provided additional guidance to states to better identify beneficiaries who are deceased as described in our report.

    Recommendation: To further improve efforts to limit improper payments, including fraud, in the Medicaid program, the Acting Administrator of CMS should issue guidance to states to better identify beneficiaries who are deceased.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  2. Status: Open

    Comments: HHS considers this recommendation closed because they provide states with training and direct access to PECOS on an ongoing basis. Additionally, CMS also makes Medicare Enrollment data available to states through custom data extracts. We do not consider this action sufficient to close the recommendation, to provide states information on the availability of automated information through PECOS. For example, custom extracts do not constitute automated information containing all information in PECOS states need to screen providers in Medicaid. Additionally, the states the we interviewed for our study were not aware that custom extracts were available. CMS should provide guidance to state Medicaid programs that this information is available until fully automated access to PECOS is available.

    Recommendation: To further improve efforts to limit improper payments, including fraud, in the Medicaid program, the Acting Administrator of CMS should provide guidance to states on the availability of automated information through Medicare's enrollment database--the Provider Enrollment, Chain and Ownership System (PECOS)--and full access to all pertinent PECOS information, such as ownership information, to help screen Medicaid providers more efficiently and effectively.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

 

Explore the full database of GAO's Open Recommendations »

Sep 15, 2016

Sep 14, 2016

Sep 12, 2016

Sep 9, 2016

Sep 6, 2016

Aug 31, 2016

Looking for more? Browse all our products here