GAO-05-855T, Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited


This is the accessible text file for GAO report number GAO-05-855T 
entitled 'Medicaid Fraud and Abuse: CMS's Commitment to Helping States 
Safeguard Program Dollars Is Limited' which was released on June 28, 
2005. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Committee on Finance, U.S. Senate: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 10:00 a.m. EDT: 

Tuesday, June 28, 2005: 

Medicaid Fraud and Abuse: 

CMS's Commitment to Helping States Safeguard Program Dollars Is 
Limited: 

Statement of Leslie G. Aronovitz:
Director, Health Care: 

GAO-05-855T: 

GAO Highlights: 

Highlights of GAO-05-855T, a testimony before the Committee on Finance, 
U.S. Senate: 

Why GAO Did This Study: 

Today’s hearing addresses fraud and abuse control in Medicaid, a 
program that provides health care coverage for eligible low-income 
individuals and is jointly financed by the federal government and the 
states. In fiscal year 2003, Medicaid covered nearly 54 million people 
and the program’s benefit payments totaled roughly $261 billion, of 
which the federal share was about $153 billion. 

States are primarily responsible for ensuring appropriate payments to 
Medicaid providers through provider enrollment screening, claims 
review, overpayment recoveries, and case referrals. At the federal 
level, the Centers for Medicare & Medicaid Services (CMS) is 
responsible for supporting and overseeing state fraud and abuse control 
activities. Last year, GAO reported that CMS had initiatives to assist 
states, but the dollar and staff resources allocated to oversight 
suggested that CMS’s level of effort was disproportionately small 
relative to the risk of federal financial loss. 

Concerned about the stewardship of federal Medicaid funds, this 
Committee has raised questions about CMS’s commitment to Medicaid fraud 
and abuse control. This statement focuses on (1) the level of resources 
CMS currently applies to helping states prevent and detect fraud and 
abuse in the Medicaid program and (2) the implications of this level of 
support for CMS fraud and abuse control activities. 

What GAO Found: 

Since GAO reported last year, the resources CMS expends to support and 
oversee states’ Medicaid fraud and abuse control activities remain out 
of balance with the amount of federal dollars spent annually to provide 
Medicaid benefits. In fiscal year 2005, CMS’s total staff resources 
allocated to these activities was about 8.1 full-time equivalent (FTE) 
staffing units—approximately 3.6 FTEs at headquarters and 4.5 FTEs in 
the regional offices. Among CMS’s 10 regional offices—each of which 
oversees states whose Medicaid outlays include billions of federal 
dollars—7 offices each have a fraction of an FTE and the rest each have 
less than 2 FTEs allocated to Medicaid fraud and abuse control efforts. 
Moreover, the placement of the Medicaid fraud and abuse control staff 
at headquarters—apart from the agency’s office responsible for other 
antifraud and abuse activities—as well as a lack of specified goals for 
Medicaid fraud and abuse control raise questions about the agency’s 
level of commitment to improve states’ activities in this area. 

CMS’s support and oversight initiatives include a pilot project for 
states to enhance claims scrutiny activities by coordinating with the 
Medicare program. Despite the project’s positive results in several 
states, less than one-fifth of the states currently participate in the 
project and resource constraints may require CMS to scale back these 
efforts instead of expanding them to additional states that are seeking 
to participate. Similarly, CMS’s support activities—such as conducting 
national conferences, regional workshops, and training—have been 
terminated altogether. The frequency of CMS’s on-site reviews of 
states’ fraud and abuse control activities—about seven to eight visits 
a year—has not changed since GAO reported on this last year. This means 
that federal oversight of a state’s Medicaid program safeguards will 
not occur, at best, more than once every 7 years. 

Relatively few and questionably aligned resources and an absence of 
strategic planning underscore the limited commitment CMS has made to 
strengthening states’ ability to curb fraud and abuse. Despite the 
millions of dollars CMS receives annually from a statutorily 
established fund for fraud and abuse control, the agency has not 
allocated these resources to sufficiently fund initiatives that can 
help states increase the effectiveness of their Medicaid fraud and 
abuse control efforts. Developing a strategic plan for Medicaid fraud 
and abuse control activities would give CMS a basis for providing 
resources that reflect the financial risk to the federal government. 

In discussing the facts in this statement with a CMS Medicaid official, 
he stated that the agency does not view antifraud and abuse initiatives 
as separate from financial oversight, an area that has received 
substantial resources in recent years. While we agree that financial 
management is important to program integrity, we believe that an 
increased commitment to helping states fight fraud and abuse is 
warranted. 

www.gao.gov/cgi-bin/getrpt?GAO-05-855T. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Leslie G. Aronovitz at 
(312) 220-7600. 

[End of section]

Mr. Chairman and Members of the Committee: 

I am pleased to be here today as you discuss fraud and abuse control in 
Medicaid, a program that provides health care coverage for eligible low-
income individuals and is jointly financed by the federal government 
and the states. In fiscal year 2003, Medicaid covered nearly 54 million 
people, and the program's benefit payments totaled $261 billion, of 
which the federal share was about $153 billion. Because fraud and abuse 
by their nature are unknown until detected, the amount of Medicaid 
funds lost through health care providers' inappropriate billings cannot 
be precisely quantified. Some states have made estimates of their 
respective programs' improper Medicaid payment rates that reflect not 
only fraudulent and abusive billings but also inadvertent billing 
errors, such as clerical mistakes. A nationwide improper payment rate 
for Medicaid has not been made, but even a rate as low as 3 percent 
would mean a loss of almost $4.6 billion in federal funds in fiscal 
year 2003. To put this hypothetical figure in perspective, it is 
roughly the amount that the federal government spent in fiscal year 
2003 on the State Children's Health Insurance Program (SCHIP).[Footnote 
1]

Such a drain of vital program dollars is a detriment to both taxpayers 
and beneficiaries. For example, paying for services billed but not 
provided wastes funds that could have been used for health care. For 
example, in 2004, the owners of a Louisiana health care clinic were 
found guilty of billing the program more than $400,000 for health care 
screening services, nurse consultations, and nutrition consultations 
never provided. Alternatively, paying for unnecessary services can have 
a substantial, if not quantifiable, impact on health care quality. 
Consider the charge in 2004 against 20 dentists in California for 
conspiracy to defraud the state's Medicaid program of $4.5 million. As 
part of the conspiracy, the dentists billed Medicaid for unnecessary or 
inappropriate services that placed patients at risk by reusing dental 
instruments without sterilizing them, performing dental surgeries 
without adequate anesthesia, developing treatment plans that called for 
unneeded root canals and fillings, and forcibly restraining children 
during dental operations. 

States are primarily responsible for the fight against Medicaid fraud 
and abuse. Specifically, they are responsible for ensuring the 
legitimacy of providers billing the program, detecting improper 
payments, recovering overpayments, and referring suspected cases of 
fraud and abuse to law enforcement authorities. At the federal level, 
the Centers for Medicare & Medicaid Services (CMS) in the Department of 
Health and Human Services (HHS) is responsible for supporting and 
overseeing state fraud and abuse control activities. Last year, we 
reported that CMS had initiatives to assist states in combating fraud 
and abuse in their Medicaid programs, but its oversight of states' 
activities in this area was limited.[Footnote 2] The dollar and staff 
resources allocated to compliance reviews suggested that CMS's level of 
effort was disproportionately small relative to the risk of serious 
financial loss. 

Concerned about the stewardship of federal Medicaid funds, this 
Committee has raised questions about CMS's commitment to Medicaid fraud 
and abuse control. It is important to note that activities designed to 
prevent, detect, and recover improper payments made to providers 
resulting from fraud and abuse are a component of ensuring Medicaid 
program integrity. These activities are valuable not only from a 
financial standpoint but also have a sentinel effect on providers that 
may otherwise consider billing the program inappropriately. Another 
component is financial management activities, which involve the 
oversight of state claims for federal reimbursement, including the 
matching, administrative, and disproportionate share funds that CMS 
provides the states.[Footnote 3] While these program integrity 
functions are related, they are not interchangeable. My remarks today 
will focus on (1) the level of resources CMS currently applies to 
helping states prevent and detect fraud and abuse in the Medicaid 
program and (2) the implications of this level of support for CMS fraud 
and abuse control activities. 

To do this work, we reviewed agency documents on Medicaid program 
safeguard support and oversight activities as well as our issued 
reports on this topic. We also interviewed officials at headquarters 
and CMS's 10 regional offices. We conducted our work in May and June 
2005 in accordance with generally accepted government auditing 
standards. 

In summary, since we reported last year, the resources CMS expends to 
support and oversee states' Medicaid fraud and abuse control activities 
remain out of balance with the amount of federal dollars spent annually 
to provide Medicaid benefits.[Footnote 4] In fiscal year 2005, CMS's 
total staff resources allocated to these activities was about 8.1 full- 
time equivalent (FTE) staffing units--approximately 3.6 FTEs at 
headquarters and 4.5 FTEs in the regional offices. Among CMS's 10 
regional offices--each of which oversees states whose Medicaid outlays 
include billions of federal dollars--7 offices each have less than 1 
FTE and the rest each have less than 2 FTEs allocated to Medicaid fraud 
and abuse control efforts. Moreover, the placement of the Medicaid 
fraud and abuse control staff at headquarters--apart from the agency's 
office responsible for other antifraud and abuse activities--as well as 
a lack of specified goals for Medicaid fraud and abuse control raise 
questions about the agency's level of commitment to improving states' 
activities in this area. 

CMS's support and oversight initiatives include a pilot project for 
states to enhance claims scrutiny activities by coordinating with the 
Medicare program. Despite the project's positive results in several 
states, less than one-fifth of the states currently participate in the 
project, and resource constraints may require CMS to scale back these 
efforts instead of expanding them to additional states that are seeking 
to participate. Similarly, some of CMS's other support activities--such 
as conducting national conferences, regional workshops, and training-- 
have been terminated altogether. The frequency of CMS's on-site reviews 
of states' fraud and abuse control activities remains about seven to 
eight visits a year. This means that federal oversight of a state's 
Medicaid program safeguards will not occur, at best, more than once 
every 7 years. 

In discussing the facts in this statement with a CMS Medicaid official, 
he stated that the agency does not view antifraud and abuse initiatives 
as separate from financial oversight, an area that has received 
substantial resources in recent years. While we agree that financial 
management is important to program integrity, we believe that an 
increased commitment to helping states fight fraud and abuse is 
warranted. 

Background: 

Although jointly financed by the states and the federal government, 
Medicaid is administered directly by the states and consists of 56 
distinct state-level programs.[Footnote 5] Within broad federal 
guidelines, each program establishes its own eligibility standards; 
determines the type, amount, duration, and scope of covered services; 
and sets payment rates. In general, the federal government matches 
state Medicaid spending for medical assistance according to a formula 
based on each state's per capita income. In fiscal year 2004, the 
federal contribution ranged from 50 to 77 cents of every state dollar 
spent on medical assistance. For most state Medicaid administrative 
costs, the federal match rate is 50 percent.[Footnote 6]

As program administrators, states have primary responsibility for 
conducting program integrity activities that address provider 
enrollment, claims review, and case referrals. Specifically, federal 
statute or CMS regulations require states to: 

* collect and verify basic information on potential providers, 
including whether the providers meet state licensure requirements and 
are not prohibited from participating in federal health care programs;

* have an automated claims payment and information retrieval system-- 
intended to verify the accuracy of claims, the correct use of payment 
codes, and patients' Medicaid eligibility--and a claims review system-
-intended to develop statistical profiles on services, providers, and 
beneficiaries to identify potential improper payments;[Footnote 7] and: 

* refer suspected overpayments or overutilization cases to other units 
in the Medicaid agency for corrective action and potential fraud cases, 
generally, to the state's Medicaid Fraud Control Unit for investigation 
and prosecution.[Footnote 8]

As noted in our 2004 report,[Footnote 9] states use a variety of 
controls and safeguards to stem improper provider payments. For 
example, states target high-risk providers seeking to bill Medicaid 
with on-site facility inspections, criminal background checks, and 
probationary or time-limited enrollment. States also reported using 
information technology to integrate databases containing provider, 
beneficiary, and claims information and to increase the effectiveness 
of their utilization reviews. Various states individually attributed 
cost savings or recoupments to these efforts valued in the millions of 
dollars. 

In contrast, CMS's role in curbing fraud and abuse in the Medicaid 
program is largely one of support to the states. As we reported last 
year,[Footnote 10] CMS administers two pilot projects--one focused on 
measuring the accuracy of a state's Medicaid claims payments (Payment 
Accuracy Measurement (PAM)) and the other focused on improper billing 
detection and utilization patterns by linking Medicare and Medicaid 
claims information (Medi-Medi). CMS also sponsors general technical 
assistance and information-sharing through its Medicaid fraud and abuse 
technical assistance group (TAG). In addition, CMS performs oversight 
of states' Medicaid fraud and abuse control activities. (See table 1.)

Table 1: CMS Activities to Support and Oversee States' Fraud and Abuse 
Control Efforts, Fiscal Year 2004: 

CMS initiatives: PAM/PERM; 
Description: CMS conducted a 3-year pilot called PAM to develop 
estimates of the accuracy of Medicaid claims payments. In fiscal year 
2006, PAM will become a permanent, mandatory program--to be known as 
the Payment Error Rate Measurement (PERM) initiative--as required by 
the Improper Payments Information Act of 2002.[A] Under PERM, states 
will be expected to ultimately reduce their payment error rates over 
time by better targeting program integrity activities in their Medicaid 
and SCHIP programs. 

CMS initiatives: Medi-Medi; 
Description: Under this program, CMS facilitates the sharing of 
information between the Medicaid and Medicare programs. Medi-Medi is a 
data match pilot designed to identify improper billing and utilization 
patterns by matching Medicare and Medicaid claims information on 
providers and beneficiaries. Such matching is important, as fraudulent 
schemes can cross program boundaries. 

CMS initiatives: TAG; 
Description: Through telephone conferencing, CMS provides a forum for 
states to discuss issues, solutions, resources, and experiences on 
fraud and abuse issues. Any state may participate; roughly one-third do 
so regularly. States have also used the TAG to propose policy changes 
to CMS. 

CMS initiatives: Compliance reviews; 
Description: CMS conducts on-site reviews to assess whether state 
Medicaid fraud and abuse control efforts comply with federal 
requirements, such as those governing provider enrollment, claims 
review, utilization control, and coordination with each state's 
Medicaid Fraud Control Unit. If reviewers find states significantly out 
of compliance, they may revisit the states to verify that they have 
taken corrective action. 

Source: GAO, Medicaid Program Integrity: State and Federal Efforts to 
Prevent and Detect Improper Payments, GAO-04-707 (Washington, D.C.: 
July 16, 2004). 

[A] Pub. L. No. 107-300, 116 Stat. 2350. 

[End of table]

CMS Expends Limited Resources and Lacks Coherent Plan to Improve 
States' Medicaid Fraud and Abuse Control Activities: 

A wide disparity exists between the level of resources CMS expends to 
support and oversee states' fraud and abuse control activities and the 
amount of federal dollars at stake in Medicaid benefit payments. In 
addition, CMS's organizational placement of staff and lack of strategic 
planning suggest a limited commitment to improving states' Medicaid 
fraud and abuse control efforts. 

Disparity Exists between Level of Resources and Program's Financial 
Risk: 

The resources CMS devotes to working with states to fight Medicaid 
fraud and abuse do not appear to be commensurate with the size of the 
program's financial risk. In fiscal year 2005, CMS's Medicaid staff 
resources allocated to supporting or overseeing states' anti-fraud and 
abuse operations was an estimated 8.1 FTEs--3.6 FTEs at headquarters 
and 4.5 FTEs in the regional offices.[Footnote 11] Staff at 
headquarters are engaged in arranging and conducting the on-site 
compliance reviews of states' fraud and abuse control efforts and in 
information-sharing activities. Staff at the regional offices also 
participate in the state compliance reviews and respond to state 
inquiries. Canvassing the 10 regional CMS offices, we found that 7 
regions each have a fraction of an FTE and the rest each have less than 
2 FTEs devoted to providing assistance on fraud and abuse issues. For 
example, Region IV--which covers eight states and accounted for $33 
billion of federal funds for Medicaid benefits in fiscal year 2004-- 
reported having 1 FTE devoted to Medicaid fraud and abuse control 
activities. (See table 2.)

Table 2: Federal Share of Medicaid Benefit Dollars and CMS Staff 
Devoted to States' Fraud and Abuse Control Efforts: 

CMS office: Region I; 
Office jurisdiction: Connecticut, Maine, Massachusetts, New Hampshire, 
Rhode Island, and Vermont; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $9.2; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 1. 

CMS office: Region II; 
Office jurisdiction: New York, New Jersey, the U.S. Virgin Islands, and 
Puerto Rico; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $26.0; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 1. 

CMS office: Region III; 
Office jurisdiction: Delaware, Maryland, Pennsylvania, Virginia, West 
Virginia, and the District of Columbia; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $15.2; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 1. 

CMS office: Region IV; 
Office jurisdiction: Alabama, North Carolina, South Carolina, Florida, 
Georgia, Kentucky, Mississippi, and Tennessee; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $33.0; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 2. 

CMS office: Region V; 
Office jurisdiction: Illinois, Indiana, Michigan, Minnesota, Ohio, and 
Wisconsin; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $25.9; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 2. 

CMS office: Region VI; 
Office jurisdiction: Arkansas, Louisiana, New Mexico, Oklahoma, and 
Texas; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $19.2; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 2. 

CMS office: Region VII; 
Office jurisdiction: Iowa, Kansas, Missouri, and Nebraska; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $7.4; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 1. 

CMS office: Region VIII; 
Office jurisdiction: Colorado, Montana, North Dakota, South Dakota, 
Utah, and Wyoming; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $3.8; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 1. 

CMS office: Region IX; 
Office jurisdiction: Arizona, California, Hawaii, Nevada, the 
territories of American Samoa, Guam, and the Commonwealth of the 
Northern Mariana Islands; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $20.9; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 1. 

CMS office: Region X; 
Office jurisdiction: Alaska, Idaho, Oregon, and Washington; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $5.6; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): Less than 1. 

CMS office: All regions; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): 4.5. 

CMS office: CMS headquarters; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): 3.6. 

CMS office: Total CMS; 
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in 
billions): $166.1; 
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control 
(estimated FTEs): 8.1. 

Source: GAO compilation of CMS information. 

Note: Federal outlays do not add up to the total due to rounding. 

[End of table]

For fiscal year 2006, CMS's budget has no line item devoted to Medicaid 
fraud and abuse control activities. The project to estimate payment 
error rates known as PAM/PERM (required by statute) and the Medi-Medi 
pilot project (with benefits accruing to both programs) are financed 
through a statutorily established fund--the Health Care Fraud and Abuse 
Control (HCFAC) account.[Footnote 12] (See table 3.) The HCFAC monies 
from which these two projects are largely financed are known as "wedge" 
funds. As CMS's distribution of these funds varies from year to year, 
the level of support for fraud and abuse control initiatives is 
uncertain and depends on the priorities set by the agency. For example, 
fiscal year 2005 funds allocated from the HCFAC account for PAM/PERM 
and Medi-Medi were less than half the funds allocated in fiscal year 
2004. In contrast, Medicare fraud and abuse control activities at CMS 
are financed primarily through earmarked funds from another HCFAC 
component--the Medicare Integrity Program. 

Table 3: HCFAC Wedge Funds Allocated for CMS Activities That Address 
Medicaid Fraud and Abuse: 

Dollars in thousands. 

PAM/PERM; 
Fiscal year 2004: $4,121; 
Fiscal year 2005: $1,200. 

Medi/Medi (Medicaid share); 
Fiscal year 2004: $3,691; 
Fiscal year 2005: $2,439. 

Total; 
Fiscal year 2004: $7,812; 
Fiscal year 2005: $3,639. 

Source: CMS. 

Note: We estimated that, in addition to the wedge funds, FBI funding 
(Medicaid share) was about $1.5 million in fiscal year 2004 and about 
$500,000 in fiscal year 2005. 

[End of table]

CMS's Medicaid compliance reviews are funded through a different 
source--HHS's budget appropriation. In fiscal year 2004, the budget for 
this activity was $26,000, down from $40,000 in fiscal year 2003 and 
$80,000 in fiscal year 2002.[Footnote 13]

CMS Structure and Lack of Planning Suggest Weak Commitment to 
Supporting States' Medicaid Fraud and Abuse Control Efforts: 

The placement of Medicaid's antifraud and abuse function in CMS's 
organizational structure and a lack of stated goals and objectives 
suggests a limited institutional commitment to Medicaid fraud and abuse 
control activities. Currently, two different headquarters offices are 
charged with working with states on fraud and abuse issues. CMS's 
Office of Financial Management staffs the PAM/PERM and Medi-Medi 
initiatives, while the Center for Medicaid and State Operations (CMSO) 
staffs the state compliance reviews and TAG functions. Under this 
organizational structure, the Medicaid fraud and abuse staff in CMSO 
are not in an optimal position to leverage the resources allocated to 
the office with responsibility for developing tools and strategies for 
combating fraud and abuse. 

As further evidence of the low priority assigned to Medicaid fraud and 
abuse control, the planning, outreach, and building of staff expertise 
lacks leadership continuity. From 1997 to 2003, the leadership and 
funding of CMS's support for states' antifraud and abuse efforts 
resided in a consortium of two regional offices. The consortium led a 
network of regional fraud and abuse coordinators and state Medicaid 
representatives, sponsoring telephone conferences and workshops, 
seminars, and training sessions aimed at sharing best practices for 
fighting fraud and abuse. Medicaid staff based at headquarters reported 
to a national network coordinator located at one of the consortium's 
regional offices. With the retirement of the national coordinator in 
2003, the consortium relinquished its leadership and funding role and 
the Medicaid antifraud and abuse activities were reassigned to CMSO 
without additional resources. Since then, no nationwide meetings with 
state program integrity officials have been held. 

At the same time, CMS lacks a strategic plan to drive its Medicaid 
antifraud and abuse operations. Goals for the long term, as well as 
plans on how to achieve them, have not been specified in any public 
department or agency planning documents. For example, HHS's fiscal year 
2004 performance and accountability report cited Medicaid's high risk 
of payment errors as the department's management challenge for fighting 
Medicaid fraud and abuse.[Footnote 14] To address this challenge, the 
report cited the PAM/PERM initiative for estimating payment error 
rates, as this activity is required in federal statute. But there was 
no mention of any other fraud and abuse support or oversight activities 
or goals. Similarly, the discussion of Medicaid program integrity in 
the Administration's Budget for Fiscal Year 2006 covers activities to 
curb states' inappropriate financing mechanisms but makes no mention of 
federal support or oversight of states' fraud and abuse efforts. At the 
agency level, CMS officials were unable to provide any publicly 
available planning documents specifying short-or long-term Medicaid 
program goals that target fraud and abuse. 

Lack of Priority Threatens CMS's Medicaid Fraud and Abuse Control 
Activities, While Potential to Do More Goes Untapped: 

The low priority given to CMS activities in support of states' fraud 
and abuse control efforts is having serious consequences for current 
projects. CMS's distribution of resources may require some activities 
to be scaled back and others to be eliminated. 

Specifically, the expansion of the Medi-Medi data match project has 
been slow, leaving potentially millions of dollars in cost avoidance 
and cost savings unrealized. This project enables claims data analysts 
to detect patterns that may not be evident when providers' billings for 
either Medicare or Medicaid are viewed in isolation. For example, by 
combining data from each program, analysts can identify "time bandits," 
or providers who bill for more than 24 hours in a single day. As of 
March 31, 2005, seven states with fully operational projects reported 
returns to the Medicaid and Medicare programs of $133.1 million in 
provider payments under investigation, $59.7 million in program 
vulnerabilities identified, and $2.0 million in overpayments to be 
recovered. In addition, 240 investigations had been initiated and 28 
cases referred to law enforcement agencies. Two additional states, Ohio 
and Washington, have begun Medi-Medi projects that are expected to be 
operational later this year. 

Because of anticipated unmet funding needs, existing Medi-Medi data 
match activities are in jeopardy of being scaled back considerably. As 
CMS stated in its fiscal year 2005 second quarter report on Medi-Medi 
projects, "Eliminating certain Medi-Medi projects in their entirety 
and/or dramatically reducing the level of effort across all of the 
projects are among the approaches under consideration. Beyond FY 2006, 
the entire project will terminate if additional funding is not 
identified." Agency officials noted that several additional states have 
expressed interest in participating but expanding the program to more 
states will not occur without a new allocation or realignment of 
resources. Plans for additional activities that involve coordination 
with Medicare have been put on hold, pending budget decisions. These 
include enhanced oversight of prescription drug fraud when Medicare 
begins covering Medicaid beneficiaries' drug benefits in 2006 and the 
use of a unified provider enrollment form instead of separate forms for 
Medicare and Medicaid. 

Similarly, CMS's role as provider of technical assistance and 
disseminator of states' best practices has been severely limited 
because of competing priorities. At a health care fraud and abuse 
conference sponsored by HHS and the Department of Justice in 2000, 
participants from states and CMS regional offices articulated their 
common unmet needs with regard to fraud and abuse technology. The top 
three areas cited were information-sharing and access to data; training 
in data analysis and use of technology; and staffing, hardware, and 
software resources. CMS has not sponsored a national conference with 
state program integrity officials since 2003 and has not sponsored any 
fraud and abuse workshops or training since 2000. According to a CMS 
official, such information-sharing and technical assistance activities 
would not be expensive to support--less than $100,000 annually--and 
could result in returns that would exceed this relatively low amount. 

Resource shortages also account for CMS's limited oversight of states' 
Medicaid prevention, detection, and referral activities for improper 
payments. Since January 2000, CMS's Medicaid staff from headquarters 
and regional offices have been conducting compliance reviews of about 
seven to eight states a year. The reviews are aimed at ensuring that 
states have processes and procedures in place, in compliance with 
federal requirements for enrolling providers, reviewing claims, and 
referring cases. These compliance reviews have been effective at 
identifying weaknesses in states' efforts to combat fraud and abuse. 
For example, in the course of these reviews, CMS has found instances in 
which: 

* a state had no process in place to prevent payments to excluded 
providers,

* states did not use their authority to evaluate providers' 
professional or criminal histories as part of the provider enrollment 
process, and: 

* a state did not follow appropriate procedures for referring a case to 
state law enforcement authorities. 

States have reported making positive modifications in their programs as 
a result of the CMS compliance reviews. Nevertheless, at the currently 
scheduled pace, states' programs will be reviewed once in 7 years at 
the earliest. Because the compliance reviews are infrequent, CMS's 
knowledge of states' fraud and abuse activities is, for many states, 
substantially out-of-date at any given time. 

Concluding Observations: 

Relatively few and questionably aligned resources and an absence of 
strategic planning underscore the limited commitment CMS has made to 
strengthening states' ability to curb fraud and abuse. Despite the 
millions of dollars CMS receives annually from a statutorily 
established fund for fraud and abuse control, the agency has not 
allocated these resources to sufficiently fund initiatives that can 
help states increase the effectiveness of their Medicaid fraud and 
abuse control efforts. Developing a strategic plan for Medicaid fraud 
and abuse control activities would give CMS a basis for providing 
resources that reflect the financial risk to the federal government. 

We discussed facts in this statement with a relevant CMS official. He 
noted that CMS does not view fraud and abuse control activities as 
separate from its financial management responsibilities. He indicated 
that CMS has invested substantial resources in program integrity 
activities that focus on the financial oversight of the Medicaid 
program. While we agree that financial oversight of Medicaid is a key 
component of program integrity, we maintain that the other component-- 
fraud and abuse control activities--warrants a greater commitment than 
it currently receives. 

Mr. Chairman, this concludes my prepared remarks. I would be happy to 
answer any questions that you or other Members of the Committee may 
have. 

Contact and Acknowledgments: 

For further information regarding this testimony, please contact Leslie 
G. Aronovitz at (312) 220-7600. Hannah Fein, Sandra Gove, and Janet 
Rosenblad contributed to this statement under the direction of Rosamond 
Katz. 

FOOTNOTES

[1] SCHIP is a jointly funded federal-state program that provides 
health insurance to children in low-income families who do not qualify 
for Medicaid and are not covered by other insurance. 

[2] GAO, Medicaid Program Integrity: State and Federal Efforts to 
Prevent and Detect Improper Payments, GAO-04-707 (Washington, D.C.: 
July 16, 2004). 

[3] Since fiscal year 2004, CMS has nearly completed the hiring of new 
staff accounting for 100 full-time equivalent positions to support its 
financial management review activities. Located largely in CMS regional 
offices, these staff review state budget and expenditure reports for 
accuracy, identify unallowable program costs, and provide guidance to 
the states on Medicaid financial management matters. Although financial 
management reviews are not intended to identify inappropriate billings 
by providers, they can identify fraud and abuse leads on an incidental 
basis. 

[4] GAO-04-707. 

[5] The 56 Medicaid programs include one for each of the 50 states, the 
District of Columbia, Puerto Rico, and the U.S. territories of American 
Samoa, Guam, Northern Mariana Islands, and Virgin Islands. Hereafter, 
all 56 entities are referred to as states. 

[6] For skilled professional medical personnel engaged in program 
integrity activities, such as those who review medical records, 75 
percent federal matching is available. 

[7] CMS requires that states have certain information processing 
capabilities, including a Medicaid Management Information System and a 
Surveillance and Utilization Review Subsystem. 

[8] Medicaid Fraud Control Units can, in turn, refer some cases to the 
HHS Office of Inspector General (OIG), the Federal Bureau of 
Investigation (FBI), and the Department of Justice (DOJ) for further 
investigation and prosecution. 

[9] GAO-04-707. 

[10] GAO-04-707. 

[11] In addition, three to four Medicare FTEs located in both 
headquarters and regional offices support joint Medicaid and Medicare 
fraud and abuse projects. 

[12] Since fiscal year 2003, this account dedicates $1.075 billion 
annually from the Medicare part A Trust Fund for combating health care 
fraud and abuse. The money is allocated in three major parts: (1) up to 
$720 million for the Medicare Integrity Program, (2) $114 million to 
the FBI, and (3) up to $240.6 million in "wedge" funds. In fiscal years 
2004 and 2005, wedge funds were allocated as follows: $160.0 million to 
the HHS OIG, $49.4 million to DOJ, and $31.1 million to CMS and other 
HHS agencies. 

[13] Information on the amount of fiscal year 2005 funds for compliance 
reviews was not available at the time of our review. 

[14] HHS, Performance and Accountability Report, Fiscal Year 2004 
(Washington, D.C.: Dec. 13, 2004).