What GAO Found
The Medicaid Integrity Group's (MIG) hiring of separate review and audit contractors for its National Medicaid Audit Program (NMAP) was inefficient and led to duplication because key functions were performed by both entities. Review contractors analyze state claims data to identify aberrant claims or billing anomalies while audit contractors conduct postpayment audits to determine if payments to providers were improper. Because both types of contractors had to assess whether payments were improper under state Medicaid policies, having separate contractors doubled states' burden in ensuring that state policies were being correctly applied. Also, poor coordination and communication between the two types of contractors resulted in duplicative data analysis. In turn, these inefficiencies added to the length of audits, which on average took almost 23 months to complete. By contrast, the average duration of six audits using a more collaborative and coordinated approach was 16 months, and the amount of identified overpayments increased significantly.
Other MIG oversight and support activities--the free training provided to state officials through the Medicaid Integrity Institute, the evaluation of state program integrity procedures through triennial comprehensive reviews, and the collection of data from states through annual assessments--show mixed results in enhancing program integrity efforts. According to state officials, the modest expenditures on the institute result in valuable training and networking opportunities. The MIG, however, has not taken advantage of the potential for comprehensive reviews to inform the selection of states for federal audits. Although the MIG's comprehensive reviews yield considerable information about state program integrity vulnerabilities, states with serious program integrity vulnerabilities often had few NMAP audits. Furthermore, the data collected through state program integrity assessments (SPIA) duplicate data collected through comprehensive reviews and other reports, are not validated, and, even if the data were accurate, are less current than similar data from other sources.
Reporting by the Centers for Medicaid & Medicaid Services (CMS) on the return on investment (ROI) from the activities of the MIG is inadequate. CMS's annual reports to Congress provide a limited picture of ROI for NMAP audits, which account for over half of the MIG's annual expenditures, and it is difficult to calculate an ROI with the expenditure and activity information provided. The Department of Health and Human Services (HHS) recently announced that it will discontinue reporting a separate ROI for NMAP. In addition, CMS's ROI methodology includes a percentage of state-identified overpayments reported on the SPIA, which is questionable. To date, CMS has not published an ROI methodology. Regarding state reporting of recoveries, we found that most states were not fully reporting recoveries according to specific program integrity activities and that a sizable number appeared to underreport aggregate recoveries compared to other sources. For example, one state reported aggregate recoveries of about $195,000 over 3 years to CMS but about $36 million in its annual report to the governor for 2 of these years. The apparent gaps in state reporting of such recoveries make it difficult to determine whether states are returning the federal share of recovered overpayments. A full accounting of state and NMAP related recoveries is vital for measuring the effectiveness of efforts to reduce improper payments.
Why GAO Did This Study
Medicaid has the second-highest estimated improper payments of any federal program that reports such data. The Deficit Reduction Act of 2005 created the Medicaid Integrity Program to oversee and support state program integrity activities. CMS, the federal agency within HHS that oversees Medicaid, established the MIG to implement this new program. This report assesses (1) the MIG's use of two types of contractors to review and audit state Medicaid claims, (2) the MIG's implementation of other oversight and support activities, and (3) CMS and state reporting on the results of their program integrity activities. GAO analyzed MIG data on its contractors' audits, training program for state officials, comprehensive state reviews, and state assessments; analyzed reports that summarized the monetary returns from MIG and state program integrity activities; and interviewed MIG officials, contractors, and state program integrity officials.
GAO recommends that the CMS Administrator (1) eliminate duplication by merging contractor functions, (2) use comprehensive reviews to better target audits, (3) follow up with states to ensure reliable reporting of their program integrity recoveries, (4) discontinue the SPIA, and (5) reevaluate and publish its ROI methodology. In response, HHS concurred with three of GAO's recommendations and partially concurred with the need to eliminate SPIA-related duplication and to reevaluate CMS's ROI methodology. As discussed in this report, GAO continues to believe that its recommendations are valid.
Recommendations for Executive Action
|Centers for Medicare and Medicaid Services||To strengthen the Medicaid Integrity Program, and to eliminate duplication and more efficiently use audit resources, the CMS Acting Administrator should merge the functions of the federal review and audit contractors within a state or geographic region.|
|Centers for Medicare and Medicaid Services||To strengthen the Medicaid Integrity Program, and to ensure that the MIG's comprehensive reviews inform its management of NMAP, the CMS Acting Administrator should use the knowledge gained from the comprehensive reviews as a criterion for focusing NMAP resources towards states that have structural or data-analysis vulnerabilities.|
|Centers for Medicare and Medicaid Services||To strengthen the Medicaid Integrity Program, and to avoid unnecessary duplication overlap with other efforts, as well as the reporting of unverified and inaccurate data, the CMS Acting Administrator should discontinue the annual state program integrity assessments.|
|Centers for Medicare and Medicaid Services||
Priority Rec.To strengthen the Medicaid Integrity Program, and to ensure the most effective use of federal Medicaid program integrity funding, the CMS Acting Administrator should reevaluate the agency's methodology for calculating an ROI for the Medicaid Integrity Program, including reporting separately on the NMAP, and share its methodology with Congress and the states.
|Centers for Medicare and Medicaid Services||To strengthen the Medicaid Integrity Program, and to ensure the appropriate tracking of the results of states' program integrity activities, the CMS Acting Administrator should increase the agency's efforts to hold states accountable for reliably reporting program integrity recoveries as a part of their quarterly expenditure reporting.|