Medicaid Integrity Program: CMS Should Take Steps to Eliminate Duplication and Improve Efficiency
What GAO Found
The Medicaid Integrity Group's (MIG) hiring of separate review and audit contractors for its National Medicaid Audit Program (NMAP) was inefficient and led to duplication because key functions were performed by both entities. Review contractors analyze state claims data to identify aberrant claims or billing anomalies while audit contractors conduct postpayment audits to determine if payments to providers were improper. Because both types of contractors had to assess whether payments were improper under state Medicaid policies, having separate contractors doubled states' burden in ensuring that state policies were being correctly applied. Also, poor coordination and communication between the two types of contractors resulted in duplicative data analysis. In turn, these inefficiencies added to the length of audits, which on average took almost 23 months to complete. By contrast, the average duration of six audits using a more collaborative and coordinated approach was 16 months, and the amount of identified overpayments increased significantly.
Other MIG oversight and support activities--the free training provided to state officials through the Medicaid Integrity Institute, the evaluation of state program integrity procedures through triennial comprehensive reviews, and the collection of data from states through annual assessments--show mixed results in enhancing program integrity efforts. According to state officials, the modest expenditures on the institute result in valuable training and networking opportunities. The MIG, however, has not taken advantage of the potential for comprehensive reviews to inform the selection of states for federal audits. Although the MIG's comprehensive reviews yield considerable information about state program integrity vulnerabilities, states with serious program integrity vulnerabilities often had few NMAP audits. Furthermore, the data collected through state program integrity assessments (SPIA) duplicate data collected through comprehensive reviews and other reports, are not validated, and, even if the data were accurate, are less current than similar data from other sources.
Reporting by the Centers for Medicaid & Medicaid Services (CMS) on the return on investment (ROI) from the activities of the MIG is inadequate. CMS's annual reports to Congress provide a limited picture of ROI for NMAP audits, which account for over half of the MIG's annual expenditures, and it is difficult to calculate an ROI with the expenditure and activity information provided. The Department of Health and Human Services (HHS) recently announced that it will discontinue reporting a separate ROI for NMAP. In addition, CMS's ROI methodology includes a percentage of state-identified overpayments reported on the SPIA, which is questionable. To date, CMS has not published an ROI methodology. Regarding state reporting of recoveries, we found that most states were not fully reporting recoveries according to specific program integrity activities and that a sizable number appeared to underreport aggregate recoveries compared to other sources. For example, one state reported aggregate recoveries of about $195,000 over 3 years to CMS but about $36 million in its annual report to the governor for 2 of these years. The apparent gaps in state reporting of such recoveries make it difficult to determine whether states are returning the federal share of recovered overpayments. A full accounting of state and NMAP related recoveries is vital for measuring the effectiveness of efforts to reduce improper payments.
Why GAO Did This Study
Medicaid has the second-highest estimated improper payments of any federal program that reports such data. The Deficit Reduction Act of 2005 created the Medicaid Integrity Program to oversee and support state program integrity activities. CMS, the federal agency within HHS that oversees Medicaid, established the MIG to implement this new program. This report assesses (1) the MIG's use of two types of contractors to review and audit state Medicaid claims, (2) the MIG's implementation of other oversight and support activities, and (3) CMS and state reporting on the results of their program integrity activities. GAO analyzed MIG data on its contractors' audits, training program for state officials, comprehensive state reviews, and state assessments; analyzed reports that summarized the monetary returns from MIG and state program integrity activities; and interviewed MIG officials, contractors, and state program integrity officials.
GAO recommends that the CMS Administrator (1) eliminate duplication by merging contractor functions, (2) use comprehensive reviews to better target audits, (3) follow up with states to ensure reliable reporting of their program integrity recoveries, (4) discontinue the SPIA, and (5) reevaluate and publish its ROI methodology. In response, HHS concurred with three of GAO's recommendations and partially concurred with the need to eliminate SPIA-related duplication and to reevaluate CMS's ROI methodology. As discussed in this report, GAO continues to believe that its recommendations are valid.
Recommendations for Executive Action
|Centers for Medicare & Medicaid Services||To strengthen the Medicaid Integrity Program, and to eliminate duplication and more efficiently use audit resources, the CMS Acting Administrator should merge the functions of the federal review and audit contractors within a state or geographic region.||
In 2013, the agency let the review contract expire, and reconfigured the NMAP to eliminate the review contractor function altogether. By eliminating duplication in the review function, CMS will realize greater efficiencies in its audits and reduce state burden.
|Centers for Medicare & Medicaid Services||To strengthen the Medicaid Integrity Program, and to ensure that the MIG's comprehensive reviews inform its management of NMAP, the CMS Acting Administrator should use the knowledge gained from the comprehensive reviews as a criterion for focusing NMAP resources towards states that have structural or data-analysis vulnerabilities.||
Both the comprehensive reviews and NMAP audits have evolved. The agency has eliminated the NMAP MSIS audits that were selected by contractors on the basis of faulty MSIS data. The agency has also redesigned the comprehensive reviews to shift away from a regulatory compliance framework to a more targeted risk assessment model and has conducted an integrated program integrity review and audit in at least one state. These actions fulfill the intent of our recommendation.
|Centers for Medicare & Medicaid Services||To strengthen the Medicaid Integrity Program, and to avoid unnecessary duplication overlap with other efforts, as well as the reporting of unverified and inaccurate data, the CMS Acting Administrator should discontinue the annual state program integrity assessments.||
CMS has indefinitely suspended the state program integrity assessments to avoid duplication and the reporting of inaccurate data, as GAO recommended in November 2012. In June 2013, CMS reported that it had suspended the state program integrity assessments and planned to redesign the assessment to integrate and coordinate with other CMS reporting mechanisms to reduce the duplication of data collection and the reporting burden on the states, eliminate the time lag in reporting data, and institute more rigorous data validation. In June 2014, the agency confirmed that the state program integrity assessments have been suspended indefinitely.
|Centers for Medicare & Medicaid Services||
Priority Rec.To strengthen the Medicaid Integrity Program, and to ensure the most effective use of federal Medicaid program integrity funding, the CMS Acting Administrator should reevaluate the agency's methodology for calculating an ROI for the Medicaid Integrity Program, including reporting separately on the NMAP, and share its methodology with Congress and the states.
In January 2015, CMS disagreed with our recommendation to report a separate ROI for the NMAP because it was developing a methodology for measuring and calculating an ROI that reflected its restructured program integrity efforts, which span both Medicare and Medicaid. CMS's fiscal year 2015 report to Congress on Medicare and Medicaid program integrity was published in June 2017 and included information on overpayments identified and federal dollars recovered as a result of the Medicaid Integrity Contractor audit program, the federal post-payment audit effort which succeeded the NMAP. Also, CMS officials provided GAO with documentation of how they examined the direct costs and savings related to the Medicaid Integrity Contractor audit program and the Medicaid Integrity Program overall in order to assess its effectiveness. CMS's current effort to examine program obligations in relationship to identified overpayments and state recoveries for both the audit Medicaid Integrity Contractor program and the Medicaid Integrity Program is essentially an examination of its return on investment and will help CMS assess the most effective use of federal Medicaid program integrity funding.
|Centers for Medicare & Medicaid Services||To strengthen the Medicaid Integrity Program, and to ensure the appropriate tracking of the results of states' program integrity activities, the CMS Acting Administrator should increase the agency's efforts to hold states accountable for reliably reporting program integrity recoveries as a part of their quarterly expenditure reporting.||
In 2012, GAO found that reporting by CMS on the its program integrity efforts was inadequate, in part because most states were not fully reporting recoveries according to specific program integrity activities and that a sizable number appeared to underreport aggregate recoveries compared to other sources. The apparent gaps in state reporting of such recoveries made it difficult to determine whether states were returning the federal share of recovered overpayments. Therefore, we recommended that CMS increase the agency's efforts to hold states accountable for reliably reporting program integrity recoveries as a part of their quarterly expenditure reporting. CMS agreed with our recommendation, and in 2014, provided training through the Medicaid Integrity Institute on correct reporting of recoveries. Efforts to ensure correct reporting of recoveries will make it easier for CMS to determine whether states are returning the federal share of recovered overpayments.