What GAO Found
GAO found thousands of Medicaid beneficiaries and hundreds of providers involved in potential improper or fraudulent payments during fiscal year 2011—the most-recent year for which reliable data were available in four selected states: Arizona, Florida, Michigan, and New Jersey. These states had about 9.2 million beneficiaries and accounted for 13 percent of all fiscal year 2011 Medicaid payments. Specifically:
About 8,600 beneficiaries had payments made on their behalf concurrently by two or more of GAO's selected states totaling at least $18.3 million.
The identities of about 200 deceased beneficiaries received about $9.6 million in Medicaid benefits subsequent to the beneficiary's death.
About 50 providers were excluded from federal health-care programs, including Medicaid, for a variety of reasons that include patient abuse or neglect, fraud, theft, bribery, or tax evasion.
Since 2011, the Centers for Medicare & Medicaid Services (CMS) has taken regulatory steps to make the Medicaid enrollment process more rigorous and data-driven; however, gaps in beneficiary-eligibility verification guidance and data sharing continue to exist. These gaps include the following:
In October 2013, CMS required states to use electronic data maintained by the federal government in its Data Services Hub (hub) to verify beneficiary eligibility. According to CMS, the hub can verify key application information, including state residency, incarceration status, and immigration status. However, additional guidance from CMS to states might further enhance program-integrity efforts beyond using the hub. Specifically, CMS regulations do not require states to periodically review Medicaid beneficiary files for deceased individuals more frequently than annually, nor specify whether states should consider using the more-comprehensive Social Security Administration Death Master File in conjunction with state-reported death data when doing so. As a result, states may not be able to detect individuals that have moved to and died in other states, or prevent the payment of potentially fraudulent benefits to individuals using these identities.
In 2011, CMS issued regulations to strengthen Medicaid provider-enrollment screening. For example, CMS now requires states to screen providers and suppliers to ensure they have active licenses in the state where they provide Medicaid services. CMS's regulations also allow states to use Medicare's enrollment database—the Provider Enrollment, Chain and Ownership System (PECOS)—to screen Medicaid providers so that duplication of effort is reduced. In April 2012, CMS gave each state manual access to certain information in PECOS. However, none of the four states GAO interviewed used PECOS to screen all Medicaid providers because of the manual process. In October 2013, CMS began providing interested states access to a monthly file containing basic enrollment information that could be used for automated screening, but CMS has not provided full access to all PECOS information, such as ownership information, that states report are needed to effectively and efficiently process Medicaid provider applications.
Why GAO Did This Study
Medicaid is a significant expenditure for the federal government and the states, with total federal outlays of $310 billion in fiscal year 2014. CMS reported an estimated $17.5 billion in potentially improper payments for the Medicaid program in 2014.
GAO was asked to review beneficiary and provider enrollment-integrity efforts at selected states. This report (1) identifies and analyzes indicators of improper or potentially fraudulent payments in fiscal year 2011, and (2) examines the extent to which federal and state oversight policies, controls, and processes are in place to prevent and detect fraud and abuse in determining eligibility.
GAO analyzed Medicaid claims paid in fiscal year 2011, the most-recent reliable data available, for four states: Arizona, Florida, Michigan, and New Jersey. These states were chosen because they were among those with the highest Medicaid enrollment; the results are not generalizable to all states. GAO performed data matching with various databases to identify indicators of potential fraud, reviewed CMS and state Medicaid program-integrity policies, and interviewed CMS and state officials performing oversight functions.
GAO recommends that CMS issue guidance for screening deceased beneficiaries and supply more-complete data for screening Medicaid providers. The agency concurred with both of the recommendations and stated it would provide state-specific guidance to address them.
Recommendations for Executive Action
|Centers for Medicare and Medicaid Services||1. To further improve efforts to limit improper payments, including fraud, in the Medicaid program, the Acting Administrator of CMS should issue guidance to states to better identify beneficiaries who are deceased.|
|Centers for Medicare and Medicaid Services||2. To further improve efforts to limit improper payments, including fraud, in the Medicaid program, the Acting Administrator of CMS should provide guidance to states on the availability of automated information through Medicare's enrollment database--the Provider Enrollment, Chain and Ownership System (PECOS)--and full access to all pertinent PECOS information, such as ownership information, to help screen Medicaid providers more efficiently and effectively.|