Skip to Highlights

What GAO Found

GAO found thousands of Medicaid beneficiaries and hundreds of providers involved in potential improper or fraudulent payments during fiscal year 2011—the most-recent year for which reliable data were available in four selected states: Arizona, Florida, Michigan, and New Jersey. These states had about 9.2 million beneficiaries and accounted for 13 percent of all fiscal year 2011 Medicaid payments. Specifically:

About 8,600 beneficiaries had payments made on their behalf concurrently by two or more of GAO's selected states totaling at least $18.3 million.

The identities of about 200 deceased beneficiaries received about $9.6 million in Medicaid benefits subsequent to the beneficiary's death.

About 50 providers were excluded from federal health-care programs, including Medicaid, for a variety of reasons that include patient abuse or neglect, fraud, theft, bribery, or tax evasion.

Since 2011, the Centers for Medicare & Medicaid Services (CMS) has taken regulatory steps to make the Medicaid enrollment process more rigorous and data-driven; however, gaps in beneficiary-eligibility verification guidance and data sharing continue to exist. These gaps include the following:

In October 2013, CMS required states to use electronic data maintained by the federal government in its Data Services Hub (hub) to verify beneficiary eligibility. According to CMS, the hub can verify key application information, including state residency, incarceration status, and immigration status. However, additional guidance from CMS to states might further enhance program-integrity efforts beyond using the hub. Specifically, CMS regulations do not require states to periodically review Medicaid beneficiary files for deceased individuals more frequently than annually, nor specify whether states should consider using the more-comprehensive Social Security Administration Death Master File in conjunction with state-reported death data when doing so. As a result, states may not be able to detect individuals that have moved to and died in other states, or prevent the payment of potentially fraudulent benefits to individuals using these identities.

In 2011, CMS issued regulations to strengthen Medicaid provider-enrollment screening. For example, CMS now requires states to screen providers and suppliers to ensure they have active licenses in the state where they provide Medicaid services. CMS's regulations also allow states to use Medicare's enrollment database—the Provider Enrollment, Chain and Ownership System (PECOS)—to screen Medicaid providers so that duplication of effort is reduced. In April 2012, CMS gave each state manual access to certain information in PECOS. However, none of the four states GAO interviewed used PECOS to screen all Medicaid providers because of the manual process. In October 2013, CMS began providing interested states access to a monthly file containing basic enrollment information that could be used for automated screening, but CMS has not provided full access to all PECOS information, such as ownership information, that states report are needed to effectively and efficiently process Medicaid provider applications.

Why GAO Did This Study

This testimony summarizes the information contained in GAO's May 2015 report, entitled Medicaid: Additional Actions Needed to Help Improve Provider and Beneficiary Fraud Controls (GAO-15-313).

For more information, contact Seto J. Bagdoyan at (202) 512-6722 or

Full Report

GAO Contacts