Skip to main content

Medicaid: CMS Has Taken Steps, but Further Efforts Are Needed to Control Improper Payments

GAO-17-386T Published: Jan 31, 2017. Publicly Released: Jan 31, 2017.
Jump To:

Fast Facts

Medicaid is a joint federal-state health care program for low income and medically needy people, with an estimated $36 billion in improper payments in fiscal year 2016.

We've identified some ways to reduce these errors, such as by confirming that Medicaid's participants and health care providers meet eligibility requirements, effectively overseeing managed care organizations, and ensuring that participants don't have duplicate coverage through private health insurance.

The Centers for Medicare & Medicaid Services has taken steps to address some of these issues, but more work is needed—at both the state and federal levels.

Photo of the Capitol dome



Photo of the Capitol dome

Skip to Highlights


What GAO Found

GAO's prior work has identified four Medicaid program integrity issues—where the program is vulnerable to improper payments such as those made for services that were not covered, were not medically necessary, or were not provided—as well as actions taken by the Centers for Medicare & Medicaid Services (CMS) to address the issues and additional actions that should be taken.

  • Enrollment Verification: In response to the Patient Protection and Affordable Care Act (PPACA), CMS established a more rigorous approach for verifying financial and nonfinancial information needed to determine Medicaid beneficiary eligibility. Despite CMS's efforts, however, there continue to be gaps in efforts to ensure that only eligible individuals are enrolled into Medicaid, and that Medicaid expenditures for enrollees—particularly those eligible as a result of the PPACA expansion—are matched appropriately by the federal government.
  • Oversight of Medicaid Managed Care: CMS has provided states with additional guidance on their oversight of Medicaid managed care. Oversight of managed care is increasing in importance and improvements in measuring the improper payment rate are needed. For example, the estimated improper payment rate for managed care is based on a review of payments made to managed care organizations, and does not review any underlying medical documentation. GAO and the Department of Health and Human Services (HHS) Office of Inspector General have identified incomplete and untimely managed care encounter data—data that managed care organizations are expected to report to state Medicaid programs, allowing states to track the services received by beneficiaries enrolled in managed care.
  • Provider Eligibility: PPACA included multiple provisions aimed at strengthening the screening of providers who enroll to participate in Medicaid. While the act requires that all providers and suppliers be subject to licensure checks, it gave CMS discretion to establish a risk-based application of other screening procedures, such as fingerprint-based criminal-background checks for high-risk providers. Also, CMS regulations now require that all Medicaid managed care providers enroll with the state Medicaid agency, which has the potential to improve oversight of providers in managed care. However, GAO's work based on 2 states and 16 health plans identified challenges screening providers for eligibility, partially due to fragmented information.
  • Coordination between Medicaid and the Exchange: CMS implemented a number of policies and procedures to ensure that individuals do not have duplicate coverage (enrolled in both Medicaid and in subsidized coverage through an exchange, which is a marketplace where eligible individuals may compare and purchase private health insurance). CMS has conducted checks to identify individuals with duplicate coverage, and plans to complete these checks at least two times per coverage year, which has the potential to save federal—as well as beneficiary—dollars. However, CMS has not developed a plan for assessing whether the checks and other procedures—such as thresholds for the level of duplicate coverage deemed acceptable—are sufficient to prevent and detect duplicate coverage.

Why GAO Did This Study

Medicaid, a joint federal-state health care program, is a significant component of federal and state budgets, with estimated outlays of $576 billion in fiscal year 2016. The program's size and diversity make it particularly vulnerable to improper payments. In fiscal year 2016, improper payments were an estimated 10.5 percent ($36 billion) of federal Medicaid expenditures, an increase from an estimated 9.8 percent ($29 billion) in fiscal year 2015.

States, which are responsible for the day-to-day administration of the Medicaid program, are the first line of defense against improper payments. Specifically, states must implement federal requirements to ensure the qualifications of the providers who bill the program, detect improper payments, recover overpayments, and refer suspected cases of fraud and abuse to law enforcement authorities. At the federal level, CMS is responsible for supporting and overseeing states' Medicaid program integrity activities.

This testimony highlights key program integrity issues in Medicaid, the progress CMS has made improving its oversight of program integrity, and the related challenges the agency and states continue to face. This testimony is based on 10 products and 11 recommendations. Of these 11 recommendations, 3 have been implemented based on agency action.

For more information, contact Carolyn L. Yocom at (202) 512-7114 or

Full Report

GAO Contacts

Office of Public Affairs


Deficit reductionEligibility criteriaEligibility determinationsHealth care programsMedicaidCompliance oversightHealth careImproper paymentsPolicies and proceduresManaged health care