Almost half—$171 billion—of Medicaid spending in 2017 went to managed care organizations (MCO). In Medicaid managed care, states pay a set periodic amount to MCOs for each enrollee, and MCOs pay health care providers for the services delivered to enrollees.
Used effectively, managed care can help states reduce Medicaid costs. However, managed care still is at risk of making incorrect payments, such as duplicate payments or payments for ineligible patients.
We identified 6 types of payment risks: 4 related to state payments to MCOs, and 2 related to MCO payments to providers.
We recommended ways to improve oversight of managed care payments.
State Medicaid agencies may pay providers directly for their services to patients or may pay managed care organizations a fixed monthly "capitated" payment for their services to patients.
This graphic shows the chain of payments under fee-for-service and managed care arrangements.
What GAO Found
Under Medicaid managed care, managed care organizations (MCO) receive a periodic payment per beneficiary in order to provide health care services. Managed care has the potential to help states reduce Medicaid program costs and better manage the use of health care services. However, managed care payments also have the potential to create program integrity risks. GAO identified six types of payment risks associated with managed care, including four related to payments that state Medicaid agencies make to MCOs, and two related to payments that MCOs make to providers. Of the six payment risks GAO identified, state stakeholders responsible for ensuring Medicaid program integrity more often cited the following two as having a higher level of risk:
- incorrect fee-for-service payments from MCOs, where the MCO paid providers for improper claims, such as claims for services not provided; and
- inaccurate state payments to MCOs resulting from using data that are not accurate or including costs that should be excluded in setting payment rates.
GAO also identified multiple challenges to program integrity oversight for managed care programs. Stakeholders most frequently cited challenges related to (1) appropriate allocation of resources, (2) quality of the data and technology used, and (3) adequacy of state policies and practices. Some stakeholders offered strategies to address these challenges, including collaborating with other entities to identify problem providers and fraud schemes, as well as having effective data systems to better manage risks.
The Centers for Medicare & Medicaid Services (CMS), which oversees Medicaid, has initiated efforts to assist states with program integrity oversight for managed care. However, some of these efforts have been delayed, and there are also gaps in oversight.
- CMS's planned Medicaid managed care guidance to states has been delayed due to the agency's internal review of the regulations; as of May 2018, no issuance date had been set for the guidance.
- CMS established a new approach for conducting managed care audits beginning in 2016. However, only a few audits have been conducted, with none initiated in the past 2 years. In part, this is due to certain impediments identified by states, such as the lack of some provisions in MCO contracts.
- CMS has updated standards for its periodic reviews of the state capitation rates set for MCOs. However, overpayments to providers by MCOs are not consistently accounted for in determining future state payments to MCOs, which can result in states' payments to MCOs being too high.
Lack of guidance and gaps in program integrity oversight are inconsistent with federal internal control standards, as well as with CMS's goals to (1) improve states' oversight of managed care; (2) use audits to investigate fraud, waste, and abuse of providers paid by MCOs; and (3) hold MCOs financially accountable. Without taking action to address these issues, CMS is missing an opportunity to develop more robust program integrity safeguards that will help mitigate payment risks in Medicaid managed care.
Why GAO Did This Study
Federal spending on services paid for under Medicaid managed care was $171 billion in 2017, almost half of the total federal Medicaid expenditures for that year. Federal and state program integrity efforts have largely focused on Medicaid fee-for-service delivery where the state pays providers directly, rather than managed care, where it pays MCOs. As a result, less is known about the types of payment risks under managed care.
GAO was asked to examine payment risks in Medicaid managed care. In this report, GAO (1) identified payment risks; (2) identified any challenges to state oversight and strategies to address them; and (3) assessed CMS efforts to help states address payment risks and oversight challenges. To do this work, GAO reviewed findings on managed care payment risks and oversight challenges from federal and state audits and other sources. GAO also interviewed 49 state program integrity stakeholders in 10 states selected based on size, the percent of population in managed care, and geography. Stakeholders included the state Medicaid managed care office, state Medicaid program integrity unit, state auditor, Medicaid Fraud Control Unit, and an MCO.
GAO recommends that CMS (1) expedite issuing planned guidance on Medicaid managed care program integrity, (2) address impediments to managed care audits, and (3) ensure states account for overpayments in setting future MCO payment rates. The Department of Health and Human Services concurred with these recommendations.
Recommendations for Executive Action
|Centers for Medicare and Medicaid Services||The Administrator of CMS should expedite the planned efforts to communicate guidance, such as its compendium on Medicaid managed care program integrity, to state stakeholders related to Medicaid managed care program integrity. (Recommendation 1)|
|Centers for Medicare and Medicaid Services||
Priority Rec.The Administrator of CMS should eliminate impediments to collaborative audits in managed care conducted by audit contractors and states, by ensuring that managed care audits are conducted regardless of which entity--the state or the managed care organization--recoups any identified overpayments. (Recommendation 2)
|Centers for Medicare and Medicaid Services||
Priority Rec.The Administrator of CMS should require states to report and document the amount of MCO overpayments to providers and how they are accounted for in capitation rate-setting. (Recommendation 3)