Skip to main content

Medicare: Actions Needed to Better Manage Fraud Risks

GAO-18-660T Published: Jul 17, 2018. Publicly Released: Jul 17, 2018.
Jump To:

Fast Facts

Medicare improper payments were estimated to be about $52 billion in fiscal year 2017. As program spending increases, the cost of fraud could increase as well. Are the Centers for Medicare & Medicaid Services doing enough to prevent, detect, and combat Medicare fraud?

Our 2017 report showed that some of CMS's fraud risk management practices aligned with leading practices, while others could be improved. We recommended improving fraud awareness training, conducting risk assessments, and creating an antifraud strategy.

As of this testimony, the recommendations are still open. We will continue to monitor the status of their implementation.

Projected Medicare Spending

A line graph showing that spending will likely increase through 2045 due to population aging and increasing costs-per-person.

A line graph showing that spending will likely increase through 2045 due to population aging and increasing costs-per-person.

Skip to Highlights


What GAO Found

In its December 2017 report, GAO found that the Centers for Medicare & Medicaid Services' (CMS) antifraud efforts for Medicare partially align with GAO's 2015 A Framework for Managing Fraud Risks in Federal Programs (Framework). The Fraud Reduction and Data Analytics Act of 2015 required OMB to incorporate leading practices identified in this Framework in its guidance to agencies on addressing fraud risks.

Fraud Risk Framework's Components

Fraud Risk Framework's Components

Consistent with the Framework, GAO determined that CMS had demonstrated commitment to combating fraud by creating a dedicated entity to lead antifraud efforts; the Center for Program Integrity (CPI) serves as this entity for fraud, waste, and abuse issues in Medicare. CMS also promoted an antifraud culture by, for example, coordinating with internal stakeholders to incorporate antifraud features into new program design. To increase awareness of fraud risks in Medicare, CMS offered and required training for stakeholder groups such as providers of medical services, but it did not offer or require similar fraud-awareness training for most of its workforce.

CMS took some steps to identify fraud risks in Medicare; however, it had not conducted a fraud risk assessment or designed and implemented a risk-based antifraud strategy for Medicare as defined in the Framework. CMS identified fraud risks through control activities that target areas the agency designated as higher risk within Medicare, including specific provider types, such as home health agencies. Building on earlier steps and conducting a fraud risk assessment, consistent with the Framework, would provide the detailed information and insights needed to create a fraud risk profile, which, in turn, is the basis for creating an antifraud strategy.

CMS established monitoring and evaluation mechanisms for its program-integrity control activities that, if aligned with an antifraud strategy, could enhance the effectiveness of fraud risk management in Medicare. For example, CMS used return-on-investment and savings estimates to measure the effectiveness of its Medicare program-integrity activities. In developing an antifraud strategy, consistent with the Framework, CMS could include plans for refining and building on existing methods such as return-on-investment, to evaluate the effectiveness of all of its antifraud efforts.

Why GAO Did This Study

Medicare covered over 58 million people in 2017 and has wide-ranging impact on the health-care sector and the overall U.S. economy. However, the billions of dollars in Medicare outlays as well as program complexity make it susceptible to improper payments, including fraud. Although there are no reliable estimates of fraud in Medicare, in fiscal year 2017 improper payments for Medicare were estimated at about $52 billion. Further, about $1.4 billion was returned to Medicare Trust Funds in fiscal year 2017 as a result of recoveries, fines, and asset forfeitures.

In December 2017, GAO issued a report examining how CMS managed its fraud risks overall and particularly the extent to which its efforts in the Medicare and Medicaid programs aligned with GAO's Framework. This testimony, based on that report, discusses the extent to which CMS's management of fraud risks in Medicare aligns with the Framework. For the report, GAO reviewed CMS policies and interviewed officials and external stakeholders.


In its December 2017 report, GAO made three recommendations, namely that CMS (1) require and provide fraud-awareness training to its employees; (2) conduct fraud risk assessments; and (3) create an antifraud strategy for Medicare, including an approach for evaluation. The Department of Health and Human Services agreed with these recommendations and reportedly is evaluating options to implement them. Accordingly, the recommendations remain open.

Full Report

Office of Public Affairs


Compliance oversightHealth careHealth care standardsInternal controlsMedicare fraudMonitoringPerformance measurementProgram integrityRisk assessmentRisk management