Patient Protection and Affordable Care Act: Preliminary Results from Ongoing Review Suggest Fraud Risks in the Advance Premium Tax Credit Persist

What GAO Found

Preliminary results from GAO's ongoing covert testing suggest fraud risks in the advance premium tax credit (APTC) persist. The federal Marketplace approved coverage for nearly all of GAO's fictitious applicants in plan years 2024 and 2025, generally consistent with similar GAO testing in plan years 2014 through 2016. GAO's covert testing is illustrative and cannot be generalized to the enrollee population.

• Plan year 2024. The federal Marketplace approved subsidized coverage for all four of GAO's fictitious applicants submitted in October 2024. In total, the Centers for Medicare & Medicaid Services (CMS) paid about $2,350 per month in APTC in November and December for these fictitious enrollees. For some, the federal Marketplace requested documentation to support Social Security numbers (SSN), citizenship, and reported income. GAO did not provide documentation yet received coverage.
• Plan year 2025. Of 20 fictitious applicants, 18 remain actively covered as of September 2025. APTC for these 18 enrollees totals over $10,000 per month. GAO continues to monitor the enrollments as part of its ongoing work.

More broadly, GAO's preliminary analyses identified vulnerabilities related to potential SSN misuse and likely unauthorized enrollment changes in federal Marketplace data for plan years 2023 and 2024. Such issues can contribute to APTC that is not reconciled through enrollees' tax filings to determine the amount of premium tax credit for which enrollees were ultimately eligible. GAO's preliminary analysis of data from tax year 2023 could not identify evidence of reconciliation for over $21 billion in APTC for enrollees who provided SSNs to the federal Marketplace for plan year 2023. Unreconciled APTC may not necessarily represent overpayments, as enrollees who did not reconcile may have been eligible for the subsidy. However, it may include overpayments for enrollees who were not eligible for APTC.

• Overused SSNs. GAO's preliminary analyses identified over 29,000 SSNs in plan year 2023 and nearly 68,000 SSNs in plan year 2024 used to receive more than one year's worth of insurance coverage with APTC in a single plan year. CMS officials explained that the federal Marketplace does not prohibit multiple enrollments per SSN to help ensure that the actual SSN-holder can enroll in insurance coverage in cases of identity theft or data entry errors.

GAO's preliminary analyses also identified at least 30,000 applications in plan year 2023 and at least 160,000 applications in plan year 2024 that had likely unauthorized changes by agents or brokers. This can result in consumer harm, including loss of access to medications. In July 2024, CMS implemented a new control to prevent such changes, which GAO is reviewing in its ongoing work.

GAO preliminarily identified weaknesses in CMS’s APTC fraud risk management as compared to leading practices. Specifically, CMS has not updated its fraud risk assessment since 2018 despite changes in the program and its controls. Further, CMS’s 2018 assessment may not fully align with leading practices, like identifying inherent fraud risks. Finally, CMS did not use its 2018 assessment to develop an antifraud strategy. Together, these weaknesses appear to hinder CMS’s ability to effectively and proactively manage fraud risks in APTC.

Why GAO Did This Study

The Patient Protection and Affordable Care Act provides premium tax credits to help eligible individuals pay for health insurance. The federal government can pay this credit directly to health insurance issuers as APTC. CMS estimated that it paid nearly $124 billion in APTC for about 19.5 million enrollees in plan year 2024. Consumers can enroll in insurance through the federal Marketplace independently or with assistance from an agent or broker.

Recent indictments highlight concerns about agent and broker practices in the federal Marketplace. Further, CMS reported that it received roughly 275,000 complaints in 2024 that consumers were enrolled or had insurance plans changed in the federal Marketplace without their consent.

GAO was asked to review issues related to fraud risk management in APTC. This report discusses preliminary results of ongoing GAO work related to (1) covert testing and (2) data analyses of enrollment controls in the federal Marketplace, as well as (3) CMS's APTC fraud risk assessment and antifraud strategy.

To perform this work, GAO created 20 fictitious identities and submitted applications for health care coverage in the federal Marketplace for plan years 2024 and 2025. The results, while illustrative, cannot be generalized to the full enrollment population. Additionally, GAO analyzed federal Marketplace enrollment data for plan years 2023 and 2024 and compared these data to federal death data and tax data. Finally, GAO assessed documentation related to CMS's fraud risk management activities against relevant leading practices.