Recommendation: The Administrator of CMS should provide fraud-awareness training relevant to risks facing CMS programs and require new hires to undergo such training and all employees to undergo training on a recurring basis. (Recommendation 1)
Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
Status: Open
Comments: The agency agreed with this recommendation. In July 2018, CMS reported that it is strengthening its efforts to ingrain fraud risk management principles throughout the Agency and is developing a training video, module, and curriculum to train staff agency-wide on fraud risks. In November 2019, CMS provided fraud-awareness training videos for new and current CMS employees. GAO requested and is awaiting documentation to show mandatory nature and annual frequency of the training in order to assess the extent to which the training is consistent with leading practices in fraud risk management.
Recommendation: The Administrator of CMS should conduct fraud risk assessments for Medicare and Medicaid to include respective fraud risk profiles and plans for regularly updating the assessments and profiles. (Recommendation 2)
Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
Status: Open
Comments: Agency agreed with this recommendation. In July 2018, CMS reported that it has initiated the fraud risk assessment for some programs in Medicare, including the Medicare Diabetes Prevention Program expanded model. CMS also reported that it is also continuing to draft fraud risk profiles for the Comprehensive End-Stage Renal Disease (ESRD) Care model, the Comprehensive Primary Care Plus model, the permanent Medicare Shared Savings Program, and the new Medicare Beneficiary Identifier. Additionally, CMS reported that it is assessing the Quality Payment Program, established by the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), utilizing the GAO fraud risk assessment framework. We will continue to monitor CMS's progress in this area. In November 2019, CMS provided a diagram depicting CMS approach to assessing fraud risks and a document for Home Health Request for Anticipated Payment, stating that fraud risk assessments on Medicare Diabetes Prevention Program and Quality Payment Program are under development. We requested and are awaiting additional information on CMS's approach and plans for conducting fraud risk assessments in Medicare programs, including the reasoning for program selection, overall order, and anticipated timeframes.
Recommendation: The Administrator of CMS should, using the results of the fraud risk assessments for Medicare and Medicaid, create, document, implement, and communicate an antifraud strategy that is aligned with and responsive to regularly assessed fraud risks. This strategy should include an approach for monitoring and evaluation. (Recommendation 3)
Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
Status: Open
Comments: Agency agreed with this recommendation. In November 2019, CMS reported on activities to conduct fraud risk assessments in Medicare programs (see Recommendation 2), however this work is ongoing and the recommendation remains open. Because completion of a fraud risk assessment is necessary before developing an antifraud strategy, this recommendation also remains open. We will continue to monitor CMS's progress in this area.
