Medicaid Program Integrity
State and Federal Efforts to Prevent and Detect Improper Payments
Gao ID: GAO-04-707 July 16, 2004
During fiscal year 2002, Medicaid--a program jointly funded by the federal government and the states--provided health care coverage for about 51 million low-income Americans. That year, Medicaid benefit payments reached approximately $244 billion, of which the federal share was about $139 billion. The program is administered by state Medicaid agencies with oversight provided by the Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services. Medicaid's size and diversity make it vulnerable to improper payments that can result from fraud, abuse, or clerical errors. States conduct program integrity activities to prevent, or detect and recover, improper payments. This report provides information on (1) the types of provider fraud and abuse problems that state Medicaid programs have identified, (2) approaches states take to ensure that Medicaid funds are paid appropriately, and (3) CMS's efforts to support and oversee state program integrity activities. To address these issues, we compiled an inventory of states' Medicaid program integrity activities, conducted site visits in eight states, and interviewed CMS's Medicaid program integrity staff.
Various forms of fraud and abuse have resulted in substantial financial losses to states and the federal government. Fraudulent and abusive billing practices committed by providers include billing for services, drugs, equipment, or supplies not provided or not needed. Providers have also been found to bill for more expensive procedures than actually provided. In recent cases, 15 clinical laboratories in one state billed Medicaid $20 million for services that had not been ordered, an optical store falsely claimed $3 million for eyeglass replacements, and a medical supply company agreed to repay states nearly $50 million because of fraudulent marketing practices. States report that their Medicaid program integrity activities generated cost savings by applying certain measures to providers considered to be at high risk for inappropriate billing and by generally strengthening their program controls for all providers. Thirty-four of the 47 states that completed our inventory reported using one or more enrollment controls with their high-risk providers, such as on-site inspections of the applicant's facility, criminal background checks, or probationary or time-limited enrollment. States also reported using information technology to integrate databases containing provider, beneficiary, and claims information and conduct more efficient utilization reviews. For example, 34 states reported conducting targeted claims reviews to identify unusual patterns that might indicate provider abuse. In addition, states cited legislation that directed the use of certain preventive or detection controls or authorized enhanced enforcement powers as lending support to their Medicaid program integrity efforts. At the federal level, CMS is engaged in several initiatives designed to support states' program integrity efforts; however, its oversight of these state efforts is limited. CMS initiatives include two pilots, one to measure the accuracy of each state's Medicaid claims payments and another to identify aberrant provider billing by linking Medicaid and Medicare claims information. CMS also provides technical assistance to states by sponsoring monthly teleconferences where states can discuss emerging issues and propose policy changes. To monitor Medicaid program integrity activities, CMS teams conduct on-site reviews of states' compliance with federal requirements, such as referring certain cases to the state agency responsible for investigating Medicaid fraud. In fiscal year 2004, CMS allocated $26,000 and eight staff positions nationally for overseeing the states' Medicaid program integrity activities, including the cost of compliance reviews. With this level of resources, CMS aims to review 8 states each year until all 50 states and the District of Columbia have been covered. From January 2000 through December 2003, CMS has conducted reviews of 29 states and, at its current pace, would not begin a second round of reviews before fiscal year 2007. This level of effort suggests that CMS's oversight of the states' Medicaid program integrity efforts may be disproportionately small relative to the risk of serious financial loss.
GAO-04-707, Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments
This is the accessible text file for GAO report number GAO-04-707
entitled 'Medicaid Program Integrity: State and Federal Efforts to
Prevent and Detect Improper Payments' which was released on August 18,
2004.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Chairman, Committee on Finance, U.S. Senate:
United States Government Accountability Office:
GAO:
July 2004:
Medicaid Program Integrity:
State and Federal Efforts to Prevent and Detect Improper Payments:
GAO-04-707:
GAO Highlights:
Highlights of GAO-04-707, a report to the Chairman, Committee on
Finance, U.S. Senate
Why GAO Did This Study:
During fiscal year 2002, Medicaid”a program jointly funded by the
federal government and the states”provided health care coverage for
about 51 million low-income Americans. That year, Medicaid benefit
payments reached approximately $244 billion, of which the federal share
was about $139 billion. The program is administered by state Medicaid
agencies with oversight provided by the Centers for Medicare & Medicaid
Services (CMS) in the Department of Health and Human Services.
Medicaid‘s size and diversity make it vulnerable to improper payments
that can result from fraud, abuse, or clerical errors. States conduct
program integrity activities to prevent, or detect and recover,
improper payments. This report provides information on (1) the types
of provider fraud and abuse problems that state Medicaid programs have
identified, (2) approaches states take to ensure that Medicaid funds
are paid appropriately, and (3) CMS‘s efforts to support and oversee
state program integrity activities. To address these issues, we
compiled an inventory of states‘ Medicaid program integrity activities,
conducted site visits in eight states, and interviewed CMS‘s Medicaid
program integrity staff.
What GAO Found:
Various forms of fraud and abuse have resulted in substantial financial
losses to states and the federal government. Fraudulent and abusive
billing practices committed by providers include billing for services,
drugs, equipment, or supplies not provided or not needed. Providers
have also been found to bill for more expensive procedures than
actually provided. In recent cases, 15 clinical laboratories in one
state billed Medicaid $20 million for services that had not been
ordered, an optical store falsely claimed $3 million for eyeglass
replacements, and a medical supply company agreed to repay states
nearly $50 million because of fraudulent marketing practices.
States report that their Medicaid program integrity activities
generated cost savings by applying certain measures to providers
considered to be at high risk for inappropriate billing and by
generally strengthening their program controls for all providers.
Thirty-four of the 47 states that completed our inventory reported
using one or more enrollment controls with their high-risk providers,
such as on-site inspections of the applicant‘s facility, criminal
background checks, or probationary or time-limited enrollment. States
also reported using information technology to integrate databases
containing provider, beneficiary, and claims information and conduct
more efficient utilization reviews. For example, 34 states reported
conducting targeted claims reviews to identify unusual patterns that
might indicate provider abuse. In addition, states cited legislation
that directed the use of certain preventive or detection controls or
authorized enhanced enforcement powers as lending support to their
Medicaid program integrity efforts.
At the federal level, CMS is engaged in several initiatives designed to
support states‘ program integrity efforts; however, its oversight of
these state efforts is limited. CMS initiatives include two pilots,
one to measure the accuracy of each state‘s Medicaid claims payments
and another to identify aberrant provider billing by linking Medicaid
and Medicare claims information. CMS also provides technical
assistance to states by sponsoring monthly teleconferences where
states can discuss emerging issues and propose policy changes. To
monitor Medicaid program integrity activities, CMS teams conduct
on-site reviews of states‘ compliance with federal requirements, such
as referring certain cases to the state agency responsible for
investigating Medicaid fraud. In fiscal year 2004, CMS allocated
$26,000 and eight staff positions nationally for overseeing the states‘
Medicaid program integrity activities, including the cost of compliance
reviews. With this level of resources, CMS aims to review 8 states
each year until all 50 states and the District of Columbia have been
covered. From January 2000 through December 2003, CMS has conducted
reviews of 29 states and, at its current pace, would not begin a second
round of reviews before fiscal year 2007. This level of effort
suggests that CMS‘s oversight of the states‘ Medicaid program integrity
efforts may be disproportionately small relative to the risk of serious
financial loss.
www.gao.gov/cgi-bin/getrpt?GAO-04-707.
To view the full product, including the scope and methodology, click
on the link above. For more information, contact Leslie G. Aronovitz at
(312) 220-7600.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
Provider Schemes and Improper Billing Siphon Medicaid Dollars:
States Report a Variety of Approaches to Prevent and Detect Improper
Payments:
CMS Has Activities to Support States' Program Integrity Efforts but
Conducts Little Oversight:
Concluding Observations:
Agency Comments and Our Evaluation:
Appendix I: States' Approaches to Medicaid Program Integrity:
Appendix II: Comments from the Centers for Medicare & Medicaid
Services:
Appendix III: GAO Contact and Staff Acknowledgments:
GAO Contact:
Acknowledgments:
Table:
Table 1: Recent Medicaid Fraud and Abuse Cases:
Abbreviations:
CMS: Centers for Medicare & Medicaid Services:
DME: durable medical equipment:
FBI: Federal Bureau of Investigation:
FTE: full-time equivalent:
HHS: Department of Health and Human Services:
MMIS: Medicaid Management Information System:
OIG: Office of Inspector General:
PAM: Payment Accuracy Measurement:
PERM: Payment Error Rate Measurement:
SCHIP: State Children's Health Insurance Program:
SURS: Surveillance and Utilization Review Subsystem:
TAG: Technical Assistance Group:
United States Government Accountability Office:
Washington, DC 20548:
July 16, 2004:
The Honorable Charles E. Grassley:
Chairman Committee on Finance:
United States Senate:
Dear Mr. Chairman:
During fiscal year 2002, Medicaid--a program jointly funded by the
federal government and the states--provided health care coverage for
about 51 million low-income Americans, most of whom were children,
elderly, blind, or disabled. That year, Medicaid benefit payments
reached approximately $244 billion, of which the federal share was
about $139 billion. Administration of the program is conducted by the
states and is overseen at the federal level by the Centers for Medicare
& Medicaid Services (CMS) in the Department of Health and Human
Services (HHS). The challenges inherent in overseeing a program of
Medicaid's size and diversity make the program vulnerable to improper
payments. As a result, we added Medicaid to our list of high-risk
programs in January 2003.[Footnote 1]
Improper payments in government health programs drain vital program
dollars, to the detriment of beneficiaries and taxpayers. Such payments
include those made for services not covered by program rules, not
medically necessary, or billed but never actually provided. Improper
payments can result from inadvertent errors as well as fraud and abuse.
Inadvertent errors are typically due to clerical mistakes or a
misunderstanding of program rules, whereas fraud is an intentional act
of deception to benefit the provider or another person. Abuse typically
involves actions that are inconsistent with acceptable business and
medical practices. States conduct program integrity activities designed
to prevent, or detect and recover, improper payments resulting from
fraud, abuse, and error.
Given the large expenditure of federal dollars and the risk of improper
payments, we reviewed the Medicaid program integrity activities
conducted by the states and monitored by CMS. This report provides
information on (1) the types of provider fraud and abuse problems that
state Medicaid programs have identified in recent years, (2) approaches
taken by states to ensure that Medicaid funds are paid appropriately,
and (3) CMS's efforts to support and oversee state program integrity
activities.
To address these issues, we compiled an inventory of the states'
Medicaid program integrity activities addressing providers' improper
billing practices.[Footnote 2] (For details on state responses to the
inventory, see app. I.) The inventory also provided states the
opportunity to comment on CMS's Medicaid program integrity efforts. To
supplement our inventory analysis, we conducted site visits in eight
states--Florida, Illinois, Louisiana, New Jersey, New York, North
Carolina, Texas, and Wisconsin--and interviewed officials at state
Medicaid agencies, state inspector general offices, state fraud control
units, and private companies that contract with the states to perform
specialized claims reviews or other program integrity activities. We
selected these states based on geographic diversity and differences in
program size. In addition, national health care fraud and abuse experts
with whom we consulted cited these states as particularly active in
identifying and responding to improper payment issues. Finally, we
interviewed CMS's Medicaid program integrity staff and reviewed recent
studies by federal agencies and national organizations involved with
antifraud efforts. Our work was conducted from August 2003 through July
2004 in accordance with generally accepted government auditing
standards.
Results in Brief:
Various forms of Medicaid fraud and abuse have resulted in substantial
financial losses to states and the federal government. Fraudulent and
abusive billing practices committed by providers include billing for
services, drugs, equipment, or supplies not provided or not needed.
Providers have also been found to bill for more expensive procedures
than were actually provided. In recent cases, 15 clinical laboratories
in one state billed Medicaid $20 million for services that had not been
ordered, an optical store falsely claimed $3 million for eyeglass
replacements, and a medical supply company agreed to repay states
nearly $50 million because of fraudulent marketing practices.
States report that their Medicaid program integrity activities
generated cost savings by applying certain measures to providers
considered to be at high risk for inappropriate billing and by
generally strengthening their program controls for all providers.
Thirty-four of the 47 states that completed our inventory reported
using one or more measures to control enrollment of high-risk
providers. Such controls include on-site inspections of the applicant's
facility prior to enrollment, criminal background checks, requirements
to obtain surety bonds that protect the state against certain financial
losses, and policies to enroll providers on a probationary or time-
limited basis. States also report using information technology to
integrate databases containing provider, beneficiary, and claims
information and conduct more efficient utilization reviews. For
example, 34 states reported conducting targeted claims reviews to
identify unusual patterns that might indicate provider abuse. In
addition, states cited legislation that directed the use of certain
preventive or detection controls or authorized enhanced enforcement
powers as lending support to their Medicaid program integrity efforts.
At the federal level, CMS has initiatives designed to support states'
program integrity efforts; however, its oversight of state efforts is
limited. CMS initiatives include two pilots. One pilot seeks to develop
a methodology for measuring the accuracy of each state's Medicaid
claims payments. Its most recent results show that Medicaid fee-for-
service accuracy rates for 11 states ranged from 81 percent to nearly
100 percent. The other pilot is designed to identify aberrant provider
billing by linking Medicaid and Medicare claims information. This pilot
resulted in a reported $58 million in savings and over 80 cases against
suspected fraudulent providers after the first year of testing in
California. CMS also provides technical assistance to states by
sponsoring monthly teleconferences where states can discuss emerging
issues and propose policy changes. To monitor Medicaid program
integrity activities, CMS teams conduct on-site reviews of states'
compliance with federal requirements, such as referring certain cases
to the state agency responsible for investigating Medicaid fraud. In
fiscal year 2004, CMS allocated $26,000 and eight staff positions
nationally for overseeing the states' Medicaid program integrity
activities, including the cost of compliance reviews. With this level
of resources, CMS aims to review 8 states each year until all 50 states
and the District of Columbia have been covered. From January 2000
through December 2003, CMS has conducted reviews of 29 states and, at
its current pace, would not begin a second round of reviews before
fiscal year 2007. This level of effort suggests that CMS's oversight of
the states' Medicaid program integrity efforts may be
disproportionately small relative to the risk of serious financial
loss.
Commenting on a draft of this report, CMS officials stated that because
our report focused on program integrity activities, it did not reflect
the full range of financial management oversight activities that are
ongoing or planned. They noted the agency's intention to add 100 new
financial management staff and its contract with the HHS Office of
Inspector General (OIG) for additional audits. Although we consider
both to be crucial Medicaid oversight functions, the goals and
approaches to financial management and program integrity are not the
same, and staff dedicated to these two functions are not
interchangeable. We continue to believe that the resources allocated to
supporting and overseeing states' Medicaid program integrity activities
may not be commensurate with the financial risks at hand. CMS's written
comments are reprinted in appendix II.
Background:
The Medicaid program is one of the largest social programs in the
federal budget, and one of the largest components of state budgets.
Although it is one federal program, Medicaid consists of 56 distinct
state-level programs created within broad federal guidelines and
administered by state Medicaid agencies.[Footnote 3] Each state
develops its own Medicaid administrative structure for carrying out the
program. It also establishes eligibility standards; determines the
type, amount, duration, and scope of covered services; and sets payment
rates. Each state is required to describe the nature and scope of its
program in a comprehensive plan submitted to CMS, with federal funding
depending on CMS's approval of the plan.
In general, the federal government matches state Medicaid spending for
medical assistance according to a formula based on each state's per
capita income. The federal contribution ranges from 50 to 77 cents of
every state dollar spent on medical assistance in fiscal year 2004. For
most state Medicaid administrative costs, the federal match rate is 50
percent. For skilled professional medical personnel engaged in program
integrity activities, such as those who review medical records, 75
percent federal matching is available.
States and CMS share responsibility for protecting the integrity of the
Medicaid program. States are responsible for ensuring proper payment
and recovering misspent funds. CMS has a role in facilitating states'
program integrity efforts and seeing that states have the necessary
processes in place to prevent and detect improper payments.
With varying levels of staff and resources, states conduct Medicaid
program integrity activities that include screening providers and
monitoring provider billing patterns. CMS requires that states collect
and verify basic information on potential providers, including whether
they meet state licensure requirements and are not prohibited from
participating in federal health care programs. CMS also requires that
each state Medicaid agency have certain information processing
capabilities, including a Medicaid Management Information System (MMIS)
and a Surveillance and Utilization Review Subsystem (SURS).[Footnote 4]
The SURS staff use claims data to develop statistical profiles on
services, providers, and beneficiaries to identify potential improper
payments. They refer suspected overpayments or overutilization cases to
other units in the Medicaid agency for corrective action and potential
fraud cases to their state's Medicaid Fraud Control Unit for
investigation and prosecution. Medicaid Fraud Control Units can, in
turn, refer some cases to the HHS OIG, the Federal Bureau of
Investigation (FBI), and the Department of Justice for further
investigation and prosecution.
Provider Schemes and Improper Billing Siphon Medicaid Dollars:
State Medicaid programs have experienced a wide range of abusive and
fraudulent practices by providers. States have prosecuted providers
that bill for services, drugs, and supplies that are not authorized or
are not provided. States' investigators have also uncovered deliberate
provider upcoding--billing for more expensive procedures than were
actually provided--to increase their Medicaid reimbursement. In some
cases, they have prosecuted providers for marketing irregularities,
such as offering cash, free services, or gifts to induce referrals.
While the covert nature of these schemes makes it difficult to quantify
the dollars lost to Medicaid fraud or abuse, recent cases provide
examples of substantial financial losses. As shown in table 1, these
range from a nearly $1.6 million state case that involved billing for
transportation services never provided and deliberate upcoding to a $50
million nationwide settlement with a major pharmaceutical and equipment
supplier over illegal marketing practices.
Table 1: Recent Medicaid Fraud and Abuse Cases:
Provider and violation: Clinical laboratories; Billing for unauthorized
services;
Case: A California Medicaid fraud scheme involved more than 15 clinical
laboratories that illegally billed over $20 million for tests that were
never authorized by physicians. The defendant paid medical clinic
employees to draw extra samples of blood from unsuspecting patients and
purchased blood from runaway children, homeless individuals, and drug
addicts. He had the blood tested at laboratories he controlled, and
then billed California's Medicaid program using stolen patient
identities. The scheme also involved the theft of physicians'
identities to create false records showing that the physicians
authorized the laboratories to perform the tests.
Provider and violation: Optical store; Billing for services not
provided;
Case: Owners of a California optical store defrauded the Medicaid
program of nearly $3 million by filing false claims for eyeglasses they
said were replacements for Medicaid patients whose eyeglasses were
lost, stolen, or destroyed. The investigation revealed that the owners
used personal information that they had obtained from previous
patients--about 6,341 Medicaid beneficiaries--to fraudulently bill the
program for 59,574 pairs of eyeglasses from 1995 to 2001.
Provider and violation: Transportation company; Billing for services
not provided; Deliberate upcoding;
Case: Nearly $1.6 million in Medicaid funds was recovered from six
defendants who falsely charged the Virginia Medicaid program for
services never performed or improperly coded. A Virginia transportation
company purchased patient identity information from other
transportation companies or assisted living homes and billed Medicaid
for services to patients it never served. The defendants also
improperly billed Medicaid using a reimbursement code for wheelchair-
bound patients that pays three times higher than the code used for
transporting ambulatory patients.
Provider and violation: Hospital; Deliberate upcoding;
Case: A 2-year investigation into Medicaid billing practices at a
Florida hospital found $2.9 million in estimated overpayments.
Investigators reviewed a sample of Medicaid claims for nonemergency,
routine medical services--such as well-baby care and flu shots--that
were billed under a code reserved for more advanced procedures
performed exclusively at a hospital. An audit of the hospital's claims
revealed that 99 percent of the claims were for procedures that did not
qualify to be reimbursed under this more advanced code.
Provider and violation: Durable medical equipment (DME) supplier;
Upcoding; Kickbacks;
Case: The owner of a pharmaceutical and DME company admitted to
defrauding the Indiana Medicaid program of nearly $2 million. The
company used higher reimbursement codes than allowed and, in some
instances, substantially inflated the cost of the drugs that were
provided to Medicaid beneficiaries. The owner also paid kickbacks to
nurses for referring cancer patients in need of expensive drugs and
supplies to the company.
Provider and violation: Medical supply company; Illegal marketing
practices;
Case: Medicaid programs throughout the country will share nearly $50
million recovered as part of a settlement with Abbott Laboratories over
fraudulent marketing of its enteral feeding pumps, which are used to
feed patients directly through the intestines. The marketing practices
included providing free enteral feeding pumps to nursing homes and DME
suppliers in exchange for those buyers agreeing to purchase a specific
number of pump sets, which are necessary for the pumps to function.
Abbott's marketing division staff told nursing homes and DME suppliers
they could bill Medicare or Medicaid for the pumps, which had been
supplied for free. Abbott also offered money to encourage DME suppliers
and nursing homes to buy products from the company. As part of the
settlement, Abbott also agreed to pay nearly $365 million in damages
and penalties to the Medicare program.
Source: GAO.
Note: Based on state attorney general offices' summaries of closed
cases.
[End of table]
States Report a Variety of Approaches to Prevent and Detect Improper
Payments:
States take various approaches to conducting program integrity
activities that can result in substantial cost savings. Tightened
enrollment controls allow states to more closely scrutinize those
providers considered to be at high risk for improper billing. Through
provider screening, stricter enrollment procedures, and reenrollment
programs, states may prevent high-risk providers from enrolling or
remaining in their Medicaid programs. Some states require providers to
use advanced technologies to confirm beneficiary eligibility before
services are rendered. States also use information systems that afford
them the ability to query multiple databases efficiently in order to
identify improper claims and types of providers and services most
likely to foster problems. In addition, state legislatures have
assisted their Medicaid agencies by directing that certain preventive
or detection controls be used, or by broadening the sanctions they can
use against providers that bill improperly.
Most States Tighten Enrollment Controls to Keep Abusive Providers Out
of Their Programs:
In general, states target their program integrity procedures to those
providers that pose the greatest financial risk to their Medicaid
programs. They may focus on types of providers whose billing practices
have exhibited unusual trends or that are not subject to state
licensure.[Footnote 5] States may also focus on individual providers
that have been excluded from the program in the past or for other
reasons. For such providers, most states impose more rigorous
enrollment checks than the minimum required by CMS.[Footnote 6]
Expanded measures applied to high-risk providers include on-site
inspections of the applicant's facility prior to enrollment, criminal
background checks, requirements to obtain surety bonds that protect the
state against certain financial losses, and time-limited enrollment.
Thirty-four of the states that completed our inventory reported using
at least one of these enrollment controls.
On-site Inspections:
Twenty-nine states reported conducting on-site inspections for
providers considered at high-risk for inappropriate billing before
allowing them to enroll or reenroll in their Medicaid
programs.[Footnote 7] Such visits help validate a provider's existence
and generate information on its service capacity. Illinois and Florida
officials reported that performing on-site inspections of some
providers' facilities is a valuable part of their statewide Medicaid
provider enrollment control efforts.
* For each targeted provider group, Illinois Medicaid staff inspect the
facilities, inventory, and vehicles (in the case of nonemergency
transportation providers).[Footnote 8] Officials told us that their on-
site inspections prevented 49 potential providers that did not meet
requirements from enrolling. By not approving these providers to bill
Medicaid, Illinois officials estimated that the state avoided a total
of $1 million in potentially improper payments for 2001 and 2002.
* Florida uses a contractor to conduct on-site inspections of potential
providers. Since April 2003, Florida Medicaid officials have required
its contractor to randomly select and inspect 10 percent of all new
applicants, including pharmacies, physicians, billing agents, nurses,
and other types of providers.
Criminal Background Checks and Surety Bonds:
Thirteen states reported that they conduct criminal background checks
for certain high-risk providers rather than relying solely on
applicants' self-disclosures. These background checks entail verifying
with law enforcement agencies the information given in provider
enrollment applications regarding criminal records. As of December
2003, states conducting criminal background checks included New Jersey
(for employees of pharmacies, clinical laboratories, transportation
services, adult medical day care, and physician group practices),
Wisconsin (for employees of licensed agencies, such as home health care
agencies), and Illinois (for employees of nonemergency transportation
providers).
Four states that conduct criminal background checks also have the
authority to require surety bonds for the targeted providers.[Footnote
9] Surety bonds, also known as performance bonds, protect the state
against financial loss in case the terms of a contract are not
fulfilled. Florida officials established a $50,000 bonding requirement
for durable medical equipment (DME) suppliers, independent
laboratories, certain transportation companies, and non-physician-
owned physician groups. In Washington, home health agencies must be
Medicare-certified to participate in the state's Medicaid program.
Medicare requires a surety bond of $50,000 or 15 percent of annual
Medicare payments to the home health agency based on the agency's most
recent cost report to CMS, whichever is greater.[Footnote 10]
Probationary and Reenrollment Policies:
Twenty-five states require all of their Medicaid providers to
periodically reapply for enrollment. This process allows state
officials to verify provider information such as medical specialty
credentials and ownership and licensure status. Eleven states reported
having probationary and time-limited enrollment policies specifically
for high-risk providers, with reenrollment requirements ranging from 6
months to 3 years. Examples of their probationary and reenrollment
policies follow:
* California officials estimated avoiding over $200 million in Medicaid
expenditures in state fiscal year 2003 by increasing scrutiny of new
provider applications and placing providers in provisional status for
the first 12 to 18 months of their enrollment. Those who continue to
meet the standards for enrollment and have not been terminated are
converted automatically to enrolled provider status.
* In Illinois, nonemergency transportation providers are on probation
for the first 180 days of their enrollment. Medicaid officials
explained that this probationary period gives the state time to monitor
the provider's billing patterns and conduct additional on-site
inspections, as needed. They said that any negative findings uncovered
during the probationary period would result in a provider's immediate
termination without cause, meaning the provider could not grieve the
termination decision.
* Nevada officials reported that certain types of providers located in
the state--including dentists, DME suppliers, and home health agencies-
-are permitted to enroll for only a 1-year period and must reapply each
year to continue billing Medicaid. Out-of-state providers are limited
to a 3-month enrollment period and must reapply to continue to bill the
Nevada program.
* Wisconsin officials reported that the state requires nonemergency
transportation providers to reenroll annually, while all other types of
providers must submit new enrollment applications every 3 years.
Some States Have Strengthened Controls to Avoid Paying Inappropriate
Claims:
Many states deter fraud, abuse, and error by using advanced
technologies and keeping their provider rolls up to date. States seek
to enhance program integrity activities by investing in information
technologies that enable them to preauthorize services and improve
their data processing capabilities. They also contract with companies
that specialize in claims and utilization review--analyses of claims to
identify aberrant billing patterns--to augment their in-house
capabilities. In addition, nearly all states take steps to eliminate
paying claims billed under unauthorized provider numbers.
Using Advanced Technology:
Most states use advanced technology to prevent improper payments by
requiring providers to validate beneficiary eligibility before services
are rendered. For example, 32 states use online systems that require
pharmacies to obtain state approval confirming a beneficiary's
eligibility before filling a prescription. Using a different
technology, New York implemented a system that stores information on
the magnetic strip of a beneficiary's Medicaid card, which also
includes the beneficiary's photo. By swiping the card, providers are
able to verify eligibility before providing a service.
In another application, New York uses technology to track prescribing
patterns and curb overutilization. New York officials told us that
physicians ordering drugs and medical supplies must use the state's
interactive telephone system to obtain payment authorization numbers.
This system leads physicians through a menu-driven series of questions
about patient diagnosis and treatment alternatives before an
authorization number is given. Officials estimated that during the 6-
month period from April to September 2003, the state saved $15.4
million by using its interactive phone system for prior approvals.
In addition to verifying beneficiary eligibility and controlling
utilization, many states also use technology to better target their
claims review efforts. Of the 47 states that completed our inventory,
34 reported targeting their reviews to claims from high-risk providers.
These reviews entail verifying the appropriateness of the services
billed by, and payments made to, a provider within a certain period.
Twenty-one of the 34 states reported using advanced information
technology to more effectively pinpoint aberrant billing patterns.
These states developed data warehouses to store several years of
information on claims, providers, and beneficiaries in integrated
databases, and they use data-mining software to look for unusual
patterns that might indicate provider abuse. Additional software
detects claims with incongruous billing code combinations. For example,
a state can link related service claims, such as emergency
transportation invoices and hospital emergency department claims for
the same client. States that use these technologies to enhance their
targeted reviews include the following:
* New York officials reported that targeted reviews of claims submitted
by part-time clinics,[Footnote 11] mobile radiology service providers,
midwives, and physician assistants saved an estimated $24.9 million in
state fiscal years 2002 through 2003.
* Ohio officials reported that targeted reviews by Ohio's in-house
utilization review staff saved an estimated $14 million in state fiscal
years 2000 through 2002.
* Texas officials reported recouping over $18.9 million in state fiscal
year 2003. Officials also noted that the state's targeted reviews and
queries enabled them to identify weaknesses in state payment
safeguards. For example, the state identified hospital "unbundling"--
billing separately for services that were already included in a
combined reimbursement--through its analysis of claims data.
Some states rely on contractors to supply claims review expertise that
either is lacking in-house or that supplements existing staff
resources. Of the states completing our national inventory, 24 states
use contractors to review Medicaid claims either before or after
payments are made.[Footnote 12] Colorado used contractors to increase
the volume of claims reviewed. Kansas reported that its contractor's
2003 review of hospital inpatient claims resulted in recovering over
$4.7 million. North Carolina officials estimated that since 1999, the
state's contractors' reviews of inpatient claims resulted in an
estimated 4-to-1 return on investment.
Purging Inactive Billing Numbers:
Out-of-date information increases the risk that Medicaid will pay
individuals who are not eligible to bill the program. For instance, in
California, individuals were found to have falsely billed the Medicaid
program using the provider billing numbers of retired practitioners.
Forty-three states reported that, at a minimum, they cancel or suspend
inactive provider billing numbers.[Footnote 13] For example:
* New Jersey deactivates billing numbers that have been inactive for 12
months. To reactivate their numbers, providers must submit their
requests using their office letterhead. If a number is reactivated and
there is no billing activity within 6 months, New Jersey will again
deactivate the number.
* North Carolina notifies providers with billing numbers that have been
inactive for 12 months before taking any action. The state terminates
the number if the provider does not respond within 30 days and updates
the state's provider database each month, listing which billing numbers
have been terminated.
In Some States, Legislative Initiatives Have Played an Important Role
in Medicaid Program Integrity Efforts:
Many states have made Medicaid program integrity a priority, either
through directives to employ certain preventive or detection controls
or by expanding enforcement authority to use against providers that
bill improperly. In some states, legislative initiatives have
encouraged Medicaid program integrity units to adopt information
technology; in others, legislation has expanded Medicaid agencies'
authority to investigate providers and beneficiaries and impose
sanctions. Of the states that completed our inventory, 24 reported
having legislation mandating sanctions against fraudulent providers or
beneficiaries. Examples of legislative activities from 2 states are as
follows:
* New Jersey: Under a 1996 law, all licensed prescribers and certain
licensed health care facilities are required to use tamper-proof,
nonreproducible prescription order blanks. State Medicaid officials
estimated annual savings of at least $6 million since the law's
implementation in 1997. The law also made prescription forgery a third-
degree felony.
* Texas: In September 2003, Texas law consolidated responsibility for
Medicaid program integrity in the Office of Inspector General in the
Health and Human Services Commission and funded 200 additional
positions to investigate Medicaid fraud. The legislation also expanded
the state's powers to conduct claims reviews, impose prior
authorization and surety bond requirements, and issue subpoenas. The
law also required that the state explore the feasibility of using
biometric technology--such as fingerprint imaging--as an eligibility
verification tool. Texas budget officials estimated that over a 2-year
period, net savings would exceed $1 billion.
CMS Has Activities to Support States' Program Integrity Efforts but
Conducts Little Oversight:
CMS has provided states with information, tools, and training to
improve their Medicaid program integrity efforts. The agency has funded
a pilot that measures payment accuracy rates and another pilot that
analyzes provider billing patterns across the Medicare and Medicaid
programs. In addition, CMS has facilitated states' sharing of
information on program integrity issues and related federal policies.
Also, CMS has conducted occasional reviews of state program integrity
operations. However, these reviews are infrequent and limited in scope.
CMS Fielding a Multiyear Pilot to Measure Medicaid Payment Accuracy
Rates:
CMS is conducting a 3-year Payment Accuracy Measurement (PAM) pilot to
develop estimates of the level of accuracy in Medicaid claims payments,
taking into account administrative error and estimated loss due to
abuse or fraud.[Footnote 14] At its conclusion, in fiscal year 2006,
PAM will become a permanent, mandatory program--to be known as the
Payment Error Rate Measurement (PERM) initiative--satisfying
requirements of the Improper Payments Information Act of 2002.[Footnote
15] Under PERM, states will be expected to ultimately reduce their
payment error rates by better targeting program integrity activities in
their Medicaid programs and the State Children's Health Insurance
Program (SCHIP) and tracking their performance over time.[Footnote 16]
PERM is intended to develop an aggregate measure of states' claims
payment errors as well as error rates for seven health care service
areas--inpatient hospital services, long-term care services,
independent physicians and clinics, prescription drugs, home and
community-based services, primary care case management, and other
services and supplies.[Footnote 17] CMS proposes developing annual
national error rate estimates from rates developed by one-third of the
states rather than requiring each state to compute an error rate each
year.[Footnote 18] CMS further proposes that in the 2-year period after
a state determines its error rate, the state develop and implement a
plan to address the causes of improper payments uncovered in its
review.
CMS is in the third and final year of PAM. Each year, CMS tested
various measurement methodologies and expanded participation to
additional states.[Footnote 19] CMS used information from the 9 states
participating in PAM's first year, fiscal year 2002, to help refine the
measurement methodologies for subsequent years. CMS also constructed a
single model to be used by all 12 states participating in the second
year of PAM, which began in fiscal year 2003. Those states that
reported on Medicaid fee-for-service payment accuracy had rates ranging
from 81.4 percent to 99.7 percent.[Footnote 20] Sources of inaccurate
payments included incomplete documentation of a service, inappropriate
coding, clerical errors, as well as provision of medically unnecessary
services. In PAM's final year, fiscal year 2004, the 27 participating
states will include in their claims reviews payments made under SCHIP
and verification of recipient eligibility, among other things.
Beginning in fiscal year 2006, the PAM pilot will transition into the
PERM initiative to produce both state-specific and national estimates
of Medicaid program error rates.
Although state responses to CMS's pilot were generally positive,
program integrity officials raised concerns about the cyclical nature
of the permanent program. Officials in several states--including
Illinois, Louisiana, and North Carolina--indicated concern that the 3-
year cycle presents significant staffing challenges. They contend that
it is impractical for a state to employ sufficient staff, with the
necessary expertise, to perform these functions only once every 3
years.[Footnote 21] Officials in other states, such as New York and
Washington, expressed concern that the measurement effort might result
in diverting staff from ongoing, and potentially more productive,
program integrity activities. In its April 2004 final report on the
second year of the pilot, CMS identified high state staff turnover and
limited availability of medical records as obstacles that kept some
states from completing their pilots on time.
CMS Pilot Links Information on Providers That Bill Both Medicare and
Medicaid:
In another effort to support states' program integrity activities, CMS
facilitates the sharing of health benefit and claims information
between the Medicaid and Medicare programs. For example, it arranged
for state Medicaid agency officials to gain access to confidential
provider information contained in Medicare's restricted fraud alerts (a
warning against emerging schemes), provider suspension notices, and
databases.[Footnote 22] One of the Medicare-Medicaid information-
sharing activities is a data match pilot that received funding from
several sources.[Footnote 23] The purpose of this state-operated pilot
is to identify improper billing and utilization patterns by matching
Medicare and Medicaid claims information on providers and
beneficiaries. Such matching is important, as fraudulent schemes can
cross program boundaries.
CMS initiated the Medicare-Medicaid data match pilot in California in
September 2001.[Footnote 24] CMS estimated that in its first year, the
pilot achieved a 21-to-1 return on investment, with about $58 million
in cost avoidance, savings, and overpayment recoupments to the Medicaid
and Medicare programs. In addition, over 80 cases were opened against
suspected fraudulent providers. For example, the pilot identified the
following:
* One provider billed more than 24 hours a day. Although the Medicare
claims alone were not implausible, once the Medicare and Medicaid dates
of service were matched, the provider showed up as billing for more
than a reasonable number of hours in a day.
* Several providers serving beneficiaries eligible for both programs
purposely submitted flawed Medicare bills, received full payment from
Medicaid based on the denied Medicare claims, then resubmitted
corrected Medicare bills and were paid again.
In assessing the results of the California pilot, CMS officials noted
challenges that delayed implementation for about a year. These included
time-consuming activities such as negotiating data-sharing agreements
with the contractors that process Medicare claims and reconciling data
formatting differences in Medicare and Medicaid claims. CMS officials
believe that these challenges were largely due to the novel nature of
the effort and that implementation should proceed more smoothly in
other states. In fiscal year 2003, CMS expanded the data match pilot to
six additional states: Florida, Illinois, New Jersey, North Carolina,
Pennsylvania, and Texas.
CMS Arranges Teleconferences for States to Share Information on Program
Integrity Issues:
CMS also sponsors a Medicaid fraud and abuse technical assistance group
(TAG), which provides a forum for states to discuss issues, solutions,
resources, and experiences. TAG meets monthly by teleconference and
convenes annually in one location. Each of four geographic areas--
Midwest, Northeast, South, and West--has two TAG delegates from state
Medicaid program integrity units who participate in the
teleconferences. Any state may participate in the teleconferences and
18 do so regularly. Delegates discuss concerns raised by the states in
their geographic regions and convey information on agenda items to
their states. For example, state officials told us that they have
discussed issues such as new data systems and other fraud and abuse
detection tools.
TAG members also use this forum to alert one another to emerging
schemes. In one instance, TAG members discussed a drug diversion
operation involving serostim--a drug used to treat AIDS patients for
degenerative weight loss--from a Pennsylvania mail-order pharmacy.
Serostim--which costs about $5,000 for a month's supply--was being sold
to body builders to enhance muscle tissue. According to New York
officials, over a 2-year period, the state's Medicaid expenditures for
serostim increased from $4 million to $50 million. Following this
discovery, several states, including New York, instituted prior
authorization policies for the drug.
In addition, states use TAG to communicate and propose policy changes
to CMS. For example, through TAG, the states proposed that CMS modify
the federal 60-day repayment rule. This rule implements a statutory
requirement that state Medicaid agencies refund the federal portion of
any identified overpayments within 60 days of discovery, except in
cases where providers or other entities have filed for bankruptcy or
gone out of business.[Footnote 25] Some states participating in TAG
contend that complying with the 60-day repayment rule discourages
states from pursuing complex cases for which recoveries may prove
difficult and instead gives them an incentive to focus on easy
overpayment cases. CMS has supported and endorsed legislative proposals
to amend the statute in the case of overpayments resulting from fraud
or abusive practices, proposing that the federal share be returned 60
days after recovery versus 60 days after discovery. However, CMS's
efforts to change the policy have not been successful.
CMS Conducts Few On-site Reviews of State Program Integrity Activities:
CMS officials point to compliance reviews of the states' program
integrity activities as the agency's principal means for exercising
oversight. CMS conducts on-site reviews to assess whether state
Medicaid program integrity efforts comply with federal requirements,
such as those governing provider enrollment, claims review, utilization
control, and coordination with each state's Medicaid Fraud Control
Unit. Such on-site reviews typically last 5 days and are announced 30
days in advance. If reviewers find states significantly out of
compliance, they may revisit the states to verify that they have taken
corrective action. However, teams conducting these reviews do not
evaluate the effectiveness of state activities on reducing improper
payments.
Staffing and funding constraints have limited this oversight effort.
From January 2000 through December 2003, CMS completed reviews of 29
states. At its current pace of conducting eight state compliance
reviews each year, CMS would not begin a second round of nationwide
reviews before fiscal year 2007. CMS officials explained that the
agency can conduct only eight reviews per year, given the resources
allocated for Medicaid program integrity.[Footnote 26] For fiscal year
2004, CMS allocated eight staff nationally--about four full-time
equivalent (FTE) staff in headquarters and four FTEs distributed across
the agency's 10 regional offices--and an operating budget of $26,000
for overseeing the states' Medicaid program integrity activities,
including the cost of conducting compliance reviews. This level of
funding represents a $14,000, or 35 percent, decline from the previous
year. At the peak of its funding in fiscal year 2002, CMS's operating
budget for these activities was about $80,000.[Footnote 27] According
to agency officials, the size of the federal Medicaid program integrity
group relative to its responsibilities has resulted in its use of
Medicare's program integrity resources to help implement pilot projects
and conduct technical assistance activities.
From the states' perspective, compliance reviews have provided useful
information for identifying needed areas of improvement and potential
best practices. For example, Michigan officials told us that after
CMS's review, they took steps to strengthen their provider enrollment
activities. In another state, CMS discovered numerous areas of
noncompliance. The state agency's provider enrollment processes did not
require applicants to disclose prior criminal convictions or business
ownership and control. The state agency also did not investigate
potential instances of fraud and abuse identified by its SURS unit or
beneficiary complaints, or make the required referrals to the state
Medicaid Fraud Control Unit. As a result of these findings, CMS
required the state to develop a corrective action plan. About a year
later, the review team revisited the state and learned that it had
begun to implement corrective actions.
CMS has pointed to its compliance reviews of the states' program
integrity activities as providing the agency with information on the
states' strengths and vulnerabilities to improper payments. However, as
we reported in February 2002, these structured site reviews focus on
state compliance and do not evaluate the effectiveness of the states'
fraud and abuse prevention and detection activities for reducing
improper payments.[Footnote 28]
Concluding Observations:
The varied and substantial cases of Medicaid fraud or abuse that have
been uncovered around the country reaffirm the need for Medicaid
agencies to safeguard program dollars. Such losses have prompted
program integrity units and legislatures in many states to take active
roles in prevention and detection efforts. In their attempts to limit
improper payments, states have pursued a broad range of methods, such
as tightened provider enrollment and advanced claims review techniques.
As some states report identifying substantial cost savings, further
enhancements in program integrity activities are likely to generate
positive returns on such investments.
At the same time, there may be a disparity between the level of CMS
resources devoted to Medicaid program integrity and the program's
vulnerability to financial losses. On its current schedule for
conducting state program integrity compliance reviews, CMS will not
obtain a programwide picture of states' prevention and detection
activities more than once every 6 years. Moreover, because these
reviews are limited in scope, CMS does not evaluate states'
effectiveness in addressing improper payments. In addition, findings
from the payment accuracy pilot indicate a need for CMS to further
enhance state efforts to prevent and detect payment errors.
Agency Comments and Our Evaluation:
In written comments on a draft of this report, CMS officials took issue
with our observation that the level of resources devoted to federal
oversight of states' program integrity activities may be inconsistent
with the financial risks to the program. They pointed out that the
agency's program integrity work should be viewed as part of its broader
financial management of state Medicaid programs. Officials noted that
65 financial management staff in CMS regional offices review Medicaid
expenditures, conduct financial management reviews, provide technical
assistance to states on financial policy issues, and analyze state cost
allocation and administrative claiming plans. Officials also stated
that the agency expects to hire 100 new Medicaid financial management
staff this fiscal year and has contracted with HHS OIG to perform
additional auditing. (See app. II.)
We commend CMS for the actions it has begun to take to address its
Medicaid financial management challenges. As we have reported in recent
years, CMS had fallen short in providing the level of oversight
required to ensure states' Medicaid financial responsibility.[Footnote
29] When fully implemented, CMS's efforts to increase the number of
staff dedicated to reviewing the states' financial management reports
should help it strengthen the fiscal integrity of Medicaid's state and
federal partnership.
However, financial management and program integrity, while related
functions, are not interchangeable. Financial management focuses on the
propriety of states' claims for federal reimbursement, such as the
matching, administrative, and disproportionate share funds that CMS
provides the states. In contrast, program integrity--the focus of this
report--addresses federal and state efforts to ensure the propriety of
payments made to providers. Unlike the commitment to expand resources
for Medicaid financial management activities, CMS has not indicated a
similar commitment to enhancing its support and oversight of states'
program integrity efforts.
CMS officials also provided technical comments, which we incorporated
into the report where appropriate.
As agreed with your office, unless you publicly announce the contents
of this report earlier, we plan no further distribution until 30 days
after its date. At that time, we will send copies of this report to the
Secretary of HHS, Administrator of CMS, appropriate congressional
committees, and other interested parties. In addition, this report will
be available at no charge on GAO's Web site at http://www.gao.gov. We
will also make copies available to others upon request. If you or your
staff have any questions about this report, please call me at (312)
220-7600. Another contact and key contributors to this report are
listed in appendix III.
Sincerely yours,
Signed by:
Leslie G. Aronovitz:
Director, Health Care--Program Administration and Integrity Issues:
[End of section]
Appendix I: States' Approaches to Medicaid Program Integrity:
[See PDF for image]
Note: We asked officials in 50 states and the District of Columbia to
provide information on their Medicaid program integrity activities. We
received 47 responses and did not verify the accuracy of the responses.
Indiana, Nebraska, Rhode Island, and Vermont did not participate.
[A] A surety bond may protect the state against certain financial
losses.
[B] A data warehouse stores information on claims, providers, and
beneficiaries in an integrated database.
[C] Data mining is the analysis of large databases to identify unusual
utilization patterns.
[D] Data matching and modeling are techniques that allow comparisons of
providers within specialties to determine normative patterns in claims
data so that aberrant patterns can be identified.
[E] Smart technology is software that analyzes patterns in claims data
and feeds the information back into the system to identify new
patterns.
[F] A drug formulary is a list of prescription medications approved for
coverage.
[G] National Association of Surveillance and Utilization Review
Officials.
[End of figure]
[End of section]
Appendix II: Comments from the Centers for Medicare & Medicaid
Services:
DEPARTMENT OF HEALTH & HUMAN SERVICES:
Centers for Medicare & Medicaid Services:
Administrator:
Washington, DC 20201:
DATE: JUN 16 2004:
TO: Leslie G. Aronovitz:
Director, Health Care-Program Administration and Integrity Issues:
FROM: Mark B. McClellan, M.D., Ph.D.:
Administration and Integrity Issues:
SUBJECT: General Accounting Office (GAO) Draft Report: MEDICAID PROGRAM
INTEGRITY-State and Federal Efforts to Prevent and Detect Improper
Payments (GAO-04-707):
Thank you for the opportunity to review and comment on the above GAO
draft report. The Centers for Medicare & Medicaid Services (CMS) is
committed to assuring the program integrity (PI) of the Medicaid
program, as well as the Medicare program. Over the past several years,
we have implemented a number of initiatives and programs designed to
enhance and strengthen the overall PI effort. We have also emphasized
and taken actions to greatly increase the coordination and integration
of Medicare and Medicaid PI efforts. As there are no recommendations
included in this report, the following are CMS' general comments to the
report.
From a global perspective, the report states "CMS oversight of the
states' Medicaid program integrity efforts is disproportionately small
relative to the size of Federal investment and risk of serious
financial loss." This statement implies that the several CMS activities
reviewed in the report represent the totality of CMS' financial
management oversight of State Medicaid programs. In fact, the GAO
report focuses on a subset of CMS' Medicaid financial oversight
activities. For example, it does not mention the work done by 65
regional office financial management staff in reviewing quarterly state
Medicaid expenditure reports, conducting focused financial management
reviews in high-risk areas, providing technical assistance and
direction to states on a myriad of financial policy and operational
issues, and analyzing state cost allocation and administrative claiming
plans. Nor does the report refer to the 100 new Medicaid financial
management staff being hired by CMS this fiscal year (FY), or to CMS'
contract with the Office of Inspector General (OIG) for additional
audits in states and topical areas identified by CMS.
In short, it is critical that the GAO include in this report an
explicit disclaimer to the effect that the subject review focused
narrowly on several program integrity activities, and not on the full
spectrum of CMS' Medicaid financial oversight activities.
Attached are CMS' detailed comments to GAO's specific statements.
Attachment:
[End of section]
Appendix III: GAO Contact and Staff Acknowledgments:
GAO Contact:
Rosamond Katz, (202) 512-7148:
Acknowledgments:
In addition to the contact named above, Enchelle Bolden, Helen Chung,
Hannah Fein, Shirin Hormozi, and Geri Redican made key contributions to
this report.
FOOTNOTES
[1] U.S. General Accounting Office, Major Management Challenges and
Program Risks: Department of Health and Human Services, GAO-03-101
(Washington, D.C.: January 2003).
[2] Officials in the 50 states and the District of Columbia were asked
to complete our inventory; we received 47 responses. Although we did
not validate the information received, we contacted several states to
verify responses that appeared inconsistent with information previously
reported to us.
[3] The 56 Medicaid programs include one for each of the 50 states, the
District of Columbia, Puerto Rico, and the U.S. territories of American
Samoa, Guam, Northern Mariana Islands, and Virgin Islands. Hereafter,
all 56 entities are referred to as states.
[4] MMIS is an automated claims payment and information retrieval
system, with which states verify the accuracy of claims, the correct
use of payment codes, and patients' Medicaid eligibility. States are
required by law to have such a system. See Social Security Act, §
1903(r). A system such as SURS is also required by statute. See Social
Security Act, § 1902(a)(30).
[5] For example, Illinois officials said their analysis of Medicaid
claims showed providers in unregulated industries--nonemergency
transportation and some durable medical equipment suppliers--presented
a higher risk for abusive billing behavior than those subject to the
oversight of professional licensure boards.
[6] CMS requires that states screen applicants by asking if they have
ever been convicted of a crime related to their involvement in
Medicare, Medicaid, or Title XX Block Grants programs. See 42 C.F.R. §
455.106(a)(2)(2003).
[7] Seventeen states reported conducting on-site inspections in June
2001. See U.S. General Accounting Office, Medicaid: State Efforts to
Control Improper Payments Vary, GAO-01-662 (Washington, D.C.: June 7,
2001). Since our 2001 report, 14 additional states have begun to
conduct on-site investigations for certain targeted types of providers,
while 2 states no longer conduct them.
[8] Nonemergency transportation is a ride, or reimbursement for a ride,
provided to Medicaid beneficiaries with no other transportation
resources so that they can receive services from a medical provider.
[9] Illinois officials reported that they are drafting surety bond
requirements for nonemergency transportation providers. California,
North Carolina, Texas, and Wisconsin reported that they either have or
are seeking state legislation to require surety bonds for various types
of providers.
[10] CMS requires that home health agencies annually submit financial
documents supporting their costs in order to receive Medicare payments.
[11] According to New York Medicaid officials, part-time clinics
involve providers who work out of multiple locations. The state permits
providers to work and claim Medicaid reimbursements from up to 20
clinic locations. New York identified part-time clinics as a type of
provider with a high probability of improper billing after finding one
provider with 694 part-time locations.
[12] Prepayment reviews typically include verifying the mathematical
accuracy of claims, the correct use of payment codes, and patients'
Medicaid eligibility. Such reviews help ensure that services listed on
claims are covered, medically necessary, and paid in accordance with
state and federal requirements. Postpayment reviews may be more
comprehensive, to include scrutiny of the medical records used to
support the claimed service.
[13] This represents an increase of 14 states since our last state
inventory in June 2001.
[14] The Health Care Fraud and Abuse Control program--designed to
coordinate federal, state, and local antifraud efforts under the joint
direction of HHS and the Department of Justice--funded all 3 years of
the PAM pilot at a total of about $11.7 million.
[15] The Improper Payments Information Act of 2002, Pub. L. No. 107-
300, 116 Stat. 2350, requires that each agency responsible for federal
programs and activities with estimated improper payments exceeding $10
million annually report the estimates and planned corrective actions to
the Congress. Office of Management and Budget guidance on the act
limits this reporting requirement to programs and activities with
estimated payments exceeding both $10 million and 2.5 percent of annual
program payments.
[16] SCHIP, Pub. L. No. 105-33, § 4901, 111 Stat. 251, 552-70 (1997),
is a jointly funded federal/state program that provides health
insurance to children in low-income families who do not qualify for
Medicaid and are not covered by other health insurance.
[17] Under primary care case management, providers are paid a monthly
per capita fee to coordinate care for beneficiaries.
[18] CMS proposes using a stratified random sample, without
replacement, to determine which states will be selected for
measurement. The random sample is intended to ensure that each cycle
will have similar proportions of large, medium, and small states.
[19] CMS reimbursed the states for 100 percent of their costs for the
pilot. When PERM is implemented, in fiscal year 2006, the states will
be reimbursed at their customary administrative matching rate of 50
percent.
[20] In calculating payment accuracy rates, CMS determined that overpayments
and underpayments would "offset" each other in a manner that is similar
to the way that both the HHS OIG Chief Financial Officers Audit and the
Comprehensive Error Rate Testing program have defined payment error for
the Medicare program. States were asked to subtract the value of
underpayments from overpayments to determine the net value of
inaccurate payments. See Centers for Medicare & Medicaid Services,
Center for Medicaid and State Operations, Finance, Systems and Budget
Group, Payment Accuracy Measurement Project: Year 2 Final Report
(Baltimore: April 2004).
[21] In response to the states' concerns about the PERM 3-year cycle
and the OIG's concerns regarding the stratified random selection of
which states conduct PERM studies, CMS has proposed that all states be
required to conduct such studies annually. This proposal is pending in
the federal rule-making process.
[22] Specifically, CMS facilitated state access to two confidential
databases that Medicare contractors developed to assist in their
program integrity efforts. The Fraud Investigation Database contains
detailed information on providers involved in potential fraud and abuse
cases. The Medicare Exclusion Database contains information on provider
exclusions, sanctions, and reinstatements in a standard, cumulative
format with monthly updates.
[23] CMS's Medicare Integrity Program largely funded the initial pilot,
with supplemental funding--$1 million in fiscal year 2002 and $2.4
million in fiscal year 2003--from the FBI. Most of the funding for the
data match pilot comes from the Health Care Fraud and Abuse Control
Program.
[24] California has more Medicare and Medicaid beneficiaries than any
other state--7 million enrolled in Medicaid and 4 million in Medicare.
Combined state and federal annual expenditures for both programs are
about $47.6 billion.
[25] Section 1903(d)(2) of the Social Security Act and 42 C.F.R. §§
433.300 et seq. (2003).
[26] Review teams are composed of one person from CMS headquarters and
two staff members from a region that does not have oversight
responsibility for the state under review.
[27] Until fiscal year 2003, oversight activities were funded through
CMS's Southern Consortium, composed of the Atlanta and Dallas regional
offices. Financial responsibility shifted to CMS headquarters in fiscal
year 2004, when the agency abandoned its consortia approach to fraud
and abuse control.
[28] U.S. General Accounting Office, Medicaid Financial Management:
Better Oversight of State Claims for Federal Reimbursement Needed,
GAO-02-300 (Washington, D.C.: Feb. 28, 2002).
[29] GAO-03-101.
GAO's Mission:
The Government Accountability Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office
441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director,
NelliganJ@gao.gov
(202) 512-4800
U.S. Government Accountability Office,
441 G Street NW, Room 7149
Washington, D.C. 20548: