Medicaid Program Integrity

State and Federal Efforts to Prevent and Detect Improper Payments Gao ID: GAO-04-707 July 16, 2004

During fiscal year 2002, Medicaid--a program jointly funded by the federal government and the states--provided health care coverage for about 51 million low-income Americans. That year, Medicaid benefit payments reached approximately $244 billion, of which the federal share was about $139 billion. The program is administered by state Medicaid agencies with oversight provided by the Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services. Medicaid's size and diversity make it vulnerable to improper payments that can result from fraud, abuse, or clerical errors. States conduct program integrity activities to prevent, or detect and recover, improper payments. This report provides information on (1) the types of provider fraud and abuse problems that state Medicaid programs have identified, (2) approaches states take to ensure that Medicaid funds are paid appropriately, and (3) CMS's efforts to support and oversee state program integrity activities. To address these issues, we compiled an inventory of states' Medicaid program integrity activities, conducted site visits in eight states, and interviewed CMS's Medicaid program integrity staff.

Various forms of fraud and abuse have resulted in substantial financial losses to states and the federal government. Fraudulent and abusive billing practices committed by providers include billing for services, drugs, equipment, or supplies not provided or not needed. Providers have also been found to bill for more expensive procedures than actually provided. In recent cases, 15 clinical laboratories in one state billed Medicaid $20 million for services that had not been ordered, an optical store falsely claimed $3 million for eyeglass replacements, and a medical supply company agreed to repay states nearly $50 million because of fraudulent marketing practices. States report that their Medicaid program integrity activities generated cost savings by applying certain measures to providers considered to be at high risk for inappropriate billing and by generally strengthening their program controls for all providers. Thirty-four of the 47 states that completed our inventory reported using one or more enrollment controls with their high-risk providers, such as on-site inspections of the applicant's facility, criminal background checks, or probationary or time-limited enrollment. States also reported using information technology to integrate databases containing provider, beneficiary, and claims information and conduct more efficient utilization reviews. For example, 34 states reported conducting targeted claims reviews to identify unusual patterns that might indicate provider abuse. In addition, states cited legislation that directed the use of certain preventive or detection controls or authorized enhanced enforcement powers as lending support to their Medicaid program integrity efforts. At the federal level, CMS is engaged in several initiatives designed to support states' program integrity efforts; however, its oversight of these state efforts is limited. CMS initiatives include two pilots, one to measure the accuracy of each state's Medicaid claims payments and another to identify aberrant provider billing by linking Medicaid and Medicare claims information. CMS also provides technical assistance to states by sponsoring monthly teleconferences where states can discuss emerging issues and propose policy changes. To monitor Medicaid program integrity activities, CMS teams conduct on-site reviews of states' compliance with federal requirements, such as referring certain cases to the state agency responsible for investigating Medicaid fraud. In fiscal year 2004, CMS allocated $26,000 and eight staff positions nationally for overseeing the states' Medicaid program integrity activities, including the cost of compliance reviews. With this level of resources, CMS aims to review 8 states each year until all 50 states and the District of Columbia have been covered. From January 2000 through December 2003, CMS has conducted reviews of 29 states and, at its current pace, would not begin a second round of reviews before fiscal year 2007. This level of effort suggests that CMS's oversight of the states' Medicaid program integrity efforts may be disproportionately small relative to the risk of serious financial loss.

GAO-04-707, Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments This is the accessible text file for GAO report number GAO-04-707 entitled 'Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments' which was released on August 18, 2004. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Chairman, Committee on Finance, U.S. Senate: United States Government Accountability Office: GAO: July 2004: Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments: GAO-04-707: GAO Highlights: Highlights of GAO-04-707, a report to the Chairman, Committee on Finance, U.S. Senate Why GAO Did This Study: During fiscal year 2002, Medicaid”a program jointly funded by the federal government and the states”provided health care coverage for about 51 million low-income Americans. That year, Medicaid benefit payments reached approximately $244 billion, of which the federal share was about $139 billion. The program is administered by state Medicaid agencies with oversight provided by the Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services. Medicaid‘s size and diversity make it vulnerable to improper payments that can result from fraud, abuse, or clerical errors. States conduct program integrity activities to prevent, or detect and recover, improper payments. This report provides information on (1) the types of provider fraud and abuse problems that state Medicaid programs have identified, (2) approaches states take to ensure that Medicaid funds are paid appropriately, and (3) CMS‘s efforts to support and oversee state program integrity activities. To address these issues, we compiled an inventory of states‘ Medicaid program integrity activities, conducted site visits in eight states, and interviewed CMS‘s Medicaid program integrity staff. What GAO Found: Various forms of fraud and abuse have resulted in substantial financial losses to states and the federal government. Fraudulent and abusive billing practices committed by providers include billing for services, drugs, equipment, or supplies not provided or not needed. Providers have also been found to bill for more expensive procedures than actually provided. In recent cases, 15 clinical laboratories in one state billed Medicaid $20 million for services that had not been ordered, an optical store falsely claimed $3 million for eyeglass replacements, and a medical supply company agreed to repay states nearly $50 million because of fraudulent marketing practices. States report that their Medicaid program integrity activities generated cost savings by applying certain measures to providers considered to be at high risk for inappropriate billing and by generally strengthening their program controls for all providers. Thirty-four of the 47 states that completed our inventory reported using one or more enrollment controls with their high-risk providers, such as on-site inspections of the applicant‘s facility, criminal background checks, or probationary or time-limited enrollment. States also reported using information technology to integrate databases containing provider, beneficiary, and claims information and conduct more efficient utilization reviews. For example, 34 states reported conducting targeted claims reviews to identify unusual patterns that might indicate provider abuse. In addition, states cited legislation that directed the use of certain preventive or detection controls or authorized enhanced enforcement powers as lending support to their Medicaid program integrity efforts. At the federal level, CMS is engaged in several initiatives designed to support states‘ program integrity efforts; however, its oversight of these state efforts is limited. CMS initiatives include two pilots, one to measure the accuracy of each state‘s Medicaid claims payments and another to identify aberrant provider billing by linking Medicaid and Medicare claims information. CMS also provides technical assistance to states by sponsoring monthly teleconferences where states can discuss emerging issues and propose policy changes. To monitor Medicaid program integrity activities, CMS teams conduct on-site reviews of states‘ compliance with federal requirements, such as referring certain cases to the state agency responsible for investigating Medicaid fraud. In fiscal year 2004, CMS allocated $26,000 and eight staff positions nationally for overseeing the states‘ Medicaid program integrity activities, including the cost of compliance reviews. With this level of resources, CMS aims to review 8 states each year until all 50 states and the District of Columbia have been covered. From January 2000 through December 2003, CMS has conducted reviews of 29 states and, at its current pace, would not begin a second round of reviews before fiscal year 2007. This level of effort suggests that CMS‘s oversight of the states‘ Medicaid program integrity efforts may be disproportionately small relative to the risk of serious financial loss. www.gao.gov/cgi-bin/getrpt?GAO-04-707. To view the full product, including the scope and methodology, click on the link above. For more information, contact Leslie G. Aronovitz at (312) 220-7600. [End of section] Contents: Letter: Results in Brief: Background: Provider Schemes and Improper Billing Siphon Medicaid Dollars: States Report a Variety of Approaches to Prevent and Detect Improper Payments: CMS Has Activities to Support States' Program Integrity Efforts but Conducts Little Oversight: Concluding Observations: Agency Comments and Our Evaluation: Appendix I: States' Approaches to Medicaid Program Integrity: Appendix II: Comments from the Centers for Medicare & Medicaid Services: Appendix III: GAO Contact and Staff Acknowledgments: GAO Contact: Acknowledgments: Table: Table 1: Recent Medicaid Fraud and Abuse Cases: Abbreviations: CMS: Centers for Medicare & Medicaid Services: DME: durable medical equipment: FBI: Federal Bureau of Investigation: FTE: full-time equivalent: HHS: Department of Health and Human Services: MMIS: Medicaid Management Information System: OIG: Office of Inspector General: PAM: Payment Accuracy Measurement: PERM: Payment Error Rate Measurement: SCHIP: State Children's Health Insurance Program: SURS: Surveillance and Utilization Review Subsystem: TAG: Technical Assistance Group: United States Government Accountability Office: Washington, DC 20548: July 16, 2004: The Honorable Charles E. Grassley: Chairman Committee on Finance: United States Senate: Dear Mr. Chairman: During fiscal year 2002, Medicaid--a program jointly funded by the federal government and the states--provided health care coverage for about 51 million low-income Americans, most of whom were children, elderly, blind, or disabled. That year, Medicaid benefit payments reached approximately $244 billion, of which the federal share was about $139 billion. Administration of the program is conducted by the states and is overseen at the federal level by the Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services (HHS). The challenges inherent in overseeing a program of Medicaid's size and diversity make the program vulnerable to improper payments. As a result, we added Medicaid to our list of high-risk programs in January 2003.[Footnote 1] Improper payments in government health programs drain vital program dollars, to the detriment of beneficiaries and taxpayers. Such payments include those made for services not covered by program rules, not medically necessary, or billed but never actually provided. Improper payments can result from inadvertent errors as well as fraud and abuse. Inadvertent errors are typically due to clerical mistakes or a misunderstanding of program rules, whereas fraud is an intentional act of deception to benefit the provider or another person. Abuse typically involves actions that are inconsistent with acceptable business and medical practices. States conduct program integrity activities designed to prevent, or detect and recover, improper payments resulting from fraud, abuse, and error. Given the large expenditure of federal dollars and the risk of improper payments, we reviewed the Medicaid program integrity activities conducted by the states and monitored by CMS. This report provides information on (1) the types of provider fraud and abuse problems that state Medicaid programs have identified in recent years, (2) approaches taken by states to ensure that Medicaid funds are paid appropriately, and (3) CMS's efforts to support and oversee state program integrity activities. To address these issues, we compiled an inventory of the states' Medicaid program integrity activities addressing providers' improper billing practices.[Footnote 2] (For details on state responses to the inventory, see app. I.) The inventory also provided states the opportunity to comment on CMS's Medicaid program integrity efforts. To supplement our inventory analysis, we conducted site visits in eight states--Florida, Illinois, Louisiana, New Jersey, New York, North Carolina, Texas, and Wisconsin--and interviewed officials at state Medicaid agencies, state inspector general offices, state fraud control units, and private companies that contract with the states to perform specialized claims reviews or other program integrity activities. We selected these states based on geographic diversity and differences in program size. In addition, national health care fraud and abuse experts with whom we consulted cited these states as particularly active in identifying and responding to improper payment issues. Finally, we interviewed CMS's Medicaid program integrity staff and reviewed recent studies by federal agencies and national organizations involved with antifraud efforts. Our work was conducted from August 2003 through July 2004 in accordance with generally accepted government auditing standards. Results in Brief: Various forms of Medicaid fraud and abuse have resulted in substantial financial losses to states and the federal government. Fraudulent and abusive billing practices committed by providers include billing for services, drugs, equipment, or supplies not provided or not needed. Providers have also been found to bill for more expensive procedures than were actually provided. In recent cases, 15 clinical laboratories in one state billed Medicaid $20 million for services that had not been ordered, an optical store falsely claimed $3 million for eyeglass replacements, and a medical supply company agreed to repay states nearly $50 million because of fraudulent marketing practices. States report that their Medicaid program integrity activities generated cost savings by applying certain measures to providers considered to be at high risk for inappropriate billing and by generally strengthening their program controls for all providers. Thirty-four of the 47 states that completed our inventory reported using one or more measures to control enrollment of high-risk providers. Such controls include on-site inspections of the applicant's facility prior to enrollment, criminal background checks, requirements to obtain surety bonds that protect the state against certain financial losses, and policies to enroll providers on a probationary or time- limited basis. States also report using information technology to integrate databases containing provider, beneficiary, and claims information and conduct more efficient utilization reviews. For example, 34 states reported conducting targeted claims reviews to identify unusual patterns that might indicate provider abuse. In addition, states cited legislation that directed the use of certain preventive or detection controls or authorized enhanced enforcement powers as lending support to their Medicaid program integrity efforts. At the federal level, CMS has initiatives designed to support states' program integrity efforts; however, its oversight of state efforts is limited. CMS initiatives include two pilots. One pilot seeks to develop a methodology for measuring the accuracy of each state's Medicaid claims payments. Its most recent results show that Medicaid fee-for- service accuracy rates for 11 states ranged from 81 percent to nearly 100 percent. The other pilot is designed to identify aberrant provider billing by linking Medicaid and Medicare claims information. This pilot resulted in a reported $58 million in savings and over 80 cases against suspected fraudulent providers after the first year of testing in California. CMS also provides technical assistance to states by sponsoring monthly teleconferences where states can discuss emerging issues and propose policy changes. To monitor Medicaid program integrity activities, CMS teams conduct on-site reviews of states' compliance with federal requirements, such as referring certain cases to the state agency responsible for investigating Medicaid fraud. In fiscal year 2004, CMS allocated $26,000 and eight staff positions nationally for overseeing the states' Medicaid program integrity activities, including the cost of compliance reviews. With this level of resources, CMS aims to review 8 states each year until all 50 states and the District of Columbia have been covered. From January 2000 through December 2003, CMS has conducted reviews of 29 states and, at its current pace, would not begin a second round of reviews before fiscal year 2007. This level of effort suggests that CMS's oversight of the states' Medicaid program integrity efforts may be disproportionately small relative to the risk of serious financial loss. Commenting on a draft of this report, CMS officials stated that because our report focused on program integrity activities, it did not reflect the full range of financial management oversight activities that are ongoing or planned. They noted the agency's intention to add 100 new financial management staff and its contract with the HHS Office of Inspector General (OIG) for additional audits. Although we consider both to be crucial Medicaid oversight functions, the goals and approaches to financial management and program integrity are not the same, and staff dedicated to these two functions are not interchangeable. We continue to believe that the resources allocated to supporting and overseeing states' Medicaid program integrity activities may not be commensurate with the financial risks at hand. CMS's written comments are reprinted in appendix II. Background: The Medicaid program is one of the largest social programs in the federal budget, and one of the largest components of state budgets. Although it is one federal program, Medicaid consists of 56 distinct state-level programs created within broad federal guidelines and administered by state Medicaid agencies.[Footnote 3] Each state develops its own Medicaid administrative structure for carrying out the program. It also establishes eligibility standards; determines the type, amount, duration, and scope of covered services; and sets payment rates. Each state is required to describe the nature and scope of its program in a comprehensive plan submitted to CMS, with federal funding depending on CMS's approval of the plan. In general, the federal government matches state Medicaid spending for medical assistance according to a formula based on each state's per capita income. The federal contribution ranges from 50 to 77 cents of every state dollar spent on medical assistance in fiscal year 2004. For most state Medicaid administrative costs, the federal match rate is 50 percent. For skilled professional medical personnel engaged in program integrity activities, such as those who review medical records, 75 percent federal matching is available. States and CMS share responsibility for protecting the integrity of the Medicaid program. States are responsible for ensuring proper payment and recovering misspent funds. CMS has a role in facilitating states' program integrity efforts and seeing that states have the necessary processes in place to prevent and detect improper payments. With varying levels of staff and resources, states conduct Medicaid program integrity activities that include screening providers and monitoring provider billing patterns. CMS requires that states collect and verify basic information on potential providers, including whether they meet state licensure requirements and are not prohibited from participating in federal health care programs. CMS also requires that each state Medicaid agency have certain information processing capabilities, including a Medicaid Management Information System (MMIS) and a Surveillance and Utilization Review Subsystem (SURS).[Footnote 4] The SURS staff use claims data to develop statistical profiles on services, providers, and beneficiaries to identify potential improper payments. They refer suspected overpayments or overutilization cases to other units in the Medicaid agency for corrective action and potential fraud cases to their state's Medicaid Fraud Control Unit for investigation and prosecution. Medicaid Fraud Control Units can, in turn, refer some cases to the HHS OIG, the Federal Bureau of Investigation (FBI), and the Department of Justice for further investigation and prosecution. Provider Schemes and Improper Billing Siphon Medicaid Dollars: State Medicaid programs have experienced a wide range of abusive and fraudulent practices by providers. States have prosecuted providers that bill for services, drugs, and supplies that are not authorized or are not provided. States' investigators have also uncovered deliberate provider upcoding--billing for more expensive procedures than were actually provided--to increase their Medicaid reimbursement. In some cases, they have prosecuted providers for marketing irregularities, such as offering cash, free services, or gifts to induce referrals. While the covert nature of these schemes makes it difficult to quantify the dollars lost to Medicaid fraud or abuse, recent cases provide examples of substantial financial losses. As shown in table 1, these range from a nearly $1.6 million state case that involved billing for transportation services never provided and deliberate upcoding to a $50 million nationwide settlement with a major pharmaceutical and equipment supplier over illegal marketing practices. Table 1: Recent Medicaid Fraud and Abuse Cases: Provider and violation: Clinical laboratories; Billing for unauthorized services; Case: A California Medicaid fraud scheme involved more than 15 clinical laboratories that illegally billed over $20 million for tests that were never authorized by physicians. The defendant paid medical clinic employees to draw extra samples of blood from unsuspecting patients and purchased blood from runaway children, homeless individuals, and drug addicts. He had the blood tested at laboratories he controlled, and then billed California's Medicaid program using stolen patient identities. The scheme also involved the theft of physicians' identities to create false records showing that the physicians authorized the laboratories to perform the tests. Provider and violation: Optical store; Billing for services not provided; Case: Owners of a California optical store defrauded the Medicaid program of nearly $3 million by filing false claims for eyeglasses they said were replacements for Medicaid patients whose eyeglasses were lost, stolen, or destroyed. The investigation revealed that the owners used personal information that they had obtained from previous patients--about 6,341 Medicaid beneficiaries--to fraudulently bill the program for 59,574 pairs of eyeglasses from 1995 to 2001. Provider and violation: Transportation company; Billing for services not provided; Deliberate upcoding; Case: Nearly $1.6 million in Medicaid funds was recovered from six defendants who falsely charged the Virginia Medicaid program for services never performed or improperly coded. A Virginia transportation company purchased patient identity information from other transportation companies or assisted living homes and billed Medicaid for services to patients it never served. The defendants also improperly billed Medicaid using a reimbursement code for wheelchair- bound patients that pays three times higher than the code used for transporting ambulatory patients. Provider and violation: Hospital; Deliberate upcoding; Case: A 2-year investigation into Medicaid billing practices at a Florida hospital found $2.9 million in estimated overpayments. Investigators reviewed a sample of Medicaid claims for nonemergency, routine medical services--such as well-baby care and flu shots--that were billed under a code reserved for more advanced procedures performed exclusively at a hospital. An audit of the hospital's claims revealed that 99 percent of the claims were for procedures that did not qualify to be reimbursed under this more advanced code. Provider and violation: Durable medical equipment (DME) supplier; Upcoding; Kickbacks; Case: The owner of a pharmaceutical and DME company admitted to defrauding the Indiana Medicaid program of nearly $2 million. The company used higher reimbursement codes than allowed and, in some instances, substantially inflated the cost of the drugs that were provided to Medicaid beneficiaries. The owner also paid kickbacks to nurses for referring cancer patients in need of expensive drugs and supplies to the company. Provider and violation: Medical supply company; Illegal marketing practices; Case: Medicaid programs throughout the country will share nearly $50 million recovered as part of a settlement with Abbott Laboratories over fraudulent marketing of its enteral feeding pumps, which are used to feed patients directly through the intestines. The marketing practices included providing free enteral feeding pumps to nursing homes and DME suppliers in exchange for those buyers agreeing to purchase a specific number of pump sets, which are necessary for the pumps to function. Abbott's marketing division staff told nursing homes and DME suppliers they could bill Medicare or Medicaid for the pumps, which had been supplied for free. Abbott also offered money to encourage DME suppliers and nursing homes to buy products from the company. As part of the settlement, Abbott also agreed to pay nearly $365 million in damages and penalties to the Medicare program. Source: GAO. Note: Based on state attorney general offices' summaries of closed cases. [End of table] States Report a Variety of Approaches to Prevent and Detect Improper Payments: States take various approaches to conducting program integrity activities that can result in substantial cost savings. Tightened enrollment controls allow states to more closely scrutinize those providers considered to be at high risk for improper billing. Through provider screening, stricter enrollment procedures, and reenrollment programs, states may prevent high-risk providers from enrolling or remaining in their Medicaid programs. Some states require providers to use advanced technologies to confirm beneficiary eligibility before services are rendered. States also use information systems that afford them the ability to query multiple databases efficiently in order to identify improper claims and types of providers and services most likely to foster problems. In addition, state legislatures have assisted their Medicaid agencies by directing that certain preventive or detection controls be used, or by broadening the sanctions they can use against providers that bill improperly. Most States Tighten Enrollment Controls to Keep Abusive Providers Out of Their Programs: In general, states target their program integrity procedures to those providers that pose the greatest financial risk to their Medicaid programs. They may focus on types of providers whose billing practices have exhibited unusual trends or that are not subject to state licensure.[Footnote 5] States may also focus on individual providers that have been excluded from the program in the past or for other reasons. For such providers, most states impose more rigorous enrollment checks than the minimum required by CMS.[Footnote 6] Expanded measures applied to high-risk providers include on-site inspections of the applicant's facility prior to enrollment, criminal background checks, requirements to obtain surety bonds that protect the state against certain financial losses, and time-limited enrollment. Thirty-four of the states that completed our inventory reported using at least one of these enrollment controls. On-site Inspections: Twenty-nine states reported conducting on-site inspections for providers considered at high-risk for inappropriate billing before allowing them to enroll or reenroll in their Medicaid programs.[Footnote 7] Such visits help validate a provider's existence and generate information on its service capacity. Illinois and Florida officials reported that performing on-site inspections of some providers' facilities is a valuable part of their statewide Medicaid provider enrollment control efforts. * For each targeted provider group, Illinois Medicaid staff inspect the facilities, inventory, and vehicles (in the case of nonemergency transportation providers).[Footnote 8] Officials told us that their on- site inspections prevented 49 potential providers that did not meet requirements from enrolling. By not approving these providers to bill Medicaid, Illinois officials estimated that the state avoided a total of $1 million in potentially improper payments for 2001 and 2002. * Florida uses a contractor to conduct on-site inspections of potential providers. Since April 2003, Florida Medicaid officials have required its contractor to randomly select and inspect 10 percent of all new applicants, including pharmacies, physicians, billing agents, nurses, and other types of providers. Criminal Background Checks and Surety Bonds: Thirteen states reported that they conduct criminal background checks for certain high-risk providers rather than relying solely on applicants' self-disclosures. These background checks entail verifying with law enforcement agencies the information given in provider enrollment applications regarding criminal records. As of December 2003, states conducting criminal background checks included New Jersey (for employees of pharmacies, clinical laboratories, transportation services, adult medical day care, and physician group practices), Wisconsin (for employees of licensed agencies, such as home health care agencies), and Illinois (for employees of nonemergency transportation providers). Four states that conduct criminal background checks also have the authority to require surety bonds for the targeted providers.[Footnote 9] Surety bonds, also known as performance bonds, protect the state against financial loss in case the terms of a contract are not fulfilled. Florida officials established a $50,000 bonding requirement for durable medical equipment (DME) suppliers, independent laboratories, certain transportation companies, and non-physician- owned physician groups. In Washington, home health agencies must be Medicare-certified to participate in the state's Medicaid program. Medicare requires a surety bond of $50,000 or 15 percent of annual Medicare payments to the home health agency based on the agency's most recent cost report to CMS, whichever is greater.[Footnote 10] Probationary and Reenrollment Policies: Twenty-five states require all of their Medicaid providers to periodically reapply for enrollment. This process allows state officials to verify provider information such as medical specialty credentials and ownership and licensure status. Eleven states reported having probationary and time-limited enrollment policies specifically for high-risk providers, with reenrollment requirements ranging from 6 months to 3 years. Examples of their probationary and reenrollment policies follow: * California officials estimated avoiding over $200 million in Medicaid expenditures in state fiscal year 2003 by increasing scrutiny of new provider applications and placing providers in provisional status for the first 12 to 18 months of their enrollment. Those who continue to meet the standards for enrollment and have not been terminated are converted automatically to enrolled provider status. * In Illinois, nonemergency transportation providers are on probation for the first 180 days of their enrollment. Medicaid officials explained that this probationary period gives the state time to monitor the provider's billing patterns and conduct additional on-site inspections, as needed. They said that any negative findings uncovered during the probationary period would result in a provider's immediate termination without cause, meaning the provider could not grieve the termination decision. * Nevada officials reported that certain types of providers located in the state--including dentists, DME suppliers, and home health agencies- -are permitted to enroll for only a 1-year period and must reapply each year to continue billing Medicaid. Out-of-state providers are limited to a 3-month enrollment period and must reapply to continue to bill the Nevada program. * Wisconsin officials reported that the state requires nonemergency transportation providers to reenroll annually, while all other types of providers must submit new enrollment applications every 3 years. Some States Have Strengthened Controls to Avoid Paying Inappropriate Claims: Many states deter fraud, abuse, and error by using advanced technologies and keeping their provider rolls up to date. States seek to enhance program integrity activities by investing in information technologies that enable them to preauthorize services and improve their data processing capabilities. They also contract with companies that specialize in claims and utilization review--analyses of claims to identify aberrant billing patterns--to augment their in-house capabilities. In addition, nearly all states take steps to eliminate paying claims billed under unauthorized provider numbers. Using Advanced Technology: Most states use advanced technology to prevent improper payments by requiring providers to validate beneficiary eligibility before services are rendered. For example, 32 states use online systems that require pharmacies to obtain state approval confirming a beneficiary's eligibility before filling a prescription. Using a different technology, New York implemented a system that stores information on the magnetic strip of a beneficiary's Medicaid card, which also includes the beneficiary's photo. By swiping the card, providers are able to verify eligibility before providing a service. In another application, New York uses technology to track prescribing patterns and curb overutilization. New York officials told us that physicians ordering drugs and medical supplies must use the state's interactive telephone system to obtain payment authorization numbers. This system leads physicians through a menu-driven series of questions about patient diagnosis and treatment alternatives before an authorization number is given. Officials estimated that during the 6- month period from April to September 2003, the state saved $15.4 million by using its interactive phone system for prior approvals. In addition to verifying beneficiary eligibility and controlling utilization, many states also use technology to better target their claims review efforts. Of the 47 states that completed our inventory, 34 reported targeting their reviews to claims from high-risk providers. These reviews entail verifying the appropriateness of the services billed by, and payments made to, a provider within a certain period. Twenty-one of the 34 states reported using advanced information technology to more effectively pinpoint aberrant billing patterns. These states developed data warehouses to store several years of information on claims, providers, and beneficiaries in integrated databases, and they use data-mining software to look for unusual patterns that might indicate provider abuse. Additional software detects claims with incongruous billing code combinations. For example, a state can link related service claims, such as emergency transportation invoices and hospital emergency department claims for the same client. States that use these technologies to enhance their targeted reviews include the following: * New York officials reported that targeted reviews of claims submitted by part-time clinics,[Footnote 11] mobile radiology service providers, midwives, and physician assistants saved an estimated $24.9 million in state fiscal years 2002 through 2003. * Ohio officials reported that targeted reviews by Ohio's in-house utilization review staff saved an estimated $14 million in state fiscal years 2000 through 2002. * Texas officials reported recouping over $18.9 million in state fiscal year 2003. Officials also noted that the state's targeted reviews and queries enabled them to identify weaknesses in state payment safeguards. For example, the state identified hospital "unbundling"-- billing separately for services that were already included in a combined reimbursement--through its analysis of claims data. Some states rely on contractors to supply claims review expertise that either is lacking in-house or that supplements existing staff resources. Of the states completing our national inventory, 24 states use contractors to review Medicaid claims either before or after payments are made.[Footnote 12] Colorado used contractors to increase the volume of claims reviewed. Kansas reported that its contractor's 2003 review of hospital inpatient claims resulted in recovering over $4.7 million. North Carolina officials estimated that since 1999, the state's contractors' reviews of inpatient claims resulted in an estimated 4-to-1 return on investment. Purging Inactive Billing Numbers: Out-of-date information increases the risk that Medicaid will pay individuals who are not eligible to bill the program. For instance, in California, individuals were found to have falsely billed the Medicaid program using the provider billing numbers of retired practitioners. Forty-three states reported that, at a minimum, they cancel or suspend inactive provider billing numbers.[Footnote 13] For example: * New Jersey deactivates billing numbers that have been inactive for 12 months. To reactivate their numbers, providers must submit their requests using their office letterhead. If a number is reactivated and there is no billing activity within 6 months, New Jersey will again deactivate the number. * North Carolina notifies providers with billing numbers that have been inactive for 12 months before taking any action. The state terminates the number if the provider does not respond within 30 days and updates the state's provider database each month, listing which billing numbers have been terminated. In Some States, Legislative Initiatives Have Played an Important Role in Medicaid Program Integrity Efforts: Many states have made Medicaid program integrity a priority, either through directives to employ certain preventive or detection controls or by expanding enforcement authority to use against providers that bill improperly. In some states, legislative initiatives have encouraged Medicaid program integrity units to adopt information technology; in others, legislation has expanded Medicaid agencies' authority to investigate providers and beneficiaries and impose sanctions. Of the states that completed our inventory, 24 reported having legislation mandating sanctions against fraudulent providers or beneficiaries. Examples of legislative activities from 2 states are as follows: * New Jersey: Under a 1996 law, all licensed prescribers and certain licensed health care facilities are required to use tamper-proof, nonreproducible prescription order blanks. State Medicaid officials estimated annual savings of at least $6 million since the law's implementation in 1997. The law also made prescription forgery a third- degree felony. * Texas: In September 2003, Texas law consolidated responsibility for Medicaid program integrity in the Office of Inspector General in the Health and Human Services Commission and funded 200 additional positions to investigate Medicaid fraud. The legislation also expanded the state's powers to conduct claims reviews, impose prior authorization and surety bond requirements, and issue subpoenas. The law also required that the state explore the feasibility of using biometric technology--such as fingerprint imaging--as an eligibility verification tool. Texas budget officials estimated that over a 2-year period, net savings would exceed $1 billion. CMS Has Activities to Support States' Program Integrity Efforts but Conducts Little Oversight: CMS has provided states with information, tools, and training to improve their Medicaid program integrity efforts. The agency has funded a pilot that measures payment accuracy rates and another pilot that analyzes provider billing patterns across the Medicare and Medicaid programs. In addition, CMS has facilitated states' sharing of information on program integrity issues and related federal policies. Also, CMS has conducted occasional reviews of state program integrity operations. However, these reviews are infrequent and limited in scope. CMS Fielding a Multiyear Pilot to Measure Medicaid Payment Accuracy Rates: CMS is conducting a 3-year Payment Accuracy Measurement (PAM) pilot to develop estimates of the level of accuracy in Medicaid claims payments, taking into account administrative error and estimated loss due to abuse or fraud.[Footnote 14] At its conclusion, in fiscal year 2006, PAM will become a permanent, mandatory program--to be known as the Payment Error Rate Measurement (PERM) initiative--satisfying requirements of the Improper Payments Information Act of 2002.[Footnote 15] Under PERM, states will be expected to ultimately reduce their payment error rates by better targeting program integrity activities in their Medicaid programs and the State Children's Health Insurance Program (SCHIP) and tracking their performance over time.[Footnote 16] PERM is intended to develop an aggregate measure of states' claims payment errors as well as error rates for seven health care service areas--inpatient hospital services, long-term care services, independent physicians and clinics, prescription drugs, home and community-based services, primary care case management, and other services and supplies.[Footnote 17] CMS proposes developing annual national error rate estimates from rates developed by one-third of the states rather than requiring each state to compute an error rate each year.[Footnote 18] CMS further proposes that in the 2-year period after a state determines its error rate, the state develop and implement a plan to address the causes of improper payments uncovered in its review. CMS is in the third and final year of PAM. Each year, CMS tested various measurement methodologies and expanded participation to additional states.[Footnote 19] CMS used information from the 9 states participating in PAM's first year, fiscal year 2002, to help refine the measurement methodologies for subsequent years. CMS also constructed a single model to be used by all 12 states participating in the second year of PAM, which began in fiscal year 2003. Those states that reported on Medicaid fee-for-service payment accuracy had rates ranging from 81.4 percent to 99.7 percent.[Footnote 20] Sources of inaccurate payments included incomplete documentation of a service, inappropriate coding, clerical errors, as well as provision of medically unnecessary services. In PAM's final year, fiscal year 2004, the 27 participating states will include in their claims reviews payments made under SCHIP and verification of recipient eligibility, among other things. Beginning in fiscal year 2006, the PAM pilot will transition into the PERM initiative to produce both state-specific and national estimates of Medicaid program error rates. Although state responses to CMS's pilot were generally positive, program integrity officials raised concerns about the cyclical nature of the permanent program. Officials in several states--including Illinois, Louisiana, and North Carolina--indicated concern that the 3- year cycle presents significant staffing challenges. They contend that it is impractical for a state to employ sufficient staff, with the necessary expertise, to perform these functions only once every 3 years.[Footnote 21] Officials in other states, such as New York and Washington, expressed concern that the measurement effort might result in diverting staff from ongoing, and potentially more productive, program integrity activities. In its April 2004 final report on the second year of the pilot, CMS identified high state staff turnover and limited availability of medical records as obstacles that kept some states from completing their pilots on time. CMS Pilot Links Information on Providers That Bill Both Medicare and Medicaid: In another effort to support states' program integrity activities, CMS facilitates the sharing of health benefit and claims information between the Medicaid and Medicare programs. For example, it arranged for state Medicaid agency officials to gain access to confidential provider information contained in Medicare's restricted fraud alerts (a warning against emerging schemes), provider suspension notices, and databases.[Footnote 22] One of the Medicare-Medicaid information- sharing activities is a data match pilot that received funding from several sources.[Footnote 23] The purpose of this state-operated pilot is to identify improper billing and utilization patterns by matching Medicare and Medicaid claims information on providers and beneficiaries. Such matching is important, as fraudulent schemes can cross program boundaries. CMS initiated the Medicare-Medicaid data match pilot in California in September 2001.[Footnote 24] CMS estimated that in its first year, the pilot achieved a 21-to-1 return on investment, with about $58 million in cost avoidance, savings, and overpayment recoupments to the Medicaid and Medicare programs. In addition, over 80 cases were opened against suspected fraudulent providers. For example, the pilot identified the following: * One provider billed more than 24 hours a day. Although the Medicare claims alone were not implausible, once the Medicare and Medicaid dates of service were matched, the provider showed up as billing for more than a reasonable number of hours in a day. * Several providers serving beneficiaries eligible for both programs purposely submitted flawed Medicare bills, received full payment from Medicaid based on the denied Medicare claims, then resubmitted corrected Medicare bills and were paid again. In assessing the results of the California pilot, CMS officials noted challenges that delayed implementation for about a year. These included time-consuming activities such as negotiating data-sharing agreements with the contractors that process Medicare claims and reconciling data formatting differences in Medicare and Medicaid claims. CMS officials believe that these challenges were largely due to the novel nature of the effort and that implementation should proceed more smoothly in other states. In fiscal year 2003, CMS expanded the data match pilot to six additional states: Florida, Illinois, New Jersey, North Carolina, Pennsylvania, and Texas. CMS Arranges Teleconferences for States to Share Information on Program Integrity Issues: CMS also sponsors a Medicaid fraud and abuse technical assistance group (TAG), which provides a forum for states to discuss issues, solutions, resources, and experiences. TAG meets monthly by teleconference and convenes annually in one location. Each of four geographic areas-- Midwest, Northeast, South, and West--has two TAG delegates from state Medicaid program integrity units who participate in the teleconferences. Any state may participate in the teleconferences and 18 do so regularly. Delegates discuss concerns raised by the states in their geographic regions and convey information on agenda items to their states. For example, state officials told us that they have discussed issues such as new data systems and other fraud and abuse detection tools. TAG members also use this forum to alert one another to emerging schemes. In one instance, TAG members discussed a drug diversion operation involving serostim--a drug used to treat AIDS patients for degenerative weight loss--from a Pennsylvania mail-order pharmacy. Serostim--which costs about $5,000 for a month's supply--was being sold to body builders to enhance muscle tissue. According to New York officials, over a 2-year period, the state's Medicaid expenditures for serostim increased from $4 million to $50 million. Following this discovery, several states, including New York, instituted prior authorization policies for the drug. In addition, states use TAG to communicate and propose policy changes to CMS. For example, through TAG, the states proposed that CMS modify the federal 60-day repayment rule. This rule implements a statutory requirement that state Medicaid agencies refund the federal portion of any identified overpayments within 60 days of discovery, except in cases where providers or other entities have filed for bankruptcy or gone out of business.[Footnote 25] Some states participating in TAG contend that complying with the 60-day repayment rule discourages states from pursuing complex cases for which recoveries may prove difficult and instead gives them an incentive to focus on easy overpayment cases. CMS has supported and endorsed legislative proposals to amend the statute in the case of overpayments resulting from fraud or abusive practices, proposing that the federal share be returned 60 days after recovery versus 60 days after discovery. However, CMS's efforts to change the policy have not been successful. CMS Conducts Few On-site Reviews of State Program Integrity Activities: CMS officials point to compliance reviews of the states' program integrity activities as the agency's principal means for exercising oversight. CMS conducts on-site reviews to assess whether state Medicaid program integrity efforts comply with federal requirements, such as those governing provider enrollment, claims review, utilization control, and coordination with each state's Medicaid Fraud Control Unit. Such on-site reviews typically last 5 days and are announced 30 days in advance. If reviewers find states significantly out of compliance, they may revisit the states to verify that they have taken corrective action. However, teams conducting these reviews do not evaluate the effectiveness of state activities on reducing improper payments. Staffing and funding constraints have limited this oversight effort. From January 2000 through December 2003, CMS completed reviews of 29 states. At its current pace of conducting eight state compliance reviews each year, CMS would not begin a second round of nationwide reviews before fiscal year 2007. CMS officials explained that the agency can conduct only eight reviews per year, given the resources allocated for Medicaid program integrity.[Footnote 26] For fiscal year 2004, CMS allocated eight staff nationally--about four full-time equivalent (FTE) staff in headquarters and four FTEs distributed across the agency's 10 regional offices--and an operating budget of $26,000 for overseeing the states' Medicaid program integrity activities, including the cost of conducting compliance reviews. This level of funding represents a $14,000, or 35 percent, decline from the previous year. At the peak of its funding in fiscal year 2002, CMS's operating budget for these activities was about $80,000.[Footnote 27] According to agency officials, the size of the federal Medicaid program integrity group relative to its responsibilities has resulted in its use of Medicare's program integrity resources to help implement pilot projects and conduct technical assistance activities. From the states' perspective, compliance reviews have provided useful information for identifying needed areas of improvement and potential best practices. For example, Michigan officials told us that after CMS's review, they took steps to strengthen their provider enrollment activities. In another state, CMS discovered numerous areas of noncompliance. The state agency's provider enrollment processes did not require applicants to disclose prior criminal convictions or business ownership and control. The state agency also did not investigate potential instances of fraud and abuse identified by its SURS unit or beneficiary complaints, or make the required referrals to the state Medicaid Fraud Control Unit. As a result of these findings, CMS required the state to develop a corrective action plan. About a year later, the review team revisited the state and learned that it had begun to implement corrective actions. CMS has pointed to its compliance reviews of the states' program integrity activities as providing the agency with information on the states' strengths and vulnerabilities to improper payments. However, as we reported in February 2002, these structured site reviews focus on state compliance and do not evaluate the effectiveness of the states' fraud and abuse prevention and detection activities for reducing improper payments.[Footnote 28] Concluding Observations: The varied and substantial cases of Medicaid fraud or abuse that have been uncovered around the country reaffirm the need for Medicaid agencies to safeguard program dollars. Such losses have prompted program integrity units and legislatures in many states to take active roles in prevention and detection efforts. In their attempts to limit improper payments, states have pursued a broad range of methods, such as tightened provider enrollment and advanced claims review techniques. As some states report identifying substantial cost savings, further enhancements in program integrity activities are likely to generate positive returns on such investments. At the same time, there may be a disparity between the level of CMS resources devoted to Medicaid program integrity and the program's vulnerability to financial losses. On its current schedule for conducting state program integrity compliance reviews, CMS will not obtain a programwide picture of states' prevention and detection activities more than once every 6 years. Moreover, because these reviews are limited in scope, CMS does not evaluate states' effectiveness in addressing improper payments. In addition, findings from the payment accuracy pilot indicate a need for CMS to further enhance state efforts to prevent and detect payment errors. Agency Comments and Our Evaluation: In written comments on a draft of this report, CMS officials took issue with our observation that the level of resources devoted to federal oversight of states' program integrity activities may be inconsistent with the financial risks to the program. They pointed out that the agency's program integrity work should be viewed as part of its broader financial management of state Medicaid programs. Officials noted that 65 financial management staff in CMS regional offices review Medicaid expenditures, conduct financial management reviews, provide technical assistance to states on financial policy issues, and analyze state cost allocation and administrative claiming plans. Officials also stated that the agency expects to hire 100 new Medicaid financial management staff this fiscal year and has contracted with HHS OIG to perform additional auditing. (See app. II.) We commend CMS for the actions it has begun to take to address its Medicaid financial management challenges. As we have reported in recent years, CMS had fallen short in providing the level of oversight required to ensure states' Medicaid financial responsibility.[Footnote 29] When fully implemented, CMS's efforts to increase the number of staff dedicated to reviewing the states' financial management reports should help it strengthen the fiscal integrity of Medicaid's state and federal partnership. However, financial management and program integrity, while related functions, are not interchangeable. Financial management focuses on the propriety of states' claims for federal reimbursement, such as the matching, administrative, and disproportionate share funds that CMS provides the states. In contrast, program integrity--the focus of this report--addresses federal and state efforts to ensure the propriety of payments made to providers. Unlike the commitment to expand resources for Medicaid financial management activities, CMS has not indicated a similar commitment to enhancing its support and oversight of states' program integrity efforts. CMS officials also provided technical comments, which we incorporated into the report where appropriate. As agreed with your office, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days after its date. At that time, we will send copies of this report to the Secretary of HHS, Administrator of CMS, appropriate congressional committees, and other interested parties. In addition, this report will be available at no charge on GAO's Web site at http://www.gao.gov. We will also make copies available to others upon request. If you or your staff have any questions about this report, please call me at (312) 220-7600. Another contact and key contributors to this report are listed in appendix III. Sincerely yours, Signed by: Leslie G. Aronovitz: Director, Health Care--Program Administration and Integrity Issues: [End of section] Appendix I: States' Approaches to Medicaid Program Integrity: [See PDF for image] Note: We asked officials in 50 states and the District of Columbia to provide information on their Medicaid program integrity activities. We received 47 responses and did not verify the accuracy of the responses. Indiana, Nebraska, Rhode Island, and Vermont did not participate. [A] A surety bond may protect the state against certain financial losses. [B] A data warehouse stores information on claims, providers, and beneficiaries in an integrated database. [C] Data mining is the analysis of large databases to identify unusual utilization patterns. [D] Data matching and modeling are techniques that allow comparisons of providers within specialties to determine normative patterns in claims data so that aberrant patterns can be identified. [E] Smart technology is software that analyzes patterns in claims data and feeds the information back into the system to identify new patterns. [F] A drug formulary is a list of prescription medications approved for coverage. [G] National Association of Surveillance and Utilization Review Officials. [End of figure] [End of section] Appendix II: Comments from the Centers for Medicare & Medicaid Services: DEPARTMENT OF HEALTH & HUMAN SERVICES: Centers for Medicare & Medicaid Services: Administrator: Washington, DC 20201: DATE: JUN 16 2004: TO: Leslie G. Aronovitz: Director, Health Care-Program Administration and Integrity Issues: FROM: Mark B. McClellan, M.D., Ph.D.: Administration and Integrity Issues: SUBJECT: General Accounting Office (GAO) Draft Report: MEDICAID PROGRAM INTEGRITY-State and Federal Efforts to Prevent and Detect Improper Payments (GAO-04-707): Thank you for the opportunity to review and comment on the above GAO draft report. The Centers for Medicare & Medicaid Services (CMS) is committed to assuring the program integrity (PI) of the Medicaid program, as well as the Medicare program. Over the past several years, we have implemented a number of initiatives and programs designed to enhance and strengthen the overall PI effort. We have also emphasized and taken actions to greatly increase the coordination and integration of Medicare and Medicaid PI efforts. As there are no recommendations included in this report, the following are CMS' general comments to the report. From a global perspective, the report states "CMS oversight of the states' Medicaid program integrity efforts is disproportionately small relative to the size of Federal investment and risk of serious financial loss." This statement implies that the several CMS activities reviewed in the report represent the totality of CMS' financial management oversight of State Medicaid programs. In fact, the GAO report focuses on a subset of CMS' Medicaid financial oversight activities. For example, it does not mention the work done by 65 regional office financial management staff in reviewing quarterly state Medicaid expenditure reports, conducting focused financial management reviews in high-risk areas, providing technical assistance and direction to states on a myriad of financial policy and operational issues, and analyzing state cost allocation and administrative claiming plans. Nor does the report refer to the 100 new Medicaid financial management staff being hired by CMS this fiscal year (FY), or to CMS' contract with the Office of Inspector General (OIG) for additional audits in states and topical areas identified by CMS. In short, it is critical that the GAO include in this report an explicit disclaimer to the effect that the subject review focused narrowly on several program integrity activities, and not on the full spectrum of CMS' Medicaid financial oversight activities. Attached are CMS' detailed comments to GAO's specific statements. Attachment: [End of section] Appendix III: GAO Contact and Staff Acknowledgments: GAO Contact: Rosamond Katz, (202) 512-7148: Acknowledgments: In addition to the contact named above, Enchelle Bolden, Helen Chung, Hannah Fein, Shirin Hormozi, and Geri Redican made key contributions to this report. FOOTNOTES [1] U.S. General Accounting Office, Major Management Challenges and Program Risks: Department of Health and Human Services, GAO-03-101 (Washington, D.C.: January 2003). [2] Officials in the 50 states and the District of Columbia were asked to complete our inventory; we received 47 responses. Although we did not validate the information received, we contacted several states to verify responses that appeared inconsistent with information previously reported to us. [3] The 56 Medicaid programs include one for each of the 50 states, the District of Columbia, Puerto Rico, and the U.S. territories of American Samoa, Guam, Northern Mariana Islands, and Virgin Islands. Hereafter, all 56 entities are referred to as states. [4] MMIS is an automated claims payment and information retrieval system, with which states verify the accuracy of claims, the correct use of payment codes, and patients' Medicaid eligibility. States are required by law to have such a system. See Social Security Act, � 1903(r). A system such as SURS is also required by statute. See Social Security Act, � 1902(a)(30). [5] For example, Illinois officials said their analysis of Medicaid claims showed providers in unregulated industries--nonemergency transportation and some durable medical equipment suppliers--presented a higher risk for abusive billing behavior than those subject to the oversight of professional licensure boards. [6] CMS requires that states screen applicants by asking if they have ever been convicted of a crime related to their involvement in Medicare, Medicaid, or Title XX Block Grants programs. See 42 C.F.R. � 455.106(a)(2)(2003). [7] Seventeen states reported conducting on-site inspections in June 2001. See U.S. General Accounting Office, Medicaid: State Efforts to Control Improper Payments Vary, GAO-01-662 (Washington, D.C.: June 7, 2001). Since our 2001 report, 14 additional states have begun to conduct on-site investigations for certain targeted types of providers, while 2 states no longer conduct them. [8] Nonemergency transportation is a ride, or reimbursement for a ride, provided to Medicaid beneficiaries with no other transportation resources so that they can receive services from a medical provider. [9] Illinois officials reported that they are drafting surety bond requirements for nonemergency transportation providers. California, North Carolina, Texas, and Wisconsin reported that they either have or are seeking state legislation to require surety bonds for various types of providers. [10] CMS requires that home health agencies annually submit financial documents supporting their costs in order to receive Medicare payments. [11] According to New York Medicaid officials, part-time clinics involve providers who work out of multiple locations. The state permits providers to work and claim Medicaid reimbursements from up to 20 clinic locations. New York identified part-time clinics as a type of provider with a high probability of improper billing after finding one provider with 694 part-time locations. [12] Prepayment reviews typically include verifying the mathematical accuracy of claims, the correct use of payment codes, and patients' Medicaid eligibility. Such reviews help ensure that services listed on claims are covered, medically necessary, and paid in accordance with state and federal requirements. Postpayment reviews may be more comprehensive, to include scrutiny of the medical records used to support the claimed service. [13] This represents an increase of 14 states since our last state inventory in June 2001. [14] The Health Care Fraud and Abuse Control program--designed to coordinate federal, state, and local antifraud efforts under the joint direction of HHS and the Department of Justice--funded all 3 years of the PAM pilot at a total of about $11.7 million. [15] The Improper Payments Information Act of 2002, Pub. L. No. 107- 300, 116 Stat. 2350, requires that each agency responsible for federal programs and activities with estimated improper payments exceeding $10 million annually report the estimates and planned corrective actions to the Congress. Office of Management and Budget guidance on the act limits this reporting requirement to programs and activities with estimated payments exceeding both $10 million and 2.5 percent of annual program payments. [16] SCHIP, Pub. L. No. 105-33, � 4901, 111 Stat. 251, 552-70 (1997), is a jointly funded federal/state program that provides health insurance to children in low-income families who do not qualify for Medicaid and are not covered by other health insurance. [17] Under primary care case management, providers are paid a monthly per capita fee to coordinate care for beneficiaries. [18] CMS proposes using a stratified random sample, without replacement, to determine which states will be selected for measurement. The random sample is intended to ensure that each cycle will have similar proportions of large, medium, and small states. [19] CMS reimbursed the states for 100 percent of their costs for the pilot. When PERM is implemented, in fiscal year 2006, the states will be reimbursed at their customary administrative matching rate of 50 percent. [20] In calculating payment accuracy rates, CMS determined that overpayments and underpayments would "offset" each other in a manner that is similar to the way that both the HHS OIG Chief Financial Officers Audit and the Comprehensive Error Rate Testing program have defined payment error for the Medicare program. States were asked to subtract the value of underpayments from overpayments to determine the net value of inaccurate payments. See Centers for Medicare & Medicaid Services, Center for Medicaid and State Operations, Finance, Systems and Budget Group, Payment Accuracy Measurement Project: Year 2 Final Report (Baltimore: April 2004). [21] In response to the states' concerns about the PERM 3-year cycle and the OIG's concerns regarding the stratified random selection of which states conduct PERM studies, CMS has proposed that all states be required to conduct such studies annually. This proposal is pending in the federal rule-making process. [22] Specifically, CMS facilitated state access to two confidential databases that Medicare contractors developed to assist in their program integrity efforts. The Fraud Investigation Database contains detailed information on providers involved in potential fraud and abuse cases. The Medicare Exclusion Database contains information on provider exclusions, sanctions, and reinstatements in a standard, cumulative format with monthly updates. [23] CMS's Medicare Integrity Program largely funded the initial pilot, with supplemental funding--$1 million in fiscal year 2002 and $2.4 million in fiscal year 2003--from the FBI. Most of the funding for the data match pilot comes from the Health Care Fraud and Abuse Control Program. [24] California has more Medicare and Medicaid beneficiaries than any other state--7 million enrolled in Medicaid and 4 million in Medicare. Combined state and federal annual expenditures for both programs are about $47.6 billion. [25] Section 1903(d)(2) of the Social Security Act and 42 C.F.R. �� 433.300 et seq. (2003). [26] Review teams are composed of one person from CMS headquarters and two staff members from a region that does not have oversight responsibility for the state under review. [27] Until fiscal year 2003, oversight activities were funded through CMS's Southern Consortium, composed of the Atlanta and Dallas regional offices. Financial responsibility shifted to CMS headquarters in fiscal year 2004, when the agency abandoned its consortia approach to fraud and abuse control. [28] U.S. General Accounting Office, Medicaid Financial Management: Better Oversight of State Claims for Federal Reimbursement Needed, GAO-02-300 (Washington, D.C.: Feb. 28, 2002). [29] GAO-03-101. GAO's Mission: The Government Accountability Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: