Medicaid Fraud and Abuse
CMS's Commitment to Helping States Safeguard Program Dollars Is Limited
Gao ID: GAO-05-855T June 28, 2005
Today's hearing addresses fraud and abuse control in Medicaid, a program that provides health care coverage for eligible low-income individuals and is jointly financed by the federal government and the states. In fiscal year 2003, Medicaid covered nearly 54 million people and the program's benefit payments totaled roughly $261 billion, of which the federal share was about $153 billion. States are primarily responsible for ensuring appropriate payments to Medicaid providers through provider enrollment screening, claims review, overpayment recoveries, and case referrals. At the federal level, the Centers for Medicare & Medicaid Services (CMS) is responsible for supporting and overseeing state fraud and abuse control activities. Last year, GAO reported that CMS had initiatives to assist states, but the dollar and staff resources allocated to oversight suggested that CMS's level of effort was disproportionately small relative to the risk of federal financial loss. Concerned about the stewardship of federal Medicaid funds, Congress has raised questions about CMS's commitment to Medicaid fraud and abuse control. This statement focuses on (1) the level of resources CMS currently applies to helping states prevent and detect fraud and abuse in the Medicaid program and (2) the implications of this level of support for CMS fraud and abuse control activities.
Since GAO reported last year, the resources CMS expends to support and oversee states' Medicaid fraud and abuse control activities remain out of balance with the amount of federal dollars spent annually to provide Medicaid benefits. In fiscal year 2005, CMS's total staff resources allocated to these activities was about 8.1 full-time equivalent (FTE) staffing units--approximately 3.6 FTEs at headquarters and 4.5 FTEs in the regional offices. Among CMS's 10 regional offices--each of which oversees states whose Medicaid outlays include billions of federal dollars--7 offices each have a fraction of an FTE and the rest each have less than 2 FTEs allocated to Medicaid fraud and abuse control efforts. Moreover, the placement of the Medicaid fraud and abuse control staff at headquarters--apart from the agency's office responsible for other antifraud and abuse activities--as well as a lack of specified goals for Medicaid fraud and abuse control raise questions about the agency's level of commitment to improve states' activities in this area. CMS's support and oversight initiatives include a pilot project for states to enhance claims scrutiny activities by coordinating with the Medicare program. Despite the project's positive results in several states, less than one-fifth of the states currently participate in the project and resource constraints may require CMS to scale back these efforts instead of expanding them to additional states that are seeking to participate. Similarly, CMS's support activities--such as conducting national conferences, regional workshops, and training--have been terminated altogether. The frequency of CMS's on-site reviews of states' fraud and abuse control activities--about seven to eight visits a year--has not changed since GAO reported on this last year. This means that federal oversight of a state's Medicaid program safeguards will not occur, at best, more than once every 7 years. Relatively few and questionably aligned resources and an absence of strategic planning underscore the limited commitment CMS has made to strengthening states' ability to curb fraud and abuse. Despite the millions of dollars CMS receives annually from a statutorily established fund for fraud and abuse control, the agency has not allocated these resources to sufficiently fund initiatives that can help states increase the effectiveness of their Medicaid fraud and abuse control efforts. Developing a strategic plan for Medicaid fraud and abuse control activities would give CMS a basis for providing resources that reflect the financial risk to the federal government. In discussing the facts in this statement with a CMS Medicaid official, he stated that the agency does not view antifraud and abuse initiatives as separate from financial oversight, an area that has received substantial resources in recent years. While we agree that financial management is important to program integrity, we believe that an increased commitment to helping states fight fraud and abuse is warranted.
GAO-05-855T, Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited
This is the accessible text file for GAO report number GAO-05-855T
entitled 'Medicaid Fraud and Abuse: CMS's Commitment to Helping States
Safeguard Program Dollars Is Limited' which was released on June 28,
2005.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony:
Before the Committee on Finance, U.S. Senate:
United States Government Accountability Office:
GAO:
For Release on Delivery Expected at 10:00 a.m. EDT:
Tuesday, June 28, 2005:
Medicaid Fraud and Abuse:
CMS's Commitment to Helping States Safeguard Program Dollars Is
Limited:
Statement of Leslie G. Aronovitz:
Director, Health Care:
GAO-05-855T:
GAO Highlights:
Highlights of GAO-05-855T, a testimony before the Committee on Finance,
U.S. Senate:
Why GAO Did This Study:
Today‘s hearing addresses fraud and abuse control in Medicaid, a
program that provides health care coverage for eligible low-income
individuals and is jointly financed by the federal government and the
states. In fiscal year 2003, Medicaid covered nearly 54 million people
and the program‘s benefit payments totaled roughly $261 billion, of
which the federal share was about $153 billion.
States are primarily responsible for ensuring appropriate payments to
Medicaid providers through provider enrollment screening, claims
review, overpayment recoveries, and case referrals. At the federal
level, the Centers for Medicare & Medicaid Services (CMS) is
responsible for supporting and overseeing state fraud and abuse control
activities. Last year, GAO reported that CMS had initiatives to assist
states, but the dollar and staff resources allocated to oversight
suggested that CMS‘s level of effort was disproportionately small
relative to the risk of federal financial loss.
Concerned about the stewardship of federal Medicaid funds, this
Committee has raised questions about CMS‘s commitment to Medicaid fraud
and abuse control. This statement focuses on (1) the level of resources
CMS currently applies to helping states prevent and detect fraud and
abuse in the Medicaid program and (2) the implications of this level of
support for CMS fraud and abuse control activities.
What GAO Found:
Since GAO reported last year, the resources CMS expends to support and
oversee states‘ Medicaid fraud and abuse control activities remain out
of balance with the amount of federal dollars spent annually to provide
Medicaid benefits. In fiscal year 2005, CMS‘s total staff resources
allocated to these activities was about 8.1 full-time equivalent (FTE)
staffing units”approximately 3.6 FTEs at headquarters and 4.5 FTEs in
the regional offices. Among CMS‘s 10 regional offices”each of which
oversees states whose Medicaid outlays include billions of federal
dollars”7 offices each have a fraction of an FTE and the rest each have
less than 2 FTEs allocated to Medicaid fraud and abuse control efforts.
Moreover, the placement of the Medicaid fraud and abuse control staff
at headquarters”apart from the agency‘s office responsible for other
antifraud and abuse activities”as well as a lack of specified goals for
Medicaid fraud and abuse control raise questions about the agency‘s
level of commitment to improve states‘ activities in this area.
CMS‘s support and oversight initiatives include a pilot project for
states to enhance claims scrutiny activities by coordinating with the
Medicare program. Despite the project‘s positive results in several
states, less than one-fifth of the states currently participate in the
project and resource constraints may require CMS to scale back these
efforts instead of expanding them to additional states that are seeking
to participate. Similarly, CMS‘s support activities”such as conducting
national conferences, regional workshops, and training”have been
terminated altogether. The frequency of CMS‘s on-site reviews of
states‘ fraud and abuse control activities”about seven to eight visits
a year”has not changed since GAO reported on this last year. This means
that federal oversight of a state‘s Medicaid program safeguards will
not occur, at best, more than once every 7 years.
Relatively few and questionably aligned resources and an absence of
strategic planning underscore the limited commitment CMS has made to
strengthening states‘ ability to curb fraud and abuse. Despite the
millions of dollars CMS receives annually from a statutorily
established fund for fraud and abuse control, the agency has not
allocated these resources to sufficiently fund initiatives that can
help states increase the effectiveness of their Medicaid fraud and
abuse control efforts. Developing a strategic plan for Medicaid fraud
and abuse control activities would give CMS a basis for providing
resources that reflect the financial risk to the federal government.
In discussing the facts in this statement with a CMS Medicaid official,
he stated that the agency does not view antifraud and abuse initiatives
as separate from financial oversight, an area that has received
substantial resources in recent years. While we agree that financial
management is important to program integrity, we believe that an
increased commitment to helping states fight fraud and abuse is
warranted.
www.gao.gov/cgi-bin/getrpt?GAO-05-855T.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Leslie G. Aronovitz at
(312) 220-7600.
[End of section]
Mr. Chairman and Members of the Committee:
I am pleased to be here today as you discuss fraud and abuse control in
Medicaid, a program that provides health care coverage for eligible low-
income individuals and is jointly financed by the federal government
and the states. In fiscal year 2003, Medicaid covered nearly 54 million
people, and the program's benefit payments totaled $261 billion, of
which the federal share was about $153 billion. Because fraud and abuse
by their nature are unknown until detected, the amount of Medicaid
funds lost through health care providers' inappropriate billings cannot
be precisely quantified. Some states have made estimates of their
respective programs' improper Medicaid payment rates that reflect not
only fraudulent and abusive billings but also inadvertent billing
errors, such as clerical mistakes. A nationwide improper payment rate
for Medicaid has not been made, but even a rate as low as 3 percent
would mean a loss of almost $4.6 billion in federal funds in fiscal
year 2003. To put this hypothetical figure in perspective, it is
roughly the amount that the federal government spent in fiscal year
2003 on the State Children's Health Insurance Program (SCHIP).[Footnote
1]
Such a drain of vital program dollars is a detriment to both taxpayers
and beneficiaries. For example, paying for services billed but not
provided wastes funds that could have been used for health care. For
example, in 2004, the owners of a Louisiana health care clinic were
found guilty of billing the program more than $400,000 for health care
screening services, nurse consultations, and nutrition consultations
never provided. Alternatively, paying for unnecessary services can have
a substantial, if not quantifiable, impact on health care quality.
Consider the charge in 2004 against 20 dentists in California for
conspiracy to defraud the state's Medicaid program of $4.5 million. As
part of the conspiracy, the dentists billed Medicaid for unnecessary or
inappropriate services that placed patients at risk by reusing dental
instruments without sterilizing them, performing dental surgeries
without adequate anesthesia, developing treatment plans that called for
unneeded root canals and fillings, and forcibly restraining children
during dental operations.
States are primarily responsible for the fight against Medicaid fraud
and abuse. Specifically, they are responsible for ensuring the
legitimacy of providers billing the program, detecting improper
payments, recovering overpayments, and referring suspected cases of
fraud and abuse to law enforcement authorities. At the federal level,
the Centers for Medicare & Medicaid Services (CMS) in the Department of
Health and Human Services (HHS) is responsible for supporting and
overseeing state fraud and abuse control activities. Last year, we
reported that CMS had initiatives to assist states in combating fraud
and abuse in their Medicaid programs, but its oversight of states'
activities in this area was limited.[Footnote 2] The dollar and staff
resources allocated to compliance reviews suggested that CMS's level of
effort was disproportionately small relative to the risk of serious
financial loss.
Concerned about the stewardship of federal Medicaid funds, this
Committee has raised questions about CMS's commitment to Medicaid fraud
and abuse control. It is important to note that activities designed to
prevent, detect, and recover improper payments made to providers
resulting from fraud and abuse are a component of ensuring Medicaid
program integrity. These activities are valuable not only from a
financial standpoint but also have a sentinel effect on providers that
may otherwise consider billing the program inappropriately. Another
component is financial management activities, which involve the
oversight of state claims for federal reimbursement, including the
matching, administrative, and disproportionate share funds that CMS
provides the states.[Footnote 3] While these program integrity
functions are related, they are not interchangeable. My remarks today
will focus on (1) the level of resources CMS currently applies to
helping states prevent and detect fraud and abuse in the Medicaid
program and (2) the implications of this level of support for CMS fraud
and abuse control activities.
To do this work, we reviewed agency documents on Medicaid program
safeguard support and oversight activities as well as our issued
reports on this topic. We also interviewed officials at headquarters
and CMS's 10 regional offices. We conducted our work in May and June
2005 in accordance with generally accepted government auditing
standards.
In summary, since we reported last year, the resources CMS expends to
support and oversee states' Medicaid fraud and abuse control activities
remain out of balance with the amount of federal dollars spent annually
to provide Medicaid benefits.[Footnote 4] In fiscal year 2005, CMS's
total staff resources allocated to these activities was about 8.1 full-
time equivalent (FTE) staffing units--approximately 3.6 FTEs at
headquarters and 4.5 FTEs in the regional offices. Among CMS's 10
regional offices--each of which oversees states whose Medicaid outlays
include billions of federal dollars--7 offices each have less than 1
FTE and the rest each have less than 2 FTEs allocated to Medicaid fraud
and abuse control efforts. Moreover, the placement of the Medicaid
fraud and abuse control staff at headquarters--apart from the agency's
office responsible for other antifraud and abuse activities--as well as
a lack of specified goals for Medicaid fraud and abuse control raise
questions about the agency's level of commitment to improving states'
activities in this area.
CMS's support and oversight initiatives include a pilot project for
states to enhance claims scrutiny activities by coordinating with the
Medicare program. Despite the project's positive results in several
states, less than one-fifth of the states currently participate in the
project, and resource constraints may require CMS to scale back these
efforts instead of expanding them to additional states that are seeking
to participate. Similarly, some of CMS's other support activities--such
as conducting national conferences, regional workshops, and training--
have been terminated altogether. The frequency of CMS's on-site reviews
of states' fraud and abuse control activities remains about seven to
eight visits a year. This means that federal oversight of a state's
Medicaid program safeguards will not occur, at best, more than once
every 7 years.
In discussing the facts in this statement with a CMS Medicaid official,
he stated that the agency does not view antifraud and abuse initiatives
as separate from financial oversight, an area that has received
substantial resources in recent years. While we agree that financial
management is important to program integrity, we believe that an
increased commitment to helping states fight fraud and abuse is
warranted.
Background:
Although jointly financed by the states and the federal government,
Medicaid is administered directly by the states and consists of 56
distinct state-level programs.[Footnote 5] Within broad federal
guidelines, each program establishes its own eligibility standards;
determines the type, amount, duration, and scope of covered services;
and sets payment rates. In general, the federal government matches
state Medicaid spending for medical assistance according to a formula
based on each state's per capita income. In fiscal year 2004, the
federal contribution ranged from 50 to 77 cents of every state dollar
spent on medical assistance. For most state Medicaid administrative
costs, the federal match rate is 50 percent.[Footnote 6]
As program administrators, states have primary responsibility for
conducting program integrity activities that address provider
enrollment, claims review, and case referrals. Specifically, federal
statute or CMS regulations require states to:
* collect and verify basic information on potential providers,
including whether the providers meet state licensure requirements and
are not prohibited from participating in federal health care programs;
* have an automated claims payment and information retrieval system--
intended to verify the accuracy of claims, the correct use of payment
codes, and patients' Medicaid eligibility--and a claims review system-
-intended to develop statistical profiles on services, providers, and
beneficiaries to identify potential improper payments;[Footnote 7] and:
* refer suspected overpayments or overutilization cases to other units
in the Medicaid agency for corrective action and potential fraud cases,
generally, to the state's Medicaid Fraud Control Unit for investigation
and prosecution.[Footnote 8]
As noted in our 2004 report,[Footnote 9] states use a variety of
controls and safeguards to stem improper provider payments. For
example, states target high-risk providers seeking to bill Medicaid
with on-site facility inspections, criminal background checks, and
probationary or time-limited enrollment. States also reported using
information technology to integrate databases containing provider,
beneficiary, and claims information and to increase the effectiveness
of their utilization reviews. Various states individually attributed
cost savings or recoupments to these efforts valued in the millions of
dollars.
In contrast, CMS's role in curbing fraud and abuse in the Medicaid
program is largely one of support to the states. As we reported last
year,[Footnote 10] CMS administers two pilot projects--one focused on
measuring the accuracy of a state's Medicaid claims payments (Payment
Accuracy Measurement (PAM)) and the other focused on improper billing
detection and utilization patterns by linking Medicare and Medicaid
claims information (Medi-Medi). CMS also sponsors general technical
assistance and information-sharing through its Medicaid fraud and abuse
technical assistance group (TAG). In addition, CMS performs oversight
of states' Medicaid fraud and abuse control activities. (See table 1.)
Table 1: CMS Activities to Support and Oversee States' Fraud and Abuse
Control Efforts, Fiscal Year 2004:
CMS initiatives: PAM/PERM;
Description: CMS conducted a 3-year pilot called PAM to develop
estimates of the accuracy of Medicaid claims payments. In fiscal year
2006, PAM will become a permanent, mandatory program--to be known as
the Payment Error Rate Measurement (PERM) initiative--as required by
the Improper Payments Information Act of 2002.[A] Under PERM, states
will be expected to ultimately reduce their payment error rates over
time by better targeting program integrity activities in their Medicaid
and SCHIP programs.
CMS initiatives: Medi-Medi;
Description: Under this program, CMS facilitates the sharing of
information between the Medicaid and Medicare programs. Medi-Medi is a
data match pilot designed to identify improper billing and utilization
patterns by matching Medicare and Medicaid claims information on
providers and beneficiaries. Such matching is important, as fraudulent
schemes can cross program boundaries.
CMS initiatives: TAG;
Description: Through telephone conferencing, CMS provides a forum for
states to discuss issues, solutions, resources, and experiences on
fraud and abuse issues. Any state may participate; roughly one-third do
so regularly. States have also used the TAG to propose policy changes
to CMS.
CMS initiatives: Compliance reviews;
Description: CMS conducts on-site reviews to assess whether state
Medicaid fraud and abuse control efforts comply with federal
requirements, such as those governing provider enrollment, claims
review, utilization control, and coordination with each state's
Medicaid Fraud Control Unit. If reviewers find states significantly out
of compliance, they may revisit the states to verify that they have
taken corrective action.
Source: GAO, Medicaid Program Integrity: State and Federal Efforts to
Prevent and Detect Improper Payments, GAO-04-707 (Washington, D.C.:
July 16, 2004).
[A] Pub. L. No. 107-300, 116 Stat. 2350.
[End of table]
CMS Expends Limited Resources and Lacks Coherent Plan to Improve
States' Medicaid Fraud and Abuse Control Activities:
A wide disparity exists between the level of resources CMS expends to
support and oversee states' fraud and abuse control activities and the
amount of federal dollars at stake in Medicaid benefit payments. In
addition, CMS's organizational placement of staff and lack of strategic
planning suggest a limited commitment to improving states' Medicaid
fraud and abuse control efforts.
Disparity Exists between Level of Resources and Program's Financial
Risk:
The resources CMS devotes to working with states to fight Medicaid
fraud and abuse do not appear to be commensurate with the size of the
program's financial risk. In fiscal year 2005, CMS's Medicaid staff
resources allocated to supporting or overseeing states' anti-fraud and
abuse operations was an estimated 8.1 FTEs--3.6 FTEs at headquarters
and 4.5 FTEs in the regional offices.[Footnote 11] Staff at
headquarters are engaged in arranging and conducting the on-site
compliance reviews of states' fraud and abuse control efforts and in
information-sharing activities. Staff at the regional offices also
participate in the state compliance reviews and respond to state
inquiries. Canvassing the 10 regional CMS offices, we found that 7
regions each have a fraction of an FTE and the rest each have less than
2 FTEs devoted to providing assistance on fraud and abuse issues. For
example, Region IV--which covers eight states and accounted for $33
billion of federal funds for Medicaid benefits in fiscal year 2004--
reported having 1 FTE devoted to Medicaid fraud and abuse control
activities. (See table 2.)
Table 2: Federal Share of Medicaid Benefit Dollars and CMS Staff
Devoted to States' Fraud and Abuse Control Efforts:
CMS office: Region I;
Office jurisdiction: Connecticut, Maine, Massachusetts, New Hampshire,
Rhode Island, and Vermont;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $9.2;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 1.
CMS office: Region II;
Office jurisdiction: New York, New Jersey, the U.S. Virgin Islands, and
Puerto Rico;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $26.0;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 1.
CMS office: Region III;
Office jurisdiction: Delaware, Maryland, Pennsylvania, Virginia, West
Virginia, and the District of Columbia;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $15.2;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 1.
CMS office: Region IV;
Office jurisdiction: Alabama, North Carolina, South Carolina, Florida,
Georgia, Kentucky, Mississippi, and Tennessee;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $33.0;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 2.
CMS office: Region V;
Office jurisdiction: Illinois, Indiana, Michigan, Minnesota, Ohio, and
Wisconsin;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $25.9;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 2.
CMS office: Region VI;
Office jurisdiction: Arkansas, Louisiana, New Mexico, Oklahoma, and
Texas;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $19.2;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 2.
CMS office: Region VII;
Office jurisdiction: Iowa, Kansas, Missouri, and Nebraska;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $7.4;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 1.
CMS office: Region VIII;
Office jurisdiction: Colorado, Montana, North Dakota, South Dakota,
Utah, and Wyoming;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $3.8;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 1.
CMS office: Region IX;
Office jurisdiction: Arizona, California, Hawaii, Nevada, the
territories of American Samoa, Guam, and the Commonwealth of the
Northern Mariana Islands;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $20.9;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 1.
CMS office: Region X;
Office jurisdiction: Alaska, Idaho, Oregon, and Washington;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $5.6;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): Less than 1.
CMS office: All regions;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): 4.5.
CMS office: CMS headquarters;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): 3.6.
CMS office: Total CMS;
Fiscal year 2004 federal share of Medicaid benefit outlays (dollars in
billions): $166.1;
Fiscal year 2005 CMS staff devoted to Medicaid fraud and abuse control
(estimated FTEs): 8.1.
Source: GAO compilation of CMS information.
Note: Federal outlays do not add up to the total due to rounding.
[End of table]
For fiscal year 2006, CMS's budget has no line item devoted to Medicaid
fraud and abuse control activities. The project to estimate payment
error rates known as PAM/PERM (required by statute) and the Medi-Medi
pilot project (with benefits accruing to both programs) are financed
through a statutorily established fund--the Health Care Fraud and Abuse
Control (HCFAC) account.[Footnote 12] (See table 3.) The HCFAC monies
from which these two projects are largely financed are known as "wedge"
funds. As CMS's distribution of these funds varies from year to year,
the level of support for fraud and abuse control initiatives is
uncertain and depends on the priorities set by the agency. For example,
fiscal year 2005 funds allocated from the HCFAC account for PAM/PERM
and Medi-Medi were less than half the funds allocated in fiscal year
2004. In contrast, Medicare fraud and abuse control activities at CMS
are financed primarily through earmarked funds from another HCFAC
component--the Medicare Integrity Program.
Table 3: HCFAC Wedge Funds Allocated for CMS Activities That Address
Medicaid Fraud and Abuse:
Dollars in thousands.
PAM/PERM;
Fiscal year 2004: $4,121;
Fiscal year 2005: $1,200.
Medi/Medi (Medicaid share);
Fiscal year 2004: $3,691;
Fiscal year 2005: $2,439.
Total;
Fiscal year 2004: $7,812;
Fiscal year 2005: $3,639.
Source: CMS.
Note: We estimated that, in addition to the wedge funds, FBI funding
(Medicaid share) was about $1.5 million in fiscal year 2004 and about
$500,000 in fiscal year 2005.
[End of table]
CMS's Medicaid compliance reviews are funded through a different
source--HHS's budget appropriation. In fiscal year 2004, the budget for
this activity was $26,000, down from $40,000 in fiscal year 2003 and
$80,000 in fiscal year 2002.[Footnote 13]
CMS Structure and Lack of Planning Suggest Weak Commitment to
Supporting States' Medicaid Fraud and Abuse Control Efforts:
The placement of Medicaid's antifraud and abuse function in CMS's
organizational structure and a lack of stated goals and objectives
suggests a limited institutional commitment to Medicaid fraud and abuse
control activities. Currently, two different headquarters offices are
charged with working with states on fraud and abuse issues. CMS's
Office of Financial Management staffs the PAM/PERM and Medi-Medi
initiatives, while the Center for Medicaid and State Operations (CMSO)
staffs the state compliance reviews and TAG functions. Under this
organizational structure, the Medicaid fraud and abuse staff in CMSO
are not in an optimal position to leverage the resources allocated to
the office with responsibility for developing tools and strategies for
combating fraud and abuse.
As further evidence of the low priority assigned to Medicaid fraud and
abuse control, the planning, outreach, and building of staff expertise
lacks leadership continuity. From 1997 to 2003, the leadership and
funding of CMS's support for states' antifraud and abuse efforts
resided in a consortium of two regional offices. The consortium led a
network of regional fraud and abuse coordinators and state Medicaid
representatives, sponsoring telephone conferences and workshops,
seminars, and training sessions aimed at sharing best practices for
fighting fraud and abuse. Medicaid staff based at headquarters reported
to a national network coordinator located at one of the consortium's
regional offices. With the retirement of the national coordinator in
2003, the consortium relinquished its leadership and funding role and
the Medicaid antifraud and abuse activities were reassigned to CMSO
without additional resources. Since then, no nationwide meetings with
state program integrity officials have been held.
At the same time, CMS lacks a strategic plan to drive its Medicaid
antifraud and abuse operations. Goals for the long term, as well as
plans on how to achieve them, have not been specified in any public
department or agency planning documents. For example, HHS's fiscal year
2004 performance and accountability report cited Medicaid's high risk
of payment errors as the department's management challenge for fighting
Medicaid fraud and abuse.[Footnote 14] To address this challenge, the
report cited the PAM/PERM initiative for estimating payment error
rates, as this activity is required in federal statute. But there was
no mention of any other fraud and abuse support or oversight activities
or goals. Similarly, the discussion of Medicaid program integrity in
the Administration's Budget for Fiscal Year 2006 covers activities to
curb states' inappropriate financing mechanisms but makes no mention of
federal support or oversight of states' fraud and abuse efforts. At the
agency level, CMS officials were unable to provide any publicly
available planning documents specifying short-or long-term Medicaid
program goals that target fraud and abuse.
Lack of Priority Threatens CMS's Medicaid Fraud and Abuse Control
Activities, While Potential to Do More Goes Untapped:
The low priority given to CMS activities in support of states' fraud
and abuse control efforts is having serious consequences for current
projects. CMS's distribution of resources may require some activities
to be scaled back and others to be eliminated.
Specifically, the expansion of the Medi-Medi data match project has
been slow, leaving potentially millions of dollars in cost avoidance
and cost savings unrealized. This project enables claims data analysts
to detect patterns that may not be evident when providers' billings for
either Medicare or Medicaid are viewed in isolation. For example, by
combining data from each program, analysts can identify "time bandits,"
or providers who bill for more than 24 hours in a single day. As of
March 31, 2005, seven states with fully operational projects reported
returns to the Medicaid and Medicare programs of $133.1 million in
provider payments under investigation, $59.7 million in program
vulnerabilities identified, and $2.0 million in overpayments to be
recovered. In addition, 240 investigations had been initiated and 28
cases referred to law enforcement agencies. Two additional states, Ohio
and Washington, have begun Medi-Medi projects that are expected to be
operational later this year.
Because of anticipated unmet funding needs, existing Medi-Medi data
match activities are in jeopardy of being scaled back considerably. As
CMS stated in its fiscal year 2005 second quarter report on Medi-Medi
projects, "Eliminating certain Medi-Medi projects in their entirety
and/or dramatically reducing the level of effort across all of the
projects are among the approaches under consideration. Beyond FY 2006,
the entire project will terminate if additional funding is not
identified." Agency officials noted that several additional states have
expressed interest in participating but expanding the program to more
states will not occur without a new allocation or realignment of
resources. Plans for additional activities that involve coordination
with Medicare have been put on hold, pending budget decisions. These
include enhanced oversight of prescription drug fraud when Medicare
begins covering Medicaid beneficiaries' drug benefits in 2006 and the
use of a unified provider enrollment form instead of separate forms for
Medicare and Medicaid.
Similarly, CMS's role as provider of technical assistance and
disseminator of states' best practices has been severely limited
because of competing priorities. At a health care fraud and abuse
conference sponsored by HHS and the Department of Justice in 2000,
participants from states and CMS regional offices articulated their
common unmet needs with regard to fraud and abuse technology. The top
three areas cited were information-sharing and access to data; training
in data analysis and use of technology; and staffing, hardware, and
software resources. CMS has not sponsored a national conference with
state program integrity officials since 2003 and has not sponsored any
fraud and abuse workshops or training since 2000. According to a CMS
official, such information-sharing and technical assistance activities
would not be expensive to support--less than $100,000 annually--and
could result in returns that would exceed this relatively low amount.
Resource shortages also account for CMS's limited oversight of states'
Medicaid prevention, detection, and referral activities for improper
payments. Since January 2000, CMS's Medicaid staff from headquarters
and regional offices have been conducting compliance reviews of about
seven to eight states a year. The reviews are aimed at ensuring that
states have processes and procedures in place, in compliance with
federal requirements for enrolling providers, reviewing claims, and
referring cases. These compliance reviews have been effective at
identifying weaknesses in states' efforts to combat fraud and abuse.
For example, in the course of these reviews, CMS has found instances in
which:
* a state had no process in place to prevent payments to excluded
providers,
* states did not use their authority to evaluate providers'
professional or criminal histories as part of the provider enrollment
process, and:
* a state did not follow appropriate procedures for referring a case to
state law enforcement authorities.
States have reported making positive modifications in their programs as
a result of the CMS compliance reviews. Nevertheless, at the currently
scheduled pace, states' programs will be reviewed once in 7 years at
the earliest. Because the compliance reviews are infrequent, CMS's
knowledge of states' fraud and abuse activities is, for many states,
substantially out-of-date at any given time.
Concluding Observations:
Relatively few and questionably aligned resources and an absence of
strategic planning underscore the limited commitment CMS has made to
strengthening states' ability to curb fraud and abuse. Despite the
millions of dollars CMS receives annually from a statutorily
established fund for fraud and abuse control, the agency has not
allocated these resources to sufficiently fund initiatives that can
help states increase the effectiveness of their Medicaid fraud and
abuse control efforts. Developing a strategic plan for Medicaid fraud
and abuse control activities would give CMS a basis for providing
resources that reflect the financial risk to the federal government.
We discussed facts in this statement with a relevant CMS official. He
noted that CMS does not view fraud and abuse control activities as
separate from its financial management responsibilities. He indicated
that CMS has invested substantial resources in program integrity
activities that focus on the financial oversight of the Medicaid
program. While we agree that financial oversight of Medicaid is a key
component of program integrity, we maintain that the other component--
fraud and abuse control activities--warrants a greater commitment than
it currently receives.
Mr. Chairman, this concludes my prepared remarks. I would be happy to
answer any questions that you or other Members of the Committee may
have.
Contact and Acknowledgments:
For further information regarding this testimony, please contact Leslie
G. Aronovitz at (312) 220-7600. Hannah Fein, Sandra Gove, and Janet
Rosenblad contributed to this statement under the direction of Rosamond
Katz.
FOOTNOTES
[1] SCHIP is a jointly funded federal-state program that provides
health insurance to children in low-income families who do not qualify
for Medicaid and are not covered by other insurance.
[2] GAO, Medicaid Program Integrity: State and Federal Efforts to
Prevent and Detect Improper Payments, GAO-04-707 (Washington, D.C.:
July 16, 2004).
[3] Since fiscal year 2004, CMS has nearly completed the hiring of new
staff accounting for 100 full-time equivalent positions to support its
financial management review activities. Located largely in CMS regional
offices, these staff review state budget and expenditure reports for
accuracy, identify unallowable program costs, and provide guidance to
the states on Medicaid financial management matters. Although financial
management reviews are not intended to identify inappropriate billings
by providers, they can identify fraud and abuse leads on an incidental
basis.
[4] GAO-04-707.
[5] The 56 Medicaid programs include one for each of the 50 states, the
District of Columbia, Puerto Rico, and the U.S. territories of American
Samoa, Guam, Northern Mariana Islands, and Virgin Islands. Hereafter,
all 56 entities are referred to as states.
[6] For skilled professional medical personnel engaged in program
integrity activities, such as those who review medical records, 75
percent federal matching is available.
[7] CMS requires that states have certain information processing
capabilities, including a Medicaid Management Information System and a
Surveillance and Utilization Review Subsystem.
[8] Medicaid Fraud Control Units can, in turn, refer some cases to the
HHS Office of Inspector General (OIG), the Federal Bureau of
Investigation (FBI), and the Department of Justice (DOJ) for further
investigation and prosecution.
[9] GAO-04-707.
[10] GAO-04-707.
[11] In addition, three to four Medicare FTEs located in both
headquarters and regional offices support joint Medicaid and Medicare
fraud and abuse projects.
[12] Since fiscal year 2003, this account dedicates $1.075 billion
annually from the Medicare part A Trust Fund for combating health care
fraud and abuse. The money is allocated in three major parts: (1) up to
$720 million for the Medicare Integrity Program, (2) $114 million to
the FBI, and (3) up to $240.6 million in "wedge" funds. In fiscal years
2004 and 2005, wedge funds were allocated as follows: $160.0 million to
the HHS OIG, $49.4 million to DOJ, and $31.1 million to CMS and other
HHS agencies.
[13] Information on the amount of fiscal year 2005 funds for compliance
reviews was not available at the time of our review.
[14] HHS, Performance and Accountability Report, Fiscal Year 2004
(Washington, D.C.: Dec. 13, 2004).