Medicaid Integrity

Implementation of New Program Provides Opportunities for Federal Leadership to Combat Fraud and Abuse Gao ID: GAO-06-578T March 28, 2006

Today's hearing concerns fraud, waste, and abuse control in Medicaid, a program that provides health care coverage for over 56 million eligible low-income people and is jointly financed by the federal government and the states. In fiscal year 2004, Medicaid had benefit payments of $287 billion, with a federal share of about $168 billion. The states are primarily responsible for ensuring appropriate Medicaid payments through provider enrollment screening, claims review, overpayment recovery, and case referral to law enforcement. At the federal level, the Centers for Medicare & Medicaid Services (CMS) is responsible for supporting and overseeing state fraud, waste, and abuse control activities. Congress requested information on how CMS and the states can better serve taxpayers and beneficiaries by reducing Medicaid fraud. This statement will focus on existing concerns about CMS's efforts to help states prevent and detect fraud, waste, and abuse; how provisions in recent legislation providing for a Medicaid Integrity Program will help CMS expand its current efforts; and challenges CMS needs to address as it implements new Medicaid Integrity Program efforts.

As GAO testified in 2005, there has been a wide disparity between the level of staff and financial resources that CMS has expended to support and oversee state activities to control fraud and abuse and the amount of federal dollars at risk in Medicaid benefit payments. In fiscal year 2005, CMS dedicated an estimated 8.1 full-time equivalent employees to support states in their anti-fraud-and-abuse operations. In contrast, the federal government spent over $168 billion for Medicaid benefits in fiscal year 2004. Further, resource shortages severely limited two efforts that had shown potential to help states prevent and detect fraud, waste, and abuse. In addition to devoting limited staff and financial resources, CMS lacked a strategic plan to direct its anti-fraud-and-abuse efforts. Enacted in February 2006, the Deficit Reduction Act of 2005 (DRA) provided for creation of the Medicaid Integrity Program and includes specific appropriations that CMS can use to fund activities to support anti-fraud-and-abuse efforts. It also included provisions that will address the agency's staffing and planning limitations related to Medicaid program integrity. For example, the law requires CMS to add 100 employees to work with states in support and oversight of their Medicaid program integrity efforts and to develop a comprehensive plan to explain how the agency will address Medicaid fraud, waste, and abuse. In addition, the DRA provided funds to expand a program that is designed to identify program vulnerabilities in Medicaid and Medicare--the federal health insurance program for the elderly and some disabled people--by examining billing and payment abnormalities in both programs. In implementing the DRA provisions related to the Medicaid Integrity Program, CMS has a unique opportunity to strengthen its leadership of state and federal efforts to control fraud, waste, and abuse in the Medicaid program. The most immediate challenge will be to develop its comprehensive plan that will provide strategic direction for CMS, the states, and law enforcement partners.

GAO-06-578T, Medicaid Integrity: Implementation of New Program Provides Opportunities for Federal Leadership to Combat Fraud and Abuse This is the accessible text file for GAO report number GAO-06-578T entitled 'Medicaid Integrity: Implementation of New Program Provides Opportunities for Federal Leadership to Combat Fraud, Waste, and Abuse' which was released on March 29, 2006. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Subcommittee on Federal Financial Management, Government Information, and International Security, Committee on Homeland Security and Governmental Affairs, U.S. Senate: United States Government Accountability Office: GAO: For Release on Delivery Expected at 2:30 p.m. EDT: Tuesday, March 28, 2006: Medicaid Integrity: Implementation of New Program Provides Opportunities for Federal Leadership to Combat Fraud, Waste, and Abuse: Statement of Leslie G. Aronovitz: Director, Health Care: GAO-06-578T: GAO Highlights: Highlights of GAO-06-578T, a testimony before the Subcommittee on Federal Financial Management, Government Information, and International Security, Committee on Homeland Security and Governmental Affairs, U.S. Senate: Why GAO Did This Study: Today‘s hearing concerns fraud, waste, and abuse control in Medicaid, a program that provides health care coverage for over 56 million eligible low-income people and is jointly financed by the federal government and the states. In fiscal year 2004, Medicaid had benefit payments of $287 billion, with a federal share of about $168 billion. The states are primarily responsible for ensuring appropriate Medicaid payments through provider enrollment screening, claims review, overpayment recovery, and case referral to law enforcement. At the federal level, the Centers for Medicare & Medicaid Services (CMS) is responsible for supporting and overseeing state fraud, waste, and abuse control activities. The Subcommittee requested information on how CMS and the states can better serve taxpayers and beneficiaries by reducing Medicaid fraud. This statement will focus on existing concerns about CMS‘s efforts to help states prevent and detect fraud, waste, and abuse; how provisions in recent legislation providing for a Medicaid Integrity Program will help CMS expand its current efforts; and challenges CMS needs to address as it implements new Medicaid Integrity Program efforts. What GAO Found: As GAO testified in 2005, there has been a wide disparity between the level of staff and financial resources that CMS has expended to support and oversee state activities to control fraud and abuse and the amount of federal dollars at risk in Medicaid benefit payments. In fiscal year 2005, CMS dedicated an estimated 8.1 full-time equivalent employees to support states in their anti-fraud-and-abuse operations. In contrast, the federal government spent over $168 billion for Medicaid benefits in fiscal year 2004. Further, resource shortages severely limited two efforts that had shown potential to help states prevent and detect fraud, waste, and abuse. In addition to devoting limited staff and financial resources, CMS lacked a strategic plan to direct its anti- fraud-and-abuse efforts. Enacted in February 2006, the Deficit Reduction Act of 2005 (DRA) provided for creation of the Medicaid Integrity Program and includes specific appropriations that CMS can use to fund activities to support anti-fraud-and-abuse efforts. It also included provisions that will address the agency‘s staffing and planning limitations related to Medicaid program integrity. For example, the law requires CMS to add 100 employees to work with states in support and oversight of their Medicaid program integrity efforts and to develop a comprehensive plan to explain how the agency will address Medicaid fraud, waste, and abuse. In addition, the DRA provided funds to expand a program that is designed to identify program vulnerabilities in Medicaid and Medicare”the federal health insurance program for the elderly and some disabled people”by examining billing and payment abnormalities in both programs. In implementing the DRA provisions related to the Medicaid Integrity Program, CMS has a unique opportunity to strengthen its leadership of state and federal efforts to control fraud, waste, and abuse in the Medicaid program. The most immediate challenge will be to develop its comprehensive plan that will provide strategic direction for CMS, the states, and law enforcement partners. www.gao.gov/cgi-bin/getrpt?GAO-06-578T. To view the full product, including the scope and methodology, click on the link above. For more information, contact Leslie G. Aronovitz at (312) 220-7600 or aronovitzl@gao.gov. [End of section] Mr. Chairman and Members of the Subcommittee: I am pleased to be here today as you discuss the control of fraud, waste, and abuse in Medicaid, the program that provided health care coverage for over 56 million low-income individuals in fiscal year 2004, including children and the aged, blind, and disabled. Medicaid is jointly financed by the federal government and the states. In fiscal year 2004, Medicaid's benefit payments totaled $287 billion, of which the federal share was about $168 billion. Medicaid is administered directly by the states and consists of 56 distinct state-level programs.[Footnote 1] In 2003, GAO added Medicaid to its list of high-risk programs, owing to the program's size, growth, diversity, and fiscal management weaknesses.[Footnote 2] We noted that insufficient federal and state oversight put the Medicaid program at significant risk for improper payments. Improper payments may be due to mistakes, abuse, or fraud.[Footnote 3] Because, by their nature, fraud and abuse are not apparent until detected, the amount of Medicaid funds lost through health care providers' inappropriate billings cannot be precisely quantified. A nationwide rate of improper payments for Medicaid has not been estimated, but even a rate as low as 3 percent would have resulted in a loss of about $5 billion in federal funds in fiscal year 2004. To put this hypothetical figure in perspective, it is more than the amount that the federal government spent in fiscal year 2004 on the State Children's Health Insurance Program (SCHIP).[Footnote 4] Further, Medicaid can be subject to waste, or extravagant and unnecessary expenditures. Because Medicaid represents a large and growing share of state budgets--more than 20 percent of state expenditures--funds lost to improper payments and waste can impact states' abilities to serve beneficiaries in need. Fraud, waste, and abuse drain vital program dollars in ways that hurt both taxpayers and beneficiaries. Seeking and receiving reimbursement for services not provided squanders public funds that could have been used for beneficiaries' health care. For example, in 2005, a North Carolina pharmacist was sentenced to 33 months in prison and ordered to pay more than $2 million in restitution for defrauding the Medicaid program by submitting claims for long-term care patients' prescriptions that had not been refilled, delivered, or even requested by their caregivers. Similarly, a New York hospital agreed to pay $76.5 million to resolve allegations that it overbilled the Medicaid program for services provided in its clinics. In addition, when providers receive payment for unnecessary services, it can have a negative impact on health care quality. For example, consider the case in 2004 against 20 dentists in California who were charged with conspiracy to defraud the state's Medicaid program of $4.5 million. The dentists are alleged to have billed Medicaid for unnecessary or inappropriate services that placed patients at risk of pain, infection, loss of teeth, and bodily injury--including reusing dental instruments without sterilizing them, performing dental surgeries without adequate anesthesia, and developing treatment plans that called for unnecessary root canals and fillings. States are the first line of defense against Medicaid fraud, waste, and abuse. Specifically, they must comply with federal requirements to ensure the qualifications of the providers who bill the program, detect improper payments, recover overpayments, and refer suspected cases of fraud and abuse to law enforcement authorities. At the federal level, the Centers for Medicare & Medicaid Services (CMS), an agency within the Department of Health and Human Services (HHS), is responsible for supporting and overseeing state fraud, waste, and abuse control activities. Last year, we testified that CMS had initiatives to assist states in combating fraud and abuse in their Medicaid programs but that its oversight of states' activities and commitment of federal dollar and staff resources were limited.[Footnote 5] Since then, the Deficit Reduction Act of 2005 (DRA)[Footnote 6] provided for creation of a Medicaid Integrity Program and included other provisions designed to increase CMS's level of effort to support state activities to address fraud, waste, and abuse in Medicaid. The Subcommittee requested information on ways that CMS and the states can better serve taxpayers and Medicaid recipients by reducing or eliminating fraud in the program. My remarks today will focus on (1) existing concerns regarding CMS's efforts to help states prevent and detect fraud and abuse in the Medicaid program, (2) how provisions in the DRA will help CMS expand current efforts to address Medicaid fraud, waste, and abuse, and (3) challenges CMS faces as it implements new Medicaid Integrity Program efforts. To address these issues, we reviewed agency documents on Medicaid program integrity and oversight activities, relevant provisions of the DRA, and our issued reports on CMS's and states' efforts to address Medicaid fraud, waste, and abuse. (Related GAO products are listed at the end of this statement.) We also interviewed CMS officials. We conducted our work in March 2006 in accordance with generally accepted government auditing standards. In summary, we testified last year that while CMS has activities to oversee and support state efforts to address fraud and abuse in the Medicaid program, the agency has not devoted the staff and financial resources to its efforts that are commensurate with the risks involved. In addition, CMS has lacked plans to guide federal and state agencies that were working to prevent or deter Medicaid fraud and abuse. Enacted in February 2006, the DRA provided for the creation of a new Medicaid Integrity Program, with specified appropriations to fund it. DRA also requires CMS to devote an additional 100 full-time-equivalent staff to combating Medicaid provider fraud and abuse; develop a comprehensive plan for the Medicaid Integrity Program every 5 fiscal years; and report annually on its use, and the effectiveness of its use, of the appropriated funds. In implementing the DRA provisions related to the Medicaid Integrity Program, CMS faces a major challenge--to develop a comprehensive plan that provides strategic direction for CMS, the states, and law enforcement partners. In developing its plan, CMS will need to focus on how it intends to allocate resources among activities to reduce program risk to the greatest extent possible and how to effectively deploy program integrity staff within the agency. Planning for, and implementing, the DRA provisions provide CMS with a unique opportunity to strengthen its leadership of state and federal efforts to control fraud, waste, and abuse in the Medicaid program. Background: Within broad federal guidelines, each state's Medicaid program establishes its own eligibility standards; determines the type, amount, duration, and scope of covered services; and sets payment rates. In general, the federal government matches state Medicaid spending for medical assistance according to a formula based on each state's per capita income. In fiscal year 2006, the federal contribution ranges from 50 to 76 cents of every state dollar spent on medical assistance. For most state Medicaid administrative costs, the federal match rate is 50 percent.[Footnote 7] As program administrators, states have primary responsibility for conducting program integrity activities that address provider enrollment, claims review, and case referrals. Specifically, federal statute or CMS regulations require states to: * collect and verify basic information on potential providers, including whether the providers meet state licensure requirements and are not prohibited from participating in federal health care programs; * have an automated claims payment and information retrieval system-- intended to verify the accuracy of claims, the correct use of payment codes, and patients' Medicaid eligibility--and a claims review system- -intended to develop statistical profiles on services, providers, and beneficiaries to identify potential improper payments;[Footnote 8] and: * refer suspected overpayments or overutilization cases to other units in the Medicaid agency for corrective action, and potential fraud cases to law enforcement--generally to the state's Medicaid Fraud Control Unit for investigation and prosecution.[Footnote 9] As noted in our 2004 report,[Footnote 10] states use a variety of controls and safeguards to stem improper provider payments. For example, states reported using information technology to integrate databases containing provider, beneficiary, and claims information and to increase the effectiveness of their utilization reviews. Various states individually attributed cost savings or recoupments to these efforts, valued in the millions of dollars. In contrast, CMS's role in curbing fraud, waste, and abuse in the Medicaid program is largely one of support to the states. As we reported in 2004,[Footnote 11] CMS administers two pilot projects, one focused on measuring the accuracy of a state's Medicaid claims payments--Payment Accuracy Measurement (PAM)--and the other focused on improper billing detection and utilization patterns by linking Medicare[Footnote 12] and Medicaid claims information (Medi-Medi). CMS also sponsors general technical assistance and information-sharing through its Medicaid fraud and abuse technical assistance group (TAG). In addition, CMS performs oversight of states' Medicaid fraud and abuse control activities through its compliance reviews. (See table 1.) Table 1: CMS Activities to Support and Oversee States' Fraud and Abuse Control Efforts, Fiscal Year 2004: CMS initiatives: PAM/Payment Error Rate Measurement (PERM); Description: CMS conducted a 3-year pilot called PAM to develop estimates of states' accuracy in paying Medicaid claims. During fiscal year 2006, PAM will become a permanent program--to be known as the PERM initiative--in order to measure improper payments in Medicaid, to fulfill a requirement of the Improper Payments Information Act of 2002.[A] Under PERM, states will be expected to ultimately reduce their payment error rates over time by better targeting program integrity activities in their Medicaid and SCHIP programs. CMS initiatives: Medi-Medi; Description: Under this pilot program, CMS facilitates the sharing of health benefit and claims information between the Medicaid and Medicare programs. Medi-Medi is a data match pilot designed to identify improper billing and utilization patterns by matching Medicare and Medicaid claims information on providers and beneficiaries to reduce fraudulent schemes that cross program boundaries. CMS initiatives: TAG; Description: Through telephone conferencing, CMS provides a forum for states to discuss issues, solutions, resources, and experiences on fraud and abuse issues. Any state may participate; roughly one-third do so regularly. States have also used the TAG to propose policy changes to CMS. CMS initiatives: Compliance reviews; Description: CMS conducts on-site reviews to assess whether state Medicaid fraud and abuse control efforts comply with federal requirements, such as those governing provider enrollment, claims review, utilization control, and coordination with each state's Medicaid Fraud Control Unit. If reviewers find a state that is significantly out of compliance, they may encourage it to develop a corrective action plan and revisit the state to verify actions taken. Source: GAO-04-707. [A] Pub. L. No. 107-300, 116 Stat. 2350. [End of table] CMS also has a significant role in curbing fraud, waste, and abuse in Medicare. Through its Medicare Integrity Program, CMS contracts with companies to conduct program integrity activities, such as reviewing claims and ensuring that Medicare pays the appropriate amount when beneficiaries have other health insurance. CMS Committed Few Resources and Had No Strategic Plan to Address Medicaid Fraud and Abuse: As we testified last year, a wide disparity exists between the level of staff and financial resources that CMS has expended to support and oversee states' fraud and abuse control activities and the amount of federal dollars at stake in Medicaid benefit payments.[Footnote 13] In fiscal year 2005, CMS dedicated an estimated 8.1 full-time-equivalent employees to support and oversee states' anti-fraud-and-abuse operations. In contrast, the federal government spent over $168 billion for Medicaid benefits in fiscal year 2004. Further, some of the promising efforts to support and oversee states were at risk of being cut back or terminated, and CMS lacked a strategic plan to direct its anti-fraud-and-abuse efforts. Funding for some of CMS's most promising anti-fraud-and-abuse activities declined in recent years, which threatened the continuity of these efforts. The amount of funding for the project to estimate state improper payment rates, PAM/PERM, and the project to match Medicare and Medicaid claims, Medi-Medi, declined from $7.8 million in fiscal year 2004 to $3.6 million in fiscal year 2005. Both of these projects are important. Measuring improper payments in Medicaid and other programs is required by statute, while Medi-Medi is uncovering significant billing problems. As of March 31, 2005, seven states with fully operational Medi-Medi projects reported a total of $133.1 million in returns to the Medicaid and Medicare programs, $59.7 million in program vulnerabilities identified, and $2 million in overpayments to be recovered. However, because of anticipated unmet funding needs, we testified that existing Medi-Medi projects were at risk of being scaled back considerably or eliminated entirely. Last year, agency officials noted that several other states were interested in participating in the program but that CMS would not expand the program without a new allocation or realignment of funds. Further, we testified that the HHS budget appropriations for CMS's Medicaid compliance reviews had decreased each year from fiscal year 2002 through fiscal year 2004. Since 2000, CMS staff from the regional offices and headquarters had conducted compliance reviews of seven to eight states a year. These reviews proved to be effective. However, at that pace, CMS would review states' programs once every 7 years, preventing the agency from having up-to-date knowledge on more than a handful of states at any given time. Resource shortages also have severely limited CMS's activities to provide technical assistance and disseminate information on states' best practices. These activities had demonstrated positive results. However, CMS has not sponsored a national conference with state program integrity officials since 2003 and has not sponsored any fraud and abuse workshops or training since 2000. In addition to devoting limited staff and financial resources, CMS lacked a strategic plan to direct its anti-fraud-and-abuse efforts.[Footnote 14] Neither HHS nor CMS had produced a public document that included long-term goals in the area of supporting states' efforts to address fraud and abuse in the Medicaid program and specific plans for achieving these goals. CMS Has New Authority, Resources, and Responsibilities to Address Fraud, Waste, and Abuse: The DRA has added substantially to CMS's authority, resources, and responsibilities to address Medicaid fraud, waste, and abuse.[Footnote 15] It established a new program that is solely focused on promoting the integrity of Medicaid and provides specified appropriations that CMS can use to fund activities to support state efforts to combat fraud, waste, and abuse. To conduct the new Medicaid Integrity Program, the law specified an appropriation of $5 million in fiscal year 2006, $50 million in each of fiscal years 2007 and 2008, and $75 million in each of the subsequent fiscal years. As part of the Medicaid Integrity Program, CMS is given authority to contract with eligible entities to conduct activities to address fraud, waste, and abuse in the state programs through activities such as audits of consulting contracts and reported costs of nursing home services.[Footnote 16] In addition, CMS is required to increase by 100 its full-time-equivalent employees whose duties consist solely of protecting the integrity of the Medicaid program by providing effective support and assistance to the states.[Footnote 17] The authorization of funds for the Medicaid Integrity Program is similar to that of the Medicare Integrity Program, which was also established with specified appropriations and the authority for CMS to contract with companies to conduct integrity activities. CMS credits the Medicare Integrity Program with helping the agency measure and reduce payment errors in the Medicare fee-for- service program. The DRA also provides for a national expansion of the Medi-Medi program. The statute appropriates funds for CMS to contract with third parties to identify program vulnerabilities in Medicare and Medicaid through examining billing and payment abnormalities. The funds also can be used in connection with the Medi-Medi program for two other purposes. First, the funds can be used to coordinate actions by CMS, the states, the Attorney General, and the HHS Office of Inspector General to protect Medicaid and Medicare expenditures. Second, the funds can be used to increase the effectiveness and efficiency of both Medicare and Medicaid through cost avoidance, savings, and recouping fraudulent, wasteful, or abusive expenditures. For Medi-Medi, the statute appropriates $12 million for fiscal year 2006, $24 million for fiscal year 2007, $36 million for fiscal year 2008, $48 million for fiscal year 2009, and $60 million for fiscal year 2010 and each subsequent fiscal year. Beginning in fiscal year 2006 and every 5 fiscal years thereafter, the DRA requires CMS to establish a comprehensive plan for ensuring the integrity of the Medicaid program by combating fraud, waste, and abuse. CMS is required to develop the plan in consultation with the Attorney General, the Director of the Federal Bureau of Investigation, the Comptroller General, the HHS Office of Inspector General, and state officials responsible for controlling Medicaid provider fraud and abuse. Developing a plan in consultation with other agencies with responsibilities to address fraud, waste, and abuse issues will encourage additional dialogue on the overall direction of federal and state efforts. In addition, CMS is required to submit an annual report to Congress no later than 180 days after the end of each fiscal year, which identifies the agency's use, and the effectiveness of the use, of the Medicaid Integrity Program funds it has expended. This reporting mechanism can help CMS focus on making the wisest investment of its new resources. Developing CMS's Plan Is a Critical First Step: CMS faces a key implementation challenge early on--to develop a comprehensive plan for Medicaid program integrity. A properly developed plan will provide strategic direction for CMS, its contractors, the states, and law enforcement partners. Key areas that the plan should address include the allocation of financial resources among activities to reduce program risk to the greatest extent possible and the effective deployment of program integrity staff within the agency. CMS's plan--if well thought out and formulated--could provide a blueprint for ensuring that new DRA funding is appropriately invested and that CMS staff devoted to Medicaid program integrity efforts are most effectively deployed. CMS is still in the beginning stages of formulating its plan and has not received final departmental approval for some of its initial implementation steps. As a result, agency officials were not at liberty to discuss their planning efforts with us in much detail. A comprehensive plan for program integrity is not a new concept for CMS. In February 1999, CMS issued such a plan for the Medicare and Medicaid programs.[Footnote 18] Most of the material in this plan focused on Medicare, and the plan has not been updated since 1999. However, it could serve as a possible template for communicating updated information on Medicaid efforts. In addition to communicating information about the goals that CMS hoped to achieve and proposed strategies for achieving them, the plan described an iterative program integrity process that focused on identifying and assessing risk, developing and implementing approaches to addressing risk, and monitoring and measuring progress. Further, the process described in the 1999 program integrity plan is similar to strategies that we have highlighted in the past as being used by public and private sector organizations to manage improper payments.[Footnote 19] Structured analysis of risk and meaningful measures of performance are an integral part of any plan, but will prove challenging to develop in the Medicaid program. The difficulty stems from CMS's having limited information on the extent of improper payments in the state programs. In addition, because state programs vary in their design, the intensity of their risks of fraud, waste, and abuse may differ. While a comprehensive plan cannot deal with the issues of each state, it can articulate a strategy for states to address the vulnerabilities in their programs. Further, developing meaningful measures of the impact of the Medicaid Integrity Program will require a long-term investment of resources, and these measures will not be available for CMS's first comprehensive plan. Medicare has taken years to develop and refine its error-rate testing program, under which CMS conducts an annual study to estimate Medicare improper payments. CMS is in the early stages of developing a similar measure for Medicaid. The agency recently completed its 3-year PAM pilot, so the results of payment error studies are available from the 27 participating states. CMS is transitioning from PAM to PERM. Under PERM, states will be expected to ultimately reduce their payment error rates over time by better targeting program integrity activities in their Medicaid and SCHIP programs. When fully implemented, PERM should allow CMS to compile data about Medicaid improper payments on the state and national levels, which could allow CMS to track progress, as well as identify states that may require special assistance, in reducing improper payment error rates. CMS expects to have its first PERM results in 2008. In addition to assessing progress toward reducing improper payments, CMS will also need to develop other methods of measuring the effectiveness of program integrity activities. One such measure, used in the Medicare program, is calculating a return on investment, which measures the dollars saved for each dollar spent. In developing its plan, CMS must decide how to most appropriately invest new resources. In the past, CMS has invested a substantial amount of its resources in the oversight of states' financial management activities, such as state claims for federal matching. For more than a decade, states have used various financing schemes to inappropriately cause the federal government to pay an excessive share of reported Medicaid costs.[Footnote 20] While financial oversight of these schemes was needed, states also needed encouragement and support to address fraud committed by providers against the state Medicaid program. Now, in light of new funds provided through the Medicaid Integrity Program, CMS will be faced with the goal of prudently investing millions of dollars each year to address fraud by providers and others- -such as managed care plans--in Medicaid. In order to spend its new funds appropriately, CMS must weigh its options and consider both the costs and benefits of various activities, such as educating providers as compared with conducting reviews to help identify potential fraud. Nevertheless, CMS does have some flexibility in investing its new Medicaid Integrity Program resources. If CMS does not spend all the funds appropriated for the Medicaid Integrity Program in one year, the agency will be allowed to spend them in succeeding years.[Footnote 21] However, the requirement to annually report on its use of funds will provide information on whether CMS is generally using the funding, as opposed to continually rolling funding forward. CMS may also be able to use some of its DRA funds to help facilitate communication and coordination with states through conferences and the TAG. According to a CMS official, such information-sharing and technical assistance activities would not be expensive to support and could result in returns that would exceed the relatively low investment. Similarly, the TAG has served as a forum to share expertise and best practices; advise CMS on policies, procedures, and program development; and make recommendations on federal policy and legislative changes. CMS might be able to further facilitate state participation through additional support for this forum. Another key planning area for CMS involves deciding how best to deploy Medicaid program integrity staff within the agency. This is a particularly critical issue as CMS ramps up its Medicaid Integrity Program with the hiring of new employees. A CMS official told us that the agency is already developing position descriptions as a precursor to hiring new employees to help address the DRA requirement to increase by 100 the number of full-time-equivalent employees devoted to assisting states in efforts to combat Medicaid provider fraud and abuse. In addition, the agency has made some preliminary decisions about placement of staff within the central office and its regional offices. It will take considerable time and effort for CMS to hire qualified staff and train them to perform the various activities that ensure good stewardship of the program. CMS could not provide us with a definitive schedule for when the bulk of its hiring will be completed. Also consistent with a new focus on fraud, waste, and abuse prevention, the agency is considering the steps it will need to take to competitively select contractors to conduct reviews to help identify fraudulent and abusive billing behavior by providers. CMS is currently exploring how it will use these contractors, either to support state efforts or to identify problems across states. CMS has also decided to establish a new group to house the Medicaid Integrity Program. This group will be composed of both central and regional office staff and report directly to the director of the Center for Medicaid and State Operations (CMSO). CMSO, which is responsible for most other Medicaid activities, currently staffs the state compliance reviews and TAG activities. However, the Medi-Medi and PAM/PERM projects are the responsibility of CMS's Office of Financial Management, which also staffs the Medicare Integrity Program. In the past, we have raised concerns that Medicaid anti-fraud-and-abuse staff at headquarters have not been a part of the agency's office responsible for conducting other key anti-fraud-and-abuse activities, including those for the Medicare program. The staff at CMSO have the most experience working with Medicaid issues, although the staff at CMS with experience in Medicare program integrity contracting are located in the Office of Financial Management. As CMS establishes the Medicaid Integrity Program and new employees come on board, it will be important to ensure that the agency is in an optimal position to leverage the expertise and experience of its existing staff. For example, CMS will need to ensure that staff with expertise in developing strategies for combating Medicare fraud, waste, and abuse work in a closely coordinated fashion with staff that are familiar with states' Medicaid plans and fraud control officials and activities. Concluding Observations: Implementing the Medicaid Integrity Program and developing a comprehensive plan gives CMS a unique opportunity to provide leadership to states and law enforcement in their fraud, waste, and abuse control efforts. Having dedicated resources also presents challenges to ensure that CMS spends wisely as it starts new initiatives and ensures the continuity of current beneficial activities. Using this opportunity to develop an iterative process of working with states to identify risks, develop strategies to address them, and measure the results through assessing improper payment rates and potential recoveries can help ensure that the Medicaid Integrity Program funding is targeted to an optimal effect. CMS has expertise in addressing fraud, waste, and abuse within the Medicare program and in the state programs that can be leveraged to benefit the Medicaid Integrity Program. Properly leveraging this expertise will require effective coordination and communication within CMS, with states, and with their law enforcement partners. We discussed the facts in this statement with a CMS Medicaid official, who stated that the agency is pleased to have new resources to address fraud, waste, and abuse in the Medicaid program. He indicated that CMS had developed proposals for implementing the Medicaid Integrity Program, but he was not in a position to discuss them in detail because they are undergoing review within HHS. CMS is presently deciding on the skills needed by the 100 additional full-time-equivalent employees required by the DRA; exploring options for contracting; and developing its comprehensive plan. Mr. Chairman, this concludes my prepared remarks. I would be happy to answer any questions that you or other Members of the Subcommittee may have. Contact: For further information regarding this statement, please contact Leslie G. Aronovitz at (312) 220-7600. Acknowledgments: Sheila K. Avruch, Assistant Director, Susan E. Barnidge, Sandra D. Gove, Kevin Milne, and Elizabeth T. Morrison contributed to this statement. [End of section] Related GAO Products: Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited. GAO-05-855T. Washington, D.C.: June 28, 2005. High-Risk Series: An Update. GAO-05-207. Washington, D.C.: January 2005. Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments. GAO-04-707. Washington, D.C.: July 16, 2004. Major Management Challenges and Program Risks: Department of Health and Human Services. GAO-03-101. (Washington, D.C.: January 2003). Strategies to Manage Improper Payments: Learning from Public and Private Sector Organizations. GAO-02-69G. Washington, D.C.: October 2001. Medicaid: State Efforts to Control Improper Payments Vary. GAO-01-662. Washington, D.C.: June 7, 2001. FOOTNOTES [1] The 56 Medicaid programs include one for each of the 50 states, the District of Columbia, Puerto Rico, and the U.S. territories of American Samoa, Guam, Northern Mariana Islands, and the Virgin Islands. Hereafter, all 56 entities are referred to as states. [2] GAO, Major Management Challenges and Program Risks: Department of Health and Human Services, GAO-03-101 (Washington, D.C.: January 2003). [3] Improper payments can result from inadvertent errors as well as intended fraud and abuse. Unlike inadvertent errors, which are often due to clerical errors or a misunderstanding of program rules, fraud involves an intentional act or representation to deceive with knowledge that the action or representation could result in gain, while abuse typically involves actions that are inconsistent with acceptable business and medical practices that result in unnecessary cost. See, e.g., 42 CFR � 455.2 (2005). [4] SCHIP is a jointly funded federal-state program that provides health insurance to children in low-income families who do not qualify for Medicaid and are not covered by other insurance. [5] GAO, Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited, GAO-05-855T (Washington, D.C.: June 28, 2005). [6] See Pub. L. No. 109-171, � 6034, 120 Stat. 3, 74-78 (2006). [7] For skilled professional medical personnel engaged in program integrity activities, such as those who review medical records, 75 percent federal matching is available. [8] CMS requires that states have certain information processing capabilities, including a Medicaid Management Information System and a Surveillance and Utilization Review Subsystem. [9] Medicaid Fraud Control Units can, in turn, refer some cases to the HHS Office of Inspector General, the Federal Bureau of Investigation, and the Department of Justice for further investigation and prosecution. [10] GAO, Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments, GAO-04-707 (Washington, D.C.: July 16, 2004). [11] GAO-04-707. [12] Medicare is the federal program that helps pay for a variety of health care services and items on behalf of about 42 million elderly and disabled beneficiaries. [13] GAO-05-855T. We did not address issues regarding waste in this testimony. [14] GAO-05-855T. [15] While the DRA vests the Secretary of Health and Human Services with authority to implement the Medicaid Integrity Program, in general, administration of the Medicaid program is delegated to CMS. [16] The activities for which CMS can contract with entities under the Medicaid Integrity Program are (1) review of Medicaid providers or others--such as managed care plans--to determine whether their actions have led, or could lead, to waste, fraud, or abuse; (2) audit of claims for payment for items, services, or administrative services rendered, including audits of reported costs and consulting and other contracts; (3) identification of overpayments to individuals or entities receiving Medicaid payments; and (4) education of providers of services, managed care entities, beneficiaries, and other individuals on payment integrity and quality of care. [17] The DRA did not establish a date for CMS to complete its hiring of full-time-equivalent staff. [18] Health Care Financing Administration, Comprehensive Plan for Program Integrity, HCFA-02142 (Baltimore, Md.: February 1999). Until July 1, 2001, CMS was called the Health Care Financing Administration. [19] GAO, Strategies to Manage Improper Payments: Learning from Public and Private Sector Organizations, GAO-02-69G (Washington, D.C.: October 2001). Strategies include creating a culture of accountability by establishing a positive and supportive attitude toward improving program integrity; assessing the nature and extent of risks; taking action to address identified risk areas; using and sharing information to manage improper payments; and monitoring activities to address improper payments over time. [20] GAO, Medicaid Financing: States' Use of Contingency-Fee Consultants to Maximize Federal Reimbursements Highlights Need for Improved Federal Oversight, GAO-05-748 (Washington, D.C.: June 28, 2005); Medicaid: States' Efforts to Maximize Federal Reimbursements Highlight Need for Improved Federal Oversight, GAO-05-836T (Washington, D.C.: June 28, 2005); and Medicaid: Improved Federal Oversight of State Financing Schemes Is Needed, GAO-04-228 (Washington, D.C.: Feb. 13, 2004). [21] See Social Security Act � 1936(e), as added by Pub. L. No. 109- 171, � 6034, 120 Stat. at 76.