Looking Over the Shoulder of the Medicaid Audit Program

According to a recent Government Accountability Office (GAO) report, an audit program created to combat Medicaid fraud has costing taxpayers roughly $102 million since 2008 while identifying less than $20 million in overpayments. Medicaid fraud comes in second only to Medicare, with an annual lost last year of just under $22 billion in losses, which GAO believes is significantly due to bad data and ineffective auditing.

The Deficit Reduction Act of 2005 expanded the federal role in Medicaid program integrity, and the Centers for Medicare & Medicaid Services (CMS), the federal agency that oversees Medicaid, established the Medicaid Integrity Group (MIG), which designed the National Medicaid Audit Program (NMAP). Since the NMAP’s inception, the MIG has used three different audit approaches: test, Medicaid Statistical Information System (MSIS), and collaborative.

One problem found by the GAO is the data used while performing audits. GAO found that the majority of the MIG audits conducted under NMAP were less effective because they used MSIS data, which is an extract of state claims data. This data was often missing basic information, such as beneficiary’s names or addresses and provider ID numbers. According to the GAO, the federal government doesn’t share the names of potential criminals in the Medicare fraud program with states, which means state officials can’t check to see if those providers are enrolled in the Medicaid program. States also do not have a uniform technology system to share data. Furthermore, the median amount of the potential overpayment for MSIS audits was relatively small compared to test and collaborative audits.

Carolyn Yocum, Director of Health Care at the GAO, blamed the wasted spending on a lack of transparency about expenditures, audit outcomes and program improvements, commenting “the more transparent CMS is, the more transparent the states are about the issues they’re facing and ways to combat them, the more we have a feedback loop in the process and we can make progress more quickly,” Yocum said.

The MIG reported to the GAO that it is redesigning the NMAP, but it has not provided Congress with key details about the changes it is making to the program, including the rationale for the change to collaborative audits, new analytical roles for its contractors, and its plans for addressing problems with the MSIS audits. GAO found that the early results showed that this collaborative approach may actually “enhance state program integrity activities by allowing states to leverage the MIG’s resources to augment their own program integrity capacity.”

However, GAO noted, “the lack of a published plan detailing how the MIG will monitor and evaluate NMAP raises concerns about the MIG’s ability to effectively manage the program.” Transparent communications and a strategy to monitor and continuously improve NMAP are essential components of any plan seeking to demonstrate the MIG’s effectiveness, GAO said.

In Yocum’s testimony, she recommended that CMS ensure that the MIG’s (1) planned update of its comprehensive plan provides key details about NMAP, including its expenditures and audit outcomes, program improvements, and plans for effectively monitoring the program; (2) future annual reports to Congress clearly address the strengths and weaknesses of the audit program and its effectiveness; and (3) use of NMAP contractors supports and expands states’ own program integrity efforts through collaborative audits.

HHS did partially agree with GAO’s first recommendation, but noted that CMS’s annual report to Congress was a more appropriate vehicle for reporting NMAP results than its comprehensive plan. HHS concurred with Yocum’s other two recommendations.