Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited (28-JUN-05, GAO-05-855T). Today's hearing addresses fraud and abuse control in Medicaid, a program that provides health care coverage for eligible low-income individuals and is jointly financed by the federal government and the states. In fiscal year 2003, Medicaid covered nearly 54 million people and the program's benefit payments totaled roughly $261 billion, of which the federal share was about $153 billion. States are primarily responsible for ensuring appropriate payments to Medicaid providers through provider enrollment screening, claims review, overpayment recoveries, and case referrals. At the federal level, the Centers for Medicare & Medicaid Services (CMS) is responsible for supporting and overseeing state fraud and abuse control activities. Last year, GAO reported that CMS had initiatives to assist states, but the dollar and staff resources allocated to oversight suggested that CMS's level of effort was disproportionately small relative to the risk of federal financial loss. Concerned about the stewardship of federal Medicaid funds, Congress has raised questions about CMS's commitment to Medicaid fraud and abuse control. This statement focuses on (1) the level of resources CMS currently applies to helping states prevent and detect fraud and abuse in the Medicaid program and (2) the implications of this level of support for CMS fraud and abuse control activities. -------------------------Indexing Terms------------------------- REPORTNUM: GAO-05-855T ACCNO: A28237 TITLE: Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited DATE: 06/28/2005 SUBJECT: Financial management Fraud Health care programs Internal controls Medicaid Program abuses Program management Risk management State-administered programs Strategic planning ****************************************************************** ** This file contains an ASCII representation of the text of a ** ** GAO Product. ** ** ** ** No attempt has been made to display graphic images, although ** ** figure captions are reproduced. Tables are included, but ** ** may not resemble those in the printed version. ** ** ** ** Please see the PDF (Portable Document Format) file, when ** ** available, for a complete electronic file of the printed ** ** document's contents. ** ** ** ****************************************************************** GAO-05-855T * Background * CMS Expends Limited Resources and Lacks Coherent Plan to Imp * Disparity Exists between Level of Resources and Program's Fi * CMS Structure and Lack of Planning Suggest Weak Commitment t * Lack of Priority Threatens CMS's Medicaid Fraud and Abuse Co * Concluding Observations * Contact and Acknowledgments * Order by Mail or Phone Testimony Before the Committee on Finance, U.S. Senate United States Government Accountability Office GAO For Release on Delivery Expected at 10:00 a.m. EDT Tuesday, June 28, 2005 MEDICAID FRAUD AND ABUSE CMS's Commitment to Helping States Safeguard Program Dollars Is Limited Statement of Leslie G. Aronovitz Director, Health Care GAO-05-855T Mr. Chairman and Members of the Committee: I am pleased to be here today as you discuss fraud and abuse control in Medicaid, a program that provides health care coverage for eligible low-income individuals and is jointly financed by the federal government and the states. In fiscal year 2003, Medicaid covered nearly 54 million people, and the program's benefit payments totaled $261 billion, of which the federal share was about $153 billion. Because fraud and abuse by their nature are unknown until detected, the amount of Medicaid funds lost through health care providers' inappropriate billings cannot be precisely quantified. Some states have made estimates of their respective programs' improper Medicaid payment rates that reflect not only fraudulent and abusive billings but also inadvertent billing errors, such as clerical mistakes. A nationwide improper payment rate for Medicaid has not been made, but even a rate as low as 3 percent would mean a loss of almost $4.6 billion in federal funds in fiscal year 2003. To put this hypothetical figure in perspective, it is roughly the amount that the federal government spent in fiscal year 2003 on the State Children's Health Insurance Program (SCHIP).1 Such a drain of vital program dollars is a detriment to both taxpayers and beneficiaries. For example, paying for services billed but not provided wastes funds that could have been used for health care. For example, in 2004, the owners of a Louisiana health care clinic were found guilty of billing the program more than $400,000 for health care screening services, nurse consultations, and nutrition consultations never provided. Alternatively, paying for unnecessary services can have a substantial, if not quantifiable, impact on health care quality. Consider the charge in 2004 against 20 dentists in California for conspiracy to defraud the state's Medicaid program of $4.5 million. As part of the conspiracy, the dentists billed Medicaid for unnecessary or inappropriate services that placed patients at risk by reusing dental instruments without sterilizing them, performing dental surgeries without adequate anesthesia, developing treatment plans that called for unneeded root canals and fillings, and forcibly restraining children during dental operations. 1SCHIP is a jointly funded federal-state program that provides health insurance to children in low-income families who do not qualify for Medicaid and are not covered by other insurance. States are primarily responsible for the fight against Medicaid fraud and abuse. Specifically, they are responsible for ensuring the legitimacy of providers billing the program, detecting improper payments, recovering overpayments, and referring suspected cases of fraud and abuse to law enforcement authorities. At the federal level, the Centers for Medicare & Medicaid Services (CMS) in the Department of Health and Human Services (HHS) is responsible for supporting and overseeing state fraud and abuse control activities. Last year, we reported that CMS had initiatives to assist states in combating fraud and abuse in their Medicaid programs, but its oversight of states' activities in this area was limited.2 The dollar and staff resources allocated to compliance reviews suggested that CMS's level of effort was disproportionately small relative to the risk of serious financial loss. Concerned about the stewardship of federal Medicaid funds, this Committee has raised questions about CMS's commitment to Medicaid fraud and abuse control. It is important to note that activities designed to prevent, detect, and recover improper payments made to providers resulting from fraud and abuse are a component of ensuring Medicaid program integrity. These activities are valuable not only from a financial standpoint but also have a sentinel effect on providers that may otherwise consider billing the program inappropriately. Another component is financial management activities, which involve the oversight of state claims for federal reimbursement, including the matching, administrative, and disproportionate share funds that CMS provides the states.3 While these program integrity functions are related, they are not interchangeable. My remarks today will focus on (1) the level of resources CMS currently applies to helping states prevent and detect fraud and abuse in the Medicaid program and (2) the implications of this level of support for CMS fraud and abuse control activities. 2GAO, Medicad Program Integrity: State and Federal Eforts to Prevent and DetectImproper Payments, GAO-04-707 (Washington, D.C.: July 16, 2004). 3Since fiscal year 2004, CMS has nearly completed the hiring of new staff accounting for 100 full-time equivalent positions to support its financial management review activities. Located largely in CMS regional offices, these staff review state budget and expenditure reports for accuracy, identify unallowable program costs, and provide guidance to the states on Medicaid financial management matters. Although financial management reviews are not intended to identify inappropriate billings by providers, they can identify fraud and abuse leads on an incidental basis. To do this work, we reviewed agency documents on Medicaid program safeguard support and oversight activities as well as our issued reports on this topic. We also interviewed officials at headquarters and CMS's 10 regional offices. We conducted our work in May and June 2005 in accordance with generally accepted government auditing standards. In summary, since we reported last year, the resources CMS expends to support and oversee states' Medicaid fraud and abuse control activities remain out of balance with the amount of federal dollars spent annually to provide Medicaid benefits.4 In fiscal year 2005, CMS's total staff resources allocated to these activities was about 8.1 full-time equivalent (FTE) staffing units-approximately 3.6 FTEs at headquarters and 4.5 FTEs in the regional offices. Among CMS's 10 regional offices-each of which oversees states whose Medicaid outlays include billions of federal dollars-7 offices each have less than 1 FTE and the rest each have less than 2 FTEs allocated to Medicaid fraud and abuse control efforts. Moreover, the placement of the Medicaid fraud and abuse control staff at headquarters-apart from the agency's office responsible for other antifraud and abuse activities-as well as a lack of specified goals for Medicaid fraud and abuse control raise questions about the agency's level of commitment to improving states' activities in this area. CMS's support and oversight initiatives include a pilot project for states to enhance claims scrutiny activities by coordinating with the Medicare program. Despite the project's positive results in several states, less than one-fifth of the states currently participate in the project, and resource constraints may require CMS to scale back these efforts instead of expanding them to additional states that are seeking to participate. Similarly, some of CMS's other support activities-such as conducting national conferences, regional workshops, and training-have been terminated altogether. The frequency of CMS's on-site reviews of states' fraud and abuse control activities remains about seven to eight visits a year. This means that federal oversight of a state's Medicaid program safeguards will not occur, at best, more than once every 7 years. In discussing the facts in this statement with a CMS Medicaid official, he stated that the agency does not view antifraud and abuse initiatives as separate from financial oversight, an area that has received substantial resources in recent years. While we agree that financial management is important to program integrity, we believe that an increased commitment to helping states fight fraud and abuse is warranted. 4 GAO-04-707 . Background Although jointly financed by the states and the federal government, Medicaid is administered directly by the states and consists of 56 distinct state-level programs.5 Within broad federal guidelines, each program establishes its own eligibility standards; determines the type, amount, duration, and scope of covered services; and sets payment rates. In general, the federal government matches state Medicaid spending for medical assistance according to a formula based on each state's per capita income. In fiscal year 2004, the federal contribution ranged from 50 to 77 cents of every state dollar spent on medical assistance. For most state Medicaid administrative costs, the federal match rate is 50 percent.6 As program administrators, states have primary responsibility for conducting program integrity activities that address provider enrollment, claims review, and case referrals. Specifically, federal statute or CMS regulations require states to o collect and verify basic information on potential providers, including whether the providers meet state licensure requirements and are not prohibited from participating in federal health care programs; o have an automated claims payment and information retrieval system-intended to verify the accuracy of claims, the correct use of payment codes, and patients' Medicaid eligibility-and a claims review system-intended to develop statistical profiles on services, providers, and beneficiaries to identify potential improper payments;7 and o refer suspected overpayments or overutilization cases to other units in the Medicaid agency for corrective action and potential fraud cases, generally, to the state's Medicaid Fraud Control Unit for investigation and prosecution.8 As noted in our 2004 report,9 states use a variety of controls and safeguards to stem improper provider payments. For example, states target high-risk providers seeking to bill Medicaid with on-site facility inspections, criminal background checks, and probationary or time-limited enrollment. States also reported using information technology to integrate databases containing provider, beneficiary, and claims information and to increase the effectiveness of their utilization reviews. Various states individually attributed cost savings or recoupments to these efforts valued in the millions of dollars. In contrast, CMS's role in curbing fraud and abuse in the Medicaid program is largely one of support to the states. As we reported last year,10 CMS administers two pilot projects-one focused on measuring the accuracy of a state's Medicaid claims payments (Payment Accuracy Measurement (PAM)) and the other focused on improper billing detection and utilization patterns by linking Medicare and Medicaid claims information (Medi-Medi). CMS also sponsors general technical assistance and information-sharing through its Medicaid fraud and abuse technical assistance group (TAG). In addition, CMS performs oversight of states' Medicaid fraud and abuse control activities. (See table 1.) Table 1: CMS Activities to Support and Oversee States' Fraud and Abuse Control Efforts, Fiscal Year 2004 Source: GAO, Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments, GAO-04-707 (Washington, D.C.: July 16, 2004). aPub. L. No. 107-300, 116 Stat. 2350. A wide disparity exists between the level of resources CMS expends to support and oversee states' fraud and abuse control activities and the amount of federal dollars at stake in Medicaid benefit payments. In addition, CMS's organizational placement of staff and lack of strategic planning suggest a limited commitment to improving states' Medicaid fraud and abuse control efforts. The resources CMS devotes to working with states to fight Medicaid fraud and abuse do not appear to be commensurate with the size of the program's financial risk. In fiscal year 2005, CMS's Medicaid staff resources allocated to supporting or overseeing states' anti-fraud and abuse operations was an estimated 8.1 FTEs-3.6 FTEs at headquarters and 4.5 FTEs in the regional offices.11 Staff at headquarters are engaged in arranging and conducting the on-site compliance reviews of states' fraud and abuse control efforts and in information-sharing activities. Staff at the regional offices also participate in the state compliance reviews and respond to state inquiries. Canvassing the 10 regional CMS offices, we found that 7 regions each have a fraction of an FTE and the rest each have less than 2 FTEs devoted to providing assistance on fraud and abuse issues. For example, Region IV-which covers eight states and accounted for $33 billion of federal funds for Medicaid benefits in fiscal year 2004-reported having 1 FTE devoted to Medicaid fraud and abuse control activities. (See table 2.) Table 2: Federal Share of Medicaid Benefit Dollars and CMS Staff Devoted to States' Fraud and Abuse Control Efforts Source: GAO compilation of CMS information. Note: Federal outlays do not add up to the total due to rounding. For fiscal year 2006, CMS's budget has no line item devoted to Medicaid fraud and abuse control activities. The project to estimate payment error rates known as PAM/PERM (required by statute) and the Medi-Medi pilot project (with benefits accruing to both programs) are financed through a statutorily established fund-the Health Care Fraud and Abuse Control (HCFAC) account.12 (See table 3.) The HCFAC monies from which these two projects are largely financed are known as "wedge" funds. As CMS's distribution of these funds varies from year to year, the level of support for fraud and abuse control initiatives is uncertain and depends on the priorities set by the agency. For example, fiscal year 2005 funds allocated from the HCFAC account for PAM/PERM and Medi-Medi were less than half the funds allocated in fiscal year 2004. In contrast, Medicare fraud and abuse control activities at CMS are financed primarily through earmarked funds from another HCFAC component-the Medicare Integrity Program. Table 3: HCFAC Wedge Funds Allocated for CMS Activities That Address Medicaid Fraud and Abuse Source: CMS. Note: We estimated that, in addition to the wedge funds, FBI funding (Medicaid share) was about $1.5 million in fiscal year 2004 and about $500,000 in fiscal year 2005. CMS's Medicaid compliance reviews are funded through a different source-HHS's budget appropriation. In fiscal year 2004, the budget for this activity was $26,000, down from $40,000 in fiscal year 2003 and $80,000 in fiscal year 2002.13 The placement of Medicaid's antifraud and abuse function in CMS's organizational structure and a lack of stated goals and objectives suggests a limited institutional commitment to Medicaid fraud and abuse control activities. Currently, two different headquarters offices are charged with working with states on fraud and abuse issues. CMS's Office of Financial Management staffs the PAM/PERM and Medi-Medi initiatives, while the Center for Medicaid and State Operations (CMSO) staffs the state compliance reviews and TAG functions. Under this organizational structure, the Medicaid fraud and abuse staff in CMSO are not in an optimal position to leverage the resources allocated to the office with responsibility for developing tools and strategies for combating fraud and abuse. As further evidence of the low priority assigned to Medicaid fraud and abuse control, the planning, outreach, and building of staff expertise lacks leadership continuity. From 1997 to 2003, the leadership and funding of CMS's support for states' antifraud and abuse efforts resided in a consortium of two regional offices. The consortium led a network of regional fraud and abuse coordinators and state Medicaid representatives, sponsoring telephone conferences and workshops, seminars, and training sessions aimed at sharing best practices for fighting fraud and abuse. Medicaid staff based at headquarters reported to a national network coordinator located at one of the consortium's regional offices. With the retirement of the national coordinator in 2003, the consortium relinquished its leadership and funding role and the Medicaid antifraud and abuse activities were reassigned to CMSO without additional resources. Since then, no nationwide meetings with state program integrity officials have been held. At the same time, CMS lacks a strategic plan to drive its Medicaid antifraud and abuse operations. Goals for the long term, as well as plans on how to achieve them, have not been specified in any public department or agency planning documents. For example, HHS's fiscal year 2004 performance and accountability report cited Medicaid's high risk of payment errors as the department's management challenge for fighting Medicaid fraud and abuse.14 To address this challenge, the report cited the PAM/PERM initiative for estimating payment error rates, as this activity is required in federal statute. But there was no mention of any other fraud and abuse support or oversight activities or goals. Similarly, the discussion of Medicaid program integrity in the Administration's Budget for Fiscal Year 2006 covers activities to curb states' inappropriate financing mechanisms but makes no mention of federal support or oversight of states' fraud and abuse efforts. At the agency level, CMS officials were unable to provide any publicly available planning documents specifying short- or long-term Medicaid program goals that target fraud and abuse. The low priority given to CMS activities in support of states' fraud and abuse control efforts is having serious consequences for current projects. CMS's distribution of resources may require some activities to be scaled back and others to be eliminated. Specifically, the expansion of the Medi-Medi data match project has been slow, leaving potentially millions of dollars in cost avoidance and cost savings unrealized. This project enables claims data analysts to detect patterns that may not be evident when providers' billings for either Medicare or Medicaid are viewed in isolation. For example, by combining data from each program, analysts can identify "time bandits," or providers who bill for more than 24 hours in a single day. As of March 31, 2005, seven states with fully operational projects reported returns to the Medicaid and Medicare programs of $133.1 million in provider payments under investigation, $59.7 million in program vulnerabilities identified, and $2.0 million in overpayments to be recovered. In addition, 240 investigations had been initiated and 28 cases referred to law enforcement agencies. Two additional states, Ohio and Washington, have begun Medi-Medi projects that are expected to be operational later this year. Because of anticipated unmet funding needs, existing Medi-Medi data match activities are in jeopardy of being scaled back considerably. As CMS stated in its fiscal year 2005 second quarter report on Medi-Medi projects, "Eliminating certain Medi-Medi projects in their entirety and/or dramatically reducing the level of effort across all of the projects are among the approaches under consideration. Beyond FY 2006, the entire project will terminate if additional funding is not identified." Agency officials noted that several additional states have expressed interest in participating but expanding the program to more states will not occur without a new allocation or realignment of resources. Plans for additional activities that involve coordination with Medicare have been put on hold, pending budget decisions. These include enhanced oversight of prescription drug fraud when Medicare begins covering Medicaid beneficiaries' drug benefits in 2006 and the use of a unified provider enrollment form instead of separate forms for Medicare and Medicaid. Similarly, CMS's role as provider of technical assistance and disseminator of states' best practices has been severely limited because of competing priorities. At a health care fraud and abuse conference sponsored by HHS and the Department of Justice in 2000, participants from states and CMS regional offices articulated their common unmet needs with regard to fraud and abuse technology. The top three areas cited were information-sharing and access to data; training in data analysis and use of technology; and staffing, hardware, and software resources. CMS has not sponsored a national conference with state program integrity officials since 2003 and has not sponsored any fraud and abuse workshops or training since 2000. According to a CMS official, such information-sharing and technical assistance activities would not be expensive to support-less than $100,000 annually-and could result in returns that would exceed this relatively low amount. Resource shortages also account for CMS's limited oversight of states' Medicaid prevention, detection, and referral activities for improper payments. Since January 2000, CMS's Medicaid staff from headquarters and regional offices have been conducting compliance reviews of about seven to eight states a year. The reviews are aimed at ensuring that states have processes and procedures in place, in compliance with federal requirements for enrolling providers, reviewing claims, and referring cases. These compliance reviews have been effective at identifying weaknesses in states' efforts to combat fraud and abuse. For example, in the course of these reviews, CMS has found instances in which o a state had no process in place to prevent payments to excluded providers, o states did not use their authority to evaluate providers' professional or criminal histories as part of the provider enrollment process, and o a state did not follow appropriate procedures for referring a case to state law enforcement authorities. States have reported making positive modifications in their programs as a result of the CMS compliance reviews. Nevertheless, at the currently scheduled pace, states' programs will be reviewed once in 7 years at the earliest. Because the compliance reviews are infrequent, CMS's knowledge of states' fraud and abuse activities is, for many states, substantially out-of-date at any given time. Relatively few and questionably aligned resources and an absence of strategic planning underscore the limited commitment CMS has made to strengthening states' ability to curb fraud and abuse. Despite the millions of dollars CMS receives annually from a statutorily established fund for fraud and abuse control, the agency has not allocated these resources to sufficiently fund initiatives that can help states increase the effectiveness of their Medicaid fraud and abuse control efforts. Developing a strategic plan for Medicaid fraud and abuse control activities would give CMS a basis for providing resources that reflect the financial risk to the federal government. We discussed facts in this statement with a relevant CMS official. He noted that CMS does not view fraud and abuse control activities as separate from its financial management responsibilities. He indicated that CMS has invested substantial resources in program integrity activities that focus on the financial oversight of the Medicaid program. While we agree that financial oversight of Medicaid is a key component of program integrity, we maintain that the other component-fraud and abuse control activities-warrants a greater commitment than it currently receives. Mr. Chairman, this concludes my prepared remarks. I would be happy to answer any questions that you or other Members of the Committee may have. For further information regarding this testimony, please contact Leslie G. Aronovitz at (312) 220-7600. Hannah Fein, Sandra Gove, and Janet Rosenblad contributed to this statement under the direction of Rosamond Katz. The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548 To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061 Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: [email protected] Automated answering system: (800) 424-5454 or (202) 512-7470 Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548 Paul Anderson, Managing Director, [email protected] (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548 5The 56 Medicaid programs include one for each of the 50 states, the District of Columbia, Puerto Rico, and the U.S. territories of American Samoa, Guam, Northern Mariana Islands, and Virgin Islands. Hereafter, all 56 entities are referred to as states. 6For skilled professional medical personnel engaged in program integrity activities, such as those who review medical records, 75 percent federal matching is available. 7CMS requires that states have certain information processing capabilities, including a Medicaid Management Information System and a Surveillance and Utilization Review Subsystem. 8Medicaid Fraud Control Units can, in turn, refer some cases to the HHS Office of Inspector General (OIG), the Federal Bureau of Investigation (FBI), and the Department of Justice (DOJ) for further investigation and prosecution. 9 GAO-04-707 . 10 GAO-04-707 . CMS initiatives Description PAM/PERM CMS conducted a 3-year pilot called PAM to develop estimates of the accuracy of Medicaid claims payments. In fiscal year 2006, PAM will become a permanent, mandatory program-to be known as the Payment Error Rate Measurement (PERM) initiative-as required by the Improper Payments Information Act of 2002.a Under PERM, states will be expected to ultimately reduce their payment error rates over time by better targeting program integrity activities in their Medicaid and SCHIP programs. Medi-Medi Under this program, CMS facilitates the sharing of information between the Medicaid and Medicare programs. Medi-Medi is a data match pilot designed to identify improper billing and utilization patterns by matching Medicare and Medicaid claims information on providers and beneficiaries. Such matching is important, as fraudulent schemes can cross program boundaries. TAG Through telephone conferencing, CMS provides a forum for states to discuss issues, solutions, resources, and experiences on fraud and abuse issues. Any state may participate; roughly one-third do so regularly. States have also used the TAG to propose policy changes to CMS. Compliance reviews CMS conducts on-site reviews to assess whether state Medicaid fraud and abuse control efforts comply with federal requirements, such as those governing provider enrollment, claims review, utilization control, and coordination with each state's Medicaid Fraud Control Unit. If reviewers find states significantly out of compliance, they may revisit the states to verify that they have taken corrective action. CMS Expends Limited Resources and Lacks Coherent Plan to Improve States' Medicaid Fraud and Abuse Control Activities Disparity Exists between Level of Resources and Program's Financial Risk Fiscal year Fiscal year 2005 2004 federal CMS staff share of devoted to Medicaid Medicaid fraud benefit outlays and abuse (dollars in control CMS office Office jurisdiction billions) (estimated FTEs) Region I Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, and Vermont $9.2 Less than 1 Region II New York, New Jersey, the U.S. Virgin Islands, and Puerto Rico 26.0 Less than 1 Region III Delaware, Maryland, Pennsylvania, Virginia, West Virginia, and the District of Columbia 15.2 Less than 1 Region IV Alabama, North Carolina, South Carolina, Florida, Georgia, Kentucky, Mississippi, and Tennessee 33.0 Less than 2 Region V Illinois, Indiana, Michigan, Minnesota, Ohio, and Wisconsin 25.9 Less than 2 Region VI Arkansas, Louisiana, New Mexico, Oklahoma, and Texas 19.2 Less than 2 Region VII Iowa, Kansas, Missouri, and Nebraska 7.4 Less than 1 Region VIII Colorado, Montana, North Dakota, South Dakota, Utah, and Wyoming 3.8 Less than 1 Region IX Arizona, California, Hawaii, Nevada, the territories of American Samoa, Guam, and the Commonwealth of the Northern Mariana Islands 20.9 Less than 1 Region X Alaska, Idaho, Oregon, and Washington 5.6 Less than 1 All regions 4.5 CMS headquarters 3.6 Total CMS $166.1 8.1 11In addition, three to four Medicare FTEs located in both headquarters and regional offices support joint Medicaid and Medicare fraud and abuse projects. 12Since fiscal year 2003, this account dedicates $1.075 billion annually from the Medicare part A Trust Fund for combating health care fraud and abuse. The money is allocated in three major parts: (1) up to $720 million for the Medicare Integrity Program, (2) $114 million to the FBI, and (3) up to $240.6 million in "wedge" funds. In fiscal years 2004 and 2005, wedge funds were allocated as follows: $160.0 million to the HHS OIG, $49.4 million to DOJ, and $31.1 million to CMS and other HHS agencies. Dollars in thousands Fiscal year 2004 Fiscal year 2005 PAM/PERM $4,121 $1,200 Medi/Medi (Medicaid share) 3,691 2,439 Total $7,812 $3,639 CMS Structure and Lack of Planning Suggest Weak Commitment to Supporting States' Medicaid Fraud and Abuse Control Efforts 13Information on the amount of fiscal year 2005 funds for compliance reviews was not available at the time of our review. 14HHS, Performance and Accountability Report, Fiscal Year 2004 (Washington, D.C.: Dec. 13, 2004). Lack of Priority Threatens CMS's Medicaid Fraud and Abuse Control Activities, While Potential to Do More Goes Untapped Concluding Observations Contact and Acknowledgments (290467) This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO's Mission Obtaining Copies of GAO Reports and Testimony Order by Mail or Phone To Report Fraud, Waste, and Abuse in Federal Programs Congressional Relations Public Affairs www.gao.gov/cgi-bin/getrpt? GAO-05-855T . To view the full product, including the scope and methodology, click on the link above. For more information, contact Leslie G. Aronovitz at (312) 220-7600. Highlights of GAO-05-855T , a testimony before the Committee on Finance, U.S. Senate June 28, 2005 MEDICAID FRAUD AND ABUSE CMS's Commitment to Helping States Safeguard Program Dollars Is Limited Today's hearing addresses fraud and abuse control in Medicaid, a program that provides health care coverage for eligible low-income individuals and is jointly financed by the federal government and the states. In fiscal year 2003, Medicaid covered nearly 54 million people and the program's benefit payments totaled roughly $261 billion, of which the federal share was about $153 billion. States are primarily responsible for ensuring appropriate payments to Medicaid providers through provider enrollment screening, claims review, overpayment recoveries, and case referrals. At the federal level, the Centers for Medicare & Medicaid Services (CMS) is responsible for supporting and overseeing state fraud and abuse control activities. Last year, GAO reported that CMS had initiatives to assist states, but the dollar and staff resources allocated to oversight suggested that CMS's level of effort was disproportionately small relative to the risk of federal financial loss. Concerned about the stewardship of federal Medicaid funds, this Committee has raised questions about CMS's commitment to Medicaid fraud and abuse control. This statement focuses on (1) the level of resources CMS currently applies to helping states prevent and detect fraud and abuse in the Medicaid program and (2) the implications of this level of support for CMS fraud and abuse control activities. Since GAO reported last year, the resources CMS expends to support and oversee states' Medicaid fraud and abuse control activities remain out of balance with the amount of federal dollars spent annually to provide Medicaid benefits. In fiscal year 2005, CMS's total staff resources allocated to these activities was about 8.1 full-time equivalent (FTE) staffing units-approximately 3.6 FTEs at headquarters and 4.5 FTEs in the regional offices. Among CMS's 10 regional offices-each of which oversees states whose Medicaid outlays include billions of federal dollars-7 offices each have a fraction of an FTE and the rest each have less than 2 FTEs allocated to Medicaid fraud and abuse control efforts. Moreover, the placement of the Medicaid fraud and abuse control staff at headquarters-apart from the agency's office responsible for other antifraud and abuse activities-as well as a lack of specified goals for Medicaid fraud and abuse control raise questions about the agency's level of commitment to improve states' activities in this area. CMS's support and oversight initiatives include a pilot project for states to enhance claims scrutiny activities by coordinating with the Medicare program. Despite the project's positive results in several states, less than one-fifth of the states currently participate in the project and resource constraints may require CMS to scale back these efforts instead of expanding them to additional states that are seeking to participate. Similarly, CMS's support activities-such as conducting national conferences, regional workshops, and training-have been terminated altogether. The frequency of CMS's on-site reviews of states' fraud and abuse control activities-about seven to eight visits a year-has not changed since GAO reported on this last year. This means that federal oversight of a state's Medicaid program safeguards will not occur, at best, more than once every 7 years. Relatively few and questionably aligned resources and an absence of strategic planning underscore the limited commitment CMS has made to strengthening states' ability to curb fraud and abuse. Despite the millions of dollars CMS receives annually from a statutorily established fund for fraud and abuse control, the agency has not allocated these resources to sufficiently fund initiatives that can help states increase the effectiveness of their Medicaid fraud and abuse control efforts. Developing a strategic plan for Medicaid fraud and abuse control activities would give CMS a basis for providing resources that reflect the financial risk to the federal government. In discussing the facts in this statement with a CMS Medicaid official, he stated that the agency does not view antifraud and abuse initiatives as separate from financial oversight, an area that has received substantial resources in recent years. While we agree that financial management is important to program integrity, we believe that an increased commitment to helping states fight fraud and abuse is warranted. *** End of document. ***