oversight

National Medicaid Audit Program: CMS Should Improve Reporting and Focus on Audit Collaboration with States

Published by the Government Accountability Office on 2012-06-14.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

             United States Government Accountability Office

GAO          Report to Congressional Requesters




June 2012
             NATIONAL
             MEDICAID AUDIT
             PROGRAM
             CMS Should Improve
             Reporting and Focus
             on Audit
             Collaboration with
             States




GAO-12-627
                                             June 2012

                                             NATIONAL MEDICAID AUDIT PROGRAM
                                             CMS Should Improve Reporting and Focus on Audit
                                             Collaboration with States
Highlights of GAO-12-627, a report to
congressional requesters




Why GAO Did This Study                       What GAO Found
Medicaid, the joint federal-state health     Compared to the initial test audits and the more recent collaborative audits, the
care financing program for certain low-      majority of the Medicaid Integrity Group’s (MIG) audits conducted under the
income individuals, has the second-          National Medicaid Audit Program (NMAP) were less effective because they used
highest estimated improper payments          Medicaid Statistical Information System (MSIS) data. MSIS is an extract of
of any federal program. The Deficit          states’ claims data and is missing key elements, such as provider names, that
Reduction Act of 2005 expanded the           are necessary for auditing. Since fiscal year 2008, 4 percent of the 1,550 MSIS
federal role in Medicaid program             audits identified $7.4 million in potential overpayments, 69 percent did not identify
integrity, and the Centers for Medicare      overpayments, and the remaining 27 percent were ongoing. In contrast, 26 test
& Medicaid Services (CMS), the
                                             audits and 6 collaborative audits—which used states’ more robust Medicaid
federal agency that oversees Medicaid,
                                             Management Information System (MMIS) claims data and allowed states to
established the MIG, which designed
the NMAP. Since the NMAP’s
                                             select the audit targets—together identified more than $12 million in potential
inception, the MIG has used three            overpayments. Furthermore, the median amount of the potential overpayment for
different audit approaches: test, MSIS,      MSIS audits was relatively small compared to test and collaborative audits.
and collaborative. This report focuses
on (1) the effectiveness of the MIG’s        Number of Audits and Potential NMAP Overpayments and through February 2012
implementation of NMAP, and (2) the
MIG’s efforts to redesign the NMAP.
To do this work, GAO analyzed MIG
data, reviewed its contractors’ reports,
and interviewed MIG officials,
contractor representatives, and state
program integrity officials.

What GAO Recommends
GAO recommends that the CMS
Administrator ensure that the MIG’s
(1) update of its comprehensive plan
provide key details about the NMAP,
including its expenditures and audit
outcomes, program improvements, and
plans for effectively monitoring the
program; (2) future annual reports to
Congress clearly address the strengths
and weaknesses of the audit program
and its effectiveness; and (3) use of
NMAP contractors supports and
expands states’ own program integrity        The MIG reported that it is redesigning the NMAP, but has not provided
efforts through collaborative audits.        Congress with key details about the changes it is making to the program,
HHS partially concurred with GAO’s           including the rationale for the change to collaborative audits, new analytical roles
first recommendation commenting that         for its contractors, and its plans for addressing problems with the MSIS audits.
CMS’s annual report to Congress was          Early results showed that this collaborative approach may enhance state
a more appropriate vehicle for               program integrity activities by allowing states to leverage the MIG’s resources to
reporting NMAP results than its              augment their own program integrity capacity. However, the lack of a published
comprehensive plan. HHS concurred            plan detailing how the MIG will monitor and evaluate NMAP raises concerns
with the other two recommendations.          about the MIG’s ability to effectively manage the program. Given that NMAP has
View GAO-12-627. For more information,       accounted for more than 40 percent of MIG expenditures, transparent
contact Carolyn L. Yocom at (202) 512-7114   communications and a strategy to monitor and continuously improve NMAP are
or yocomc@gao.gov.                           essential components of any plan seeking to demonstrate the MIG’s effective
                                             stewardship of the resources provided by Congress.
                                                                                       United States Government Accountability Office
Contents


Letter                                                                                              1
                       Background                                                                   3
                       The Majority of the MIG’s NMAP Audits Were MSIS Audits, Which
                         Were Less Effective than Other Audit Approaches                          10
                       MIG’s Redesign of the NMAP Has Potential Advantages, but MIG
                         Has Not Been Transparent about Key Details of the Program’s
                         Redesign                                                                 17
                       Conclusions                                                                21
                       Recommendations for Executive Action                                       22
                       Agency Comments and Our Evaluation                                         22

Appendix I             Status of Medicaid Statistical Information System (MSIS) Audits            25



Appendix II            Information on Medicaid Statistical Information System Audits
                       that Identified Potential Overpayments                                     26



Appendix III           Status of Collaborative Audits                                             28



Appendix IV            Comments from the Department of Health and Human Services                  29



Appendix V             GAO Contact and Staff Acknowledgments                                      35



Related GAO Products                                                                              36



Tables
                       Table 1: Comparison of Data Sources for NMAP Audits                          6
                       Table 2: Status of MSIS Audits, by Fiscal Year of Assignment and
                                Audit Stage Conducted through February 2012                       25
                       Table 3: Number of Successful MSIS Audits, by State and Provider
                                Type                                                              26




                       Page i                               GAO-12-627 National Medicaid Audit Program
          Table 4: Amount of Potential Overpayments Identified by
                   Successful MSIS Audits, by State and Provider Type                 27
          Table 5: Status of Collaborative Audits, by Fiscal Year of
                   Assignment and Audit Stage                                         28
          Table 6: Number of Successful Collaborative Audits, by State and
                   Provider Type                                                      28
          Table 7: Amount of Potential Overpayments Identified by
                   Successful Collaborative Audits, by State and Provider
                   Type                                                               28


Figures
          Figure 1: Review Contractor Activities for MSIS Audits                        7
          Figure 2: Audit Contractor Activities for MSIS Audits                         8
          Figure 3: NMAP Contractor Expenditures and Audit Timeline,
                   Fiscal Years 2007-2011                                             10
          Figure 4: Number of Audits and Total Potential Overpayments
                   Identified and Sent to States for Recoupment (in millions
                   of dollars) by Audit Approach, through February 2012               12
          Figure 5: Status of 1,550 Medicaid Statistical Information System
                   (MSIS) Audits Conducted through February 2012                      14




          Page ii                               GAO-12-627 National Medicaid Audit Program
Abbreviations

CMS               Centers for Medicare & Medicaid Services
DRA               Deficit Reduction Act of 2005
HHS               Department of Health and Human Services
MIG               Medicaid Integrity Group
MMIS              Medicaid Management Information System
MSIS              Medicaid Statistical Information System
NMAP              National Medicaid Audit Program
OIG               Office of Inspector General
T-MSIS            Transformed MSIS




This is a work of the U.S. government and is not subject to copyright protection in the
United States. The published product may be reproduced and distributed in its entirety
without further permission from GAO. However, because this work may contain
copyrighted images or other material, permission from the copyright holder may be
necessary if you wish to reproduce this material separately.




Page iii                                      GAO-12-627 National Medicaid Audit Program
United States Government Accountability Office
Washington, DC 20548




                                   June 14, 2012

                                   The Honorable Thomas R. Carper
                                   Chairman
                                   The Honorable Scott P. Brown
                                   Ranking Member
                                   Subcommittee on Federal Financial Management,
                                    Government Information, Federal Services and
                                    International Security
                                   Committee on Homeland Security and Governmental Affairs
                                   United States Senate

                                   The Honorable Tom Coburn
                                   Ranking Member
                                   Permanent Subcommittee on Investigations
                                   Committee on Homeland Security and Governmental Affairs
                                   United States Senate

                                   The Centers for Medicare & Medicaid Services (CMS) estimated that
                                   $21.9 billion (8 percent) of Medicaid’s federal expenditures of $270 billion
                                   in fiscal year 2011 involved improper payments, the second highest
                                   amount reported by any federal program. 1 Improper payments include
                                   those made for treatments or services that were not covered by program
                                   rules, that were not medically necessary, or that were billed for but never
                                   provided. 2 Since 2001, we have reported numerous times on improper
                                   payments and our concerns about the adequacy of fiscal oversight in
                                   Medicaid. 3 The challenges inherent in overseeing a program of


                                   1
                                    CMS is the federal agency within the Department of Health and Human Services that
                                   oversees Medicaid.
                                   2
                                    An improper payment is any payment that should not have been made or that was made
                                   in an incorrect amount (including overpayments and underpayments) under statutory,
                                   contractual, administrative, or other legally applicable requirements. This definition
                                   includes any payment to an ineligible recipient, any payment for an ineligible good or
                                   service, any duplicate payment, any payment for a good or service not received (except
                                   where authorized by law), and any payment that does not account for credit for applicable
                                   discounts. Improper Payments Elimination and Recovery Act of 2010, Pub. L. No. 111-
                                   204, § 2(e), 124 Stat. 2224, 2227 (codified at 31 U.S.C. § 3321 note).
                                   3
                                    See GAO, Medicaid: State Efforts to Control Improper Payments, GAO-01-662
                                   (Washington, D.C.: June 7, 2001). A list of related products is included at the end of this
                                   report.




                                   Page 1                                         GAO-12-627 National Medicaid Audit Program
Medicaid’s size and diversity make the program vulnerable to improper
payments. Because of the program’s risk of improper payments, as well
as insufficient federal and state oversight, Medicaid has been on our list
of high-risk programs since January 2003. 4

The Medicaid program consists of 56 distinct state-based programs that
operate within broad federal guidelines. 5 States are the first line of
defense against Medicaid improper payments. Specifically, they must
ensure the qualifications of the providers who bill the program, detect
improper payments, recover overpayments, and refer suspected cases of
fraud and abuse to law enforcement authorities. At the federal level, CMS
is responsible for oversight of the Medicaid program. Until the Deficit
Reduction Act of 2005 (DRA), Medicaid program integrity had been
primarily a state responsibility. 6 The DRA created the Medicaid Integrity
Program to oversee and support state efforts and, among other actions,
directed CMS to hire contractors to review and audit state Medicaid
claims data, which CMS calls the National Medicaid Audit Program
(NMAP). CMS established the Medicaid Integrity Group (MIG) to
implement these DRA provisions. 7

You asked us to examine CMS’s oversight of and support for states’
efforts to prevent and reduce improper payments in Medicaid. This report
focuses on: (1) the effectiveness of the MIG’s implementation of the
NMAP and (2) the MIG’s efforts to redesign the NMAP. We are reporting
on the MIG’s implementation and redesign of the NMAP because of its
potential duplication of state activities and because it has accounted for
over 40 percent of the approximately $75 million the MIG spends annually
on Medicaid program integrity. A subsequent report will examine


4
 See GAO, Major Management Challenges and Program Risks: Department of Health and
Human Services, GAO-03-101 (Washington, D.C.: Jan. 1, 2003).
5
 The federal government matches states’ expenditures for most Medicaid services using a
statutory formula based on each state’s per capita income. The 56 Medicaid programs
include one for each of the 50 states, the District of Columbia, Puerto Rico, American
Samoa, Guam, the Commonwealth of the Northern Mariana Islands, and the U.S. Virgin
Islands. Hereafter, we refer to the 50 states and the District of Columbia as states; all
other entities were excluded from our work.
6
 See Pub. L. No. 109-171, § 6034, 120 Stat. 3, 74-78 (2006) (codified at 42 U.S.C.
§ 1396u-6).
7
 See GAO, Medicaid Program Integrity: Expanded Federal Role Presents Challenges to
and Opportunities for Assisting States, GAO-12-288T (Washington, D.C.: Dec. 7, 2011).




Page 2                                       GAO-12-627 National Medicaid Audit Program
             additional CMS activities that oversee and support state Medicaid
             program integrity.

             To address both of our reporting objectives, we analyzed NMAP data
             provided by the MIG and interviewed MIG officials. We assessed the
             reliability of these data and found them sufficiently reliable for our
             purposes. In addition, we reviewed annual lessons-learned reports
             submitted by the MIG’s review and audit contractors and interviewed
             representatives of each type of contractor. We also interviewed program
             integrity officials in 11 states to obtain their perspectives on the NMAP
             and collected additional information from 8 states where the MIG has
             recently implemented changes to the NMAP. The 11 states were:
             Arizona, California, Connecticut, Florida, Kentucky, New York, Ohio,
             Pennsylvania, Texas, Washington, and Wisconsin. We selected these
             states because of their geographic diversity and because together they
             accounted for more than half of all Medicaid spending and beneficiaries.
             Separately, we contacted the 9 states where CMS had implemented
             changes to the NMAP to obtain their perspective on the redesign—
             Arkansas, California, Idaho, Maryland, Mississippi, New Jersey, Ohio,
             Texas, and Washington. California did not respond to our questions
             regarding the redesign. We reviewed relevant Department of Health and
             Human Services Office of the Inspector General (HHS-OIG) reports, and
             interviewed HHS-OIG officials involved in early assessments of the MIG’s
             review and audit contractors. We conducted this audit work between July
             2011 and June 2012 in accordance with generally accepted government
             auditing standards. Those standards require that we plan and perform the
             performance audit to obtain sufficient, appropriate evidence to provide a
             reasonable basis for our findings and conclusions based on our audit
             objectives. We believe that the evidence obtained provides a reasonable
             basis or our findings and conclusions based on our audit objectives.


             The MIG has taken three different approaches since establishing the
Background   NMAP—test audits, Medicaid Statistical Information System (MSIS)
             audits, and collaborative audits. 8 In each approach, contractors



             8
              Test audits began in June 2007 and were completed in December 2010. Contracts for
             MSIS audits were issued in December 2007 and MSIS audits were assigned to audit
             contractors in September 2008. Collaborative audits were assigned to audit contractors in
             January 2010. As of February 2012, a number of MSIS audits and collaborative audits are
             ongoing.




             Page 3                                       GAO-12-627 National Medicaid Audit Program
              conducted post payment audits, that is, they reviewed medical
              documentation and other information related to Medicaid claims that had
              already been paid. The key differences among the three NMAP
              approaches were (1) the data sources used to identify audit targets, and
              (2) the roles assigned to states and contractors. In June 2007, the MIG
              hired a contractor to conduct test audits, and it implemented MSIS audits
              beginning in December 2007 by hiring separate review and audit
              contractors for each of five geographic areas of the country. Collaborative
              audits were introduced in January 2010.


Test Audits   In June 2007, the MIG hired a contractor to conduct test audits in five
              states. 9 Working with the MIG and the states, the contractor audited 27
              providers. States provided the initial audit targets based on their own
              analysis of Medicaid Management Information System (MMIS) data.
              MMIS are mechanized claims processing and information retrieval
              systems maintained by individual states, and generally reflect real-time
              payments and adjustments of detailed claims for each health care service
              provided. In some cases, states provided samples of their claims data
              with which to perform the audits, and in other cases states provided a
              universe of paid claims that the MIG’s contractor analyzed to derive the
              sample. Twenty-seven test audits were conducted on hospitals,
              physicians, dentists, home health agencies, medical transport vendors,
              and durable medical equipment providers.


MSIS Audits   In December 2007, while test audits were still under way, the MIG began
              hiring review and audit contractors to implement MSIS audits. 10 MSIS
              audits differed from the test audits in three ways.

              •   First, MSIS audit targets were selected based on the analysis of
                  Medicaid Statistical Information System (MSIS) data. MSIS is a
                  national data set collected and maintained by CMS consisting of


              9
               The five states were the District of Columbia, Florida, Mississippi, Texas, and
              Washington.
              10
                Within the MIG, the Division of Medicaid Integrity Contracting is responsible for
              administrative oversight of the contracts and ensuring that contractors meet the
              performance criteria. This division’s staff is involved in developing the scope of work for
              contracts, but the detailed contents of the contracts are largely developed by other
              divisions within MIG.




              Page 4                                          GAO-12-627 National Medicaid Audit Program
     extracts from each state’s MMIS, including eligibility files and paid
     claims files that were intended for health care research and evaluation
     activities but not necessarily for auditing. As a subset of states’ more
     detailed MMIS data files, MSIS data do not include elements that can
     assist in audits, such as the explanations of benefit codes and the
     names of providers and beneficiaries. In addition, MSIS data are not
     as timely because of late state submissions and the time it takes
     CMS’s contractor to review and validate the data. 11 MIG officials told
     us that they chose MSIS data because the data were readily available
     for all states and the state-based MMIS data would require a
     significant amount of additional work to standardize across states.
     (See table 1 below.)

•    Second, MSIS audits were conducted over a wider geographic area;
     44 states have had MSIS audits, compared with the small number of
     states selected for test audits.

•    Third, MSIS audits use two types of contractors—review contractors
     to conduct data analysis and help identify audit leads, and audit
     contractors to conduct the audits. In the test audits, the states
     provided the initial audit leads.




11
  HHS-OIG, MSIS Data Usefulness for Detecting Fraud, Waste, and Abuse,
OEI-04-07-00240 (August 2009); HHS-OIG, Top Management and Performance
Challenges Facing the Department of Health and Human Services in Fiscal Year 2011
(November 2011).




Page 5                                     GAO-12-627 National Medicaid Audit Program
Table 1: Comparison of Data Sources for NMAP Audits

                                 Medicaid Management Information
                                 System (MMIS)                                 Medicaid Statistical Information System (MSIS)
Overview                         MMIS is a Medicaid claims processing and      MSIS is a national eligibility and claims database
                                 information system used by states for         used by CMS to analyze Medicaid program
                                 management, oversight and reporting of        characteristics and utilization of services, and to
                                 their Medicaid program operations and         generate reports on national Medicaid populations
                                 costs. MMIS is more complete and is           and expenditures. MSIS is a subset of MMIS and
                                 updated more often than MSIS.                 updates are sent to CMS on a quarterly basis.
Maintained by                    States                                        CMS
Geographic coverage              Individual states                             All states
Use in National Medicaid Audit   Test audits and collaborative audits          MSIS audits
Program (NMAP)
                                           Source: GAO.



                                           Review contractors. The MIG’s two review contractors analyze MSIS data
                                           to help identify potential audit targets in an analytic process known as
                                           data mining. The MIG issues monthly assignments to these contractors,
                                           and generally allows the contractors 60 days to complete them. For each
                                           assignment, the MIG specifies the state, type of Medicaid claims data,
                                           range of service dates, and algorithm (i.e., a specific set of logical rules or
                                           criteria used to analyze the data). 12 The work of the review contractor is
                                           summarized in an algorithm findings report, which contains lists of
                                           providers ranked by the amount of their potential overpayment. The
                                           January through June 2010 algorithm reports reviewed by the HHS-OIG
                                           identified 113,378 unique providers from about 1 million claims. 13 The
                                           MIG’s Division of Fraud Research & Detection oversees the technical
                                           work of the review contractors. A summary of the review contractor
                                           activities for MSIS audits is shown in figure 1.




                                           12
                                             Algorithms target specific types of potential overpayments, such as services provided
                                           after a beneficiary’s date of death or duplicate claims that appear to be for the same
                                           service. The MIG and review contractors both contribute to algorithm development. The
                                           MIG maintains about 100 algorithms.
                                           13
                                            HHS-OIG, Early Assessment of Review Medicaid Integrity Contractors,
                                           OEI-05-10-00200 (February 2012).




                                           Page 6                                           GAO-12-627 National Medicaid Audit Program
Figure 1: Review Contractor Activities for MSIS Audits




a
    MSIS data are in a data repository supplied by the MIG.
b
 An algorithm is a specific set of logical rules or criteria used to analyze data. An algorithm may be
used to check for conflicting or duplicate claims, such as identifying billed home health care for a time
period when the beneficiary was in the hospital, or duplicate prescriptions filled at different
pharmacies.
c
There may be cases where the contractor does not submit an algorithm findings report.


Audit contractors. The MIG’s audit contractors conduct postpayment
audits of Medicaid providers. Audit leads are selected by the MIG’s
Division of Field Operations, generally by looking at providers across one
or more applicable algorithms to determine if they have been overpaid or
demonstrated egregious billing patterns. From the hiring of audit
contractors in December 2007 through February 2012, the division
assigned 1,550 MSIS audits to its contractors. 14 During an audit, the
contractor may request and review copies of provider records, interview
providers and office personnel, or visit provider facilities. If an
overpayment is identified, the contractor drafts an audit report, which is
shared with the provider and the state. Ultimately, the state is responsible
for collecting any overpayments in accordance with state law and must
report this information to CMS. A summary of the audit contractor
activities is shown in figure 2.




14
  The first MSIS audits were assigned to audit contractors in September 2008. The most
recent MSIS audits were assigned in February 2011.




Page 7                                                GAO-12-627 National Medicaid Audit Program
                       Figure 2: Audit Contractor Activities for MSIS Audits




                       Note: MSIS audit activities generally end after the final audit report is sent to the state, though the
                       audit contractor may provide support to states during hearings and appeals.
                       a
                        If there are no findings or the overpayments are determined to be too low to merit collection, then the
                       audit contractor submits a Low-No Findings report to the MIG.




Collaborative Audits   In June 2011, CMS released its fiscal year 2010 report to Congress,
                       which outlined a redesign of the NMAP with an approach that closely
                       resembled the test audits. The report described the redesign as an effort
                       to enhance the NMAP and assist states with their program integrity
                       priorities. CMS refers to this new approach as collaborative audits. In
                       these collaborative audits, MIG and its contractor primarily used MMIS
                       data and leveraged state resources and expertise to identify audit
                       targets. 15 In contrast, MSIS audits used separate review contractors and
                       MSIS data to generate lists of providers with potential overpayments, and
                       the MIG selected the specific providers to be audited. 16




                       15
                         In addition to MMIS data, collaborative audits in one state used state-supplied data to
                       determine if a provider had been reimbursed by other payers, such as Medicare, for
                       claims that Medicaid had already paid.
                       16
                         Review contractors were not involved during the test audits because the states provided
                       the initial audit leads.




                       Page 8                                                 GAO-12-627 National Medicaid Audit Program
NMAP Contractor   From June 2007 through February 2012, payments to the contractors for
Expenditures      test, MSIS, and collaborative audits totaled $102 million. 17 On an annual
                  basis, these contractor payments account for more than 40 percent of all
                  of the MIG’s expenditures on Medicaid program integrity activities.
                  Contractor payments rose from $1.3 million in fiscal year 2007 and
                  reached $33.7 million in fiscal year 2011. (See fig. 3.) The total cost of the
                  NMAP is likely greater than $102 million because that figure does not
                  include expenditures on the salaries of MIG staff that support the
                  operation of the program.




                  17
                    Expenditures for the test audits were about $4.3 million, and do not include the
                  contractor’s work on provider appeals. The MIG could not break out expenditures
                  separately for collaborative audits. The MIG’s review and audit contractors are paid on a
                  cost plus award fee basis which reimburses the contractors’ costs of completing each task
                  and allows CMS to remit an additional award if certain performance targets are met.




                  Page 9                                       GAO-12-627 National Medicaid Audit Program
Figure 3: NMAP Contractor Expenditures and Audit Timeline, Fiscal Years 2007-2011




                                        Notes: Data include expenditures on contractors for test audits, Medicaid Statistical Information
                                        System audits, and collaborative audits. They do not include salaries of Medicaid Integrity Group staff
                                        supporting NMAP audit activities. The NMAP contractor expenditures for the first 5 months of fiscal
                                        year 2012 totaled $12.3 million but are not included in the figure above.


                                        The MSIS audits were less effective in identifying potential overpayments
The Majority of the                     than test and collaborative audits. The main reason for the difference in
MIG’s NMAP Audits                       audit results was the use of MSIS data. According to MIG officials, they
                                        chose MSIS data because the data were readily available for all states,
Were MSIS Audits,                       they are collected and maintained by CMS, and are intended for health
Which Were Less                         care research and evaluation activities. However, the MSIS audits were
Effective than Other                    not well coordinated with states, and duplicated and diverted resources
                                        from states’ program integrity activities.
Audit Approaches



                                        Page 10                                             GAO-12-627 National Medicaid Audit Program
MSIS Audits Were Less     Compared with test and collaborative audits, the return on MSIS audits
Effective than Test and   was significantly lower. As of February 2012, a small fraction of the 1,550
Collaborative Audits      MSIS audits identified $7.4 million in potential overpayments. In contrast,
                          26 test audits and 6 collaborative audits together identified $12.5 million
                          in potential overpayments (see fig. 4.) Appendix II provides details on the
                          characteristics of MSIS audits that successfully identified overpayments.
                          While the newer collaborative audits have not yet identified more in
                          overpayments than MSIS audits, only 6 of the 112 collaborative audits
                          have final audit reports (see app. III), suggesting that the total
                          overpayment amounts identified through collaborative audits will continue
                          to grow. 18 In addition, the MSIS audits identified potential overpayments
                          for much smaller amounts. Half of the MSIS audits were for potential
                          overpayments of $16,000 or less, compared to a median of about
                          $140,000 for test audits and $600,000 for collaborative audits.




                          18
                            In March 2012, the HHS-OIG reported that seven collaborative audits had identified
                          $6.2 million in overpayments. According to the MIG, this estimate was based on draft audit
                          report findings, which in some instances were higher than the amounts reported in final
                          audit reports. HHS-OIG, Early Assessment of Audit Medicaid Integrity Contractors,
                          OEI-05-10-00210 (March 2012).




                          Page 11                                       GAO-12-627 National Medicaid Audit Program
Figure 4: Number of Audits and Total Potential Overpayments Identified and Sent to States for Recoupment (in millions of
dollars) by Audit Approach, through February 2012




                                         Notes: Test audits were conducted from 2007 through 2010. Medicaid Statistical Information System
                                         (MSIS) audits began in 2008 and are ongoing. Collaborative audits began in 2010 as part of the
                                         redesign of the NMAP and are also ongoing. Dollar amounts shown are potential overpayments in
                                         final audit reports sent to states for recovery. They do not reflect the amounts in draft audit reports or
                                         the amounts actually recovered by the states. Percentages may not total 100 because of rounding.




                                         Page 12                                               GAO-12-627 National Medicaid Audit Program
Poor MSIS Audit Results   The use of MSIS data was the principal reason for the poor MSIS audit
Were Due Largely to the   results, that is, the low amount of potential overpayments identified and
Use of Inadequate Data    the high proportion of unproductive audits. 19 Over two-thirds (69 percent)
                          of the 1,550 MSIS audits assigned to contractors through February 2012
                          were unproductive, that is, they were discontinued (625), had low or no
                          findings (415), or were put on hold (37). 20 (See fig. 5.) Our findings are
                          consistent with an early assessment of the MIG’s audit contractors, which
                          cited MSIS data issues as the top reason that MSIS audits identified a
                          lower amount of potential overpayments. 21




                          19
                            Although the overall return on investment was negative, we did not attempt to quantify it
                          and instead use the term poor to describe the return.
                          20
                            The MIG generally considers overpayments of $2,000 or less as too low to merit
                          collection, but it has issued final audit reports for less than that amount.
                          21
                            The HHS-OIG report, published in March 2012, was based on an analysis of NMAP
                          audits assigned between January and June 2010. See OEI-05-10-00210.




                          Page 13                                       GAO-12-627 National Medicaid Audit Program
Figure 5: Status of 1,550 Medicaid Statistical Information System (MSIS) Audits Conducted through February 2012




                                        Note: Unproductive Medicaid Statistical Information System (MSIS) audits include those that were
                                        discontinued, had low or no overpayments, or were put on hold. Ongoing audits includes audits
                                        assigned and in the implementation phase. Audit reports include final audit reports (4 percent) and
                                        draft audit reports (19 percent).


                                        State program integrity officials, the HHS-OIG, and its audit contractors
                                        told the MIG that MSIS data would result in many false leads because the
                                        data do not contain critical audit elements, including provider identifiers;
                                        procedure, product, and service descriptions; billing information; and




                                        Page 14                                             GAO-12-627 National Medicaid Audit Program
beneficiary and eligibility information. 22 For example, the MIG assigned
81 MSIS audits in one state because providers appeared to be billing
more than 24 hours of service in a single day. However, all of these
audits were later discontinued because the underlying data were
incomplete and thus misleading; the audited providers were actually large
practices with multiple personnel, whose total billing in a single day
legitimately exceeded 24 hours. One state official told us that when states
met with the MIG staff during the roll out of the Medicaid Integrity
Program, the state officials emphasized that (1) MSIS data could not be
used for data mining or auditing because they were ‘stagnant,’ i.e., MSIS
does not capture any adjustments that are subsequently made to a claim
and (2) MMIS data were current and states would be willing to share their
MMIS data with CMS. In their annual lessons-learned reports, the audit
and review contractors told the MIG that the MSIS data were not timely or
accurate, and recommended that the MIG help them obtain access to
state MMIS data. 23 Nevertheless, the MIG continued to assign MSIS-
based audits to its contractors; 78 percent of MSIS audits (1,208) were
assigned after the August 2009 HHS-OIG report.

MIG officials told us that they chose MSIS data because the data were
readily available for all states, they are collected and maintained by CMS,
and are intended for health care research and evaluation activities.
However, when considering the use of MSIS data, officials said that they
were aware that the MSIS data had limitations for auditing and could
produce many false leads. MIG officials also told us that collecting states’
MMIS data would have been burdensome for states and would have
resulted in additional work for the review contractors because they would
need to do a significant amount of work to standardize the MMIS data to
address discrepancies between the states’ data sets. However, officials in
13 of the 16 states we contacted volunteered that they were willing to


22
  In August 2009, the HHS-OIG reported that MSIS does not contain many of the data
elements needed for detecting improper payments and that the average age of the data
was more than 1-year old. For the HHS-OIG report, the MIG provided HHS-OIG with a list
of missing data elements that would be useful for Medicaid fraud, waste, and abuse
analysis. See OEI-04-07-00240.
23
  In addition, a MIG audit contractor already had established positive business
relationships with state Medicaid agencies, which gave it access to state MMIS data.
When we spoke to MIG officials, they confirmed that they had discussed the use of MMIS
data with an audit contractor, but told us that states’ data use agreements with the
contractor were an impediment to the contractor’s referencing those data while performing
MSIS audits.




Page 15                                      GAO-12-627 National Medicaid Audit Program
                            provide the MIG with MMIS data if asked to do so. In addition, the review
                            contractors have had to do some work to standardize the state files within
                            the MSIS maintained by CMS.


MSIS Audits Were Not Well   The MIG did not effectively coordinate MSIS audits with states and as a
Coordinated with States     result, the MIG duplicated state program integrity activities. Officials from
and Diverted Resources      several states we interviewed noted that some of the algorithms used by
                            the review contractor were identical to or less sophisticated than the
from States’ Program        algorithms they used to identify audit leads. An official in one state told us
Integrity Activities        that even after informing the contractor that its work would be duplicative,
                            the review contractor ran the algorithm anyway. Officials in another state
                            told us that the MIG was unresponsive to state assertions that it had a
                            unit dedicated to reviewing a specific category of claims and the MIG was
                            still pursuing audits for this provider type. State officials also cited general
                            coordination challenges, including difficulty communicating with
                            contractors. MIG officials acknowledged that poor communications
                            resulted in the pursuit of many false leads that had not been adequately
                            vetted by the states. In addition, representatives of a review contractor we
                            interviewed told us that states did not always respond to requests to
                            validate overpayments in the algorithm samples provided and the MIG
                            may not have been aware of the lack of a state response when making
                            audit assignments.

                            State officials we interviewed told us that the review contractors’ lack of
                            understanding of state policy also contributed to the identification of false
                            leads, even though (1) the MIG required its contractors to become familiar
                            with each state’s Medicaid program, and (2) the MIG reviewed state
                            policies as a quality assurance step prior to assigning leads to its audit
                            contractors. Nonetheless, one state official described how the MIG and its
                            review and audit contractors had mistakenly identified overpayments for
                            federally qualified health centers because they assumed that centers
                            should receive reduced payments for an established patient on
                            subsequent visits. In fact, centers are paid on an encounter basis, which
                            uses the same payment rate for the first and follow-up visits.

                            Officials in seven of the states we spoke with described the resources
                            involved in assisting the MIG and its contractors. For example, states told
                            us that they had assigned staff to: (1) review the algorithms used by
                            review contractors to generate potential audit leads; (2) review lists of
                            audit leads created by the MIG; and (3) provide information and training
                            on state-level policies to audit contractors. One state official described
                            how it had clinical staff rerun algorithms using the state’s data system to


                            Page 16                                  GAO-12-627 National Medicaid Audit Program
                            see if the audit targets chosen by the MIG had merit. 24 In cases where the
                            state staff found that the MIG was pursuing a false lead, the state had to
                            provide the MIG and its contractors with detailed explanations of why the
                            suspect claims complied with state policies. While the state officials we
                            spoke with did not estimate the cost of their involvement in MSIS audits,
                            officials in some states said that participation in MSIS audits diverted staff
                            from their regular duties. MIG officials told us they were sensitive to state
                            burden and had attempted to minimize it.


                            MIG’s redesigned NMAP focuses on collaborative audits, which may
MIG’s Redesign of the       enhance state Medicaid program integrity activities, and it also intends to
NMAP Has Potential          continue using MSIS data in some audits. As part of its NMAP redesign,
                            the MIG has assigned new activities to its review contractors, but it is too
Advantages, but MIG         early to assess their benefit. CMS has not reported to Congress key
Has Not Been                details about the changes it is making to the NMAP, including the
Transparent about           rationale for the redesign of the program, but it plans to discuss these
                            changes in its upcoming 2012 strategic plan.
Key Details of the
Program’s Redesign

Collaborative Audits        As part of its redesign, the MIG launched collaborative audits with a small
Enhance States’ Program     number of states in early 2010 to enhance the MIG’s program and assist
Integrity Activities; MIG   states with their own program integrity priorities. The MIG did not have a
                            single approach for collaborative audits. For example, one state told us
also Plans to Continue      that the MIG’s audit contractor suggested that together they discuss
Using MSIS Data in Some     conducting a collaborative audit with the MIG while in another state a
Audits                      collaborative audit was initiated by the MIG, with the audit contractor’s
                            role limited to assistance during the audit (rather than leading it).

                            Generally, collaborative audits allow states to augment their own program
                            integrity audit capacity by leveraging MIG’s and its contractors’ resources.
                            For example, officials from six of the eight states we interviewed told us
                            the services targeted for collaborative audits were those that the state did
                            not have sufficient resources to effectively audit on its own. In some
                            cases, the MIG’s contractor staff conducted additional audits. In others,



                            24
                              Clinical staff help make determinations on the medical necessity of the care documented
                            in the claim.




                            Page 17                                      GAO-12-627 National Medicaid Audit Program
contractors were used to assess the medical necessity of claims when
the states’ programs needed additional clinical expertise to make a
determination.

Officials from most of the states we interviewed agreed that the
investment in collaborative audits was worthwhile but some told us that
collaborative audits created some additional work for states. For example,
two state programs reported that their staff was involved in training the
MIG’s contractor staff. In one of these states, state program staff
dedicated a full week to train the MIG’s audit contractor so that the
contractor’s work would be in accordance with state policies. Another
state program official reported that staff had to review all audits and
overpayment recovery work, leading to a “bottleneck” in the state’s own
program integrity activities. Officials in one state suggested that the
collaborative audits could be improved if the MIG formalized a process for
communicating and resolving disagreements related to audit reports, and
minimized the changing of contractors in order to reduce the burden on
states. Most states were in favor of expanding the number of collaborative
audits. According to the MIG, the agency plans to expand its use of
collaborative audits to as many states as are willing to participate. In fact,
officials indicated that they are discussing collaborative audits with an
additional 12 states.

MIG officials noted that they do not foresee the collaborative audits
completely replacing audits based on MSIS data. According to MIG
officials, NMAP audits using MSIS data might be appropriate in certain
situations, including audits of state-owned and operated facilities and
states that are not willing to collaborate, as part of the MIG’s oversight
responsibilities. The MIG recognizes that MSIS-based audits are
hampered by deficiencies in the data, and noted that CMS has initiatives
under way to address these deficiencies through the Medicaid and CHIP
Business Information and Solutions Council (MACBIS). MACBIS is an
internal CMS governance body responsible for data planning, ongoing
projects, and information product development. According to MIG
officials, MACBIS projects include efforts to reduce the time from state
submission of MSIS data to the availability of these data; automation of
program data; improvements in encounter data reporting; and
automation, standardization, and other improvements in MSIS data
submissions. One MACBIS project is known as Transformed MSIS
(T-MSIS), which aims to add 1,000 additional variables to MSIS for
monitoring program integrity and include more regular MMIS updates.
MIG officials told us that CMS is currently engaged in a 10-state pilot to



Page 18                                GAO-12-627 National Medicaid Audit Program
                         develop the data set for T-MSIS, and anticipates that T-MSIS will be
                         operational in 2014. 25


Changes to the Role of   As part of its NMAP redesign, the MIG has assigned new activities to the
Review Contractors Too   review contractors. Because these activities are new, it is too early to
Early to Assess          assess their benefit. Although the review contractors were not involved in
                         early collaborative audits, the MIG expects that they will be involved in
                         future collaborative audits based on these new activities.

                         In redesigning the NMAP, the MIG tasked its review contractors in
                         November 2011 with using MSIS data to compare state expenditures for
                         a specific service to the national average expenditure for that service to
                         identify states with abnormally high expenditures. Once a state (or states)
                         with high expenditures is identified, then discussions are held with the
                         states about their knowledge of these aberrations and recovery activities
                         related to the identified expenditures. According to MIG officials, such
                         cross-state analyses were recently initiated and thus have not yet
                         identified any potential audit targets. The review contractor also indicated
                         that it would continue to explore other analytic approaches to identify
                         causes of aberrant state expenditures.

                         Additionally, as part of its redesign of the program’s audits, the MIG
                         instructed its review contractors in November 2011 to reexamine
                         successful algorithms from previously issued final algorithm reports.
                         According to the MIG, the purpose of this effort is to identify the factors
                         that could better predict promising audit targets and thereby improve audit
                         target selection in the future. Although some MSIS audits identified
                         potential overpayments, the value of developing a process using MSIS
                         data to improve audit target selection in the future is questionable. 26
                         According to the MIG, MSIS audits are continuing but on a more limited



                         25
                           The 10 states are Arizona, Arkansas, California, New Jersey, New Mexico, North
                         Carolina, Tennessee, Texas, Oregon, and Washington.
                         26
                           A February 2012 HHS-OIG report recommended that the review contractors
                         make specific recommendations about audit targets based on their analyses. See
                         OEI-05-10-00200. Although the task order for review contractors calls for them to identify
                         and recommend leads for audit contractors, the MIG only required the review contractors
                         to submit lists of providers ranked by the amount of potential overpayment. These lists,
                         which did not contain recommendations, were used by the MIG to assign audits to the
                         audit contractors.




                         Page 19                                       GAO-12-627 National Medicaid Audit Program
                          scale and with closer collaboration between states and the MIG’s
                          contractors.


CMS Has Not Reported      In its 2010 annual report to Congress on the Medicaid Integrity Program,
Key Details of Its NMAP   CMS announced that it was redesigning the NMAP in an effort to
Redesign to Congress      enhance MIG programs and assist states with their program integrity
                          priorities, but it did not provide key details regarding the changes. For
                          example, the report did not mention that the MSIS audits had a poor
                          return on investment, the number of unproductive audits, or the reasons
                          for the unproductive audits. 27 Moreover, since issuing its 2010 annual
                          report, CMS has assigned new tasks to its review contractors such as
                          reexamining old final algorithm reports to improve provider target
                          selection and new cross-state analyses using MSIS data. But CMS has
                          not yet articulated for Congress how these activities complement the
                          redesign or how such activities will be used to identify overpayments.

                          The MIG is preparing a new strategic plan—its Comprehensive Medicaid
                          Integrity Plan covering Fiscal Years 2013 through 2017—which it plans to
                          submit to Congress in the summer of 2012. According to MIG officials, the
                          new strategic plan will generally describe shortcomings in the NMAP’s
                          original design and how the redesign will address those shortcomings.
                          However, MIG officials told us that they do not plan to discuss the
                          effectiveness of the use of funds for MSIS audits, or explain how the MIG
                          will monitor and evaluate the redesign. In its fiscal year 2013 HHS budget
                          justification for CMS, the department indicated that in the future CMS
                          would not report separately on the NMAP return on investment. HHS
                          explained that it had become apparent that the ability to identify
                          overpayments is not, and should not be, limited to the activities of the
                          Medicaid integrity contractors. Rather, HHS said it is considering new
                          measures that better reflect the resources invested through the Medicaid
                          Integrity Program. Federal internal control standards provide that effective
                          program plans are to clearly define needs, tie activities to organizational
                          objectives and goals, and include a framework for evaluation and
                          monitoring. Based on these standards, the poor performance of the MSIS
                          audits should have triggered an evaluation of the program, particularly


                          27
                            Although CMS has not reported the poor return on investment for MSIS audits, in its
                          recent budget justifications HHS reported that the Medicaid Integrity Program overall had
                          positive return on investment. It is difficult to assess this overall return on investment
                          because CMS has not clearly described its reporting metrics.




                          Page 20                                       GAO-12-627 National Medicaid Audit Program
              given the DRA requirement for CMS to report annually to Congress on
              the effectiveness of the use of funds appropriated for the Medicaid
              Integrity Program.


              In approximately 5 years of implementation, the MIG has spent at least
Conclusions   $102 million on contractors for an audit program that has identified less
              than $20 million in potential overpayments. Moreover, almost two-thirds of
              these potential overpayments were identified in a small number of test
              and collaborative audits that used different data and took a different
              approach to identifying audit targets than the MSIS audits, which
              comprised the vast majority of the program’s audits. The poor
              performance of the MSIS audits can largely be traced to the MIG’s
              decision to use MSIS data to generate audit leads, although evidence
              showed that (1) these data were inappropriate for auditing, and
              (2) alternative data sources were both available and effective in
              identifying potential overpayments. Ineffective coordination with states
              and a limited understanding of state Medicaid policies on the part of the
              MIG’s contractors also contributed to the poor results of the MSIS audits.

              Although the MIG recognizes that the MSIS audits have performed far
              below expectations, it has not quantified how expenditures to date have
              compared with identified recoveries. Currently, the MIG is experimenting
              with a promising approach in which the states identify appropriate targets,
              provide the more complete MMIS data, and actively participate in the
              audits. This collaborative audit approach has identified $4.4 million in
              potential overpayments and is largely supported by the states we spoke
              with, even though they may have to invest their own resources in these
              audits. However, the MIG has not articulated how its redesign will
              address flaws in NMAP and it also plans to continue using MSIS data,
              despite their past experience with these data, for cross-state analysis and
              for states that are not willing to participate in collaborative audits. At this
              time, the MIG is preparing a new comprehensive plan for Congress that
              outlines the components of the NMAP redesign. The details provided in
              such a plan will be critical to evaluating the effectiveness of the redesign
              and the agency’s long-term plan to improve the data necessary to
              conduct successful audits. Transparent communications and a well-
              articulated strategy to monitor and continuously improve NMAP are
              essential components of any plan seeking to demonstrate that the MIG
              can effectively manage the program.




              Page 21                                 GAO-12-627 National Medicaid Audit Program
                      To effectively redirect the NMAP toward more productive outcomes and
Recommendations for   to improve reporting under the DRA, the CMS Administrator should
Executive Action      ensure that the MIG’s

                      •   planned update of its comprehensive plan (1) quantifies the NMAP’s
                          expenditures and audit outcomes; (2) addresses any program
                          improvements; and (3) outlines plans for effectively monitoring the
                          NMAP program, including how to validate and use any lessons
                          learned or feedback from the states to continuously improve the
                          audits;

                      •   future annual reports to Congress clearly address the strengths and
                          weaknesses of the audit program and its effectiveness; and

                      •   use of NMAP contractors supports and expands states’ own program
                          integrity audits, engages additional states that are willing to participate
                          in collaborative audits, and explicitly considers state burden when
                          conducting audit activities.

                      We provided a draft of this report to HHS for comment. In its written
Agency Comments       comments, HHS stated that we had not appropriately recognized the
and Our Evaluation    progress CMS has made in evaluating and improving the Medicaid
                      Integrity Program, which included the agency’s redesign of NMAP.
                      Collaborative audits were the core of that redesign. HHS described
                      CMS’s redesign approach as a phased one in which not all elements had
                      been finalized when the agency announced the redesign in its June 2011
                      annual report to Congress (covering fiscal year 2010). HHS also
                      commented that we did not fully describe the reasons for CMS’s use of
                      MSIS data. HHS partially concurred with our first recommendation and
                      fully concurred with the other two recommendations. HHS’s comments
                      are reproduced in appendix IV.


General Comments      Although we characterized collaborative audits as a promising new
                      approach, HHS commented that we (1) did not acknowledge that CMS
                      had presented its rationale for the NMAP redesign in the agency’s June
                      2011 annual report to the Congress, and (2) inappropriately criticized
                      CMS for not including other redesign details in its report, which HHS said
                      had not yet been finalized. We continue to believe that a full articulation of
                      the redesign should include transparent reporting of the results of the
                      MSIS audits. However, we agree that the June 2011 report, which was
                      released 18 months after the initiation of collaborative audits, described
                      their advantages—use of better data, augmenting state resources, and


                      Page 22                                 GAO-12-627 National Medicaid Audit Program
                  providing analytic support for states lacking that capability. Regarding the
                  use of MSIS data, HHS stated that we do not fully describe CMS’s reason
                  for its use or acknowledge that CMS sought alternative data sources to
                  supplement or replace MSIS data. We disagree because our report
                  provides CMS’s reasons for using MSIS data, acknowledges CMS’s
                  awareness of the MSIS data limitations, and discusses its Transformed
                  MSIS project to improve the quality of MSIS data. In addition, we pointed
                  out that officials in 13 of the 16 states we contacted volunteered that they
                  were willing to provide CMS with their own more complete and timely
                  MMIS data. We agree with HHS’s comment that not all of CMS’s plans for
                  the redesign may have been complete at the time the June 2011 annual
                  report to Congress was being finalized and therefore could not have been
                  included in that report. We have revised this report to acknowledge that
                  some of the elements of the redesign may not have been initiated until
                  after the June 2011 report was finalized.


Comments on Our   HHS agreed with two of three elements related to our first
Recommendations   recommendation regarding CMS’s planned update of its Comprehensive
                  Medicaid Integrity Plan covering fiscal years 2013 to 2017. HHS agreed
                  that the planned update should (1) address any NMAP improvements
                  proposed by CMS, and (2) outline CMS’s plans for effectively monitoring
                  the NMAP. HHS commented that CMS considers transparency of the
                  program’s performance to be a top priority. However, HHS did not concur
                  that the update should quantify NMAP’s expenditures and audit
                  outcomes; CMS considers such information to be more appropriately
                  presented in the annual reports to Congress, which already includes
                  dollar figures on annual expenditures for NMAP and overpayments
                  identified in each fiscal year. CMS’s annual reports to Congress have
                  provided a snapshot of results that did not differentiate between the
                  effectiveness of the various audit approaches used. For example, in its
                  annual report covering fiscal year 2010, CMS reported that 947 audits
                  were underway in 45 states and that its contractors had identified
                  cumulative potential overpayments of about $10.7 million. Based on our
                  analysis of CMS’s data, MSIS audits had only identified overpayments of
                  $2.4 million as of September 30, 2010. The remaining $8.4 million in
                  overpayments were identified during the test audit phase, in which states
                  identified the audit targets and supplied their own MMIS data. We
                  continue to believe that CMS should more fully report on NMAP
                  expenditures and audit outcomes in its annual reports and provide an
                  overall assessment of NMAP in its next comprehensive plan.




                  Page 23                               GAO-12-627 National Medicaid Audit Program
HHS concurred with our recommendation that CMS should clearly
address NMAPs strengths, weaknesses, and effectiveness in the
agency’s annual reports to Congress. HHS noted that in CMS’s
December 7, 2011 congressional testimony the agency had reported its
awareness of the limitations of MSIS data and outlined steps to improve
contractors’ access to better quality Medicaid data. HHS also concurred
with our recommendation that CMS’s use of NMAP contractors should
support and expand states’ own audit activities, engage other willing
states, and explicitly consider state burden when conducting collaborative
audits. HHS reported that since February 2012 CMS had increased the
number of collaborative audits by 25—from 112 audits in 11 states to 137
in 15 states. Based on HHS comments, we made technical changes as
appropriate.


As agreed with your office, unless you publicly announce the contents of
this report earlier, we plan no further distribution until 30 days from the
report date. At that time, we will send copies to the Secretary of Health
and Human Services, the Acting Administrator of CMS, appropriate
congressional committees, and other interested parties. In addition, the
report will be available at no charge on the GAO website at
http://www.gao.gov.

If you or your staffs have any questions about this report, please contact
me at (202) 512-7114 or yocomc@gao.gov. Contact points for our
Offices of Congressional Relations and Public Affairs may be found on
the last page of this report. Major contributions to this report are listed in
appendix V.




Carolyn L. Yocom
Director, Health Care




Page 24                                 GAO-12-627 National Medicaid Audit Program
Appendix I: Status of Medicaid Statistical
               Appendix I: Status of Medicaid Statistical
               Information System (MSIS) Audits



Information System (MSIS) Audits

               Table 2: Status of MSIS Audits, by Fiscal Year of Assignment and Audit Stage
               Conducted through February 2012

                Audit stage                        2008   2009        2010       2011            Total (percent)
                Audit reports
                      Final                          9       38          12           0                     59 (4)
                      Draft                          1      111        174          10                   296 (19)
                      Total                          10     149        186          10                   355 (23)
                Audits ongoing                       0        6          67         45                     118 (8)
                Unproductive                         10     379        542         146                 1,077 (69)
                Total                                20     534        795         201                1,550 (100)
               Source: GAO analysis of CMS data.

               Note: MSIS ongoing audits include those assigned and in the implementation phase. Unproductive
               Medicaid Statistical Information System (MSIS) audits include those that were discontinued, had low
               or no overpayments, or were put on hold.




               Page 25                                            GAO-12-627 National Medicaid Audit Program
Appendix II: Information on Medicaid
               Appendix II: Information on Medicaid
               Statistical Information System Audits that
               Identified Potential Overpayments


Statistical Information System Audits that
Identified Potential Overpayments
               The 59 MSIS audits that successfully identified potential overpayments
               were conducted in 16 states, and most of these audits involved hospitals
               (30 providers) and pharmacies (17 providers). These provider types also
               had the highest potential overpayments—over $6 million for hospitals and
               $600,000 for pharmacies. Arkansas and Florida accounted for over half of
               the audits that identified potential overpayments, but the most substantial
               overpayments were in Delaware ($4.6 million) and the District of
               Columbia ($1.7 million). (See tables 3 and 4.)

               Table 3: Number of Successful MSIS Audits, by State and Provider Type

                                                   Home                               Long-term
                                                   health   Hospital    Pharmacy           care    Other     Total
                Arkansas                                          1             13                              14
                Colorado                                                                                 1       1
                Delaware                                          5              1                               6
                District of Columbia                              2                            2                 4
                Florida                                3         12              1             1                17
                Iowa                                                                                     1       1
                Kansas                                            1                                              1
                Kentucky                                                                                 1       1
                Mississippi                                                                              1       1
                New Mexico                                        1                                              1
                Pennsylvania                                                                   1                 1
                South Carolina                                    5                                              5
                South Dakota                                      1                                              1
                Texas                                             1                            1                 2
                Utah                                                             1                               1
                Virginia                                          1              1                               2
                Total                                  3         30             17             5         4      59
               Source: GAO analysis of CMS data.

               Note: Data presented are through February 2012. ‘Other’ includes single MSIS audits in the following
               categories: other, behavioral health, managed care organization, and physician.




               Page 26                                                 GAO-12-627 National Medicaid Audit Program
                                        Appendix II: Information on Medicaid
                                        Statistical Information System Audits that
                                        Identified Potential Overpayments




Table 4: Amount of Potential Overpayments Identified by Successful MSIS Audits, by State and Provider Type

                            Home health               Hospital              Pharmacy   Long-term care            Other               Total
Arkansas                                               $11,305              $252,910                                             $264,215
Colorado                                                                                                         2,376               2,376
Delaware                                            4,276,898                338,106                                            4,615,004
District of Columbia                                1,558,753                                   152,767                         1,711,520
Florida                           51,008               220,974                32,725             22,619                           327,326
Iowa                                                                                                            31,875              31,875
Kansas                                                  25,165                                                                      25,165
Kentucky                                                                                                         9,445               9,445
Mississippi                                                                                                      2,390               2,390
New Mexico                                              14,821                                                                      14,821
Pennsylvania                                                                                       4,856                             4,856
South Carolina                                          92,535                                                                      92,535
South Dakota                                            90,465                                                                      90,465
Texas                                                     6,843                                 108,940                           115,783
Utah                                                                          27,521                                                27,521
Virginia                                                36,808                 3,197                                                40,005
Total                            $51,008          $6,334,568                $654,459          $289,182         $46,086         $7,375,303
                                        Source: GAO analysis of CMS data.

                                        Note: Data presented are through February 2012. ‘Other’ includes single Medicaid Statistical
                                        Information System (MSIS) audits in the following categories: other, behavioral health, managed care
                                        organization, and physician.




                                        Page 27                                            GAO-12-627 National Medicaid Audit Program
Appendix III: Status of Collaborative Audits
               Appendix III: Status of Collaborative Audits




               Table 5: Status of Collaborative Audits, by Fiscal Year of Assignment and Audit
               Stage

                Audit stage                              2010          2011       2012              Total (percent)
                Audit reports
                      Draft                                  14           4          0                       18 (16)
                      Final                                  6            0          0                         6 (5)
                      Total                                  20           4          0                       24 (21)
                Audits ongoing                               24          20         41                       85 (76)
                Unproductive                                 3            0          0                         3 (3)
                Total                                        47          24         41                     112 (100)
               Source: GAO analysis of CMS data.

               Note: Data presented are through February 2012. Ongoing collaborative audits include those
               assigned and in the implementation phase. Unproductive collaborative audits include those that were
               discontinued, had low or no overpayments, or were put on hold.



               Table 6: Number of Successful Collaborative Audits, by State and Provider Type

                                                   Hospice          Hospital          Long-term care           Total
                Arkansas                                                                              1           1
                California                                                1                           1           2
                Maryland                                3                                                         3
                Total                                   3                 1                           2           6
               Source: GAO analysis of CMS data.

               Note: Data presented are through February 2012.



               Table 7: Amount of Potential Overpayments Identified by Successful Collaborative
               Audits, by State and Provider Type

                                              Hospice              Hospital      Long-term care                Total
                Arkansas                                                                 $225,751          $225,751
                California                                        1,136,711                59,923          1,196,634
                Maryland                    2,944,875                                                      2,944,875
                Total                     $2,944,875          $1,136,711                 $285,674         $4,367,260
               Source: GAO analysis of CMS data.

               Note: Data presented are through February 2012.




               Page 28                                                  GAO-12-627 National Medicaid Audit Program
Appendix IV: Comments from the
             Appendix IV: Comments from the Department
             of Health and Human Services



Department of Health and Human Services




             Page 29                                     GAO-12-627 National Medicaid Audit Program
Appendix IV: Comments from the Department
of Health and Human Services




Page 30                                     GAO-12-627 National Medicaid Audit Program
Appendix IV: Comments from the Department
of Health and Human Services




Page 31                                     GAO-12-627 National Medicaid Audit Program
Appendix IV: Comments from the Department
of Health and Human Services




Page 32                                     GAO-12-627 National Medicaid Audit Program
Appendix IV: Comments from the Department
of Health and Human Services




Page 33                                     GAO-12-627 National Medicaid Audit Program
Appendix IV: Comments from the Department
of Health and Human Services




Page 34                                     GAO-12-627 National Medicaid Audit Program
Appendix V: GAO Contact and Staff
                              Appendix V: GAO Contact and
                              Staff Acknowledgments



Acknowledgments

                   Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov.
GAO Contact
                   In addition to the contact named above, key contributors to this
Staff              report were: Water Ochinko, Assistant Director; Sean DeBlieck;
Acknowledgements   Leslie V. Gordon; Drew Long; and Jasleen Modi.




                   Page 35                                  GAO-12-627 National Medicaid Audit Program
Related GAO Products
             Related GAO Products




             National Medicaid Audit Program: CMS Should Improve Reporting and
             Focus on Audit Collaboration with States. GAO-12-814T. Washington,
             D.C.: June 14, 2012.

             Program Integrity: Further Action Needed to Address Vulnerabilities in
             Medicaid and Medicare Programs. GAO-12-803T. Washington, D.C.:
             June 7, 2012.

             Medicaid: Federal Oversight of Payments and Program Integrity Needs
             Improvement. GAO-12-674T. Washington, D.C.: April 25, 2012.

             Medicaid Program Integrity: Expanded Federal Role Presents
             Challenges to and Opportunities for Assisting States. GAO-12-288T.
             Washington, D.C.: December 7, 2011.

             Fraud Detection Systems: Additional Actions Needed to Support
             Program Integrity Efforts at Centers for Medicare and Medicaid Services.
             GAO-11-822T. Washington, D.C.: July 12, 2011.

             Fraud Detection Systems: Centers for Medicare and Medicaid Services
             Needs to Ensure More Widespread Use. GAO-11-475. Washington, D.C.:
             June 30, 2011.

             Improper Payments: Recent Efforts to Address Improper Payments and
             Remaining Challenges. GAO-11-575T. Washington, D.C.: April 15, 2011.

             Status of Fiscal Year 2010 Federal Improper Payments Reporting.
             GAO-11-443R. Washington, D.C.: March 25, 2011.

             Medicare and Medicaid Fraud, Waste, and Abuse: Effective
             Implementation of Recent Laws and Agency Actions Could Help Reduce
             Improper Payments. GAO-11-409T. Washington, D.C.: March 9, 2011.

             Medicare: Program Remains at High Risk Because of Continuing
             Management Challenges. GAO-11-430T. Washington, D.C.:
             March 2, 2011.

             Opportunities to Reduce Potential Duplication in Government
             Programs, Save Tax Dollars, and Enhance Revenue. GAO-11-318SP.
             Washington, D.C.: March 1, 2011.

             High-Risk Series: An Update. GAO-11-278. Washington, D.C.:
             February 2011.


             Page 36                              GAO-12-627 National Medicaid Audit Program
           Related GAO Products




           Medicare Recovery Audit Contracting: Weaknesses Remain in
           Addressing Vulnerabilities to Improper Payments, Although
           Improvements Made to Contractor Oversight. GAO-10-143.
           Washington, D.C.: March 31, 2010.

           Medicaid: Fraud and Abuse Related to Controlled Substances
           Identified in Selected States. GAO-09-1004T. Washington, D.C.:
           September 30, 2009.

           Medicaid: Fraud and Abuse Related to Controlled Substances Identified
           in Selected States. GAO-09-957. Washington, D.C.: September 9, 2009.

           Improper Payments: Progress Made but Challenges Remain in
           Estimating and Reducing Improper Payments. GAO-09-628T.
           Washington, D.C.: April 22, 2009.

           Medicaid: Thousands of Medicaid Providers Abuse the Federal Tax
           System. GAO-08-239T. Washington, D.C.: November 14, 2007.

           Medicaid: Thousands of Medicaid Providers Abuse the Federal Tax
           System. GAO-08-17. Washington, D.C.: November 14, 2007.

           Medicaid Financial Management: Steps Taken to Improve Federal
           Oversight but Other Actions Needed to Sustain Efforts. GAO-06-705.
           Washington, D.C.: June 22, 2006.

           Medicaid Integrity: Implementation of New Program Provides
           Opportunities for Federal Leadership to Combat Fraud, Waste, and
           Abuse. GAO-06-578T. Washington, D.C.: March 28, 2006.




(291028)
           Page 37                             GAO-12-627 National Medicaid Audit Program
GAO’s Mission         The Government Accountability Office, the audit, evaluation, and
                      investigative arm of Congress, exists to support Congress in meeting its
                      constitutional responsibilities and to help improve the performance and
                      accountability of the federal government for the American people. GAO
                      examines the use of public funds; evaluates federal programs and
                      policies; and provides analyses, recommendations, and other assistance
                      to help Congress make informed oversight, policy, and funding decisions.
                      GAO’s commitment to good government is reflected in its core values of
                      accountability, integrity, and reliability.

                      The fastest and easiest way to obtain copies of GAO documents at no
Obtaining Copies of   cost is through GAO’s website (www.gao.gov). Each weekday afternoon,
GAO Reports and       GAO posts on its website newly released reports, testimony, and
                      correspondence. To have GAO e-mail you a list of newly posted products,
Testimony             go to www.gao.gov and select “E-mail Updates.”

Order by Phone        The price of each GAO publication reflects GAO’s actual cost of
                      production and distribution and depends on the number of pages in the
                      publication and whether the publication is printed in color or black and
                      white. Pricing and ordering information is posted on GAO’s website,
                      http://www.gao.gov/ordering.htm.
                      Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
                      TDD (202) 512-2537.
                      Orders may be paid for using American Express, Discover Card,
                      MasterCard, Visa, check, or money order. Call for additional information.
                      Connect with GAO on Facebook, Flickr, Twitter, and YouTube.
Connect with GAO      Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts.
                      Visit GAO on the web at www.gao.gov.
                      Contact:
To Report Fraud,
Waste, and Abuse in   Website: www.gao.gov/fraudnet/fraudnet.htm
                      E-mail: fraudnet@gao.gov
Federal Programs      Automated answering system: (800) 424-5454 or (202) 512-7470

                      Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-
Congressional         4400, U.S. Government Accountability Office, 441 G Street NW, Room
Relations             7125, Washington, DC 20548

                      Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
Public Affairs        U.S. Government Accountability Office, 441 G Street NW, Room 7149
                      Washington, DC 20548




                        Please Print on Recycled Paper.