oversight

Medicaid Integrity Program: CMS Should Take Steps to Eliminate Duplication and Improve Efficiency

Published by the Government Accountability Office on 2012-11-13.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                             United States Government Accountability Office

GAO                          Report to Congressional Requesters




November 2012
                             MEDICAID
                             INTEGRITY
                             PROGRAM
                             CMS Should Take
                             Steps to Eliminate
                             Duplication and
                             Improve Efficiency



To access this report
electronically, scan this
QR Code.
Don't have a QR code
reader? Several are
available for free online.




GAO-13-50
                                             November 2012

                                             MEDICAID INTEGRITY PROGRAM
                                             CMS Should Take Steps to Eliminate Duplication
                                             and Improve Efficiency
Highlights of GAO-13-50, a report to
congressional requesters




Why GAO Did This Study                       What GAO Found
Medicaid has the second-highest              The Medicaid Integrity Group’s (MIG) hiring of separate review and audit
estimated improper payments of any           contractors for its National Medicaid Audit Program (NMAP) was inefficient and
federal program that reports such data.      led to duplication because key functions were performed by both entities. Review
The Deficit Reduction Act of 2005            contractors analyze state claims data to identify aberrant claims or billing
created the Medicaid Integrity Program       anomalies while audit contractors conduct postpayment audits to determine if
to oversee and support state program         payments to providers were improper. Because both types of contractors had to
integrity activities. CMS, the federal       assess whether payments were improper under state Medicaid policies, having
agency within HHS that oversees              separate contractors doubled states’ burden in ensuring that state policies were
Medicaid, established the MIG to
                                             being correctly applied. Also, poor coordination and communication between the
implement this new program. This
                                             two types of contractors resulted in duplicative data analysis. In turn, these
report assesses (1) the MIG’s use of
two types of contractors to review and
                                             inefficiencies added to the length of audits, which on average took almost
audit state Medicaid claims, (2) the         23 months to complete. By contrast, the average duration of six audits using a
MIG’s implementation of other                more collaborative and coordinated approach was 16 months, and the amount of
oversight and support activities, and        identified overpayments increased significantly.
(3) CMS and state reporting on the           Other MIG oversight and support activities—the free training provided to state
results of their program integrity           officials through the Medicaid Integrity Institute, the evaluation of state program
activities. GAO analyzed MIG data on         integrity procedures through triennial comprehensive reviews, and the collection
its contractors’ audits, training program
                                             of data from states through annual assessments—show mixed results in
for state officials, comprehensive state
                                             enhancing program integrity efforts. According to state officials, the modest
reviews, and state assessments;
analyzed reports that summarized the         expenditures on the institute result in valuable training and networking
monetary returns from MIG and state          opportunities. The MIG, however, has not taken advantage of the potential for
program integrity activities; and            comprehensive reviews to inform the selection of states for federal audits.
interviewed MIG officials, contractors,      Although the MIG’s comprehensive reviews yield considerable information about
and state program integrity officials.       state program integrity vulnerabilities, states with serious program integrity
                                             vulnerabilities often had few NMAP audits. Furthermore, the data collected
What GAO Recommends                          through state program integrity assessments (SPIA) duplicate data collected
GAO recommends that the CMS                  through comprehensive reviews and other reports, are not validated, and, even if
Administrator (1) eliminate duplication      the data were accurate, are less current than similar data from other sources.
by merging contractor functions,             Reporting by the Centers for Medicaid & Medicaid Services (CMS) on the return
(2) use comprehensive reviews to             on investment (ROI) from the activities of the MIG is inadequate. CMS’s annual
better target audits, (3) follow up with     reports to Congress provide a limited picture of ROI for NMAP audits, which
states to ensure reliable reporting of       account for over half of the MIG’s annual expenditures, and it is difficult to
their program integrity recoveries,
                                             calculate an ROI with the expenditure and activity information provided. The
(4) discontinue the SPIA, and
                                             Department of Health and Human Services (HHS) recently announced that it will
(5) reevaluate and publish its ROI
methodology. In response, HHS                discontinue reporting a separate ROI for NMAP. In addition, CMS’s ROI
concurred with three of GAO’s                methodology includes a percentage of state-identified overpayments reported on
recommendations and partially                the SPIA, which is questionable. To date, CMS has not published an ROI
concurred with the need to eliminate         methodology. Regarding state reporting of recoveries, we found that most states
SPIA-related duplication and to              were not fully reporting recoveries according to specific program integrity
reevaluate CMS’s ROI methodology.            activities and that a sizable number appeared to underreport aggregate
As discussed in this report, GAO             recoveries compared to other sources. For example, one state reported
continues to believe that its                aggregate recoveries of about $195,000 over 3 years to CMS but about
recommendations are valid.                   $36 million in its annual report to the governor for 2 of these years. The apparent
                                             gaps in state reporting of such recoveries make it difficult to determine whether
View GAO-13-50. For more information,
contact Carolyn L. Yocom at (202) 512-7114   states are returning the federal share of recovered overpayments. A full
or yocomc@gao.gov.                           accounting of state and NMAP related recoveries is vital for measuring the
                                             effectiveness of efforts to reduce improper payments.
                                                                                     United States Government Accountability Office
Contents


Letter                                                                                              1
                       Background                                                                   5
                       Use of Separate Review and Audit Contractors Was Inefficient, Led
                         to Duplication, and Contributed to a Longer Audit Process                14
                       Other MIG Activities Show Mixed Results in Overseeing and
                         Supporting States’ Program Integrity Activities                          19
                       Reporting on Program Integrity Results Is Inadequate                       24
                       Conclusions                                                                30
                       Recommendations for Executive Action                                       31
                       Agency Comments and Our Evaluation                                         31

Appendix I             Number of National Medicaid Audit Program Audits                           35



Appendix II            Recoveries from State Medicaid Program Integrity Activities                37



Appendix III           Comments from the Department of Health and Human Services                  39



Appendix IV            GAO Contact and Staff Acknowledgments                                      43



Related GAO Products                                                                              44



Tables
                       Table 1: States with Serious Program Integrity Vulnerabilities
                                Identified in Comprehensive Reviews and the Number of
                                Assigned NMAP Audits and State Rank as of February
                                2012                                                              22
                       Table 2: MIG’s Strategy to Measure Return on Investment across
                                Activities                                                        26
                       Table 3: Number of National Medicaid Audit Program Audits by
                                State as of February 2012                                         35
                       Table 4: Fraud, Waste, and Abuse Recoveries from State Medicaid
                                Program Integrity Activities, Fiscal Years 2009 through
                                2011                                                              37


                       Page i                                     GAO-13-50 Medicaid Integrity Program
Figures
          Figure 1: Review and Audit Contractors by State as of July 2012                            7
          Figure 2: Number of Audits and Total Potential Overpayments
                   Identified and Sent to States for Recoupment (in millions
                   of dollars) by Audit Approach, from fiscal year 2007
                   through February 29, 2012                                                        10
          Figure 3: Description of the MIG’s Comprehensive Program
                   Integrity Reviews                                                                12
          Figure 4: Number and Duration of MSIS Audits that Identified
                   Potential Overpayments, by Fiscal Year in which Audit
                   Was Assigned, Fiscal Years 2008 through 2010                                     18
          Figure 5: Number of States Reporting No Recoveries to CMS for
                   State-Based Data Analysis, Provider Audits, and Medicaid
                   Fraud Control Unit Investigations, Fiscal Years 2010 and
                   2011                                                                             28



          Abbreviations

          CMS               Centers for Medicare & Medicaid Services
          DRA               Deficit Reduction Act of 2005
          HHS               Department of Health and Human Services
          MBES              Medicaid Budget & Expenditure System
          MFCU              Medicaid Fraud Control Unit
          MIG               Medicaid Integrity Group
          MMIS              Medicaid Management Information System
          MSIS              Medicaid Statistical Information System
          NMAP              National Medicaid Audit Program
          OIG               Office of Inspector General
          ROI               return on investment
          SPIA              state program integrity assessment
          SURS              Surveillance and Utilization Review Subsystem



          This is a work of the U.S. government and is not subject to copyright protection in the
          United States. The published product may be reproduced and distributed in its entirety
          without further permission from GAO. However, because this work may contain
          copyrighted images or other material, permission from the copyright holder may be
          necessary if you wish to reproduce this material separately.




          Page ii                                              GAO-13-50 Medicaid Integrity Program
United States Government Accountability Office
Washington, DC 20548




                                   November 13, 2012

                                   The Honorable Thomas R. Carper
                                   Chairman
                                   The Honorable Scott P. Brown
                                   Ranking Member
                                   Subcommittee on Federal Financial Management,
                                    Government Information, Federal Services and
                                    International Security
                                   Committee on Homeland Security and Governmental Affairs
                                   United States Senate

                                   The Honorable Tom Coburn
                                   Ranking Member
                                   Permanent Subcommittee on Investigations
                                   Committee on Homeland Security and Governmental Affairs
                                   United States Senate

                                   The size and diversity of the Medicaid program make it particularly
                                   vulnerable to improper payments—including payments made for
                                   treatments or services that were not covered by program rules, that were
                                   not medically necessary, or that were billed for but never provided. 1, 2
                                   Medicaid, the joint federal-state health care financing program for certain
                                   low-income individuals, is one of the largest social programs in federal
                                   and state budgets, providing care to about 70 million individuals at a cost




                                   1
                                    Medicaid consists of 56 distinct programs, and, within broad federal parameters, states
                                   are responsible for the day-to-day operations of their Medicaid programs. The 56 Medicaid
                                   programs include one for each of the 50 states, the District of Columbia, Puerto Rico, the
                                   Commonwealth of the Northern Mariana Islands, American Samoa, Guam, and the United
                                   States Virgin Islands.
                                   2
                                    An improper payment is any payment that should not have been made or that was made
                                   in an incorrect amount (including overpayments and underpayments) under statutory,
                                   contractual, administrative, or other legally applicable requirements. This definition
                                   includes any payment to an ineligible recipient, any payment for an ineligible good or
                                   service, any duplicate payment, any payment for a good or service not received (except
                                   where authorized by law), and any payment that does not account for credit for applicable
                                   discounts. Improper Payments Elimination and Recovery Act of 2010, Pub. L. No. 111-
                                   204, § 2(e), 124 Stat. 2224, 2227 (codified at 31 U.S.C. § 3321 note).




                                   Page 1                                              GAO-13-50 Medicaid Integrity Program
of $436 billion in fiscal year 2011. 3 The Centers for Medicare & Medicaid
Services (CMS), the federal agency within the Department of Health and
Human Services (HHS) that oversees Medicaid, estimated that
$21.9 billion (8.1 percent) of federal Medicaid expenditures for that fiscal
year were improper—the second-highest of any federal program that
reports such data.

We have had long-standing concerns about Medicaid’s program integrity.
In January 2003 we added Medicaid to our list of high-risk programs
because of concerns about the sufficiency of federal and state oversight. 4
Two years later, we testified that CMS needed to increase its
commitment—both the alignment of resources and strategic planning—to
helping states fight Medicaid fraud, waste, and abuse. 5 More recently, we
highlighted the program’s vulnerability to improper payments. 6

Until the Deficit Reduction Act of 2005 (DRA) expanded CMS’s role,
Medicaid program integrity had been primarily a state responsibility. While
states remain the first line of defense against Medicaid improper
payments, the DRA established the Medicaid Integrity Program to provide
effective federal support and assistance to states’ efforts to prevent
improper payments. 7 To implement this program, CMS established the
Medicaid Integrity Group (MIG) in 2006, whose core activities consist of

•   the National Medicaid Audit Program (NMAP), which uses contractors
    to analyze and audit state provider claims data in order to identify
    overpayments;




3
 The federal government matches states’ expenditures for most Medicaid services using a
statutory formula based on each state’s per capita income. In fiscal year 2011, the federal
share of Medicaid spending was $275 billion, while the state share was $161 billion.
4
 See GAO, Major Management Challenges and Program Risks: Department of Health and
Human Services, GAO-03-101 (Washington, D.C.: Jan. 2003).
5
 See GAO, Medicaid Fraud and Abuse: CMS’s Commitment to Helping States Safeguard
Program Dollars Is Limited, GAO-05-855T (Washington, D.C.: June 28, 2005).
6
 See GAO, Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of
Recent Laws and Agency Actions Could Help Reduce Improper Payments, GAO-11-409T
(Washington, D.C.: Mar. 9, 2011).
7
 See Pub. L. No. 109-171, § 6034, 120 Stat. 4, 74-78 (2006) (codified at 42 U.S.C.
§ 1396u-6).




Page 2                                               GAO-13-50 Medicaid Integrity Program
•   the Medicaid Integrity Institute—a national Medicaid integrity training
    program for state officials;

•   state comprehensive reviews—triennial assessments of states’
    program integrity procedures and processes;

•   state program integrity assessments (SPIA)—the annual collection of
    data on state Medicaid integrity activities;

•   state technical assistance; and

•   education and training of providers on payment integrity and quality of
    care issues.

You asked us to examine CMS’s support for and oversight of states’
efforts to prevent and reduce improper payments. To address your
request, we first reported on the results of the MIG’s efforts to redesign
the NMAP, which accounts for about half of the MIG’s expenditures. 8 This
report further examines the NMAP as well as the MIG’s other activities. It
assesses (1) how the MIG used contractors to conduct NMAP audits,
(2) the MIG’s implementation of several other oversight and support
activities, and (3) the reporting of the results of program integrity activities
by CMS and states.

To assess how the MIG used contractors to conduct NMAP audits, we
analyzed MIG data on audit assignments and its contractors’ lessons
learned reports. We discussed the NMAP program with MIG officials,
representatives of the MIG’s review and audit contractors, and program
integrity officials in 11 states. 9 Finally, we reviewed relevant HHS Office of
the Inspector General (HHS-OIG) reports, and interviewed HHS-OIG
officials involved in early assessments of the work of the MIG’s review
and audit contractors. To ensure the reliability of the data provided by the
MIG, we reviewed the accompanying data descriptions and interviewed




8
 See GAO, National Medicaid Audit Program: CMS Should Improve Reporting and Focus
on Audit Collaboration with States, GAO-12-627 (Washington, D.C.: June 14, 2012).
9
 The 11 states were Arizona, California, Connecticut, Florida, Kentucky, New York, Ohio,
Pennsylvania, Texas, Washington, and Wisconsin. We selected these states because of
their geographic diversity and because together they account for almost half of all
Medicaid spending and beneficiaries.




Page 3                                              GAO-13-50 Medicaid Integrity Program
knowledgeable MIG officials. We determined that the data were reliable
for our purposes.

To assess the MIG’s implementation of other oversight and support
activities, we collected and analyzed available information on its three
core activities. Specifically, we (1) examined materials related to the
operation of the MIG’s Medicaid Integrity Institute, such as the institute’s
2011 training calendar and one course’s after action evaluation report;
(2) analyzed final reports for the MIG’s most recent triennial
comprehensive reviews of the 50 states and the District of Columbia for
state program integrity vulnerabilities and compliance issues; and
(3) reviewed the summary statistics collected annually as a part of the
SPIA. 10 We discussed these three activities with MIG officials and with
program integrity staff in the same 11 states mentioned above, and
reviewed other pertinent reports and documents related to these
activities. We also performed reliability checks on the comprehensive
reviews and SPIA data, such as reviewing relevant documentation and
discussing these data sources and their internal controls with
knowledgeable CMS officials. These officials told us that the SPIA data
are self-reported and not validated. As a result, we discuss the SPIA’s
data limitations in this report but did not use these data to analyze states’
reported recoveries.

To assess the reporting of the results of program integrity activities by
CMS and states, we reviewed CMS’s annual budget justifications for
fiscal years 2010-2013, the MIG’s annual reports to Congress for fiscal
years 2008-2010, and the HHS’s performance management website; and
we interviewed MIG officials. We also analyzed state-reported program
integrity recoveries from the Medicaid Budget & Expenditures System
(MBES), and discussed state reporting with officials in CMS’s Center for
Medicaid and CHIP Services, which is responsible for the database that
captures state reporting. 11 We performed reliability checks on the MBES
data and discussed these data and their internal controls with
knowledgeable CMS officials. Because we found that the MBES data


10
  We did not review technical assistance provided to states by the MIG or the activities of
the MIG’s education contractor, which works with providers on payment integrity and
quality of care issues.
11
  CHIP is the acronym for the State Children’s Health Insurance Program, a federal-state
program that provides health care coverage to children 18 years of age and younger living
in low-income families whose incomes exceed the eligibility requirement for Medicaid.




Page 4                                                GAO-13-50 Medicaid Integrity Program
              were incomplete in their reporting of states’ recoveries, we did not use
              this data source but do discuss the data limitations we identified in this
              report.

              We conducted this performance audit from July 2011 through November
              2012 in accordance with generally accepted government auditing
              standards. Those standards require that we plan and perform the audit to
              obtain sufficient, appropriate evidence to provide a reasonable basis for
              our findings and conclusions based on our audit objectives. We believe
              that the evidence obtained provides a reasonable basis for our findings
              and conclusions based on our audit objectives.


              The MIG implemented its set of core activities gradually from fiscal years
Background    2006 to 2009 when it reached its annual funding level of $75 million. 12 For
              example, the MIG initiated comprehensive reviews in fiscal year 2007,
              completing eight, week-long site visits and implemented NMAP audits in
              fiscal year 2009. To track the value of its program integrity activities, the
              MIG developed a formula to measure return on investment (ROI),
              including both direct and indirect benefits. The MIG, in conjunction with
              Center for Medicaid and CHIP Services, also developed a mechanism for
              states to report recoveries from fraud, waste, and abuse at a more
              detailed level than previously as a part of CMS’s fiscal oversight of state
              Medicaid expenditures.


NMAP Audits   The NMAP program accounts for about half of the $75 million
              appropriated annually for the Medicaid integrity program. In each of five
              geographic areas, two separate contractors are responsible for the review
              and audit functions (see fig. 1):




              12
                Under the DRA provision, as amended, $5 million was appropriated for the Medicaid
              Integrity Program for fiscal year 2006, increasing to $50 million for each of the subsequent
              2 fiscal years, and $75 million for fiscal years 2009 and 2010. For each fiscal year since
              2010, the amount appropriated has been the previous year’s appropriation adjusted for
              inflation.




              Page 5                                                GAO-13-50 Medicaid Integrity Program
•    Review function. One contractor reviews states’ paid claims data to
     identify aberrant claims or billing anomalies. 13

•    Audit function. A different audit contractor conducts targeted provider
     audits to determine whether or not the provider received an
     overpayment. 14

As of July 2012, the MIG had two review contractors and three separate
audit contractors.




13
  The MIG’s review contractors conduct data analysis intended to help identify potential
audit targets using algorithms that target specific types of overpayments, such as
duplicate claims for the same service, and specify a set of rules to analyze the data. The
MIG maintains about 100 algorithms.
14
  Audit contractors notify the providers and request documentation. Audit work involves
reviewing provider records and interviewing providers and personnel. The audit
contractors prepare draft audit reports and incorporate provider and state comments. The
MIG reviews the audit contractors’ submission and when it is considered complete sends
a final audit report to the state to pursue and collect any overpayments.




Page 6                                                GAO-13-50 Medicaid Integrity Program
Figure 1: Review and Audit Contractors by State as of July 2012




                                         Notes: Each contractor is assigned to one or multiple geographic areas outlined in this map. For
                                         example, IPRO works in one geographic area but IntegriGuard works in three geographic areas. In
                                         addition, the MIG selected a new audit contractor in one area and the original audit contractor is still
                                         completing its remaining work.
                                         a
                                          Booz Allen Hamilton was the initial audit contractor and is still completing its remaining work.
                                         b
                                          IntegriGuard was formerly known as HMS.




                                         Page 7                                                        GAO-13-50 Medicaid Integrity Program
Since its inception, the MIG has used three different approaches to
conducting NMAP audits—test audits, Medicaid Statistical Information
System (MSIS) audits, and, more recently, collaborative audits. 15 As we
noted in our June 2012 report on NMAP, the test and collaborative audits
differed from the MSIS audits in two important ways: the test and
collaborative audits (1) leveraged state expertise to identify potential audit
targets, rather than having the MIG select potential targets on the basis of
the work of its review contractors; and (2) primarily used state Medicaid
Management Information System (MMIS) data rather than MSIS data. 16
The MMIS is a mechanized claims-processing and information-retrieval
system maintained by individual states that generally reflects real-time
payments and adjustments of detailed claims for each health care service
provided. The MSIS audits relied on MSIS data, which contains extracts
from states’ MMIS databases. Because MSIS is a subset of states’ MMIS
data files, MSIS data are missing elements that can assist in audits, such
as the explanations of benefit codes and the names of providers and
beneficiaries. In addition, MSIS data are not current because of late state
submissions and the time it takes CMS’s contractors to review and
validate the data. 17

We recently reported that the identified overpayments from MSIS audits
were significantly lower than those identified by test and collaborative
audits. 18 As of February 2012, 59 of the 1,550 MSIS audits identified
$7.4 million in potential overpayments. In contrast, 26 test audits and
6 collaborative audits together identified $12.5 million in potential
overpayments (see fig. 2). 19 While the newer collaborative audits have not
yet identified more in overpayments than MSIS audits, only 6 of the
112 collaborative audits had final audit reports through February 2012,
and thus the total overpayment amounts identified through collaborative


15
  The MIG began implementing collaborative audits in 2010 and, in February 2011,
stopped assigning MSIS audits. As of June 2012, however, about 90 MSIS audits were
still underway.
16
 See GAO-12-627.
17
  HHS-OIG, MSIS Data Usefulness for Detecting Fraud, Waste, and Abuse, OEI-04-07-
00240 (August 2009); HHS-OIG, Top Management and Performance Challenges Facing
the Department of Health and Human Services in Fiscal Year 2011 (November 2011).
18
 See GAO-12-627.
19
  As of February 2012, 123 of the 1,550 MSIS audits were on-going and 286 were in the
draft audit report stage.




Page 8                                             GAO-13-50 Medicaid Integrity Program
audits will likely continue to grow. In addition, we reported that (1) half of
the MSIS audits were for potential overpayments of $16,000 or less,
compared to a median of about $140,000 for test audits and $600,000 for
collaborative audits, and (2) over two-thirds (69 percent) of the 1,550
MSIS audits assigned to contractors were either discontinued (625), had
low or no findings (415), or were put on hold (37). 20 Finally, we also
reported that the main reason the NMAP audits were ineffective was the
use of MSIS data, which are inadequate for reviewing claims and
selecting audit targets. Further, the MSIS audits were not well
coordinated with states, duplicated state program integrity activities, and
diverted resources from states’ activities. When we spoke about the MSIS
audits with 11 states, some indicated that participation in MSIS audits
diverted staff from their regular duties.




20
  These data are as of February 2012. The MIG generally considers overpayments of
$2,000 or less as too low to merit collection, but it has issued final audit reports for less
than that amount.




Page 9                                                  GAO-13-50 Medicaid Integrity Program
Figure 2: Number of Audits and Total Potential Overpayments Identified and Sent to States for Recoupment (in millions of
dollars) by Audit Approach, from fiscal year 2007 through February 29, 2012




                                         Notes: Test audits were conducted from fiscal year 2007 through 2010. Medicaid Statistical
                                         Information System (MSIS) audits began in 2008 and are ongoing. Collaborative audits began in
                                         2010 as part of the redesign of the NMAP and are also ongoing. Dollar amounts shown are potential
                                         overpayments in final audit reports sent to states for recovery. They do not reflect the amounts in
                                         draft audit reports or the amounts actually recovered by the states.



MIG Support, Oversight,                  In addition to the NMAP, the MIG has implemented three activities that
and Reporting                            are the core of its support and oversight of state program integrity—the
                                         Medicaid Integrity Institute, comprehensive reviews, and SPIA. Less than
                                         half of the MIG’s $75 million annual budget supports these three
                                         activities. The MIG has also developed a methodology for computing the
                                         ROI for its activities.




                                         Page 10                                                    GAO-13-50 Medicaid Integrity Program
Medicaid Integrity Institute. In 2007, the MIG established the Medicaid
Integrity Institute, the first national Medicaid training program for state
program integrity officials. CMS executed an interagency agreement with
the Department of Justice to house the institute at the National Advocacy
Center, located at the University of South Carolina. At no cost to states,
the institute offers substantive training and support in a structured
learning environment. In time, the institute intends to create a
credentialing process to elevate the professional qualifications of state
Medicaid program integrity staff.

Comprehensive reviews. In 2007, the MIG initiated triennial
comprehensive state program integrity reviews, which assess each
state’s Medicaid program integrity procedures and processes. 21 Topics
covered include program integrity organization and staffing, postpayment
review and fraud identification, investigation, and referral. The objective of
the reviews is to assess the effectiveness of states’ program integrity
activities and compliance with federal program integrity laws. As of fiscal
year 2011, the MIG had reviewed all states once (as well as the District of
Columbia, and Puerto Rico) and 26 states twice. Eighteen states have
been scheduled for review in fiscal year 2012.

State comprehensive reviews are guided by a detailed protocol and
represent a significant investment of staff time and resources for both
states and the MIG. In advance of a 1-week on-site review, state staff
respond to the review protocol and provide documentation on a state’s
program integrity activities (see fig. 3.) After the week-long visit, MIG staff
draft a report, obtain state comments, and follow up with the state on the
implementation of any corrective actions required to address findings.
The culmination of a review is a final report that details the MIG’s
assessment of each state’s program integrity vulnerabilities, compliance
with federal laws, and effective practices. These reports are posted on
CMS’s website and the MIG prepares an annual report that summarizes
the results for all states reviewed each year. 22




21
  Prior to the MIG, CMS conducted comprehensive reviews of state program integrity
activities every 7 years.
22
  http://www.cms.gov/Medicare-Medicaid-Coordination/Fraud-
Prevention/FraudAbuseforProfs/StateProgramIntegrityReviews.html.




Page 11                                            GAO-13-50 Medicaid Integrity Program
Figure 3: Description of the MIG’s Comprehensive Program Integrity Reviews




State Program Integrity Assessments. Annually, the MIG collects
information through a web-based portal from each state about its program
integrity activities, which results in a publication of a one-page summary
that provides statistics on states’ program integrity staffing, expenditures,
audits for improper payments, and recoveries. 23 According to MIG
officials, the SPIA represent the first national baseline collection of data



23
  The SPIA online database contains more detailed information than is presented in the
one-page summaries. SPIA results covering all states are also summarized in a three-
page executive summary, and detailed data for each state are available for all SPIA years.




Page 12                                             GAO-13-50 Medicaid Integrity Program
                       on state Medicaid integrity activities for the purpose of program evaluation
                       and technical assistance. Although the profiles are published every year,
                       there is a 2-year lag in the SPIA data collection. For example, the 2010
                       SPIA covered state fiscal year 2008 activities.

                       Return on Investment. Federal law requires HHS to annually report to
                       Congress on the effectiveness of the use of the funds appropriated for the
                       Medicaid Integrity Program. 24 However, the benefit derived from some of
                       the activities, such as the Medicaid Integrity Institute or technical
                       assistance, are difficult to quantify because they contribute to cost
                       avoidance rather than recoveries of overpayments. The MIG has
                       developed a strategy for reporting the ROI for the NMAP and its other
                       activities, which has changed over the program’s existence. Typically, an
                       ROI is calculated as a percentage—the benefits identified through a
                       program or set of activities relative to the total costs of that program or
                       activities.


Medicaid Overpayment   CMS has had a long-standing requirement that states report the
Recovery Reporting     aggregated amount of recoveries from provider overpayments as a part of
                       their quarterly reporting on Medicaid program expenditures. During fiscal
                       year 2009, the MIG helped the CMS unit responsible for validating state
                       reporting of Medicaid expenditures develop more detailed reporting of
                       states’ recoveries of provider overpayments. Beginning in fiscal year
                       2010, CMS required states to report recoveries for specific activities
                       separately, such as NMAP, state program integrity activities, or the
                       activities of the HHS-OIG. The more detailed reporting of fraud, waste,
                       and abuse recoveries was initiated to allow CMS to track recouped
                       amounts according to specific program activities. CMS regional office
                       staff validates and audits the reported expenditure data and
                       accompanying detailed information; state officials must also attest to the
                       data’s accuracy. 25 Recovered overpayments are subtracted from the
                       states’ Medicaid expenditures, which forms the basis for computing the
                       federal share of program costs.




                       24
                        42 U.S.C. §1396u-6(e)(5).
                       25
                         CMS’s Financial Review Guide describes the protocol that its staff uses to validate the
                       state-reported data.




                       Page 13                                              GAO-13-50 Medicaid Integrity Program
                            The MIG’s decision to establish separate review and audit contractors for
Use of Separate             each state was inefficient and led to duplication because key functions
Review and Audit            such as data analysis were performed by both types of contractors. In
                            turn, these inefficiencies contributed to lengthy MSIS audits, which, on
Contractors Was             average, took almost 2 years to complete.
Inefficient, Led to
Duplication, and
Contributed to a
Longer Audit Process
Use of Separate Review      The MIG’s decision to establish separate review and audit contractors for
and Audit Contractors Was   each state was inefficient and led to duplication in two key areas—state
Inefficient and Led to      Medicaid policies and data analysis. The DRA required CMS to hire
                            contractors to review and audit provider claims. According to MIG
Duplication                 officials, they initially believed that the DRA required the use of separate
                            contractors but, in hindsight, concluded that these activities could have
                            been performed by one contractor. 26

                            State Medicaid policies. The MIG’s decision to use separate review and
                            audit contractors meant that both entities had to master the details of
                            numerous state Medicaid policies related to eligibility, benefits, and claims
                            processing in order to appropriately assess whether payments were
                            improper. 27 Although MIG officials told us that they were sensitive to the
                            burden placed on states by the establishment of NMAP, the use of
                            separate review and audit contractors nonetheless increased states’
                            administrative burden because both types of contractors performed the
                            same function and states had to review the contractors’ work to ensure
                            that state policies were applied correctly. States provided feedback about
                            the samples prepared by the review contractors, which in some cases
                            reflected a misunderstanding of state policy. 28 In addition, state officials


                            26
                              MIG officials told us that they consulted CMS’s Office of Acquisition and Grants
                            Management before deciding to hire separate review and audit contractors. This office
                            manages contracting activities and is responsible for developing acquisition policy and
                            procedures.
                            27
                              The MIG required both type of contractors to execute Joint Operating Agreements with
                            state Medicaid agencies.
                            28
                              As part of their data analyses, the review contractors submitted samples of their
                            potential findings to the states, via the MIG, for review and validation. See GAO-12-627.




                            Page 14                                              GAO-13-50 Medicaid Integrity Program
told us that they found themselves educating audit contractors about state
Medicaid policies. 29 The MIG’s two review contractors were responsible
for learning and correctly applying the policies of 22 and 28 states,
respectively, while the three audit contractors were required to master the
policies of from 8 to as many as 24 states. Officials from one state noted
that becoming fully knowledgeable about all the policies affecting state
program integrity audits could take 2 to 3 years. According to several
state officials, the lack of an in-depth knowledge of state policy
contributed to unproductive provider audits. For example, according to
one state official, the MIG and its contractors had mistakenly identified
overpayments for federally qualified health centers because they
assumed that centers should receive reduced payments for an
established patient on subsequent visits. The contractors were not aware
that these types of centers are paid on an encounter basis, which makes
the same payment for the first and follow-up visits.

Data analysis. The use of separate review and audit contractors
increased inefficiencies in data analysis, which also led to duplication of
effort. The review contractors’ primary function was using algorithms to
analyze MSIS data with the goal of identifying potential improper
payments. Audit contractors also analyzed MSIS data to learn more about
targeted providers and the services for which they billed. However, the
audit contractors duplicated certain data analyses that had already been
performed by the review contractors, such as performing their own
verification of the completeness and accuracy of MSIS data. For example,
one audit contractor reported that the presence of large numbers of
duplicate claims in the MSIS data resulted in a significant commitment of
the contractor’s analytical and data management resources for 66 audit
targets that were subsequently discontinued.

The inefficiencies of having both review and audit contractors were
exacerbated by the MIG’s communication policies. All communication,
whether between review and audit contractors or between contractors
and states, went through a multistep process controlled by the MIG and,
as a result, the audit contractors could not easily communicate with the
review contractors to verify specific details of the review contractors’ data
analyses. Two audit contractors’ lessons-learned reports recommended


29
   Since the implementation of NMAP, the MIG has changed audit contractors in two of the
five geographic areas and thus new contractors had to become familiar with state
Medicaid policies while the original audit contractors completed any remaining work.




Page 15                                            GAO-13-50 Medicaid Integrity Program
                           closer collaboration between audit and review contractors during the
                           algorithm vetting process and target selection to prevent duplicative data
                           analysis. In addition, the inability to communicate freely inhibited
                           contractors from taking full advantage of states’ knowledge of their own
                           Medicaid policies. The HHS-OIG reported a similar finding that the MIG’s
                           communication policy also contributed to a duplication of contractor
                           functions. 30 To improve coordination and communication between the
                           contractors, MIG officials told us they began monthly conference calls in
                           mid-2011 that included both the review and audit contractors working in
                           the same geographic area. One audit contractor stated that the improved
                           communication with the review contractor has increased the efficacy of
                           their audits specifically related to early readmissions and hospice.

                           Several of the MIG’s recent changes to NMAP may reduce, but not
                           eliminate, duplication. Although review contractors were not initially
                           involved in collaborative audits, MIG officials told us that collaborative
                           audits were evolving and in some cases the review contractors are
                           conducting data analysis on state supplied MMIS data or are continuing
                           to analyze MSIS data in order to identify potential audit targets. 31
                           However, they told us that review contractors are collaborating more
                           closely with states to validate any MSIS data findings using MMIS data.
                           Moreover, in July 2012, the MIG told us that while it planned to retain two
                           review contractors, it would reduce their workload overall and realign their
                           geographic areas of responsibility to ensure that all states are still
                           supported. Despite these changes, both review and audit contractors
                           must still correctly apply states’ Medicaid policies because both continue
                           to be involved in collaborative audits.


MSIS Audits Were Lengthy   MIG officials acknowledged that MSIS audits were lengthy and told us
                           that, among other factors, better communication among the MIG, its
                           contractors, and states would have contributed to shorter audits. The
                           duration of successful MSIS audits, that is, those that identified
                           overpayments, decreased from 2008 through 2010; however, the typical


                           30
                             HHS-OIG, Early Assessment of Audit Medicaid Integrity Contractors, OEI-05-1-00210
                           (March 2012).
                           31
                             According to MIG officials, in cases where MMIS data are not available at the outset, the
                           review contractors run algorithms on MSIS data. The review contractors conducted data
                           analysis on 34 percent of the 112 collaborative audits assigned to the MIG’s audit
                           contractors from January 2010 through December 2011.




                           Page 16                                              GAO-13-50 Medicaid Integrity Program
length of time from assignment of audit until submission of the final audit
report for these 58 successful MSIS audits was 23 months, ranging from
11 months to 38 months, with half of these audits taking 23 months or
more to complete (see fig. 4). 32 In addition, for the 118 audits that were
assigned from 2009 to 2011 and still in progress, the average duration as
of February 2012 was 21 months. 33 As the MIG shifts to collaborative
audits, preliminary results suggest these audits are completed more
quickly than MSIS audits. Although only six collaborative audits had final
audit reports as of February 2012, the average duration of those
successful audits was 16 months compared to 23 months for successful
MSIS audits.




32
  Data reported is as of February 29, 2012. We only report the duration for 58 of the 59
MSIS audits that resulted in a final audit report because of the ambiguity of the duration of
one audit. The duration of MSIS audits includes the several weeks that the MIG takes to
review the draft findings and release the final audit report to states.
33
  According to CMS, 13 of these ongoing 118 audits had low or no findings and 15 have
resulted in draft audit reports as of June 2012. In addition, MIG officials told us that two
audits in progress were consolidated into one draft audit report, which reduces the number
of audits in progress by two rather than one.




Page 17                                               GAO-13-50 Medicaid Integrity Program
Figure 4: Number and Duration of MSIS Audits that Identified Potential
Overpayments, by Fiscal Year in which Audit Was Assigned, Fiscal Years 2008
through 2010




Note: Data as of February 29, 2012, and include 58 out of 59 audits because of the ambiguity of one
audit’s duration. As of this date, CMS had not yet issued final audit reports for MSIS audits assigned
in fiscal year 2011. An additional 16 audits had reached the final audit report stage but were still being
reviewed by the MIG. Duration is the average number of months between audit assignment and
submission of the final audit report to the state.


Successful MSIS audits, those that identified overpayments, took nearly
2 years to complete, longer than some states and HHS-OIG typically
allow for Medicaid provider audits. Several state officials we interviewed
told us that MSIS audits took too long to complete. One state official
indicated that the state expected its new recovery audit contractor would
produce results within 9 months of the start of the contract, and an official
from a different state said that his staff attempt to produce draft audit
reports within 60 days of initiating an audit. 34 Additionally, the HHS-OIG


34
  The Patient Protection and Affordable Care Act requires state Medicaid programs to
establish contracts with recovery audit contractors to identify and recoup overpayments,
consistent with state law and similar to the contracts established for the Medicare
program. Pub. L. No. 111-148, § 6411, 124 Stat. 119,773 (2010).




Page 18                                                       GAO-13-50 Medicaid Integrity Program
                             allows about a year for audits to be conducted and completed before
                             reviewing or reporting on them. 35 MIG officials told us that they were
                             aware of the time-consuming nature of MSIS audits and do track audit
                             progress, such as “days remaining to completion.” On the basis of a 2010
                             suggestion by one of its audit contractors, the MIG is taking steps to build
                             the capability to generate audit aging reports that would be available to its
                             contractors in its new workflow management system, but officials told us
                             that these changes are still in the implementation and testing phase.


                             The MIG’s modest spending on the Medicaid Integrity Institute enhances
Other MIG Activities         states’ capabilities. Comprehensive reviews, a MIG oversight activity,
Show Mixed Results           have the potential to inform state selection for federal audits. But, the data
                             collected through the SPIA, another MIG oversight activity, has been of
in Overseeing and            limited value as it is inconsistently reported, not validated, and overlaps
Supporting States’           with information collected through comprehensive reviews and other state
Program Integrity            reporting mechanisms.

Activities
Modest MIG Spending on       Spending on the Medicaid Integrity Institute is a small fraction of the
Training through the         MIG’s overall budget, and the 11 state program integrity officials we
Institute Enhances States’   interviewed affirmed the value of the institute for the substantive training it
                             provided. In addition, officials from 10 states described the benefits
Program Integrity            derived from the opportunity to network with other states (see text box for
Capabilities                 examples of state officials’ comments). The cost of the institute is modest
                             compared with overall MIG funding; the MIG reported that $1.7 million of
                             the approximately $75 million appropriated for the Medicaid Integrity
                             Program in fiscal year 2011 was spent on the institute. 36 From fiscal years
                             2008 to 2012, the institute trained over 3,000 state employees. While
                             officials from the 11 states we spoke with commended the institute, some
                             also offered suggestions for expanding the reach of the institute’s
                             activities:




                             35
                              OEI-05-1-00210.
                             36
                              The MIG funds state officials’ attendance at and travel to the institute.




                             Page 19                                               GAO-13-50 Medicaid Integrity Program
                          •    Officials from three states suggested that the MIG expand
                               opportunities for additional staff to attend, such as staff from the
                               Medicaid Fraud Control Units (MFCU) or the clinical staff that work
                               with program integrity staff, or allow attendance by more staff from
                               larger states. 37

                          •    Furthermore, officials from three states recommended that the
                               institute offer Medicaid audit certification to state program integrity
                               staff.

                          The National Association of Medicaid Directors and the Medicaid and
                          CHIP Payment and Access Commission also recommended that CMS
                          expand the institute to make it more accessible to state officials. 38




The MIG’s Comprehensive   Comprehensive reviews yield important information about all aspects of
Reviews Could Help        states’ program integrity capabilities and vulnerabilities, and such
Inform the Selection of   information could be used to target NMAP audits towards states with
                          serious vulnerabilities. In its comprehensive reviews of 51 states, the MIG
States for NMAP Audits    identified 7 states as having serious program integrity infrastructure
                          vulnerabilities, such as not maintaining a centralized program integrity
                          function, yet 5 of these states had less than the typical number of audits
                          assigned. 39 Two of the 7 states had no NMAP audits assigned, 3 states
                          had less than 1 percent of assigned audits in their states, and 2 other
                          states had 16 and 23 audits, respectively; these last 2 states ranked 29th
                          and 22nd in the assignment of 1,662 NMAP audits as of February 2012.
                          (See table 1.) In the same set of 51 state comprehensive reviews, the


                          37
                            MFCUs, which are generally located in state Attorney Generals’ offices, are responsible
                          for investigating and prosecuting Medicaid fraud. State program integrity offices refer
                          cases to these units.
                          38
                            National Association of Medicaid Directors, Rethinking Medicaid Program Integrity:
                          Eliminating Duplication and Investing in Effective, High-value Tools (March 2012) and
                          Medicaid and CHIP Payment and Access Commission, Report to Congress on Medicaid
                          and CHIP (March 2012).
                          39
                           The comprehensive reviews of 51 states were performed from 2008 through 2011 and
                          were the most recently available as of May 2012.




                          Page 20                                             GAO-13-50 Medicaid Integrity Program
MIG identified 6 states that had a limited or ineffective Surveillance
Utilization Review Subsystem (SURS), another serious vulnerability
involving the required claims-data surveillance system. 40 Only 1 of these
states was among the top 10 states for assigned NMAP audits. The
number of assigned audits in these 6 states ranged from 0 to 110, with
3 states having 10 or fewer audits, 2 states having about 30 audits, and
one state having 110 audits. The state with the highest number of NMAP
audits was Louisiana, which accounted for 10 percent of all NMAP audits
(195); yet, according to the MIG’s comprehensive review, the state did not
have a vulnerable program integrity infrastructure or any identified SURS
weaknesses. (See app. I for the number of NMAP audits assigned to
each state.)




40
  SURS is intended to develop statistical profiles of services, providers, and beneficiaries
in order to identify potential improper payments. For example, SURS may apply automatic
postpayment screens to Medicaid claims in order to identify aberrant billing patterns.




Page 21                                               GAO-13-50 Medicaid Integrity Program
Table 1: States with Serious Program Integrity Vulnerabilities Identified in Comprehensive Reviews and the Number of
Assigned NMAP Audits and State Rank as of February 2012

                                Federal
                             fiscal year
                         comprehensive                                                                      Assigned         State rank in
                            review was                                                                         NMAP              terms of
States                       conducted       Finding                                                           audits     assigned audits
Infrastructure vulnerability
Michigan                           2010      Ineffective program oversight and operations                             0                45
Maine                              2009      Not having resources with diverse medical expertise                      0                45
Oregon                             2010      Program integrity function is not centrally organized                    2                41
                                             within Medicaid agency
Indiana                            2010      Limited effectiveness of program integrity/SURS                          9                32
Wyoming                            2008      Not maintaining a centralized program integrity                          9                32
                                             function
Alaska                             2010      Not maintaining a centralized program integrity                        16                 29
                                             function
Nevada                             2010      Not maintaining a centralized program integrity                        23                 22
                                             function and backlog of program integrity cases
Surveillance Utilization Review Subsystem (SURS) vulnerability
Maine                              2009      State does not have a functioning SURS                                   0                45
Hawaii                             2010      State does not have an effective SURS                                    5                39
Indiana                            2010      Limited effectiveness of program integrity/SURS                          9                32
Nebraska                           2009      State does not maintain an effective SURS operation                    26                 20
West Virginia                      2009      State has less than effective SURS operation                           33                 17
Arkansas                           2010      State does not have statewide SURS program                            110                  4
                                           Source: GAO analysis of CMS data.

                                           Note: Our analysis of NMAP audits considered both MSIS and collaborative audits.


                                           As a part of its comprehensive reviews, the MIG identifies findings or
                                           vulnerabilities that continue to persist from the state’s prior
                                           comprehensive review. Of the 51 comprehensive reviews we analyzed,
                                           the MIG found that one quarter of states had uncorrected repeat or partial
                                           repeat findings or vulnerabilities that had not been addressed since the
                                           prior reviews. 41 Nonetheless, of the 10 states that received 62 percent of



                                           41
                                             According to MIG officials, partial repeat findings are cited when a state has (1) started,
                                           but not completed, steps to correct a vulnerability, or (2) not yet addressed a new statutory
                                           requirement.




                                           Page 22                                                  GAO-13-50 Medicaid Integrity Program
                           the 1,662 NMAP audits, 8 states had no uncorrected repeat findings or
                           vulnerabilities.


SPIA Data Are Not          On an annual basis, states self-report the data submitted to the SPIA, and
Validated, Are             MIG staff told us that they do not review all 220 state-reported data
Inconsistently Reported,   elements or validate the data for reliability. Yet, MIG staff told us that they
                           do check the states’ data submissions for reasonableness and follow up
and Overlap with Other     with states to confirm extreme responses. We have reported that the
Efforts                    SPIA contained significant errors and were inconsistent with data
                           reported in state comprehensive reviews covering the same year. 42
                           Overall, the data are not reported in a consistent enough manner to allow
                           for comparisons across states. For example, the instructions specify
                           which collections a state may include in the category of recovered
                           overpayments, but one state official told us the state’s recoveries included
                           collections that were supposed to be excluded. State reporting is further
                           complicated because the collection instrument does not allow state
                           officials to comment on or explain their responses. Thus, states unable to
                           report data as requested also cannot explain why or how their data
                           deviates from what was requested, resulting in inconsistent reporting and
                           blank items.

                           In addition, much of the information is collected through other reporting
                           mechanisms as well. State officials have told us that the SPIA is
                           burdensome because the website interface is difficult to use and asks
                           again for information that they already provide as part of other reporting.
                           For example, the SPIA includes program integrity expenditures and
                           recoveries—two key metrics for accountability and oversight—that are
                           also collected through the required quarterly reporting of state Medicaid
                           expenditures to CMS and which are also subject to validation and audit. 43
                           Several other items reported on the SPIA—Medicaid enrollees, managed
                           care enrollment, participating providers, the state program integrity



                           42
                             See GAO, Medicaid Program Integrity: Expanded Federal Role Presents Challenges to
                           and Opportunities for Assisting States, GAO-12-288T (Washington, D.C.: Dec. 7, 2011).
                           43
                             According to CMS, not all of the information that the SPIA collects on expenditures is
                           available through quarterly reports. For example, unlike the quarterly reporting form, the
                           SPIA asks for expenditure information by activity. Many states, however, do not report
                           such information and the information provided is not validated. If CMS believed that such
                           detailed program integrity expenditure data were valuable, it could revise states’ quarterly
                           reporting requirements.




                           Page 23                                               GAO-13-50 Medicaid Integrity Program
                          organizational structure, number of staff, use of contractors, SURS, and
                          recoveries—are also collected during the comprehensive reviews every
                          3 years and included in the published reports available on the MIG’s
                          website. MIG officials acknowledged that the SPIA duplicated other
                          requests for information and told us they were examining ways to reduce
                          the duplication.

                          MIG officials told us that states use the SPIA as a reference tool to
                          familiarize themselves with other states’ program integrity activities, plan
                          program integrity activities and training, and identify how the MIG can
                          provide support to them. However, representatives from 10 out of
                          11 states we spoke with told us that they had not looked at other states’
                          assessment data posted on the MIG’s website. One state official
                          explained that smaller states or those with newer program integrity
                          activities may refer to the SPIA, but the larger states we contacted had
                          not. In addition, representatives from 4 states commented that SPIA
                          reporting is not consistent or comparable across states.

                          Correcting inconsistencies in the SPIA data, however, would be of limited
                          value. The 2-year time lag in the SPIA data undermines its usefulness in
                          determining which states would benefit from technical assistance and
                          developing measures to assess states’ performance. Other sources, such
                          as comprehensive reviews, provide more timely and useful information.


                          CMS’s limited reporting on the ROI from the Medicaid Integrity Program is
Reporting on Program      inadequate. State reporting of recoveries is similarly insufficient because
Integrity Results Is      we found that most states were not fully reporting recoveries according to
                          specific program integrity activities and that almost half appeared to
Inadequate                underreport aggregate annual recoveries.


CMS’s Limited ROI         CMS’s annual reports to Congress do not provide a clear picture of the
Reporting Is Inadequate   ROI for NMAP audits because they combined the results of MSIS and
                          test audits, which performed very differently. In its annual report covering
                          fiscal year 2010, CMS reported that 947 MSIS and test audits were
                          underway in 45 states and that its contractors had identified cumulative




                          Page 24                                      GAO-13-50 Medicaid Integrity Program
potential overpayments of about $10.7 million. 44 Our analysis of CMS’s
data, which summarized these results by audit approach, found that over
three-fourths of the overpayments—$8.4 million—were identified by the
small number of test audits, in which states identified the audit targets
and supplied their own data. Reporting combined overpayments for MSIS
and test audits gave the impression that NMAP was more successful than
was the case. Moreover, the annual report did not provide information on
the number of audits that were discontinued because of no or low
overpayments. Finally, the $42 million in expenditures for Medicaid
integrity contractors reported in the fiscal year 2010 annual report
combined the cost of both NMAP and education contractors, making it
difficult to compute an ROI for NMAP.

ROI reporting for the Medicaid Integrity Program as a whole has changed
over time.

•    For fiscal year 2008, HHS’s budget justification for CMS reported an
     ROI of 300 percent for the test audits covering a 3-month period—the
     amount of identified overpayments from the test audits as a
     percentage of the contractor expenses for that time period. 45

•    For fiscal year 2009, the ROI formula was broadened to capture MIG
     overpayment identification activities beyond the NMAP. As such, it
     included the identification and recovery of overpayment amounts
     through the MIG’s identification of systematic errors in state payment
     systems and comprehensive state program integrity reviews as a
     percentage of its fiscal year 2009 funding for the Medicaid Integrity
     Program. HHS reported a 2009 ROI of 175 percent using this new
     formula. 46




44
  Secretary of Health and Human Services, Annual Report to Congress on the Medicaid
Integrity Program, Center for Program Integrity, Centers for Medicare & Medicaid
Services, Fiscal Year 2010. (Washington, D.C.: June 2010).
45
  Department of Health and Human Services, Centers for Medicare & Medicaid Services
Justification of Estimates for Appropriations Committees, Fiscal Year 2010 (Washington,
D.C.: May 7, 2009).
46
  Department of Health and Human Services, Centers for Medicare & Medicaid Services
Justification of Estimates for Appropriations Committees, Fiscal Year 2011 (Washington,
D.C.: Feb. 1, 2010).




Page 25                                             GAO-13-50 Medicaid Integrity Program
                                           •    Although an ROI has not been released for fiscal years 2010 or 2011,
                                                HHS has announced that it will calculate the ROI to better reflect the
                                                resources invested through the Medicaid Integrity Program and will
                                                discontinue reporting an ROI for the NMAP. 47

                                           In several reports to the Congress, CMS has indicated that it was
                                           developing a methodology for calculating an ROI based on its activities.
                                           The MIG has not published its ROI methodology, but did provide it to us
                                           for our review. 48 The methodology incorporates identified overpayments
                                           from activities for which the MIG was directly responsible as well as
                                           benefits from activities where the MIG provided support and assistance
                                           (see table 2).

Table 2: MIG’s Strategy to Measure Return on Investment across Activities

                                                                                                                     Amount included in
                               Organization that identifies                                                             federal Medicaid
Medicaid Integrity Group       overpayment/cost                Measurement of overpayment/cost                     Integrity Program ROI
activity                       avoidance                       avoidance                                                     (percentage)
National Medicaid Audit        MIG and review and audit        Identified overpayments from NMAP Final                                  100
Program                        contractors                     Audit Reports
Comprehensive reviews          MIG                             Identified overpayments such as payments                                 100
                                                               to excluded providers
Medicaid Integrity Institute   States                          Savings projected by state attendees                                     100
Support and assistance to      States                          Identified overpayments from audits in                                     20
states                                                         which MIG provided staff support, an effort
                                                               known as “Boots on the Ground”
Support and assistance to      Department of Justice and       Findings and awards from actions in which                                  20
stakeholders                   other stakeholders              MIG provided technical support, such as
                                                               fraud prosecutions
                                                                                                                                           a
State Program Integrity        States                          State identified overpayments                                             16
Assessment
                                           Source: CMS.
                                           a
                                            The MIG apportions the amount of identified overpayments listed on the SPIA using the percentage
                                           of the MIG’s annual budget compared to the total reported spending on state program integrity
                                           activities and the MIG budget.




                                           47
                                             Department of Health and Human Services, Centers for Medicare & Medicaid Services
                                           Justification of Estimates for Appropriations Committees, Fiscal Year 2013 (Washington,
                                           D.C.: Feb. 13, 2012).
                                           48
                                             State program integrity units are required to report on their methodology for calculating
                                           ROI as a part of the comprehensive reviews and some describe their methodology in
                                           reports to their legislatures.




                                           Page 26                                                  GAO-13-50 Medicaid Integrity Program
                            The MIG’s ROI strategy includes a variety of elements, some of which
                            may be difficult to quantify, and others that may be less valid or
                            duplicative of other ROI calculations. For example, although difficult to
                            measure, the MIG is attempting to quantify cost savings realized from
                            states’ participation at the institute so that they can be incorporated into
                            an overall calculation of the ROI for the MIG’s activities. However, it also
                            incorporates a percentage of the identified overpayments reported on the
                            SPIA, which are self-reported and not validated. Given that the MIG’s
                            methodology already includes the benefit from comprehensive reviews
                            and technical assistance to states, its rationale for claiming an additional
                            percentage of states’ own identified overpayments is questionable.


Most States Are Not Fully   Even though the reporting of aggregated program integrity recoveries has
Reporting Recoveries        been a longstanding requirement, many states appear to be
                            underreporting aggregate annual recoveries when compared with other
                            data sources, such as their CMS comprehensive program integrity
                            reviews or reports states prepare on the results of their program integrity
                            activities. For example:

                            •   One state reported aggregate recoveries of $3 million for federal fiscal
                                years 2009 and 2010—$0 and $3 million—but about $37 million for
                                state fiscal years 2009 and 2010 in its comprehensive review.

                            •   Another state reported aggregate recoveries of about $195,000 over
                                3 years to CMS—$0, $130,000, and $65,000—but about $36 million
                                in its annual report to the governor for 2 of these years.

                            •   A third state reported about $6,000 in aggregate recoveries for federal
                                fiscal year 2009 but about $3 million for state fiscal year 2009 in its
                                comprehensive review.

                            Overall from federal fiscal years 2009 through 2011, 15 states reported
                            no fraud, waste, and abuse recoveries in at least 1 fiscal year (see
                            app. II). These results appear questionable given that 5 of the 15 states
                            were among the 20 states with the highest Medicaid expenditures in fiscal
                            year 2010. Additionally, total reported recoveries for all states in fiscal
                            year 2010 represented only about 0.28 percent of state Medicaid
                            expenditures, significantly less than CMS’s estimate that improper
                            payments accounted for about 8 percent of state Medicaid expenditures
                            in fiscal year 2011.




                            Page 27                                      GAO-13-50 Medicaid Integrity Program
In addition, although CMS implemented more detailed state reporting of
recovered overpayments beginning in fiscal year 2010, we found that
most states were not fully reporting recoveries by the specific type of
activity that resulted in the recovery. In fiscal year 2011, the second year
of detailed reporting of program integrity recoveries, 36 or more states
reported no recoveries for specific state-based activities that generally
produce program integrity recoveries, such as state data analysis,
provider audits, or MFCU investigations (see fig. 5).

Figure 5: Number of States Reporting No Recoveries to CMS for State-Based Data
Analysis, Provider Audits, and Medicaid Fraud Control Unit Investigations, Fiscal
Years 2010 and 2011




The underreporting of program integrity recoveries occurs despite CMS’s
validation efforts. CMS’s financial review protocols specify that quarterly
desk reviews must be completed for every state in every quarter, and
yearly on-site reviews must be completed for the 20 states with the
greatest Medicaid expenditures in the preceding fiscal year. On-site
review protocols explicitly instruct the reviewer to verify the reported
aggregated amount of fraud, waste, and abuse recoveries, and CMS
regional office staff may conduct on-site reviews in additional states as



Page 28                                         GAO-13-50 Medicaid Integrity Program
appropriate. CMS staff told us that its financial review protocols
encompass hundreds of pages and that reporting of fraud, waste, and
abuse recoveries is a small portion of the items they are responsible for
validating. They commented that their limited reviews did not allow them
to know whether or not fraud, waste, and abuse recoveries were listed
elsewhere as a part of the state’s quarterly expenditure reporting because
states may report recoveries as an offset to other expenditures or may
report them comingled with other credits that are not fraud, waste, or
abuse-related. 49

Further, CMS staff offered several explanations for the reporting gaps we
identified, including the observation that it is not unusual for states to take
several years to come into compliance with new reporting requirements.
This delay may reflect the fact that states’ accounting processes may
differ from the new instructions and states may need to change their
processes or data systems to accommodate the new reporting
requirements. CMS officials also said that states may have reported their
recoveries as an adjustment that decreased claims from prior quarters. 50
While it is plausible that state accounting systems may differ from the
recently implemented federal reporting requirements, states have had a
long-standing requirement to report their recoveries of overpayments in
the aggregate. Additionally, states report recovered overpayments as a
part of their state comprehensive reviews, and some states include the
results of their program integrity activities in their Medicaid annual
reports. 51




49
 According to CMS officials, when such occurrences are identified, they notify the state to
make a correction.
50
  Again, CMS officials told us that they notify the state to make a correction when such
issues are identified.
51
    For examples of state annual reports see Florida Agency for Heathcare Administration
and Medicaid Fraud Control Unit Department of Legal Affairs, The State’s Efforts to
Control Medicaid Fraud and Abuse, 2010-2011 (December 2011), accessed June 29,
2012. Available at http://ahca.myflorida.com/Executive/Inspector_General/index.shtml and
Illinois Department of Healthcare and Family Services, Medical Assistance Program
Annual Report Fiscal Years 2008, 2009 and 2010 (Apr. 1, 2011).




Page 29                                              GAO-13-50 Medicaid Integrity Program
              The MIG’s activities to support and oversee state Medicaid program
Conclusions   integrity efforts are relatively new and have had mixed success. The
              Medicaid Integrity Institute is widely acclaimed by state officials. However,
              the MIG has had to make significant changes to NMAP, the use of
              comprehensive reviews have shortcomings, and the SPIAs are unreliable.
              In addition, CMS and states’ reporting on the results of their program
              integrity activities are not transparent and are incomplete. Specifically:

              •   The MIG’s decision to hire separate review and audit contractors was
                  inefficient and contributed to overlap and duplication. For example,
                  both types of contractors were engaged in data analysis and both had
                  to be cognizant of state Medicaid policies, which increased the burden
                  on states.

              •   Although the MIG’s comprehensive reviews yield considerable
                  information about state structural and data-analysis vulnerabilities,
                  there is no apparent connection between the reviews’ findings and the
                  selection of states for NMAP audits. Thus, states with serious
                  program integrity vulnerabilities often had few NMAP audits.

              •   Information that the MIG collects through the SPIAs is unreliable.
                  Even if SPIAs were accurate, their value is unclear because similar
                  and more timely information is collected through other sources, such
                  as the comprehensive reviews.

              •   Computing an ROI for the entire Medicaid Integrity Program that
                  reflects the outcomes from all MIG expenditures is complex because it
                  involves measuring both direct and indirect benefits. To date, CMS
                  has provided a misleading picture of the ROI for NMAP audits and its
                  unpublished methodology incorporates a percentage of identified
                  overpayments reported on the SPIA, which is questionable.

              •   A full accounting of state and NMAP-related recoveries is an
                  important yardstick for measuring the effectiveness of efforts to
                  reduce improper payments. The apparent gaps in state reporting of
                  such recoveries, however, hamper federal efforts to quantify the
                  results of state and federal activities and make it difficult to determine
                  whether states are returning the federal share of recovered
                  overpayments.

              Given the magnitude of the estimated Medicaid improper payments,
              federal support and oversight of Medicaid program integrity is important,
              and it is essential that federal efforts are carried out efficiently without
              placing an undue burden on states.


              Page 30                                       GAO-13-50 Medicaid Integrity Program
                      To strengthen the Medicaid Integrity Program, we are making five
Recommendations for   recommendations to the CMS Acting Administrator:
Executive Action
                      •   To eliminate duplication and more efficiently use audit resources, the
                          CMS Acting Administrator should merge the functions of the federal
                          review and audit contractors within a state or geographic region.

                      •   To ensure that the MIG’s comprehensive reviews inform its
                          management of NMAP, the CMS Acting Administrator should use the
                          knowledge gained from the comprehensive reviews as a criterion for
                          focusing NMAP resources towards states that have structural or data-
                          analysis vulnerabilities.

                      •   To avoid unnecessary duplication overlap with other efforts, as well as
                          the reporting of unverified and inaccurate data, the CMS Acting
                          Administrator should discontinue the annual state program integrity
                          assessments.

                      •   To ensure the most effective use of federal Medicaid program integrity
                          funding, the CMS Acting Administrator should reevaluate the agency’s
                          methodology for calculating an ROI for the Medicaid Integrity
                          Program, including reporting separately on the NMAP, and share its
                          methodology with Congress and the states.

                      •   To ensure the appropriate tracking of the results of states’ program
                          integrity activities, the CMS Acting Administrator should increase the
                          agency’s efforts to hold states accountable for reliably reporting
                          program integrity recoveries as a part of their quarterly expenditure
                          reporting.


                      We provided a draft of this report to HHS for comment. In its written
Agency Comments       comments, HHS stated that CMS was currently revising its
and Our Evaluation    Comprehensive Medicaid Integrity Plan covering fiscal years 2013
                      through 2017 in order to address the duplication and inefficiencies that we
                      had identified in the Medicaid Integrity Program. According to HHS, the
                      plan will unveil significant changes to improve the efficiency of the
                      agency’s Medicaid integrity activities. In response to our five
                      recommendations, HHS concurred with three recommendations and
                      partially concurred with two others.

                      Review and audit contractor functions. HHS said that it concurred with our
                      recommendation to merge the functions of its review and audit



                      Page 31                                     GAO-13-50 Medicaid Integrity Program
contractors in order to eliminate duplication and use contractor resources
more efficiently. The department stated that it was evaluating options for
consolidating its contractors’ work within current statutory and
procurement requirements.

Comprehensive reviews and recovery reporting. HHS also concurred with
our recommendations to (1) use the comprehensive program integrity
reviews to better inform NMAP, and (2) increase efforts to hold states
accountable for reliably reporting program integrity recoveries as part of
their quarterly expenditure reporting. With regard to the comprehensive
reviews, HHS stated that CMS would work to improve the integration of
the knowledge gained from the comprehensive reviews to help identify
the states and program areas representing the greatest risks to the
Medicaid program, which, in turn, would influence the agency’s national
audit strategy. In terms of holding states accountable, the department
indicated that it would work through its regional offices to include state
recovery reporting in the risk assessment used to select areas for
financial management reviews, which validate state reported data. In
addition, it will continue to provide the necessary training to states to help
facilitate reliable recovery reporting.

ROI methodology and reporting. HHS partially concurred with our
recommendation to reevaluate the methodology used to calculate an ROI
for the Medicaid Integrity Program, including reporting separately on
NMAP, and to share its methodology with Congress and the states. HHS
indicated that CMS annually reevaluates the methodology and has
provided descriptions of the methodology in documents that are, or will
soon be, available to the public, such as the fiscal year 2013 annual
budget justification for CMS. We found that those descriptions were
limited and that the budget justification was less detailed than the ROI
methodology that CMS shared with us, which is summarized in table 2 of
this report. HHS also noted that CMS’s methodology will become public
when our report is published. HHS said that CMS will be reviewing the
scope of what should be included in the calculation of ROI for the
Medicaid Integrity Program but it did not address our concern that taking
an additional percentage of states’ own identified overpayments was
questionable. HHS did not concur that an ROI should be reported
separately for NMAP because it believes that CMS’s Medicaid program
integrity investments interact with one another and NMAP ROI would be a
misleading index of the work and impact of the Medicaid Integrity
Program. We continue to believe that separately reporting an NMAP ROI
is essential to hold CMS accountable for the effective operation of those



Page 32                                       GAO-13-50 Medicaid Integrity Program
audits, which constituted about half of CMS’s annual expenditures on the
Medicaid Integrity Program.

SPIA. HHS partially concurred with our recommendation and said that it
would suspend the annual state program integrity assessments while
taking steps to address the limitations that we had identified. HHS stated
that the triennial comprehensive state program integrity reviews alone
may not provide adequate data to inform CMS oversight. Although the
department acknowledged the reporting overlap between the SPIA and
comprehensive reviews, it stated that CMS was now working to
streamline the comprehensive review questionnaires to eliminate
duplication. HHS also indicated that CMS’s forthcoming Comprehensive
Medicaid Integrity Plan would outline plans to enhance the SPIA by
refining the data collection tool, reducing the reporting time lag, and
providing for data validation and correction by CMS staff during the
triennial comprehensive reviews. We believe that CMS’s efforts to
address overlap by eliminating duplicative information collected though
the comprehensive reviews does not take into account the considerable
resources that states devote to filling out the comprehensive review
questionnaires, which CMS officials have the opportunity to discuss and
verify during week-long site visits. In contrast, SPIA data are collected
through a web-based survey, which is inconsistently completed and
viewed as a burden by states. Although CMS believes the annual SPIA
data are important to its program integrity mission and plans to reduce the
current reporting time lag, it has not clearly articulated how it will or could
use this information to inform its oversight. In addition, state recoveries
and program integrity expenditures are reported to CMS on a quarterly
basis, which would provide a more reliable financial accounting of states’
program integrity activities. As a result, we continue to believe that the
SPIA should be permanently, not just temporarily, discontinued.

HHS’s comments are reproduced in appendix III. HHS also provided
technical comments, which we incorporated as appropriate.


As agreed with your offices, unless you publicly announce the contents of
this report earlier, we plan no further distribution until 30 days from the
report date. At that time, we will send copies to the Secretary of Health
and Human Services, the Acting Administrator of CMS, appropriate
congressional committees, and other interested parties. In addition, the
report will be available at no charge on the GAO website at
http://www.gao.gov.



Page 33                                       GAO-13-50 Medicaid Integrity Program
If you or your staff has any questions about this report, please contact me
at (202) 512-7114 or at yocomc@gao.gov. Contact points for our Offices
of Congressional Relations and Public Affairs may be found on the last
page of this report. GAO staff who made key contributions to this report
are listed in appendix IV.




Carolyn L. Yocom
Director, Health Care




Page 34                                     GAO-13-50 Medicaid Integrity Program
Appendix I: Number of National Medicaid
              Appendix I: Number of National Medicaid Audit
              Program Audits



Audit Program Audits

              Table 3: Number of National Medicaid Audit Program Audits by State as of February
              2012

                                           Medicaid Statistical
              State                  Information System audits       Collaborative audits         Total
              Alabama                                          67                                    67
              Alaska                                           16                                    16
              Arkansas                                        104                        6         110
              California                                       17                      21            38
              Colorado                                         21                                    21
              Connecticut                                      20                                    20
              Delaware                                         35                                    35
              District of Columbia                             19                                    19
              Florida                                          35                                    35
              Georgia                                          28                      10            38
              Hawaii                                           5                                      5
              Idaho                                            12                        2           14
              Indiana                                          9                                      9
              Iowa                                             15                                    15
              Kansas                                           70                                    70
              Kentucky                                         9                                      9
              Louisiana                                       195                                  195
              Maryland                                         17                        5           22
              Massachusetts                                    75                                    75
              Minnesota                                        6                                      6
              Mississippi                                      8                       10            18
              Missouri                                         1                                      1
              Montana                                          5                                      5
              Nebraska                                         26                                    26
              Nevada                                           23                                    23
              New Jersey                                       63                        5           68
              New Mexico                                       26                                    26
              New York                                         93                        5           98
              North Carolina                                   18                                    18
              North Dakota                                     1                                      1
              Ohio                                             34                        3           37
              Oklahoma                                         1                                      1
              Oregon                                           2                                      2
              Pennsylvania                                     86                                    86




              Page 35                                               GAO-13-50 Medicaid Integrity Program
Appendix I: Number of National Medicaid Audit
Program Audits




                                  Medicaid Statistical
 State                      Information System audits     Collaborative audits         Total
 South Carolina                                    28                                     28
 South Dakota                                       8                                      8
 Texas                                            124                       34          158
 Utah                                               6                                      6
 Vermont                                            9                                      9
 Virginia                                         111                                   111
 Washington                                        16                       11            27
 West Virginia                                     33                                     33
 Wisconsin                                         44                                     44
 Wyoming                                            9                                      9
 Grand total                                    1,550                      112        1,662
Source: GAO analysis of CMS data.




Page 36                                                  GAO-13-50 Medicaid Integrity Program
Appendix II: Recoveries from State Medicaid
              Appendix II: Recoveries from State Medicaid
              Program Integrity Activities



Program Integrity Activities

              Table 4: Fraud, Waste, and Abuse Recoveries from State Medicaid Program
              Integrity Activities, Fiscal Years 2009 through 2011

                                                                     Fiscal Year
              State                                         2009               2010               2011
              Alabama                               $7,575,771           $4,215,561         $9,274,724
              Alaska                                           0                   0                  0
              Arizona                                   22,891            1,870,637            632,018
              Arkansas                               1,569,617            1,548,437          1,918,939
              California                            11,280,386           99,465,305        104,327,782
              Colorado                                 218,625                  180             22,168
              Connecticut                            8,940,819            8,787,546          9,737,835
              Delaware                                  12,679                     0                  0
              District of Columbia                   1,323,039           13,469,478          2,239,303
              Florida                                          0            129,789             65,352
              Georgia                               22,384,808           24,477,927          5,808,151
              Hawaii                                    90,979                  816                   0
              Idaho                                  1,368,716              810,147          1,057,442
              Illinois                                         0          3,342,569         13,548,145
              Indiana                               10,512,856            5,265,908          1,919,964
              Iowa                                      64,947            1,761,559          2,931,565
              Kansas                                        1,613         9,909,765            664,779
              Kentucky                              17,362,774            7,601,953         15,523,861
              Louisiana                              6,462,291            4,423,355          8,778,553
              Maine                                            0                   0                  0
              Maryland                                 455,647                     0           572,079
              Massachusetts                         10,914,670           10,527,899          2,649,756
              Michigan                               1,248,709                     0           368,362
              Minnesota                              7,574,378            2,361,639          1,068,457
              Mississippi                            4,790,498           15,594,880          2,100,269
              Missouri                               5,687,808            6,361,228          5,698,735
              Montana                                  256,310              673,212            156,451
              Nebraska                                 319,467              435,881            578,054
              Nevada                                   494,682              104,427            310,901
              New Hampshire                            244,903              350,048            522,046
              New Jersey                             2,031,217            1,202,775         10,865,626
              New Mexico                               554,109              698,303          2,107,263
              New York                             500,247,430         666,653,864         640,475,184
              North Carolina                        12,547,969            9,865,891         13,602,193



              Page 37                                               GAO-13-50 Medicaid Integrity Program
Appendix II: Recoveries from State Medicaid
Program Integrity Activities




                                                                    Fiscal Year
 State                                                     2009               2010               2011
 North Dakota                                               500                   0                  0
 Ohio                                                   912,840            857,611            765,912
 Oklahoma                                              5,114,226        20,920,971          8,118,075
 Oregon                                                       0                   0              6,371
 Pennsylvania                                          8,998,928        19,024,320         13,513,771
 Rhode Island                                                 0            303,984             38,891
 South Carolina                                       26,795,683        11,407,888         16,910,564
 South Dakota                                             6,423            935,041                   0
 Tennessee                                               19,545                506            157,502
 Texas                                                40,083,547      135,572,616          60,914,245
 Utah                                                  4,269,364                  0            27,521
 Vermont                                                      0                   0                  0
 Virginia                                              3,242,994         2,508,097          5,638,203
 Washington                                                   0            105,915                503
 West Virginia                                            1,716              1,716               1,205
 Wisconsin                                             3,609,194         1,452,573          1,111,085
 Wyoming                                               1,535,178           768,078          1,334,446
Source: CMS’s Medicaid Budget & Expenditure System.




Page 38                                                            GAO-13-50 Medicaid Integrity Program
Appendix III: Comments from the
             Appendix III: Comments from the Department
             of Health and Human Services



Department of Health and Human Services




             Page 39                                      GAO-13-50 Medicaid Integrity Program
Appendix III: Comments from the Department
of Health and Human Services




Page 40                                      GAO-13-50 Medicaid Integrity Program
Appendix III: Comments from the Department
of Health and Human Services




Page 41                                      GAO-13-50 Medicaid Integrity Program
Appendix III: Comments from the Department
of Health and Human Services




Page 42                                      GAO-13-50 Medicaid Integrity Program
Appendix IV: GAO Contact and Staff
                  Appendix IV: GAO Contact and Staff
                  Acknowledgments



Acknowledgments

                  Carolyn L. Yocom, (202) 512-7114 or yocomc@gao.gov
GAO Contact
                  In addition to the contact named above, key contributors to this report
Staff             were: Water Ochinko, Assistant Director; Leslie V. Gordon; Drew Long;
Acknowledgments   and Jasleen Modi.




                  Page 43                                    GAO-13-50 Medicaid Integrity Program
Related GAO Products
             Related GAO Products




             National Medicaid Audit Program: CMS Should Improve Reporting and
             Focus on Audit Collaboration with States. GAO-12-814T. (Washington,
             D.C.: June 14, 2012).

             National Medicaid Audit Program: CMS Should Improve Reporting and
             Focus on Audit Collaboration with States. GAO-12-627. (Washington,
             D.C.: June 14, 2012).

             Program Integrity: Further Action Needed to Address Vulnerabilities in
             Medicaid and Medicare Programs. GAO-12-803T. (Washington, D.C.:
             June 7, 2012).

             Medicaid: Federal Oversight of Payments and Program Integrity Needs
             Improvement. GAO-12-674T. Washington, D.C.: April 25, 2012.

             Medicaid Program Integrity: Expanded Federal Role Presents Challenges
             to and Opportunities for Assisting States. GAO-12-288T. Washington,
             D.C.: December 7, 2011.

             Fraud Detection Systems: Additional Actions Needed to Support Program
             Integrity Efforts at Centers for Medicare and Medicaid Services.
             GAO-11-822T. Washington, D.C.: July 12, 2011.

             Fraud Detection Systems: Centers for Medicare and Medicaid Services
             Needs to Ensure More Widespread Use. GAO-11-475. Washington, D.C.:
             June 30, 2011.

             Improper Payments: Recent Efforts to Address Improper Payments and
             Remaining Challenges. GAO-11-575T. Washington, D.C.: April 15, 2011.

             Status of Fiscal Year 2010 Federal Improper Payments Reporting.
             GAO-11-443R. Washington, D.C.: March 25, 2011.

             Medicare and Medicaid Fraud, Waste, and Abuse: Effective
             Implementation of Recent Laws and Agency Actions Could Help Reduce
             Improper Payments. GAO-11-409T. Washington, D.C.: March 9, 2011.

             Medicare: Program Remains at High Risk Because of Continuing
             Management Challenges. GAO-11-430T. Washington, D.C.: March 2,
             2011.




             Page 44                                    GAO-13-50 Medicaid Integrity Program
Related GAO Products




Opportunities to Reduce Potential Duplication in Government Programs,
Save Tax Dollars, and Enhance Revenue. GAO-11-318SP. Washington,
D.C.: March 1, 2011.

High-Risk Series: An Update. GAO-11-278. Washington, D.C.: February
2011.

Medicare Recovery Audit Contracting: Weaknesses Remain in
Addressing Vulnerabilities to Improper Payments, Although
Improvements Made to Contractor Oversight. GAO-10-143. Washington,
D.C.: March 31, 2010.

Medicaid: Fraud and Abuse Related to Controlled Substances Identified
in Selected States. GAO-09-1004T. Washington, D.C.: September 30,
2009.

Medicaid: Fraud and Abuse Related to Controlled Substances Identified
in Selected States. GAO-09-957. Washington, D.C.: September 9, 2009.

Improper Payments: Progress Made but Challenges Remain in
Estimating and Reducing Improper Payments. GAO-09-628T.
Washington, D.C.: April 22, 2009.

Medicaid: Thousands of Medicaid Providers Abuse the Federal Tax
System. GAO-08-239T. Washington, D.C.: November 14, 2007.

Medicaid: Thousands of Medicaid Providers Abuse the Federal Tax
System. GAO-08-17. Washington, D.C.: November 14, 2007.

Medicaid Financial Management: Steps Taken to Improve Federal
Oversight but Other Actions Needed to Sustain Efforts. GAO-06-705.
Washington, D.C.: June 22, 2006.

Medicaid Integrity: Implementation of New Program Provides
Opportunities for Federal Leadership to Combat Fraud, Waste, and
Abuse. GAO-06-578T. Washington, D.C.: March 28, 2006.

Medicaid Fraud and Abuse: CMS’s Commitment to Helping States
Safeguard Program Dollars Is Limited. GAO-05-855T. Washington, D.C.:
June 28, 2005.




Page 45                                  GAO-13-50 Medicaid Integrity Program
           Related GAO Products




           Major Management Challenges and Program Risks: Department of
           Health and Human Services. GAO-03-101. Washington, D.C.: January
           2003.




(290965)
           Page 46                                GAO-13-50 Medicaid Integrity Program
GAO’s Mission         The Government Accountability Office, the audit, evaluation, and
                      investigative arm of Congress, exists to support Congress in meeting its
                      constitutional responsibilities and to help improve the performance and
                      accountability of the federal government for the American people. GAO
                      examines the use of public funds; evaluates federal programs and
                      policies; and provides analyses, recommendations, and other assistance
                      to help Congress make informed oversight, policy, and funding decisions.
                      GAO’s commitment to good government is reflected in its core values of
                      accountability, integrity, and reliability.

                      The fastest and easiest way to obtain copies of GAO documents at no
Obtaining Copies of   cost is through GAO’s website (http://www.gao.gov). Each weekday
GAO Reports and       afternoon, GAO posts on its website newly released reports, testimony,
                      and correspondence. To have GAO e-mail you a list of newly posted
Testimony             products, go to http://www.gao.gov and select “E-mail Updates.”

Order by Phone        The price of each GAO publication reflects GAO’s actual cost of
                      production and distribution and depends on the number of pages in the
                      publication and whether the publication is printed in color or black and
                      white. Pricing and ordering information is posted on GAO’s website,
                      http://www.gao.gov/ordering.htm.
                      Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
                      TDD (202) 512-2537.
                      Orders may be paid for using American Express, Discover Card,
                      MasterCard, Visa, check, or money order. Call for additional information.
                      Connect with GAO on Facebook, Flickr, Twitter, and YouTube.
Connect with GAO      Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts.
                      Visit GAO on the web at www.gao.gov.
                      Contact:
To Report Fraud,
Waste, and Abuse in   Website: http://www.gao.gov/fraudnet/fraudnet.htm
                      E-mail: fraudnet@gao.gov
Federal Programs      Automated answering system: (800) 424-5454 or (202) 512-7470

                      Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-
Congressional         4400, U.S. Government Accountability Office, 441 G Street NW, Room
Relations             7125, Washington, DC 20548

                      Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
Public Affairs        U.S. Government Accountability Office, 441 G Street NW, Room 7149
                      Washington, DC 20548




                        Please Print on Recycled Paper.