This is the accessible text file for GAO report number GAO-12-627 entitled 'National Medicaid Audit Program: CMS Should Improve Reporting and Focus on Audit Collaboration with States' which was released on June 14, 2012. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to Congressional Requesters: June 2012: National Medicaid Audit Program: CMS Should Improve Reporting and Focus on Audit Collaboration with States: GAO-12-627: GAO Highlights: Highlights of GAO-12-627, a report to congressional requesters. Why GAO Did This Study: Medicaid, the joint federal-state health care financing program for certain low-income individuals, has the second-highest estimated improper payments of any federal program. The Deficit Reduction Act of 2005 expanded the federal role in Medicaid program integrity, and the Centers for Medicare & Medicaid Services (CMS), the federal agency that oversees Medicaid, established the MIG, which designed the NMAP. Since the NMAP’s inception, the MIG has used three different audit approaches: test, MSIS, and collaborative. This report focuses on (1) the effectiveness of the MIG’s implementation of NMAP, and (2) the MIG’s efforts to redesign the NMAP. To do this work, GAO analyzed MIG data, reviewed its contractors’ reports, and interviewed MIG officials, contractor representatives, and state program integrity officials. What GAO Found: What GAO Found Compared to the initial test audits and the more recent collaborative audits, the majority of the Medicaid Integrity Group’s (MIG) audits conducted under the National Medicaid Audit Program (NMAP) were less effective because they used Medicaid Statistical Information System (MSIS) data. MSIS is an extract of states’ claims data and is missing key elements, such as provider names, that are necessary for auditing. Since fiscal year 2008, 4 percent of the 1,550 MSIS audits identified $7.4 million in potential overpayments, 69 percent did not identify overpayments, and the remaining 27 percent were ongoing. In contrast, 26 test audits and 6 collaborative audits-—which used states’ more robust Medicaid Management Information System (MMIS) claims data and allowed states to select the audit targets-—together identified more than $12 million in potential overpayments. Furthermore, the median amount of the potential overpayment for MSIS audits was relatively small compared to test and collaborative audits. Figure: Number of Audits and Potential NMAP Overpayments and through February 2012: [Refer to PDF for image: 2 pie-charts] Number of audits performed: MSIS audits: 1,550 (92%); Collaborative audits: 112 (7%); Test audits: 27 (2%). Potential overpayment: MSIS audits: 59 of 1,550 (37%): $7.4 million; Collaborative audits: 6 of 112 (22%): $4.4 million; Test audits: 26 of 27 (41%): $8.1 million. Source: GAO analysis of CMS data. [End of figure] The MIG reported that it is redesigning the NMAP, but has not provided Congress with key details about the changes it is making to the program, including the rationale for the change to collaborative audits, new analytical roles for its contractors, and its plans for addressing problems with the MSIS audits. Early results showed that this collaborative approach may enhance state program integrity activities by allowing states to leverage the MIG’s resources to augment their own program integrity capacity. However, the lack of a published plan detailing how the MIG will monitor and evaluate NMAP raises concerns about the MIG’s ability to effectively manage the program. Given that NMAP has accounted for more than 40 percent of MIG expenditures, transparent communications and a strategy to monitor and continuously improve NMAP are essential components of any plan seeking to demonstrate the MIG’s effective stewardship of the resources provided by Congress. What GAO Recommends: GAO recommends that the CMS Administrator ensure that the MIG’s (1) update of its comprehensive plan provide key details about the NMAP, including its expenditures and audit outcomes, program improvements, and plans for effectively monitoring the program; (2) future annual reports to Congress clearly address the strengths and weaknesses of the audit program and its effectiveness; and (3) use of NMAP contractors supports and expands states’ own program integrity efforts through collaborative audits. HHS partially concurred with GAO’s first recommendation commenting that CMS’s annual report to Congress was a more appropriate vehicle for reporting NMAP results than its comprehensive plan. HHS concurred with the other two recommendations. View [hyperlink, http://www.gao.gov/products/GAO-12-627]. For more information, contact Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov. [End of section] Contents: Letter: Background: The Majority of the MIG's NMAP Audits Were MSIS Audits, Which Were Less Effective than Other Audit Approaches: MIG's Redesign of the NMAP Has Potential Advantages, but MIG Has Not Been Transparent about Key Details of the Program's Redesign: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Status of Medicaid Statistical Information System (MSIS) Audits: Appendix II: Information on Medicaid Statistical Information System Audits that Identified Potential Overpayments: Appendix III: Status of Collaborative Audits: Appendix IV: Comments from the Department of Health and Human Services: Appendix V: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: Comparison of Data Sources for NMAP Audits: Table 2: Status of MSIS Audits, by Fiscal Year of Assignment and Audit Stage Conducted through February 2012: Table 3: Number of Successful MSIS Audits, by State and Provider Type: Table 4: Amount of Potential Overpayments Identified by Successful MSIS Audits, by State and Provider Type: Table 5: Status of Collaborative Audits, by Fiscal Year of Assignment and Audit Stage: Table 6: Number of Successful Collaborative Audits, by State and Provider Type: Table 7: Amount of Potential Overpayments Identified by Successful Collaborative Audits, by State and Provider Type: Figures: Figure 1: Review Contractor Activities for MSIS Audits: Figure 2: Audit Contractor Activities for MSIS Audits: Figure 3: NMAP Contractor Expenditures and Audit Timeline, Fiscal Years 2007-2011: Figure 4: Number of Audits and Total Potential Overpayments Identified and Sent to States for Recoupment (in millions of dollars) by Audit Approach, through February 2012: Figure 5: Status of 1,550 Medicaid Statistical Information System (MSIS) Audits Conducted through February 2012: Abbreviations: CMS: Centers for Medicare & Medicaid Services: DRA: Deficit Reduction Act of 2005: HHS: Department of Health and Human Services: MIG: Medicaid Integrity Group: MMIS: Medicaid Management Information System: MSIS: Medicaid Statistical Information System: NMAP: National Medicaid Audit Program: OIG: Office of Inspector General: T-MSIS: Transformed MSIS: [End of section] United States Government Accountability Office: Washington, DC 20548: June 14, 2012: The Honorable Thomas R. Carper: Chairman: The Honorable Scott P. Brown: Ranking Member: Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Tom Coburn: Ranking Member: Permanent Subcommittee on Investigations: Committee on Homeland Security and Governmental Affairs: United States Senate: The Centers for Medicare & Medicaid Services (CMS) estimated that $21.9 billion (8 percent) of Medicaid's federal expenditures of $270 billion in fiscal year 2011 involved improper payments, the second highest amount reported by any federal program.[Footnote 1] Improper payments include those made for treatments or services that were not covered by program rules, that were not medically necessary, or that were billed for but never provided.[Footnote 2] Since 2001, we have reported numerous times on improper payments and our concerns about the adequacy of fiscal oversight in Medicaid.[Footnote 3] The challenges inherent in overseeing a program of Medicaid's size and diversity make the program vulnerable to improper payments. Because of the program's risk of improper payments, as well as insufficient federal and state oversight, Medicaid has been on our list of high- risk programs since January 2003.[Footnote 4] The Medicaid program consists of 56 distinct state-based programs that operate within broad federal guidelines.[Footnote 5] States are the first line of defense against Medicaid improper payments. Specifically, they must ensure the qualifications of the providers who bill the program, detect improper payments, recover overpayments, and refer suspected cases of fraud and abuse to law enforcement authorities. At the federal level, CMS is responsible for oversight of the Medicaid program. Until the Deficit Reduction Act of 2005 (DRA), Medicaid program integrity had been primarily a state responsibility. [Footnote 6] The DRA created the Medicaid Integrity Program to oversee and support state efforts and, among other actions, directed CMS to hire contractors to review and audit state Medicaid claims data, which CMS calls the National Medicaid Audit Program (NMAP). CMS established the Medicaid Integrity Group (MIG) to implement these DRA provisions. [Footnote 7] You asked us to examine CMS's oversight of and support for states' efforts to prevent and reduce improper payments in Medicaid. This report focuses on: (1) the effectiveness of the MIG's implementation of the NMAP and (2) the MIG's efforts to redesign the NMAP. We are reporting on the MIG's implementation and redesign of the NMAP because of its potential duplication of state activities and because it has accounted for over 40 percent of the approximately $75 million the MIG spends annually on Medicaid program integrity. A subsequent report will examine additional CMS activities that oversee and support state Medicaid program integrity. To address both of our reporting objectives, we analyzed NMAP data provided by the MIG and interviewed MIG officials. We assessed the reliability of these data and found them sufficiently reliable for our purposes. In addition, we reviewed annual lessons-learned reports submitted by the MIG's review and audit contractors and interviewed representatives of each type of contractor. We also interviewed program integrity officials in 11 states to obtain their perspectives on the NMAP and collected additional information from 8 states where the MIG has recently implemented changes to the NMAP. The 11 states were: Arizona, California, Connecticut, Florida, Kentucky, New York, Ohio, Pennsylvania, Texas, Washington, and Wisconsin. We selected these states because of their geographic diversity and because together they accounted for more than half of all Medicaid spending and beneficiaries. Separately, we contacted the 9 states where CMS had implemented changes to the NMAP to obtain their perspective on the redesign--Arkansas, California, Idaho, Maryland, Mississippi, New Jersey, Ohio, Texas, and Washington. California did not respond to our questions regarding the redesign. We reviewed relevant Department of Health and Human Services Office of the Inspector General (HHS-OIG) reports, and interviewed HHS-OIG officials involved in early assessments of the MIG's review and audit contractors. We conducted this audit work between July 2011 and June 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the performance audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis or our findings and conclusions based on our audit objectives. Background: The MIG has taken three different approaches since establishing the NMAP--test audits, Medicaid Statistical Information System (MSIS) audits, and collaborative audits.[Footnote 8] In each approach, contractors conducted post payment audits, that is, they reviewed medical documentation and other information related to Medicaid claims that had already been paid. The key differences among the three NMAP approaches were (1) the data sources used to identify audit targets, and (2) the roles assigned to states and contractors. In June 2007, the MIG hired a contractor to conduct test audits, and it implemented MSIS audits beginning in December 2007 by hiring separate review and audit contractors for each of five geographic areas of the country. Collaborative audits were introduced in January 2010. Test Audits: In June 2007, the MIG hired a contractor to conduct test audits in five states.[Footnote 9] Working with the MIG and the states, the contractor audited 27 providers. States provided the initial audit targets based on their own analysis of Medicaid Management Information System (MMIS) data. MMIS are mechanized claims processing and information retrieval systems maintained by individual states, and generally reflect real-time payments and adjustments of detailed claims for each health care service provided. In some cases, states provided samples of their claims data with which to perform the audits, and in other cases states provided a universe of paid claims that the MIG's contractor analyzed to derive the sample. Twenty-seven test audits were conducted on hospitals, physicians, dentists, home health agencies, medical transport vendors, and durable medical equipment providers. MSIS Audits: In December 2007, while test audits were still under way, the MIG began hiring review and audit contractors to implement MSIS audits. [Footnote 10] MSIS audits differed from the test audits in three ways. * First, MSIS audit targets were selected based on the analysis of Medicaid Statistical Information System (MSIS) data. MSIS is a national data set collected and maintained by CMS consisting of extracts from each state's MMIS, including eligibility files and paid claims files that were intended for health care research and evaluation activities but not necessarily for auditing. As a subset of states' more detailed MMIS data files, MSIS data do not include elements that can assist in audits, such as the explanations of benefit codes and the names of providers and beneficiaries. In addition, MSIS data are not as timely because of late state submissions and the time it takes CMS's contractor to review and validate the data.[Footnote 11] MIG officials told us that they chose MSIS data because the data were readily available for all states and the state-based MMIS data would require a significant amount of additional work to standardize across states. (See table 1 below.) * Second, MSIS audits were conducted over a wider geographic area; 44 states have had MSIS audits, compared with the small number of states selected for test audits. * Third, MSIS audits use two types of contractors--review contractors to conduct data analysis and help identify audit leads, and audit contractors to conduct the audits. In the test audits, the states provided the initial audit leads. Table 1: Comparison of Data Sources for NMAP Audits: Overview; Medicaid Management Information System (MMIS): MMIS is a Medicaid claims processing and information system used by states for management, oversight and reporting of their Medicaid program operations and costs. MMIS is more complete and is updated more often than MSIS; Medicaid Statistical Information System (MSIS): MSIS is a national eligibility and claims database used by CMS to analyze Medicaid program characteristics and utilization of services, and to generate reports on national Medicaid populations and expenditures. MSIS is a subset of MMIS and updates are sent to CMS on a quarterly basis. Maintained by; Medicaid Management Information System (MMIS): States; Medicaid Statistical Information System (MSIS): CMS. Geographic coverage; Medicaid Management Information System (MMIS): Individual states; Medicaid Statistical Information System (MSIS): All states. Use in National Medicaid Audit Program (NMAP); Medicaid Management Information System (MMIS): Test audits and collaborative audits; Medicaid Statistical Information System (MSIS): MSIS audits. Source: GAO. [End of table] Review contractors. The MIG's two review contractors analyze MSIS data to help identify potential audit targets in an analytic process known as data mining. The MIG issues monthly assignments to these contractors, and generally allows the contractors 60 days to complete them. For each assignment, the MIG specifies the state, type of Medicaid claims data, range of service dates, and algorithm (i.e., a specific set of logical rules or criteria used to analyze the data).[Footnote 12] The work of the review contractor is summarized in an algorithm findings report, which contains lists of providers ranked by the amount of their potential overpayment. The January through June 2010 algorithm reports reviewed by the HHS-OIG identified 113,378 unique providers from about 1 million claims.[Footnote 13] The MIG's Division of Fraud Research & Detection oversees the technical work of the review contractors. A summary of the review contractor activities for MSIS audits is shown in figure 1. Figure 1: Review Contractor Activities for MSIS Audits: [Refer to PDF for image: illustration] Assignment: * MIG makes monthly analytic assignments in collaboration with the review contractor. Analysis and validation: * Review contractor uses MSIS data to conduct the assignment[A]; * Review contractor sends a sample of results from the assignment to state for validation; * State determines whether the algorithms used match state policies and validates overpayments in the sample[B]. Completion: * Review contractor enters results into MIG data system and submits an algorithm findings report to the MIG[C]. * MIG reviews the algorithm findings report and may either accept or fail the report, or hold it for further analysis. Source: GAO. [A] MSIS data are in a data repository supplied by the MIG. [B] An algorithm is a specific set of logical rules or criteria used to analyze data. An algorithm may be used to check for conflicting or duplicate claims, such as identifying billed home health care for a time period when the beneficiary was in the hospital, or duplicate prescriptions filled at different pharmacies. [C] There may be cases where the contractor does not submit an algorithm findings report. [End of figure] Audit contractors. The MIG's audit contractors conduct postpayment audits of Medicaid providers. Audit leads are selected by the MIG's Division of Field Operations, generally by looking at providers across one or more applicable algorithms to determine if they have been overpaid or demonstrated egregious billing patterns. From the hiring of audit contractors in December 2007 through February 2012, the division assigned 1,550 MSIS audits to its contractors.[Footnote 14] During an audit, the contractor may request and review copies of provider records, interview providers and office personnel, or visit provider facilities. If an overpayment is identified, the contractor drafts an audit report, which is shared with the provider and the state. Ultimately, the state is responsible for collecting any overpayments in accordance with state law and must report this information to CMS. A summary of the audit contractor activities is shown in figure 2. Figure 2: Audit Contractor Activities for MSIS Audits: [Refer to PDF for image: illustration] Assignment: * MIG selects audit leads, and contacts states to ensure that audits do not duplicate state audits or interfere with ongoing investigations. Auditing: * Based on leads from review contractors, audit contractors notify the providers and request documentation; * Audit work involves reviewing provider records and interviewing providers and personnel. Reporting: * Audit contractor prepares draft audit report, which is sent to the provider and the state for review and comment[A]; * Based on provider and state comments, the contractor sends a final report to the MIG; * MIG examines the audit report and, when it is considered complete, the final audit report is sent to the state. Collection: * State pursues and collects overpayment. Source: GAO. Note: MSIS audit activities generally end after the final audit report is sent to the state, though the audit contractor may provide support to states during hearings and appeals. [A] If there are no findings or the overpayments are determined to be too low to merit collection, then the audit contractor submits a Low- No Findings report to the MIG. [End of figure] Collaborative Audits: In June 2011, CMS released its fiscal year 2010 report to Congress, which outlined a redesign of the NMAP with an approach that closely resembled the test audits. The report described the redesign as an effort to enhance the NMAP and assist states with their program integrity priorities. CMS refers to this new approach as collaborative audits. In these collaborative audits, MIG and its contractor primarily used MMIS data and leveraged state resources and expertise to identify audit targets.[Footnote 15] In contrast, MSIS audits used separate review contractors and MSIS data to generate lists of providers with potential overpayments, and the MIG selected the specific providers to be audited.[Footnote 16] NMAP Contractor Expenditures: From June 2007 through February 2012, payments to the contractors for test, MSIS, and collaborative audits totaled $102 million.[Footnote 17] On an annual basis, these contractor payments account for more than 40 percent of all of the MIG's expenditures on Medicaid program integrity activities. Contractor payments rose from $1.3 million in fiscal year 2007 and reached $33.7 million in fiscal year 2011. (See figure 3.) The total cost of the NMAP is likely greater than $102 million because that figure does not include expenditures on the salaries of MIG staff that support the operation of the program. Figure 3: NMAP Contractor Expenditures and Audit Timeline, Fiscal Years 2007-2011: [Refer to PDF for image: line graph] Fiscal year 2007: Test audits begin, June; Expenditures: $1.3 million. Fiscal Year 2008: MSIS audits begin, September; Expenditures: $3.8 million. Fiscal Year 2009: Expenditures: $19.9 million. Fiscal Year 2010: Collaborative audits begin, January; Expenditures: $30.6 million. Fiscal Year 2011: Test audits end, December; Expenditures: $33.7 million. Source: GAO analysis of CMS data. Notes: Data include expenditures on contractors for test audits, Medicaid Statistical Information System audits, and collaborative audits. They do not include salaries of Medicaid Integrity Group staff supporting NMAP audit activities. The NMAP contractor expenditures for the first 5 months of fiscal year 2012 totaled $12.3 million but are not included in the figure above. [End of figure] The Majority of the MIG's NMAP Audits Were MSIS Audits, Which Were Less Effective than Other Audit Approaches: The MSIS audits were less effective in identifying potential overpayments than test and collaborative audits. The main reason for the difference in audit results was the use of MSIS data. According to MIG officials, they chose MSIS data because the data were readily available for all states, they are collected and maintained by CMS, and are intended for health care research and evaluation activities. However, the MSIS audits were not well coordinated with states, and duplicated and diverted resources from states' program integrity activities. MSIS Audits Were Less Effective than Test and Collaborative Audits: Compared with test and collaborative audits, the return on MSIS audits was significantly lower. As of February 2012, a small fraction of the 1,550 MSIS audits identified $7.4 million in potential overpayments. In contrast, 26 test audits and 6 collaborative audits together identified $12.5 million in potential overpayments (see figure 4.) Appendix II provides details on the characteristics of MSIS audits that successfully identified overpayments. While the newer collaborative audits have not yet identified more in overpayments than MSIS audits, only 6 of the 112 collaborative audits have final audit reports (see appendix III), suggesting that the total overpayment amounts identified through collaborative audits will continue to grow. [Footnote 18] In addition, the MSIS audits identified potential overpayments for much smaller amounts. Half of the MSIS audits were for potential overpayments of $16,000 or less, compared to a median of about $140,000 for test audits and $600,000 for collaborative audits. Figure 4: Number of Audits and Total Potential Overpayments Identified and Sent to States for Recoupment (in millions of dollars) by Audit Approach, through February 2012: [Refer to PDF for image: 2 pie-charts] Number of audits performed: MSIS audits: 1,550 (92%); Collaborative audits: 112 (7%); Test audits: 27 (2%). Potential overpayment: MSIS audits: 59 of 1,550 (37%): $7.4 million; Collaborative audits: 6 of 112 (22%): $4.4 million; Test audits: 26 of 27 (41%): $8.1 million. Source: GAO analysis of CMS data. Notes: Test audits were conducted from 2007 through 2010. Medicaid Statistical Information System (MSIS) audits began in 2008 and are ongoing. Collaborative audits began in 2010 as part of the redesign of the NMAP and are also ongoing. Dollar amounts shown are potential overpayments in final audit reports sent to states for recovery. They do not reflect the amounts in draft audit reports or the amounts actually recovered by the states. Percentages may not total 100 because of rounding. [End of figure] Poor MSIS Audit Results Were Due Largely to the Use of Inadequate Data: The use of MSIS data was the principal reason for the poor MSIS audit results, that is, the low amount of potential overpayments identified and the high proportion of unproductive audits.[Footnote 19] Over two- thirds (69 percent) of the 1,550 MSIS audits assigned to contractors through February 2012 were unproductive, that is, they were discontinued (625), had low or no findings (415), or were put on hold (37).[Footnote 20] (See figure 5.) Our findings are consistent with an early assessment of the MIG's audit contractors, which cited MSIS data issues as the top reason that MSIS audits identified a lower amount of potential overpayments.[Footnote 21] Figure 5: Status of 1,550 Medicaid Statistical Information System (MSIS) Audits Conducted through February 2012: [Refer to PDF for image: pie-chart and subchart] Audit reports: 23%; Ongoing audits: 8%; Unproductive audits: 69%: * Discontinued: 58%; * Low or no overpayments: 39%; * On hold: 3%. Source: GAO analysis of CMS data. Note: Unproductive Medicaid Statistical Information System (MSIS) audits include those that were discontinued, had low or no overpayments, or were put on hold. Ongoing audits includes audits assigned and in the implementation phase. Audit reports include final audit reports (4 percent) and draft audit reports (19 percent). [End of figure] State program integrity officials, the HHS-OIG, and its audit contractors told the MIG that MSIS data would result in many false leads because the data do not contain critical audit elements, including provider identifiers; procedure, product, and service descriptions; billing information; and beneficiary and eligibility information.[Footnote 22] For example, the MIG assigned 81 MSIS audits in one state because providers appeared to be billing more than 24 hours of service in a single day. However, all of these audits were later discontinued because the underlying data were incomplete and thus misleading; the audited providers were actually large practices with multiple personnel, whose total billing in a single day legitimately exceeded 24 hours. One state official told us that when states met with the MIG staff during the roll out of the Medicaid Integrity Program, the state officials emphasized that (1) MSIS data could not be used for data mining or auditing because they were 'stagnant,' i.e., MSIS does not capture any adjustments that are subsequently made to a claim and (2) MMIS data were current and states would be willing to share their MMIS data with CMS. In their annual lessons-learned reports, the audit and review contractors told the MIG that the MSIS data were not timely or accurate, and recommended that the MIG help them obtain access to state MMIS data.[Footnote 23] Nevertheless, the MIG continued to assign MSIS-based audits to its contractors; 78 percent of MSIS audits (1,208) were assigned after the August 2009 HHS-OIG report. MIG officials told us that they chose MSIS data because the data were readily available for all states, they are collected and maintained by CMS, and are intended for health care research and evaluation activities. However, when considering the use of MSIS data, officials said that they were aware that the MSIS data had limitations for auditing and could produce many false leads. MIG officials also told us that collecting states' MMIS data would have been burdensome for states and would have resulted in additional work for the review contractors because they would need to do a significant amount of work to standardize the MMIS data to address discrepancies between the states' data sets. However, officials in 13 of the 16 states we contacted volunteered that they were willing to provide the MIG with MMIS data if asked to do so. In addition, the review contractors have had to do some work to standardize the state files within the MSIS maintained by CMS. MSIS Audits Were Not Well Coordinated with States and Diverted Resources from States' Program Integrity Activities: The MIG did not effectively coordinate MSIS audits with states and as a result, the MIG duplicated state program integrity activities. Officials from several states we interviewed noted that some of the algorithms used by the review contractor were identical to or less sophisticated than the algorithms they used to identify audit leads. An official in one state told us that even after informing the contractor that its work would be duplicative, the review contractor ran the algorithm anyway. Officials in another state told us that the MIG was unresponsive to state assertions that it had a unit dedicated to reviewing a specific category of claims and the MIG was still pursuing audits for this provider type. State officials also cited general coordination challenges, including difficulty communicating with contractors. MIG officials acknowledged that poor communications resulted in the pursuit of many false leads that had not been adequately vetted by the states. In addition, representatives of a review contractor we interviewed told us that states did not always respond to requests to validate overpayments in the algorithm samples provided and the MIG may not have been aware of the lack of a state response when making audit assignments. State officials we interviewed told us that the review contractors' lack of understanding of state policy also contributed to the identification of false leads, even though (1) the MIG required its contractors to become familiar with each state's Medicaid program, and (2) the MIG reviewed state policies as a quality assurance step prior to assigning leads to its audit contractors. Nonetheless, one state official described how the MIG and its review and audit contractors had mistakenly identified overpayments for federally qualified health centers because they assumed that centers should receive reduced payments for an established patient on subsequent visits. In fact, centers are paid on an encounter basis, which uses the same payment rate for the first and follow-up visits. Officials in seven of the states we spoke with described the resources involved in assisting the MIG and its contractors. For example, states told us that they had assigned staff to: (1) review the algorithms used by review contractors to generate potential audit leads; (2) review lists of audit leads created by the MIG; and (3) provide information and training on state-level policies to audit contractors. One state official described how it had clinical staff rerun algorithms using the state's data system to see if the audit targets chosen by the MIG had merit.[Footnote 24] In cases where the state staff found that the MIG was pursuing a false lead, the state had to provide the MIG and its contractors with detailed explanations of why the suspect claims complied with state policies. While the state officials we spoke with did not estimate the cost of their involvement in MSIS audits, officials in some states said that participation in MSIS audits diverted staff from their regular duties. MIG officials told us they were sensitive to state burden and had attempted to minimize it. MIG's Redesign of the NMAP Has Potential Advantages, but MIG Has Not Been Transparent about Key Details of the Program's Redesign: MIG's redesigned NMAP focuses on collaborative audits, which may enhance state Medicaid program integrity activities, and it also intends to continue using MSIS data in some audits. As part of its NMAP redesign, the MIG has assigned new activities to its review contractors, but it is too early to assess their benefit. CMS has not reported to Congress key details about the changes it is making to the NMAP, including the rationale for the redesign of the program, but it plans to discuss these changes in its upcoming 2012 strategic plan. Collaborative Audits Enhance States' Program Integrity Activities; MIG also Plans to Continue Using MSIS Data in Some Audits: As part of its redesign, the MIG launched collaborative audits with a small number of states in early 2010 to enhance the MIG's program and assist states with their own program integrity priorities. The MIG did not have a single approach for collaborative audits. For example, one state told us that the MIG's audit contractor suggested that together they discuss conducting a collaborative audit with the MIG while in another state a collaborative audit was initiated by the MIG, with the audit contractor's role limited to assistance during the audit (rather than leading it). Generally, collaborative audits allow states to augment their own program integrity audit capacity by leveraging MIG's and its contractors' resources. For example, officials from six of the eight states we interviewed told us the services targeted for collaborative audits were those that the state did not have sufficient resources to effectively audit on its own. In some cases, the MIG's contractor staff conducted additional audits. In others, contractors were used to assess the medical necessity of claims when the states' programs needed additional clinical expertise to make a determination. Officials from most of the states we interviewed agreed that the investment in collaborative audits was worthwhile but some told us that collaborative audits created some additional work for states. For example, two state programs reported that their staff was involved in training the MIG's contractor staff. In one of these states, state program staff dedicated a full week to train the MIG's audit contractor so that the contractor's work would be in accordance with state policies. Another state program official reported that staff had to review all audits and overpayment recovery work, leading to a "bottleneck" in the state's own program integrity activities. Officials in one state suggested that the collaborative audits could be improved if the MIG formalized a process for communicating and resolving disagreements related to audit reports, and minimized the changing of contractors in order to reduce the burden on states. Most states were in favor of expanding the number of collaborative audits. According to the MIG, the agency plans to expand its use of collaborative audits to as many states as are willing to participate. In fact, officials indicated that they are discussing collaborative audits with an additional 12 states. MIG officials noted that they do not foresee the collaborative audits completely replacing audits based on MSIS data. According to MIG officials, NMAP audits using MSIS data might be appropriate in certain situations, including audits of state-owned and operated facilities and states that are not willing to collaborate, as part of the MIG's oversight responsibilities. The MIG recognizes that MSIS-based audits are hampered by deficiencies in the data, and noted that CMS has initiatives under way to address these deficiencies through the Medicaid and CHIP Business Information and Solutions Council (MACBIS). MACBIS is an internal CMS governance body responsible for data planning, ongoing projects, and information product development. According to MIG officials, MACBIS projects include efforts to reduce the time from state submission of MSIS data to the availability of these data; automation of program data; improvements in encounter data reporting; and automation, standardization, and other improvements in MSIS data submissions. One MACBIS project is known as Transformed MSIS (T-MSIS), which aims to add 1,000 additional variables to MSIS for monitoring program integrity and include more regular MMIS updates. MIG officials told us that CMS is currently engaged in a 10-state pilot to develop the data set for T-MSIS, and anticipates that T-MSIS will be operational in 2014.[Footnote 25] Changes to the Role of Review Contractors Too Early to Assess: As part of its NMAP redesign, the MIG has assigned new activities to the review contractors. Because these activities are new, it is too early to assess their benefit. Although the review contractors were not involved in early collaborative audits, the MIG expects that they will be involved in future collaborative audits based on these new activities. In redesigning the NMAP, the MIG tasked its review contractors in November 2011 with using MSIS data to compare state expenditures for a specific service to the national average expenditure for that service to identify states with abnormally high expenditures. Once a state (or states) with high expenditures is identified, then discussions are held with the states about their knowledge of these aberrations and recovery activities related to the identified expenditures. According to MIG officials, such cross-state analyses were recently initiated and thus have not yet identified any potential audit targets. The review contractor also indicated that it would continue to explore other analytic approaches to identify causes of aberrant state expenditures. Additionally, as part of its redesign of the program's audits, the MIG instructed its review contractors in November 2011 to reexamine successful algorithms from previously issued final algorithm reports. According to the MIG, the purpose of this effort is to identify the factors that could better predict promising audit targets and thereby improve audit target selection in the future. Although some MSIS audits identified potential overpayments, the value of developing a process using MSIS data to improve audit target selection in the future is questionable.[Footnote 26] According to the MIG, MSIS audits are continuing but on a more limited scale and with closer collaboration between states and the MIG's contractors. CMS Has Not Reported Key Details of Its NMAP Redesign to Congress: In its 2010 annual report to Congress on the Medicaid Integrity Program, CMS announced that it was redesigning the NMAP in an effort to enhance MIG programs and assist states with their program integrity priorities, but it did not provide key details regarding the changes. For example, the report did not mention that the MSIS audits had a poor return on investment, the number of unproductive audits, or the reasons for the unproductive audits.[Footnote 27] Moreover, since issuing its 2010 annual report, CMS has assigned new tasks to its review contractors such as reexamining old final algorithm reports to improve provider target selection and new cross-state analyses using MSIS data. But CMS has not yet articulated for Congress how these activities complement the redesign or how such activities will be used to identify overpayments. The MIG is preparing a new strategic plan--its Comprehensive Medicaid Integrity Plan covering Fiscal Years 2013 through 2017--which it plans to submit to Congress in the summer of 2012. According to MIG officials, the new strategic plan will generally describe shortcomings in the NMAP's original design and how the redesign will address those shortcomings. However, MIG officials told us that they do not plan to discuss the effectiveness of the use of funds for MSIS audits, or explain how the MIG will monitor and evaluate the redesign. In its fiscal year 2013 HHS budget justification for CMS, the department indicated that in the future CMS would not report separately on the NMAP return on investment. HHS explained that it had become apparent that the ability to identify overpayments is not, and should not be, limited to the activities of the Medicaid integrity contractors. Rather, HHS said it is considering new measures that better reflect the resources invested through the Medicaid Integrity Program. Federal internal control standards provide that effective program plans are to clearly define needs, tie activities to organizational objectives and goals, and include a framework for evaluation and monitoring. Based on these standards, the poor performance of the MSIS audits should have triggered an evaluation of the program, particularly given the DRA requirement for CMS to report annually to Congress on the effectiveness of the use of funds appropriated for the Medicaid Integrity Program. Conclusions: In approximately 5 years of implementation, the MIG has spent at least $102 million on contractors for an audit program that has identified less than $20 million in potential overpayments. Moreover, almost two- thirds of these potential overpayments were identified in a small number of test and collaborative audits that used different data and took a different approach to identifying audit targets than the MSIS audits, which comprised the vast majority of the program's audits. The poor performance of the MSIS audits can largely be traced to the MIG's decision to use MSIS data to generate audit leads, although evidence showed that (1) these data were inappropriate for auditing, and (2) alternative data sources were both available and effective in identifying potential overpayments. Ineffective coordination with states and a limited understanding of state Medicaid policies on the part of the MIG's contractors also contributed to the poor results of the MSIS audits. Although the MIG recognizes that the MSIS audits have performed far below expectations, it has not quantified how expenditures to date have compared with identified recoveries. Currently, the MIG is experimenting with a promising approach in which the states identify appropriate targets, provide the more complete MMIS data, and actively participate in the audits. This collaborative audit approach has identified $4.4 million in potential overpayments and is largely supported by the states we spoke with, even though they may have to invest their own resources in these audits. However, the MIG has not articulated how its redesign will address flaws in NMAP and it also plans to continue using MSIS data, despite their past experience with these data, for cross-state analysis and for states that are not willing to participate in collaborative audits. At this time, the MIG is preparing a new comprehensive plan for Congress that outlines the components of the NMAP redesign. The details provided in such a plan will be critical to evaluating the effectiveness of the redesign and the agency's long-term plan to improve the data necessary to conduct successful audits. Transparent communications and a well-articulated strategy to monitor and continuously improve NMAP are essential components of any plan seeking to demonstrate that the MIG can effectively manage the program. Recommendations for Executive Action: To effectively redirect the NMAP toward more productive outcomes and to improve reporting under the DRA, the CMS Administrator should ensure that the MIG's: * planned update of its comprehensive plan (1) quantifies the NMAP's expenditures and audit outcomes; (2) addresses any program improvements; and (3) outlines plans for effectively monitoring the NMAP program, including how to validate and use any lessons learned or feedback from the states to continuously improve the audits; * future annual reports to Congress clearly address the strengths and weaknesses of the audit program and its effectiveness; and: * use of NMAP contractors supports and expands states' own program integrity audits, engages additional states that are willing to participate in collaborative audits, and explicitly considers state burden when conducting audit activities. Agency Comments and Our Evaluation: We provided a draft of this report to HHS for comment. In its written comments, HHS stated that we had not appropriately recognized the progress CMS has made in evaluating and improving the Medicaid Integrity Program, which included the agency's redesign of NMAP. Collaborative audits were the core of that redesign. HHS described CMS's redesign approach as a phased one in which not all elements had been finalized when the agency announced the redesign in its June 2011 annual report to Congress (covering fiscal year 2010). HHS also commented that we did not fully describe the reasons for CMS's use of MSIS data. HHS partially concurred with our first recommendation and fully concurred with the other two recommendations. HHS's comments are reproduced in appendix IV. General Comments: Although we characterized collaborative audits as a promising new approach, HHS commented that we (1) did not acknowledge that CMS had presented its rationale for the NMAP redesign in the agency's June 2011 annual report to the Congress, and (2) inappropriately criticized CMS for not including other redesign details in its report, which HHS said had not yet been finalized. We continue to believe that a full articulation of the redesign should include transparent reporting of the results of the MSIS audits. However, we agree that the June 2011 report, which was released 18 months after the initiation of collaborative audits, described their advantages--use of better data, augmenting state resources, and providing analytic support for states lacking that capability. Regarding the use of MSIS data, HHS stated that we do not fully describe CMS's reason for its use or acknowledge that CMS sought alternative data sources to supplement or replace MSIS data. We disagree because our report provides CMS's reasons for using MSIS data, acknowledges CMS's awareness of the MSIS data limitations, and discusses its Transformed MSIS project to improve the quality of MSIS data. In addition, we pointed out that officials in 13 of the 16 states we contacted volunteered that they were willing to provide CMS with their own more complete and timely MMIS data. We agree with HHS's comment that not all of CMS's plans for the redesign may have been complete at the time the June 2011 annual report to Congress was being finalized and therefore could not have been included in that report. We have revised this report to acknowledge that some of the elements of the redesign may not have been initiated until after the June 2011 report was finalized. Comments on Our Recommendations: HHS agreed with two of three elements related to our first recommendation regarding CMS's planned update of its Comprehensive Medicaid Integrity Plan covering fiscal years 2013 to 2017. HHS agreed that the planned update should (1) address any NMAP improvements proposed by CMS, and (2) outline CMS's plans for effectively monitoring the NMAP. HHS commented that CMS considers transparency of the program's performance to be a top priority. However, HHS did not concur that the update should quantify NMAP's expenditures and audit outcomes; CMS considers such information to be more appropriately presented in the annual reports to Congress, which already includes dollar figures on annual expenditures for NMAP and overpayments identified in each fiscal year. CMS's annual reports to Congress have provided a snapshot of results that did not differentiate between the effectiveness of the various audit approaches used. For example, in its annual report covering fiscal year 2010, CMS reported that 947 audits were underway in 45 states and that its contractors had identified cumulative potential overpayments of about $10.7 million. Based on our analysis of CMS's data, MSIS audits had only identified overpayments of $2.4 million as of September 30, 2010. The remaining $8.4 million in overpayments were identified during the test audit phase, in which states identified the audit targets and supplied their own MMIS data. We continue to believe that CMS should more fully report on NMAP expenditures and audit outcomes in its annual reports and provide an overall assessment of NMAP in its next comprehensive plan. HHS concurred with our recommendation that CMS should clearly address NMAPs strengths, weaknesses, and effectiveness in the agency's annual reports to Congress. HHS noted that in CMS's December 7, 2011 congressional testimony the agency had reported its awareness of the limitations of MSIS data and outlined steps to improve contractors' access to better quality Medicaid data. HHS also concurred with our recommendation that CMS's use of NMAP contractors should support and expand states' own audit activities, engage other willing states, and explicitly consider state burden when conducting collaborative audits. HHS reported that since February 2012 CMS had increased the number of collaborative audits by 25--from 112 audits in 11 states to 137 in 15 states. Based on HHS comments, we made technical changes as appropriate. As agreed with your office, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the Secretary of Health and Human Services, the Acting Administrator of CMS, appropriate congressional committees, and other interested parties. In addition, the report will be available at no charge on the GAO website at [hyperlink, http://www.gao.gov]. If you or your staffs have any questions about this report, please contact me at (202) 512-7114 or yocomc@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Major contributions to this report are listed in appendix V. Signed by: Carolyn L. Yocom: Director, Health Care: [End of section] Appendix I: Status of Medicaid Statistical Information System (MSIS) Audits: Table 2: Status of MSIS Audits, by Fiscal Year of Assignment and Audit Stage Conducted through February 2012: Audit stage: Audit reports: Final; 2008: 9; 2009: 38; 2010: 12; 2011: 0; Total (percent): 59 (4%). Audit stage: Audit reports: Draft; 2008: 1; 2009: 111; 2010: 174; 2011: 10; Total (percent): 296 (19%). Audit stage: Audit reports: Total; 2008: 10; 2009: 149; 2010: 186; 2011: 10; Total (percent): 355 (23%). Audit stage: Audits ongoing; 2008: 0; 2009: 6; 2010: 67; 2011: 45; Total (percent): 118 (8%). Audit stage: Unproductive; 2008: 10; 2009: 379; 2010: 542; 2011: 146; Total (percent): 1,077 (69%). Audit stage: Total; 2008: 20; 2009: 534; 2010: 795; 2011: 201; Total (percent): 1,550 (100%). Source: GAO analysis of CMS data. Note: MSIS ongoing audits include those assigned and in the implementation phase. Unproductive Medicaid Statistical Information System (MSIS) audits include those that were discontinued, had low or no overpayments, or were put on hold. [End of table] [End of section] Appendix II: Information on Medicaid Statistical Information System Audits that Identified Potential Overpayments: The 59 MSIS audits that successfully identified potential overpayments were conducted in 16 states, and most of these audits involved hospitals (30 providers) and pharmacies (17 providers). These provider types also had the highest potential overpayments--over $6 million for hospitals and $600,000 for pharmacies. Arkansas and Florida accounted for over half of the audits that identified potential overpayments, but the most substantial overpayments were in Delaware ($4.6 million) and the District of Columbia ($1.7 million). (See tables 3 and 4.) Table 3: Number of Successful MSIS Audits, by State and Provider Type: State: Arkansas; Home health: 0; Hospital: 1; Pharmacy: 13; Long-term care: 0; Other: 0; Total: 14. State: Colorado; Home health: 0; Hospital: 0; Pharmacy: 0; Long-term care: 0; Other: 1; Total: 1. State: Delaware; Home health: 0; Hospital: 5; Pharmacy: 1; Long-term care: 0; Other: 0; Total: 6. State: District of Columbia; Home health: 0; Hospital: 2; Pharmacy: 0; Long-term care: 2; Other: 0; Total: 4. State: Florida; Home health: 3; Hospital: 12; Pharmacy: 1; Long-term care: 1; Other: 0; Total: 17. State: Iowa; Home health: 0; Hospital: 0; Pharmacy: 0; Long-term care: 0; Other: 1; Total: 1. State: Kansas; Home health: 0; Hospital: 1; Pharmacy: 0; Long-term care: 0; Other: 0; Total: 1. State: Kentucky; Home health: 0; Hospital: 0; Pharmacy: 0; Long-term care: 0; Other: 1; Total: 1. State: Mississippi; Home health: 0; Hospital: 0; Pharmacy: 0; Long-term care: 0; Other: 1; Total: 1. State: New Mexico; Home health: 0; Hospital: 1; Pharmacy: 0; Long-term care: 0; Other: 0; Total: 1. State: Pennsylvania; Home health: 0; Hospital: 0; Pharmacy: 0; Long-term care: 1; Other: 0; Total: 1. State: South Carolina; Home health: 0; Hospital: 5; Pharmacy: 0; Long-term care: 0; Other: 0; Total: 5. State: South Dakota; Home health: 0; Hospital: 1; Pharmacy: 0; Long-term care: 0; Other: 0; Total: 1. State: Texas; Home health: 0; Hospital: 1; Pharmacy: 0; Long-term care: 1; Other: 0; Total: 2. State: Utah; Home health: 0; Hospital: 0; Pharmacy: 1; Long-term care: 0; Other: 0; Total: 1. State: Virginia; Home health: 0; Hospital: 1; Pharmacy: 1; Long-term care: 0; Other: 0; Total: 2. State: Total; Home health: 3; Hospital: 30; Pharmacy: 17; Long-term care: 5; Other: 4; Total: 59. Source: GAO analysis of CMS data. Note: Data presented are through February 2012. 'Other' includes single MSIS audits in the following categories: other, behavioral health, managed care organization, and physician. [End of table] Table 4: Amount of Potential Overpayments Identified by Successful MSIS Audits, by State and Provider Type: State: Arkansas; Home health: [Empty]; Hospital: $11,305; Pharmacy: $252,910; Long-term care: [Empty]; Other: [Empty]; Total: $264,215. State: Colorado; Home health: [Empty]; Hospital: [Empty]; Pharmacy: [Empty]; Long-term care: [Empty]; Other: $2,376; Total: $2,376. State: Delaware; Home health: [Empty]; Hospital: $4,276,898; Pharmacy: $338,106; Long-term care: [Empty]; Other: [Empty]; Total: $4,615,004. State: District of Columbia; Home health: [Empty]; Hospital: $1,558,753; Pharmacy: [Empty]; Long-term care: $152,767; Other: [Empty]; Total: $1,711,520. State: Florida; Home health: $51,008; Hospital: $220,974; Pharmacy: $32,725; Long-term care: $22,619; Other: [Empty]; Total: $327,326. State: Iowa; Home health: [Empty]; Hospital: [Empty]; Pharmacy: [Empty]; Long-term care: [Empty]; Other: $31,875; Total: $31,875. State: Kansas; Home health: [Empty]; Hospital: $25,165; Pharmacy: [Empty]; Long-term care: [Empty]; Other: [Empty]; Total: $25,165. State: Kentucky; Home health: [Empty]; Hospital: [Empty]; Pharmacy: [Empty]; Long-term care: [Empty]; Other: $9,445; Total: $9,445. State: Mississippi; Home health: [Empty]; Hospital: [Empty]; Pharmacy: [Empty]; Long-term care: [Empty]; Other: $2,390; Total: $2,390. State: New Mexico; Home health: [Empty]; Hospital: $14,821; Pharmacy: [Empty]; Long-term care: [Empty]; Other: [Empty]; Total: $14,821. State: Pennsylvania; Home health: [Empty]; Hospital: [Empty]; Pharmacy: [Empty]; Long-term care: $4,856; Other: [Empty]; Total: $4,856. State: South Carolina; Home health: [Empty]; Hospital: $92,535; Pharmacy: [Empty]; Long-term care: [Empty]; Other: [Empty]; Total: $92,535. State: South Dakota; Home health: [Empty]; Hospital: $90,465; Pharmacy: [Empty]; Long-term care: [Empty]; Other: [Empty]; Total: $90,465. State: Texas; Home health: [Empty]; Hospital: $6,843; Pharmacy: [Empty]; Long-term care: 108,940; Other: [Empty]; Total: $115,783. State: Utah; Home health: [Empty]; Hospital: [Empty]; Pharmacy: $27,521; Long-term care: [Empty]; Other: [Empty]; Total: $27,521. State: Virginia; Home health: [Empty]; Hospital: $36,808; Pharmacy: $3,197; Long-term care: [Empty]; Other: [Empty]; Total: $40,005. Total; Home health: $51,008; Hospital: $6,334,568; Pharmacy: $654,459; Long-term care: $289,182; Other: $46,086; Total: $7,375,303. Source: GAO analysis of CMS data. Note: Data presented are through February 2012. 'Other' includes single Medicaid Statistical Information System (MSIS) audits in the following categories: other, behavioral health, managed care organization, and physician. [End of table] [End of section] Appendix III: Status of Collaborative Audits: Table 5: Status of Collaborative Audits, by Fiscal Year of Assignment and Audit Stage: Audit stage: Audit reports: Draft; 2010: 14; 2011: 4; 2012: 0; Total (percent): 18 (16%). Audit stage: Audit reports: Final; 2010: 6; 2011: 0; 2012: 0; Total (percent): 6 (5%). Audit stage: Audit reports: Total; 2010: 20; 2011: 4; 2012: 0; Total (percent): 24 (21%). Audit stage: Audits ongoing; 2010: 24; 2011: 20; 2012: 41; Total (percent): 85 (76%). Audit stage: Unproductive; 2010: 3; 2011: 0; 2012: 0; Total (percent): 3 (3%). Audit stage: Total; 2010: 47; 2011: 24; 2012: 41; Total (percent): 112 (100%). Source: GAO analysis of CMS data. Note: Data presented are through February 2012. Ongoing collaborative audits include those assigned and in the implementation phase. Unproductive collaborative audits include those that were discontinued, had low or no overpayments, or were put on hold. [End of table] Table 6: Number of Successful Collaborative Audits, by State and Provider Type: Arkansas; Hospice: 0; Hospital: 0; Long-term care: 1; Total: 1. California; Hospice: 0; Hospital: 1; Long-term care: 1; Total: 2. Maryland; Hospice: 3; Hospital: 0; Long-term care: 0; Total: 3. Total; Hospice: 3; Hospital: 1; Long-term care: 2; Total: 6. Source: GAO analysis of CMS data. Note: Data presented are through February 2012. [End of table] Table 7: Amount of Potential Overpayments Identified by Successful Collaborative Audits, by State and Provider Type: Arkansas; Hospice: [Empty]; Hospital: [Empty]; Long-term care: $225,751; Total: $225,751. California; Hospice: [Empty]; Hospital: $1,136,711; Long-term care: $59,923; Total: $1,196,634. Maryland; Hospice: $2,944,875; Hospital: [Empty]; Long-term care: [Empty]; Total: $2,944,875. Total; Hospice: $2,944,875; Hospital: $1,136,711; Long-term care: $285,674; Total: $4,367,260. Source: GAO analysis of CMS data. Note: Data presented are through February 2012. [End of table] [End of section] Appendix IV: Comments from the Department of Health and Human Services: Department of Health & Human Services: Office of The Secretary: Assistant Secretary for Legislation: Washington, DC 20201: June 5, 2012: Carolyn Yocom: Director, Health Care: U.S. Government Accountability Office: 441 G Street NW: Washington, DC 20548: Dear Ms. Yocom: Attached are comments on the U.S. Government Accountability Office's (GAO) report entitled: "National Medicaid Audit Program: CMS Should Improve Reporting and Focus on Audit Collaboration with States" (GAO- 12-627). The Department appreciates the opportunity to review this draft section of the report prior to publication. Sincerely, Signed by: Jim R. Esquea: Assistant Secretary for Legislation: Attachment: [End of letter] General Comments Of The Department Of Health And Human Services (HHS) On The Government Accountability Office's (GAO) Draft Report Entitled, "National Medicaid Audit Program: CMS Should Improve Reporting And Focus On Audit Collaboration With States" (GAO-12-627): The Department appreciates the opportunity to comment on this draft report. With respect to the issues addressed by GAO, IIHS does not think the GAO report appropriately recognizes the progress CMS has made in its own evaluation and improvement efforts in the Medicaid Integrity Program. Beginning in early 2010, CMS, based on internal analyses, environmental assessments, parallel discussions with stakeholders, as well as reviews of Medicaid Integrity Contractors' (MIC) performance, determined that the initial model of the Medicaid Integrity Program required fundamental changes in how it conducts its work. CMS is addressing this need for change and opportunities for program improvements in the upcoming Comprehensive Medicaid Integrity Plan (CMIP) for fiscal year (FY) 2013 — FY 2017. The redesign plan for Medicaid program integrity will recognize the increasing penetration of Medicaid managed care, anticipated growth in enrollment in the Medicaid program, the influence of new state Medicaid recovery audit contractors, as well as the need to eliminate redundant and inefficient practices. The 2010 Annual Report to Congress on the Medicaid Integrity Program contained a section entitled "Redesign of the National Audit Program" that described how CMS was approaching improvements to Medicaid program integrity. An integral change in that redesign was the new focus on collaborative auditing projects with the states, which moved away from traditional stand-alone federal audits that relied on state- reported data from the Medicaid Statistical Information System (MSIS). CMS is implementing the program redesign as a phased approach that involves piloting new concepts and sharing best practices with states, as well as total or supplementary use of direct state data for Medicaid Integrity Program audits. Meanwhile, CMS is working vigorously to reconfigure how to best review and audit Medicaid providers through its contractors. This reconfiguration includes expanding that review to include improving oversight of managed care entities, improving identification of audit targets like high-risk providers serving both Medicare and Medicaid beneficiaries, overhauling CMS' contractor structure, and enhancing support to states in their recovery of overpayments. HHS would like to provide the following general comments on issues that are germane to certain conclusions in the draft report before responding to the report's recommendations. General Comments: GAO's draft report cites certain information regarding the "Annual Report to Congress on the Medicaid Integrity Program for Fiscal Year 2010," which leads GAO to conclude that development of the National Medicaid Audit Program (NMAP) redesign has not been as transparent as GAO would prefer. It is important to note that key aspects of the redesign efforts were in the early stages of development when the report to Congress was issued in June 2011, and it would have been premature to include additional detail on potential program changes that were not final. The following examples indicate where CMS believes corrections are necessary to accurately reflect the information pertaining to the FY 2010 report to Congress. * In the executive summary, GAO states that the rationale for the redesign of the audit program was not included in the FY 2010 report to Congress. However, in the section entitled "Redesign of the National Audit Program" in the FY 2010 report to Congress, CMS specifically indicates the purpose, nature, and advantages of the collaborative projects that are the core initiative of the redesign. These statements present the rationale for the redesign that had been developed at that time. * GAO cites several activities that it believes CMS should have included in the FY 2010 report to Congress; however, CMS had not initiated these activities until after the report to Congress was issued in June 2011. Specifically, GAO states that CMS did not include an explanation of the following: 1) new analytical roles for contractors, 2) the value of examining algorithm findings reports for the then-current calendar year, and 3) review contractors' cross-state analyses. The actions were not initiated until after the report was finalized. We would appreciate if GAO would revise its conclusions regarding the report to Congress to reflect the status of the redesign that was known at the time that the FY 2010 report to Congress was being finalized, as noted above. The March 2011 meeting with contractors was a turning point in initiating the NMAP redesign; therefore, plans for the NMAP redesign were not complete when the FY 2010 report to Congress was being finalized. Lastly, HHS believes that the draft report does not fully describe the reason that the MSIS data set was used in the beginning of the audit program. GAO states that CMS officials said that MSIS was chosen because "the data were readily available for all states, they are collected and maintained by CMS, and are intended for health care research and evaluation activities." These statements were offered to provide background information on MSIS. CMS used MSIS data because MSIS is the most valuable source of nationwide Medicaid claims and beneficiary eligibility information. Moreover, one of the uses for MSIS data is for program utilization and analysis; however, CMS utilized MSIS data and documented its limitations, it sought alternative data sources to supplement or replace the MSIS data. These efforts to improve Medicaid data for program integrity are documented in the CMIP for FY 2009 — FY 2013, in which CMS stated, "In FY 2008, the Medicaid Integrity Group (MIG) identified data elements from states' Medicaid Management Information System (MMIS) to supplement MSIS data for program integrity use..." The GAO report should be revised to more accurately reflect statements made by CMS regarding the use of MSIS data for the NMAP. GAO Recommendation: The CMS Administrator should ensure that the MIG's planned update of its comprehensive plan: 1) quantifies the NMAP's expenditures and recoveries; 2) addresses any program improvements; and 3) outlines plans for effectively monitoring the NMAP program, including how to validate and use any lessons learned or feedback from the states to continuously improve the audits. HHS Response: HHS concurs in part with this recommendation. Section 1936(d) of the Social Security Act (the Act) requires that a comprehensive plan for the Medicaid Integrity Program be established every 5 years. The CMIP for FY 2013 — FY 2017, currently in preparation for publication later this year, explicitly addresses program improvements and outlines plans to effectively monitor the activities of contractors engaged to carry out the activities mandated under the Act. CMS will incorporate lessons learned and feedback from states and other stakeholders into its plan to enhance the effectiveness of all aspects of the Medicaid Integrity Program. However, HHS does not concur with the first part of this recommendation that the comprehensive plan should quantify the NMAP's expenditures and recoveries. CMS considers the reporting of expenditures and audit outcomes to he more appropriately presented in the annual report to Congress, rather than in the comprehensive plan due on a 5-year cycle. In fact, the Medicaid Integrity Program's annual report to Congress already provides both expenditures and identified overpayments pertaining to the activities of the MTCs during each federal fiscal year (FFY). Additionally, although sections 1936(a) and (b)(3) of the Act require CMS to contract with eligible entities to identify overpayments to providers, the recovery of overpayments is outside the scope of the contract with these entities. Ultimately, CMS considers transparency of the Medicaid Integrity Program's performance to be a top priority and will continue to report annually on both expenditures and identified overpayments pertaining to the activities of the MICs. GAO Recommendation: The CMS Administrator should ensure that the MIG's future annual reports to Congress clearly address the strengths and weaknesses of the audit program and its effectiveness. HHS Response: HHS concurs with this recommendation, and CMS has already begun reporting the strengths, weaknesses, and effectiveness of the audit program. CMS has reported to Congress the dollar figures on annual expenditures for MICs and overpayments identified by MICs during each FFY. The strengths of the audit program and the results of the test audits and collaborative projects are noted in GAO's report and were described in the FY 2010 report to Congress. GAO identifies the major weakness of the audit program as low audit outcomes for audits based on data from the MSIS, and attributes the cause of the low return on these audits to the decision to use MSIS data. Beyond the opportunity to report such information in the annual report to Congress, we have previously reported to Congress on the weaknesses of MSIS data for NMAP audits. In testimony before Congress on December 7, 2011, CMS reported its awareness of the limitations of the MSIS data, listed a number of its deficiencies, and outlined steps CMS has taken to improve contractors' access to better quality Medicaid data. GAO Recommendation: The CMS Administrator should ensure that the MIG's use of NMAP contractors supports and expands states' own program integrity audits, engages additional states that arc willing to participate in collaborative audits, and explicitly considers state burden when conducting audit activities. HHS Response: HHS concurs with this recommendation, which provides an overview of the redesign initiatives that CMS has well underway for the NMAP. CMS began this work in calendar year 2012. CMS assigned the earliest collaborative audits in January 2010 and introduced the redesign of the audit program in the FY 2010 report to Congress as an initiative to focus audit contractors' efforts more closely on the successful strategy of collaborative projects with states, based on states' Medicaid claims data. As the GAO draft report attests, collaborative audits allow states to augment their own program integrity audit capacity by leveraging the resources of CMS and its contractors. CMS is expanding the collaborative audit approach rapidly, actively soliciting and engaging additional states as they are willing to invest in joint efforts. CMS has added 25 collaborative audits in 4 additional states since the GAO's count of 112 collaborative audits assigned in 11 states through February 2012, bringing the current total to 137 collaborative audits in 15 states. These 15 states represent approximately 53 percent of all Medicaid expenditures in FFY 2011, and CMS is in discussions with 15 additional states. CMS is keenly sensitive to the burden on state Medicaid programs. The collaborative audit approach reduces the burden on states by providing states with the opportunity to propose audit targets and weigh the costs and benefits of participation. We are encouraged by the finding that most states interviewed by GAO consider the state resources devoted to collaborative audits to be a worthwhile investment. HHS appreciates GAO's efforts to provide an assessment of the NMAP and the developing redesign. We look forward to working with GAO on this and other issues in the future. [End of section] Appendix V: GAO Contact and Staff Acknowledgments: GAO Contact: Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov. Staff Acknowledgments: In addition to the contact named above, key contributors to this report were: Water Ochinko, Assistant Director; Sean DeBlieck; Leslie V. Gordon; Drew Long; and Jasleen Modi. [End of section] Related GAO Products: National Medicaid Audit Program: CMS Should Improve Reporting and Focus on Audit Collaboration with States. [hyperlink, http://www.gao.gov/products/GAO-12-814T]. Washington, D.C.: June 14, 2012. Program Integrity: Further Action Needed to Address Vulnerabilities in Medicaid and Medicare Programs. [hyperlink, http://www.gao.gov/products/GAO-12-803T]. Washington, D.C.: June 7, 2012. Medicaid: Federal Oversight of Payments and Program Integrity Needs Improvement. [hyperlink, http://www.gao.gov/products/GAO-12-674T]. Washington, D.C.: April 25, 2012. Medicaid Program Integrity: Expanded Federal Role Presents Challenges to and Opportunities for Assisting States. [hyperlink, http://www.gao.gov/products/GAO-12-288T]. Washington, D.C.: December 7, 2011. Fraud Detection Systems: Additional Actions Needed to Support Program Integrity Efforts at Centers for Medicare and Medicaid Services. [hyperlink, http://www.gao.gov/products/GAO-11-822T]. Washington, D.C.: July 12, 2011. Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use. [hyperlink, http://www.gao.gov/products/GAO-11-475]. Washington, D.C.: June 30, 2011. Improper Payments: Recent Efforts to Address Improper Payments and Remaining Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-575T]. Washington, D.C.: April 15, 2011. Status of Fiscal Year 2010 Federal Improper Payments Reporting. [hyperlink, http://www.gao.gov/products/GAO-11-443R]. Washington, D.C.: March 25, 2011. Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-11-409T]. Washington, D.C.: March 9, 2011. Medicare: Program Remains at High Risk Because of Continuing Management Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-430T]. Washington, D.C.: March 2, 2011. Opportunities to Reduce Potential Duplication in Government Programs, Save Tax Dollars, and Enhance Revenue. [hyperlink, http://www.gao.gov/products/GAO-11-318SP]. Washington, D.C.: March 1, 2011. High-Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-11-278]. Washington, D.C.: February 2011. Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight. [hyperlink, http://www.gao.gov/products/GAO-10-143]. Washington, D.C.: March 31, 2010. Medicaid: Fraud and Abuse Related to Controlled Substances Identified in Selected States. [hyperlink, http://www.gao.gov/products/GAO-09-1004T]. Washington, D.C.: September 30, 2009. Medicaid: Fraud and Abuse Related to Controlled Substances Identified in Selected States. [hyperlink, http://www.gao.gov/products/GAO-09-957]. Washington, D.C.: September 9, 2009. Improper Payments: Progress Made but Challenges Remain in Estimating and Reducing Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-09-628T]. Washington, D.C.: April 22, 2009. Medicaid: Thousands of Medicaid Providers Abuse the Federal Tax System. [hyperlink, http://www.gao.gov/products/GAO-08-239T]. Washington, D.C.: November 14, 2007. Medicaid: Thousands of Medicaid Providers Abuse the Federal Tax System. [hyperlink, http://www.gao.gov/products/GAO-08-17]. Washington, D.C.: November 14, 2007. Medicaid Financial Management: Steps Taken to Improve Federal Oversight but Other Actions Needed to Sustain Efforts. [hyperlink, http://www.gao.gov/products/GAO-06-705]. Washington, D.C.: June 22, 2006. Medicaid Integrity: Implementation of New Program Provides Opportunities for Federal Leadership to Combat Fraud, Waste, and Abuse. [hyperlink, http://www.gao.gov/products/GAO-06-578T]. Washington, D.C.: March 28, 2006. [End of section] Footnotes: [1] CMS is the federal agency within the Department of Health and Human Services that oversees Medicaid. [2] An improper payment is any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements. This definition includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except where authorized by law), and any payment that does not account for credit for applicable discounts. Improper Payments Elimination and Recovery Act of 2010, Pub. L. No. 111-204, § 2(e), 124 Stat. 2224, 2227 (codified at 31 U.S.C. § 3321 note). [3] See GAO, Medicaid: State Efforts to Control Improper Payments, [hyperlink, http://www.gao.gov/products/GAO-01-662] (Washington, D.C.: June 7, 2001). A list of related products is included at the end of this report. [4] See GAO, Major Management Challenges and Program Risks: Department of Health and Human Services, [hyperlink, http://www.gao.gov/products/GAO-03-101] (Washington, D.C.: Jan. 1, 2003). [5] The federal government matches states' expenditures for most Medicaid services using a statutory formula based on each state's per capita income. The 56 Medicaid programs include one for each of the 50 states, the District of Columbia, Puerto Rico, American Samoa, Guam, the Commonwealth of the Northern Mariana Islands, and the U.S. Virgin Islands. Hereafter, we refer to the 50 states and the District of Columbia as states; all other entities were excluded from our work. [6] See Pub. L. No. 109-171, § 6034, 120 Stat. 3, 74-78 (2006) (codified at 42 U.S.C. § 1396u-6). [7] See GAO, Medicaid Program Integrity: Expanded Federal Role Presents Challenges to and Opportunities for Assisting States, [hyperlink, http://www.gao.gov/products/GAO-12-288T] (Washington, D.C.: Dec. 7, 2011). [8] Test audits began in June 2007 and were completed in December 2010. Contracts for MSIS audits were issued in December 2007 and MSIS audits were assigned to audit contractors in September 2008. Collaborative audits were assigned to audit contractors in January 2010. As of February 2012, a number of MSIS audits and collaborative audits are ongoing. [9] The five states were the District of Columbia, Florida, Mississippi, Texas, and Washington. [10] Within the MIG, the Division of Medicaid Integrity Contracting is responsible for administrative oversight of the contracts and ensuring that contractors meet the performance criteria. This division's staff is involved in developing the scope of work for contracts, but the detailed contents of the contracts are largely developed by other divisions within MIG. [11] HHS-OIG, MSIS Data Usefulness for Detecting Fraud, Waste, and Abuse, OEI-04-07-00240 (August 2009); HHS-OIG, Top Management and Performance Challenges Facing the Department of Health and Human Services in Fiscal Year 2011 (November 2011). [12] Algorithms target specific types of potential overpayments, such as services provided after a beneficiary's date of death or duplicate claims that appear to be for the same service. The MIG and review contractors both contribute to algorithm development. The MIG maintains about 100 algorithms. [13] HHS-OIG, Early Assessment of Review Medicaid Integrity Contractors, OEI-05-10-00200 (February 2012). [14] The first MSIS audits were assigned to audit contractors in September 2008. The most recent MSIS audits were assigned in February 2011. [15] In addition to MMIS data, collaborative audits in one state used state-supplied data to determine if a provider had been reimbursed by other payers, such as Medicare, for claims that Medicaid had already paid. [16] Review contractors were not involved during the test audits because the states provided the initial audit leads. [17] Expenditures for the test audits were about $4.3 million, and do not include the contractor's work on provider appeals. The MIG could not break out expenditures separately for collaborative audits. The MIG's review and audit contractors are paid on a cost plus award fee basis which reimburses the contractors' costs of completing each task and allows CMS to remit an additional award if certain performance targets are met. [18] In March 2012, the HHS-OIG reported that seven collaborative audits had identified $6.2 million in overpayments. According to the MIG, this estimate was based on draft audit report findings, which in some instances were higher than the amounts reported in final audit reports. HHS-OIG, Early Assessment of Audit Medicaid Integrity Contractors, OEI-05-10-00210 (March 2012). [19] Although the overall return on investment was negative, we did not attempt to quantify it and instead use the term poor to describe the return. [20] The MIG generally considers overpayments of $2,000 or less as too low to merit collection, but it has issued final audit reports for less than that amount. [21] The HHS-OIG report, published in March 2012, was based on an analysis of NMAP audits assigned between January and June 2010. See OEI-05-10-00210. [22] In August 2009, the HHS-OIG reported that MSIS does not contain many of the data elements needed for detecting improper payments and that the average age of the data was more than 1-year old. For the HHS- OIG report, the MIG provided HHS-OIG with a list of missing data elements that would be useful for Medicaid fraud, waste, and abuse analysis. See OEI-04-07-00240. [23] In addition, a MIG audit contractor already had established positive business relationships with state Medicaid agencies, which gave it access to state MMIS data. When we spoke to MIG officials, they confirmed that they had discussed the use of MMIS data with an audit contractor, but told us that states' data use agreements with the contractor were an impediment to the contractor's referencing those data while performing MSIS audits. [24] Clinical staff help make determinations on the medical necessity of the care documented in the claim. [25] The 10 states are Arizona, Arkansas, California, New Jersey, New Mexico, North Carolina, Tennessee, Texas, Oregon, and Washington. [26] A February 2012 HHS-OIG report recommended that the review contractors make specific recommendations about audit targets based on their analyses. See OEI-05-10-00200. Although the task order for review contractors calls for them to identify and recommend leads for audit contractors, the MIG only required the review contractors to submit lists of providers ranked by the amount of potential overpayment. These lists, which did not contain recommendations, were used by the MIG to assign audits to the audit contractors. [27] Although CMS has not reported the poor return on investment for MSIS audits, in its recent budget justifications HHS reported that the Medicaid Integrity Program overall had positive return on investment. It is difficult to assess this overall return on investment because CMS has not clearly described its reporting metrics. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E- mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548.