This is the accessible text file for GAO report number GAO-12-288T entitled 'Medicaid Program Integrity: Expanded Federal Role Presents Challenges to and Opportunities for Assisting States' which was released on December 7, 2011. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony: Before the Subcommittees on Government Organization, Efficiency and Financial Management and Health Care, District of Columbia, Census and the National Archives, Committee on Oversight and Government Reform, House of Representatives: For Release on Delivery: Expected at 10:00 a.m. EST: Wednesday, December 7, 2011: Medicaid Program Integrity: Expanded Federal Role Presents Challenges to and Opportunities for Assisting States: Statement of Carolyn L. Yocom: Director, Health Care: GAO-12-288T: GAO Highlights: Highlights of GAO-12-288T, a testimony before the Subcommittees on Government Organization, Efficiency and Financial Management and Health Care, District of Columbia, Census and the National Archives, Committee on Oversight and Government Reform, House of Representatives. Why GAO Did This Study: The Centers for Medicare & Medicaid Services (CMS), the federal agency that oversees Medicaid, estimated that improper payments in the federal-state Medicaid program were $21.9 billion in fiscal year 2011. The Deficit Reduction Act of 2005 established the Medicaid Integrity Program and gave CMS an expanded role in assisting and improving the effectiveness of state activities to ensure proper payments. Making effective use of this expanded role, however, requires that federal resources are targeted appropriately and do not duplicate state activities. GAO was asked to testify on Medicaid program integrity. GAO’s statement focuses on how CMS’s expanded role in ensuring Medicaid program integrity (1) poses a challenge because of overlapping state and federal activities regarding provider audits and (2) presents opportunities through oversight to enhance state program integrity efforts. To do this work, GAO reviewed CMS reports and documents on Medicaid program integrity as well as its own and others’ reports on this topic. In particular, GAO reviewed CMS reports that documented the results of its state oversight and monitoring activities. GAO also interviewed CMS officials in the agency’s Medicaid Integrity Group (MIG), which was established to implement the Medicaid Integrity Program. This work was conducted in November and December 2011. GAO discussed the facts in this statement with CMS officials. What GAO Found: The key challenge faced by the Medicaid Integrity Group (MIG) is the need to avoid duplication of federal and state program integrity efforts, particularly in the area of auditing provider claims. In 2011, the MIG reported that it was redesigning its national provider audit program. Previously, its audit contractors were using incomplete claims data to identify overpayments. According to MIG data, overpayments identified by its audit contractors since fiscal year 2009 were not commensurate with its contractors’ costs. The MIG’s redesign will result in greater coordination with states on a variety of factors, including the data to be used. It remains to be seen, however, whether these changes will result in an increase in identified overpayments. The table below highlights the MIG’s core oversight activities, which were implemented from fiscal years 2007 through 2009. Table: MIG’s Core Oversight Activities and Fiscal Year Implemented: MIG activities: Comprehensive program integrity reviews (fiscal year 2007); Description: Every 3 years, the MIG conducts a comprehensive management review of each state’s Medicaid program integrity procedures and processes. Through the reviews, CMS assesses the effectiveness of the state’s program integrity efforts and determines whether the state’s policies and procedures comply with federal regulations. MIG activities: Technical assistance (fiscal year 2007); Description: In fiscal year 2009, the MIG responded to 504 requests for technical assistance from 49 states, providers, advocates and others. Common topics included policy/regulatory requirements on disclosures, law enforcement activities, and fraud detection tools. MIG activities: Medicaid Integrity Institute (fiscal year 2007); Description: The institute is the first national Medicaid integrity training program. CMS executed an interagency agreement with the Department of Justice to house the institute at the Department’s National Advocacy Center, located at the University of South Carolina. The institute offers substantive training, technical assistance, and support to states in a structured learning environment. MIG activities: National Provider Audit Program (fiscal year 2009); Description: Separate contractors (1) analyze claims data to identify aberrant claims, and potential billing vulnerabilities; and (2) conduct post-payment audits based on data analysis leads in order to identify overpayments to Medicaid providers. MIG activities: State program integrity assessments (fiscal year 2009); Description: These annual assessments represent the first national baseline collection of data on state Medicaid integrity activities for the purposes of program evaluation and technical assistance support. The data provided by states are used to populate a one-page profile covering topics such as program integrity staffing and expenditures, audits, fraud referrals, and recoveries. MIG activities: Education contractors (fiscal year 2009); Description: The education contractors develop materials in order to educate and train providers on payment integrity and quality of care issues. Source: CMS. [End of table] The MIG’s core oversight activities present an opportunity to enhance state efforts through the provision of technical assistance and the identification of training opportunities. The MIG’s assessment of state program integrity efforts during triennial onsite reviews and annual assessments will need to address data inconsistencies identified during these two activities. Improved consistency will help ensure that the MIG is appropriately targeting its resources. The Medicaid Integrity Institute appears to address a state training need and create networking opportunities for program integrity staff. View [hyperlink, http://www.gao.gov/products/GAO-12-288T]. For more information, contact Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov. [End of section] Chairmen Platts, Gowdy, and Members of the Subcommittees: I am pleased to be here today to discuss Medicaid program integrity, that is, preventing improper payments that result from fraud, waste, and abuse.[Footnote 1] Until the Deficit Reduction Act of 2005 (DRA) expanded the role of the Centers for Medicare & Medicaid Services (CMS), the federal agency that oversees Medicaid, Medicaid program integrity had been primarily a state responsibility.[Footnote 2] CMS's expanded role presents an opportunity to assist and improve the effectiveness of state activities, but also requires that federal resources are targeted appropriately and do not duplicate state activities. Medicaid is jointly funded by federal and state governments. It is one of the largest social programs in the federal budget--covering about 67 million people in fiscal year 2010--and one of the largest components of state budgets. In fiscal year 2010, Medicaid expenditures totaled about $401 billion, with a federal share of $270 billion and a state share of $132 billion. As a result of flexibility in the program's design, Medicaid consists of 56 distinct state-based programs.[Footnote 3] The challenges inherent in overseeing a program of Medicaid's size and diversity make the program vulnerable to improper payments, which may be the result of fraud, waste, and abuse. [Footnote 4] Because of the program's risk of improper payments as well as insufficient federal and state oversight, we added Medicaid to our list of high-risk programs in January 2003.[Footnote 5] CMS estimated that Medicaid improper payments were $21.9 billion for fiscal year 2011.[Footnote 6] States are the first line of defense against Medicaid improper payments. Specifically, they must comply with federal requirements to ensure the qualifications of the providers who bill the program, detect improper payments, recover overpayments, and refer suspected cases of fraud and abuse to law enforcement authorities. At the federal level, CMS, an agency within the Department of Health and Human Services (HHS), is responsible for supporting and overseeing state Medicaid program integrity activities. In 2005, we testified that CMS needed to increase its commitment--both the alignment of resources and strategic planning--to helping states fight Medicaid fraud, waste and abuse.[Footnote 7] Subsequently, the DRA established the Medicaid Integrity Program and included other provisions designed to increase CMS's support for state activities to address Medicaid fraud, waste, and abuse. The DRA provided appropriations to implement the Medicaid Integrity Program, and the Patient Protection and Affordable Care Act (PPACA) enacted in March 2010 gave CMS and states additional provider and program integrity oversight tools.[Footnote 8] You asked GAO to testify today on Medicaid program integrity. My remarks focus on how CMS's expanded role in ensuring Medicaid program integrity (1) poses a challenge because of overlapping state and federal activities, particularly in the area of auditing provider claims; and (2) presents opportunities through oversight to enhance state program integrity efforts. To do this work, we reviewed CMS reports and documents on Medicaid program integrity as well as our own and others' reports on this topic. In particular, we reviewed CMS reports that documented the results of its state oversight and monitoring activities. We also interviewed CMS officials in the agency's Medicaid Integrity Group, which was established to implement the Medicaid Integrity Program. We conducted our work in November and December 2011 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. The data presented in this statement were obtained from CMS and we did not independently verify their reliability. We believe that the evidence obtained provides a reasonable basis or our findings and conclusions based on our audit objectives. Background: CMS is responsible for overseeing Medicaid and state Medicaid agencies are responsible for administering the program. Although each state is subject to federal requirements, it develops its own Medicaid administrative structure for carrying out the program including its approach to program integrity. Within broad federal guidelines, each state establishes eligibility standards and enrolls eligible individuals; determines the type, amount, duration, and scope of covered services; sets payment rates for covered services; establishes standards for providers and managed care plans; and ensures that state and federal funds are not spent improperly or diverted by fraudulent providers. However, state Medicaid programs do not work in isolation on program integrity; instead, there are a large number of federal agencies, other state entities, and contractors with which states must coordinate. State Medicaid Program Integrity Activities: Generally, each state's Medicaid program integrity unit uses its own data models, data warehouses, and approach to analysis. States often augment their in-house capabilities by contracting with companies that specialize in Medicaid claims and utilization reviews. However, as program administrators, states have primary responsibility for conducting program integrity activities that address provider enrollment, claims review, and case referrals. Specifically, CMS expects states to: * collect and verify basic information on providers, including whether the providers meet state licensure requirements and are not prohibited from participating in federal health care programs: * maintain a mechanized claims processing and information system known as the Medicaid Management Information System (MMIS). MMIS can be used to make payments and to verify the accuracy of claims, the correct use of payment codes, and a beneficiary's Medicaid eligibility.[Footnote 9] * operate a Surveillance and Utilization Review Subsystem (SURS) in conjunction with the MMIS that is intended to develop statistical profiles on services, providers, and beneficiaries in order to identify potential improper payments. For example, SURS may apply automatic post-payment screens to Medicaid claims in order to identify aberrant billing patterns. * submit all processed Medicaid claims electronically to CMS's Medical Statistical Information System (MSIS). MSIS does not contain billing information, such as the referring provider's identification number or beneficiary's name, because it is a subset of the claims data submitted by states. States provide data on a quarterly basis and CMS uses the data to (1) analyze Medicaid program characteristics and utilization for services covered by state Medicaid programs, and (2) generate various public use reports on national Medicaid populations and expenditures. * refer suspected overpayments or overutilization cases to other units in the Medicaid agency for corrective action and refer potential fraud cases to other appropriate entities for investigation and prosecution. Our reports and testimonies from 2001 through 2006 identified gaps in state program integrity activities and noted that the support provided by CMS to states was hampered by resource constraints.[Footnote 10] For example, in 2004, we reported that 15 of 47 states responding to our questionnaire did not affirm that they conducted data mining, defined as analysis of large data sets to identify unusual utilization patterns, which might indicate provider abuse. Recent Legislation Has Conferred New Responsibilities on CMS and States: The DRA established the Medicaid Integrity Program to provide effective federal support and assistance to states to combat fraud, waste, and abuse. To implement the Medicaid Integrity Program, CMS created the Medicaid Integrity Group (MIG), which is now located within the agency's Center for Program Integrity. The DRA also required CMS to hire contractors to review and audit provider claims and to educate providers on issues such as appropriate billing practices. The Medicaid Recovery Audit Contractor (RAC) program was established by PPACA.[Footnote 11] Each state must contract with a RAC, which is tasked with identifying and recovering Medicaid overpayments and identifying underpayments. Each state's RAC is required to be operational by January 1, 2012. Medicaid RACs will be paid on a contingency fee basis--up to 12.5 percent--of any recovered overpayments and states are required to establish incentive payments for the detection of underpayments.[Footnote 12] Figure 1 identifies the key federal and state entities responsible for Medicaid program integrity. Figure 1: Key Federal and State Entities Responsible for Medicaid Program Integrity before and after the Deficit Reduction Act of 2005: [Refer to PDF for image: illustration] Federal: Medicaid Integrity Group[D]: CMS: Review contractors[D]; Audit contractors[D]; Education contractors[D]; Medicaid Integrity Institute[D]. State: State Program Integrity Unit[C]: Medicaid Fraud Control Unit[C]; Recovery Audit Contractor[A,D]; Surveillance and Utilization Review Subsystem[B,C]. Source: GAO. Notes: Other federal entities involved in Medicaid program integrity not included in this figure include: CMS's Office of Financial Management and its Center for Medicaid, CHIP, Survey and Certification; the Department of Health and Human Services' Office of Inspector General; the Federal Bureau of Investigation; and the Department of Justice. [A] States are required to contract with at least one RAC, which must be operational beginning January 2012. [B] SURS may be performed by an outside contractor (as depicted here) or state program integrity staff may carry out the SURS function, in which case it would be integral to the State Program Integrity Unit. [C] Established before Deficit Reduction Act of 2005. [D] Established after Deficit Reduction Act of 2005. [End of figure] Fraud Investigation and Prosecution: Fraud detection and investigations often require more specialized skills than are required for the identification of improper payments because investigators must establish that an individual or entity intended to falsify a claim to achieve some gain. As a result, fraud is more difficult to prove than improper payments and requires the involvement of entities that can investigate and prosecute fraud cases. In 1977, Congress authorized federal matching funds for the establishment of independent state Medicaid Fraud Control Units (MFCU).[Footnote 13] MFCUs are responsible for investigating and prosecuting Medicaid fraud. In general, they are located in State Attorneys Generals' offices. MFCUs can, in turn, refer some cases to federal agencies that have longstanding responsibility for combating fraud, waste, and abuse in Medicare and Medicaid--the HHS's Office of Inspector General (HHS-OIG), the Federal Bureau of Investigation (FBI), and the Department of Justice. CMS's MIG Implemented Core Activities from 2006 through 2009 but Effective Coordination Is Needed Because of Overlap with Ongoing State Efforts: A key challenge CMS faces in implementing the statutorily required federal Medicaid Integrity Program is ensuring effective coordination to avoid duplicating state program integrity efforts. CMS established the MIG in 2006 and it gradually hired staff and contractors to implement a set of core activities, including the (1) review and audit of Medicaid provider claims; (2) education of state program integrity officials and Medicaid providers; and (3) oversight of state program integrity activities and provision of assistance. Because states also routinely review and audit provider claims, the MIG recognized that coordination was key to avoiding duplication of effort. In 2011, the MIG reported that it was redesigning its national provider audit program to allow for greater coordination with states on data, policies, and audit measures. According to MIG data, overpayments identified by its review and audit contractors over the first 3 years of the national audit program were not commensurate with the contractors' costs. Core MIG Activities Were Implemented Gradually from 2006 to 2009: The DRA provided CMS with the resources to hire staff whose sole duties are to assist states in protecting the integrity of the Medicaid program. The MIG's core activities were implemented gradually from fiscal year 2006 to 2009. The DRA provided start up funding of $5 million for fiscal year 2006, increasing to $50 million for each of the subsequent 2 fiscal years, and $75 million per year for fiscal year 2009 and beyond.[Footnote 14] One of the first activities initiated by the MIG in fiscal year 2007 was comprehensive program integrity reviews to assess the effectiveness of states' activities, which involved eight, week-long onsite visits that year.[Footnote 15] One of the last activities to be implemented was the statutorily required National Provider Audit Program where MIG contractors review and audit Medicaid provider claims. In fiscal year 2005, we reported that CMS devoted 8.1 full time equivalent staff years to support and oversee states' anti-fraud-and-abuse operations, which, in 2010, had grown to 83 out of the 100 DRA authorized full time equivalent staff years.[Footnote 16] Table 1 describes six core MIG activities and the fiscal year in which those activities began. Table 1: Medicaid Integrity Group's Core Oversight Activities, by Fiscal Year Implemented: Fiscal year 2007: MIG activities: Comprehensive program integrity reviews; Description: Every 3 years, the MIG conducts a comprehensive management review of each state's Medicaid program integrity procedures and processes. Through the reviews, the MIG assesses the effectiveness of the state's program integrity efforts and determines whether the state's policies and procedures comply with federal statutes and regulations. The review areas include provider enrollment, provider disclosures, program integrity, managed care operations, and the interaction between the state's Medicaid agency and its Medicaid Fraud Control Unit (MFCU). Each review results in a report which is posted on CMS's Web site that summarizes best practices, compliance issues, and vulnerabilities. The MIG also conducts follow-up reviews to evaluate state's corrective action plans addressing any identified vulnerabilities. MIG activities: Technical assistance; Description: In fiscal year 2009, the MIG responded to 504 requests for technical assistance from 49 states, providers, advocates and others. Common topics included the National Provider Audit Program, policy/regulatory requirements on disclosures, law-enforcement activities, and fraud detection tools. Examples of other assistance provided to the states included (1) hosting regional State Program Integrity Director conference calls to discuss emerging issues and best practices, and (2) issuing a State Medicaid Director letter in January 2009 which provided guidance to Medicaid providers on screening their employees and contractors for individuals excluded from participation in the program. MIG activities: Medicaid integrity institute; Description: The institute is the first national Medicaid integrity training program. CMS executed an interagency agreement with the Department of Justice to house the institute at the National Advocacy Center, located at the University of South Carolina. The institute offers substantive training, technical assistance, and support to states in a structured learning environment. In time, the institute intends to create a credentialing process to elevate the professional qualifications of state Medicaid program integrity staff. Fiscal year 2009: MIG activities: National Provider Audit Program[A]; Description: Separate contractors (1) analyze claims data to identify aberrant claims and potential billing vulnerabilities, and (2) conduct post-payment audits based on data analysis leads in order to identify overpayments to Medicaid providers. MIG activities: State program integrity assessments; Description: These annual assessments represent the first national baseline collection of data on state Medicaid integrity activities for the purposes of program evaluation and technical assistance support. The data provided by states are used to populate a one page profile covering topics such as program integrity staffing and expenditures, audits, fraud referrals to the state's MFCU, and recoveries. MIG activities: Education contractors; Description: The education contractors develop materials in order to educate and train providers on payment integrity and quality of care issues. Source: CMS. [A] To gain a better understanding of audit processes and procedures as well as variation across the states, the MIG initiated test audits in fiscal year 2007, prior to the implementation of the National Provider Audit Program. [End of table] Figure 2 shows MIG expenditures by program category for fiscal year 2010. The Medicaid Integrity Institute accounted for about 2 percent of the MIG's fiscal year 2010 expenditures, while the National Provider Audit Program accounted for about half of expenditures. Figure 2: MIG Expenditures by Program Category, Fiscal Year 2010, in Millions: [Refer to PDF for image: pie-chart] Additional state support and assistance[A]: $1.2 million; Medicaid Integrity Institute: $1.3 million; Education contractors: $6.2 million; Data strategy and information technology infrastructure: $7.1 million; Program support, staffing and administration[B]: $19.5 million; National Provider Audit Program: $35.9 million. Source: CMS. [A] These activities include courses as well as technical assistance and outreach to states specific to the implementation of PPACA. [B] These activities include the comprehensive program integrity reviews, state program integrity assessments, and technical assistance. [End of figure] The MIG Recognized the Need for Effective Coordination: At the outset, the MIG recognized that effective coordination with internal and external stakeholders was essential to the success of the Medicaid Integrity Program. In a report issued prior to establishment of the program, we found that CMS had a disjointed organizational structure and lacked the strategic planning necessary to face the risks involved with the Medicaid program.[Footnote 17] We identified the need for CMS to develop a strategic plan in order to provide direction to the agency, its contractors, states, and its law enforcement partners. In designing and implementing the program, the MIG convened an advisory committee consisting of (1) state program integrity, Medicaid, and MFCU directors from 16 states; and (2) representatives of the FBI, HHS-OIG, and CMS regional offices. This committee provided planning input and strategic advice and identified key issues that the MIG needed to address, including: * The MIG's efforts should support and complement states' Medicaid integrity efforts, not be redundant of existing auditing efforts. * Program integrity activities of the MIG and other federal entities require coordination with states regarding auditing and data requests. * The focus of state activities should be shifted from postpayment audits to prepayment prevention activities. The advisory committee also highlighted the lack of state resources for staffing, technology, and training. CMS's July 2009 Comprehensive Medicaid Integrity Plan, the fourth such plan since 2006, stated that fostering collaboration with internal and external stakeholders of the Medicaid Integrity Program was a primary goal of the MIG. In implementing more recent statutory requirements, CMS again stressed the need for effective coordination and collaboration. CMS's commentary accompanying the final rule on the implementation of Medicaid RACs acknowledged the potential for duplication with states' ongoing efforts to identify Medicaid overpayments. States have been responsible for the recovery of all identified overpayments, including those identified since fiscal year 2009 by the MIG's audit contractors. The new requirement for states to contract with an independent Medicaid RAC introduces another auditor to identify and collect Medicaid overpayments. The Medicaid RAC program was modeled after a similar Medicare program, which was implemented in March 2009 after a 3-year demonstration.[Footnote 18] Because Medicare RACs are paid a fixed percentage of the dollar value of any improper payments identified, they generally focused on costly services such as inpatient hospital stays. Our prior work on Medicare RACs noted that the postpayment review activities of CMS's other contractors would overlap less with the RACs' audits if those activities focused on different Medicare services where improper payments were known to be high, such as home health.[Footnote 19] Because Medicaid RACs are not required to be operational until January 1, 2012, the extent to which states will structure their RAC programs to avoid duplication and complement their own provider review and audit activities remains to be seen. The MIG Is Redesigning the National Provider Audit Program, Whose Returns Were Not Commensurate with Contractors' Costs: In its most recent annual report to the Congress, the MIG indicated that it was redesigning the National Provider Audit Program. According to the MIG, the National Provider Audit Program has not identified overpayments in the Medicaid program commensurate with the related contractor costs. About 50 percent of the MIG's $75 million annual budget supports the activities of its review and audit contractors. From fiscal years 2009 through 2011, the MIG authorized 1,663 provider audits in 44 states. However, the MIG's reported return on investment from these audits was negative. While its contractors identified $15.2 million in overpayments, the combined cost of the National Provider Audit Program was about $36 million in fiscal year 2010. The actual amount of overpayments recovered is not known because states are responsible for recovering overpayments and the MIG is not the CMS entity that tracks recoveries. Actual recoveries may be less than the identified overpayments. The National Provider Audit Program has generally relied on MSIS, which is summary data submitted by states on a quarterly basis that may not reflect voided or adjusted claims payments. As a result, the MIG's audit contractors may identify two MSIS claims as duplicates when the state has already voided or denied payment on one of these claims. For their program integrity efforts, states use their own MMIS data systems, which generally reflect real-time payments and adjustments of detailed claims for each health care service. States are required to have a SURS component that performs data mining as a part of their program integrity efforts. The MIG's review contractors use data mining techniques that may be similar to those employed by states, and they may not identify any additional improper claims. Moreover, MIG officials told us that the National Provider Audit Program did not prioritize the activities according to the dollar amount of the claim, that is, it did not concentrate its efforts on audits with the greatest potential for significant recoveries. Although the amount of overpayment identified from any given audit can vary by thousands or millions of dollars, the MIG's comprehensive reviews of several states' Medicaid integrity programs show that these states identified significantly higher levels of overpayments in 1 year than the National Provider Audit Program identified over 3 years. For example, the number of national provider audits (1,663) over three fiscal years was similar to the number that New York conducted in fiscal year 2008 (1,352), yet CMS reported that New York had identified more than $372 million in overpayments--considerably more than the $15.2 million identified through national provider audits. [Footnote 20] The MIG's proposed redesign of the National Provider Audit Program appears to allow for greater coordination between its contractors and states on a variety of factors, including the data to be used. [Footnote 21] In fiscal year 2010, the MIG launched collaborative audits in 13 states. For these audits, the states and the MIG agreed on the audit issues to review and, in some cases, states provided the MIG's audit contractors with more timely and complete claims data. These collaborative projects (1) allowed states to augment their own audit resources, (2) addressed audit targets that states may not have been able to initiate because of a lack of staff, and (3) provided data analytic support for states that lacked that capability. Although these activities are ongoing and the results have not yet been finalized, such collaborative projects appear to be a promising approach to audits that avoids a duplication of federal and state efforts. It remains to be seen, however, whether these changes will result in an increase in identified overpayments. Expanded Role Offers Opportunity to Enhance State Efforts, but More Consistent Data Are Needed: While the MIG's audit program is challenged to avoid duplicating states' own audit activities, its other core functions present an opportunity to enhance states' efforts. The MIG's state oversight activities are extensive and labor intensive. Although the data collected during reviews and assessments are not always consistent with each other, these oversight activities have a strong potential to inform the MIG's technical assistance and help identify training opportunities. The Medicaid Integrity Institute appears to address an important state training need. MIG's Core Oversight Activities Are Broad, but the Data Collected During Reviews and Assessments Were Not Always Consistent with Each Other: The MIG's core oversight activities--triennial comprehensive state program integrity reviews and annual assessments--are broad in scope and provide a basis for the development of appropriate technical assistance. However, we found that the information collected during reviews and the information collected from assessments was sometimes inconsistent with each other. As of November 2011, the MIG had completed the first round of reviews for 50 states and had initiated a second round of reviews in 10 states. The reviews cover the entirety of a state's program integrity activities and assess compliance with federal regulations. In advance of the MIG's week-long onsite visit, state program integrity officials are asked to respond to a 71-page protocol containing 195 questions and to provide considerable documentation.[Footnote 22] Table 2 summarizes the topics covered in the protocol. Typical compliance issues and vulnerabilities identified during the reviews include provider enrollment weaknesses, inadequate oversight of providers in Medicaid managed care, and ineffective fraud referrals to state MFCUs. Table 2: Topics Covered in MIG's Comprehensive State Program Integrity Review Protocol: Module: Program integrity organization and staffing; Number of questions: 29. Module: Claims payment review; Number of questions: 10. Module: Prepayment review; Number of questions: 37. Module: Post-payment review; Number of questions: 13. Module: Recovery audit contractors; Number of questions: 6. Module: Payment error rate measurement; Number of questions: 6. Module: Sampling and extrapolation; Number of questions: 14. Module: Fraud identification, investigation, and referral; Number of questions: Methods; Number of questions: 10. Preliminary investigation; Number of questions: 4. Full investigation; Number of questions: 8. Resolution of full investigation; Number of questions: 7. Reporting requirements; Number of questions: 3. Provider statements; Number of questions: 7. Recipient verification; Number of questions: 9. Cooperation with MFCUs; Number of questions: 16. Withholding payments; Number of questions: 4. Federal reimbursement for operation of data systems; Number of questions: 3. False Claims Act requirements; Number of questions: 4. Module: Technical assistance; Number of questions: 5. Source: CMS's fiscal year 2011 comprehensive state program integrity review protocol. [End of table] Much of the information collected during the assessments--Medicaid program integrity characteristics, program integrity planning, prevention, detection, investigation and recoveries--is also collected during the triennial comprehensive reviews.[Footnote 23] In addition, we found inconsistencies between the information reported in the comprehensive reviews and in the assessments for several states that were conducted at about the same time. For example, there was a significant discrepancy for one state in the number of staff it reported as being dedicated to program integrity activities. According to the MIG, knowing the size of state program integrity staff helps it to more appropriately tailor content during training events. Improved consistency will help the MIG ensure that it is targeting its training and technical assistance resources appropriately. Despite the frequency of the annual assessments, the most current data cover fiscal year 2008, which the MIG began collecting in fiscal year 2010. Although the MIG provides states with a glossary explaining each of the requested data elements, it is not clear that the information submitted is reliable or comparable across states. Our review of a sample of assessments revealed missing data and a few implausible measures, such as one state reporting over 38 million managed care enrollees. In other states, there were dramatic changes in the data reported from 2007 to 2008, which either raises a question about the reliability of the data or suggests that states be allowed to explain significant changes from year to year. For example, the number of audits in one state declined from 203 to 35. According to MIG officials, the comprehensive reviews and the assessments inform the MIG's technical assistance activities with the states. For example, we found that the MIG published best practices guidance in 2008 after finding weaknesses in coordination between state program integrity officials and their respective MFCU's in a number of states. In its report to Congress on fiscal year 2010 activities, the MIG indicated it completed 420 requests for technical assistance from 43 states, providers, and others. The most common topics included the National Provider Audit Program, policy and regulatory requirements on disclosures, provider exclusions and enrollment, and requests for statistical assistance related to criminal and civil court actions. Examples of assistance provided to the states by the MIG included (1) hosting regional state program integrity director conference calls to discuss program integrity issues and best practices; and (2) helping develop a State Medicaid Director Letter (issued in July 2010) on the return of federal share of overpayments under PPACA. Medicaid Integrity Institute Trains State Staff and Facilitates Networking: The federally sponsored Medicaid Integrity Institute not only offers state officials free training but also provides opportunities to develop relationships with program integrity staff from other states. The institute addresses our prior finding that CMS did not sponsor any fraud and abuse workshops or training from 2000 through 2005.[Footnote 24] From fiscal years 2008 through 2012, the institute will have trained over 2,265 state employees at no cost to states. Given the financial challenges states currently face, it is likely that expenditures for training and travel are limited. Expenditures on the institute accounted for about $1.3 million of the MIG's $75 million annual budget. MIG officials told us that states uniformly praised the opportunity to network and learn about best practices from other states. A special June 2011 session at the institute brought together Medicaid program integrity officials and representatives of MFCUs from 39 states in an effort to improve the working relations between these important program integrity partners. In addition to the institute, the MIG has a contractor that provides (1) education to broad groups of providers and beneficiaries, and (2) targeted education to specific providers on certain topics.[Footnote 25] For example, the education contractor has provided outreach through its attendance at 17 conferences with about 36,000 attendees. These conferences were sponsored by organizations devoted to combating health care fraud such as the National Association of Medicaid Program Integrity and National Health Care Anti-Fraud Association, as well as meetings of national and regional provider organizations (hospital, home care and hospice and pharmacy). An example of a more targeted activity is one focused on pharmacy providers. The MIG's education contractor is tasked with developing provider education materials to promote best prescribing practices for certain therapeutic drug classes and remind providers of the appropriate prescribing guidelines based on FDA approved labeling. The education program includes some face-to-face conversations, mailings to providers, and distribution of materials on a website and at conferences and meetings. These activities are collaborative efforts with the states so that states are: aware of the aberrant providers, participate in the education program, and can implement policy changes to address these issues, as appropriate. We discussed the facts in this statement with CMS officials. Chairmen Pratts and Gowdy, this concludes my prepared remarks. I would be happy to answer any questions that you or other Members may have. GAO Contact and Staff Acknowledgments: For further information about this statement, please contact Carolyn L. Yocom at (202) 512-7114 or yocomc@gao.gov. Contact points for our Offices of Congressional Relation and Public Affairs may be found on the last page of this statement. Walter Ochinko, Assistant Director; Sean DeBlieck; Iola D'Souza; Leslie V. Gordon; Drew Long; Jessica Smith; and Jennifer Whitworth were key contributors to this statement. [End of section] Appendix I: Abbreviations: CMS: Centers for Medicare & Medicaid Services: DRA: Deficit Reduction Act of 2005: FBI: Federal Bureau of Investigation: FDA: Food and Drug Administration: HCERA: Health Care Education and Reconciliation Act of 2010: HHS: Department of Health and Human Services: MFCU: Medicaid Fraud Control Unit: MIG: Medicaid Integrity Group: MIP: Medicaid Integrity Program: MMIS: Medicaid Management Information System: MSIS: Medicaid Statistical Information System: OIG: Office of Inspector General: PERM: Payment Error Rate Measurement: PPACA: Patient Protection and Affordable Care Act: RAC: Recovery Audit Contractor: SURS: Surveillance and Utilization Review Subsystem: [End of section] Related GAO Products: Fraud Detection Systems: Additional Actions Needed to Support Program Integrity Efforts at Centers for Medicare and Medicaid Services. [hyperlink, http://www.gao.gov/products/GAO-11-822T]. Washington, D.C.: July 12, 2011. Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use. [hyperlink, http://www.gao.gov/products/GAO-11-475]. Washington, D.C.: June 30, 2011. Improper Payments: Recent Efforts to Address Improper Payments and Remaining Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-575T]. Washington, D.C.: April 15, 2011. Status of Fiscal Year 2010 Federal Improper Payments Reporting. [hyperlink, http://www.gao.gov/products/GAO-11-443R]. Washington, D.C.: March 25, 2011. Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-11-409T]. Washington, D.C.: March 9, 2011. Medicare: Program Remains at High Risk Because of Continuing Management Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-430T]. Washington, D.C.: March 2, 2011. Opportunities to Reduce Potential Duplication in Government Programs, Save Tax Dollars, and Enhance Revenue. [hyperlink, http://www.gao.gov/products/GAO-11-318SP]. Washington, D.C.: March 1, 2011. High-Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-11-278]. Washington, D.C.: February 2011. Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight. [hyperlink, http://www.gao.gov/products/GAO-10-143]. Washington, D.C.: March 31, 2010. Medicaid: Fraud and Abuse Related to Controlled Substances Identified in Selected States. [hyperlink, http://www.gao.gov/products/GAO-09-1004T]. Washington, D.C.: September 30, 2009. Medicaid: Fraud and Abuse Related to Controlled Substances Identified in Selected States. [hyperlink, http://www.gao.gov/products/GAO-09-957]. Washington, D.C.: September 9, 2009. Improper Payments: Progress Made but Challenges Remain in Estimating and Reducing Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-09-628T]. Washington, D.C.: April 22, 2009. Medicaid: Thousands of Medicaid Providers Abuse the Federal Tax System. [hyperlink, http://www.gao.gov/products/GAO-08-239T]. Washington, D.C.: November 14, 2007. Medicaid: Thousands of Medicaid Providers Abuse the Federal Tax System. [hyperlink, http://www.gao.gov/products/GAO-08-17]. Washington, D.C.: November 14, 2007. Medicaid Financial Management: Steps Taken to Improve Federal Oversight but Other Actions Needed to Sustain Efforts. [hyperlink, http://www.gao.gov/products/GAO-06-705]. Washington, D.C.: June 22, 2006. Medicaid Integrity: Implementation of New Program Provides Opportunities for Federal Leadership to Combat Fraud, Waste, and Abuse. [hyperlink, http://www.gao.gov/products/GAO-06-578T]. Washington, D.C.: March 28, 2006. Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited. [hyperlink, http://www.gao.gov/products/GAO-05-855T]. Washington, D.C.: June 28, 2005. Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-04-707]. Washington, D.C.: July 16, 2004. Medicaid: State Efforts to Control Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-01-662]. Washington, D.C.: June 7, 2001. [End of section] Footnotes: [1] Medicaid is the federal-state program that covers acute health care, long-term care, and other services for certain categories of low- income individuals. [2] See Pub. L. No. 109-171, § 6034, 120 Stat. 3, 74-78 (2006). [3] The federal government matches states' expenditures for most Medicaid services using a statutory formula based on each state's per capita income. The 56 Medicaid programs include one for each of the 50 states, the District of Columbia, Puerto Rico, Samoa, Guam, the Commonwealth of the Northern Mariana Islands, and the United States Virgin Islands. [4] Fraud involves an intentional act or representation to deceive with the knowledge that the action or representation could result in gain. Waste results from clerical errors or the provision of medically unnecessary services. Abuse typically involves actions that are inconsistent with acceptable business and medical practices that result in unnecessary program costs. See, e.g., 42 C.F.R. § 455.2 (2010). [5] See GAO, Major Management Challenges and Program Risks: Department of Health and Human Services, [hyperlink, http://www.gao.gov/products/GAO-03-101] (Washington, D.C.: January 2003). [6] In its Fiscal Year 2011 Agency Financial Report, HHS calculated and reported the 3-year (2009, 2010, and 2011) weighted average national payment error rate for Medicaid of 8.1 percent. See Department of Health and Human Services FY 2011 Agency Financial Report (Washington, D.C.: Nov. 15, 2011). [7] See GAO, Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited, [hyperlink, http://www.gao.gov/products/GAO-05-855T] (Washington, D.C.: June 28, 2005). [8] Pub. L. No. 111-148, 124 Stat. 119, as amended by the Health Care Education Reconciliation Act of 2010 (HCERA), Pub. L. No. 111-152, 124 Stat. 1029. For example, PPACA required states to have Medicaid Recovery Audit Contractors, increased provider ownership reporting requirements, and allowed CMS to suspend payments to providers on the basis of a credible allegation of fraud. [9] States provide CMS with claims data for use in estimating a Medicaid payment error rate. CMS developed the Payment Error Rate Measurement program to comply with the Improper Payments Information Act of 2002. The error rate is not a "fraud rate" but simply a measurement of payments made that did not meet statutory, regulatory, or administrative requirements. [10] See GAO, Medicaid: State Efforts to Control Improper Payments Vary, [hyperlink, http://www.gao.gov/products/GAO-01-662] (Washington, D.C.: June 7, 2001); Medicaid Program Integrity: State and Federal Efforts to Prevent and Detect Improper Payments, [hyperlink, http://www.gao.gov/products/GAO-04-707] (Washington, D.C.: July 16, 2004); [hyperlink, http://www.gao.gov/products/GAO-05-855T]; Medicaid Integrity: Implementation of New Program Provides Opportunities For Federal Leadership to Combat Fraud, Waste, and Abuse, [hyperlink, http://www.gao.gov/products/GAO-06-578T] (Washington, D.C.: March 28, 2006). [11] Pub. L. No. 111-148, §6411, 124 Stat. 119,773. [12] CMS will not provide federal financial participation for administrative expenditure claims if a state establishes a RAC contingency fee that is in excess of the highest Medicare RAC contingency fee rate, unless a state requests an exception from CMS and provides an acceptable justification. Any additional fees must be paid out of state-only funds. [13] Medicare-Medicaid Anti-Fraud and Abuse Amendments, Pub. L. No. 95- 142, §91 Stat. 1175, 1201. [14] HCERA provided that for each fiscal year after 2010 the amount appropriated would be adjusted to take into account inflation. §1303(b)(3), 124 Stat. at 1058. [15] The states the MIG visited included Arkansas, Connecticut, Delaware, Michigan, Missouri, Nevada, Oregon, and Virginia. [16] See [hyperlink, http://www.gao.gov/products/GAO-05-855T]. [17] See [hyperlink, http://www.gao.gov/products/GAO-05-855T]. [18] The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 directed CMS to conduct a project to demonstrate how effective the use of RACs would be in identifying underpayments and overpayments, and in recouping overpayments in Medicare. Pub. L. No. 108-173, § 306, 117 Stat. 2066, 2256. Subsequently, in December 2006 the Tax Relief and Health Care Act of 2006 required CMS to implement a national Medicare RAC program by January 1, 2010. Pub. L. No. 109-342, div. B, title III, § 302, 120 Stat. 2924, 2991 (codified at 42 U.S.C. § 1395ddd(h)). [19] See GAO, Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments, [hyperlink, http://www.gao.gov/products/GAO-11-409T] (Washington, D.C.: Mar. 9, 2011). [20] Department of Health and Human Services, Centers for Medicare & Medicaid Services, New York Comprehensive Program Integrity Review: Final Report (Washington, D.C.: 2010). [21] Kathleen Sebelius, Secretary of Health and Human Services, Annual Report to Congress on the Medicaid Integrity Program for Fiscal Year 2010 (Washington, D.C.: 2011). [22] The MFCU and managed care entities receive separate protocols and requests for documentation. [23] The MIG collects the data for the assessments through an online questionnaire that has 56 questions. The responses are used to develop a one-page profile on state activities. [24] See [hyperlink, http://www.gao.gov/products/GAO-05-855T]. [25] The MIG has two education contractors, however, it has only issued task orders to one of the contractors. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E- mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov, (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548.