Medicaid Program Integrity: CMS Should Build on Current Oversight Efforts by Further Enhancing Collaboration with States
Fast Facts
The Centers for Medicare & Medicaid Services reviews states' efforts to reduce improper Medicaid payments, and encourages them to use collaborative audits—where CMS contractors and states work together to review the accuracy of payments made. However, some states have reported barriers (such as staff burden) to participating in collaborative audits.
We also found that CMS lacks a systematic approach to collecting and communicating information about state practices to reduce Medicaid improper payments. We recommended that the agency collect and share these practices, and work to increase states' participation in collaborative audits.
Collaborative Audits Assigned from Fiscal Year 2012 through June 2016
U.S. map showing the number of Medicaid collaborative audits assigned in each state from fiscal year 2012 through June 2016.
Highlights
What GAO Found
The Centers for Medicare & Medicaid Services (CMS) has tailored its state program integrity reviews—in which the agency reviews states' program integrity activities—to states' managed care delivery systems and other areas at high risk for improper payments. From 2014 through 2016, CMS conducted on-site reviews in 31 states. The reviews usually addressed state oversight of managed care plans, and some reviews addressed other high-risk areas such as provider enrollment. CMS and states have found the reviews to be beneficial in identifying areas for improvement. To expand oversight to more states, CMS also began off-site desk reviews of certain state program integrity efforts.
Collaborative audits—in which CMS contractors and states work in partnership—have identified substantial potential overpayments to providers, but barriers have limited their use. CMS encourages states to use collaborative audits, but states decide whether to pursue them. Several states reported positive collaborative audit experiences, while others cited barriers—such as staff burden or problems communicating with contractors—that prevented them from seeking audits or hindered the success of audits. Federal internal control standards indicate that organizations should identify and respond to risks related to achieving objectives. Absent additional CMS action to address barriers, some states may choose not to pursue collaborative audits, or may encounter challenges after doing so.
Collaborative Audits Assigned from Fiscal Year 2012 through June 2016
CMS lacks a systematic approach to collecting promising state progam integrity practices and communicating them to other states. CMS's main approach—the state program integrity reviews—inconsistently identified promising practices, and those identified are neither published in a timely way nor easily searched electronically. Other CMS approaches, such as courses offered by the Medicaid Integrity Institute (a national training program for states), were not designed for sharing promising practices and do not systematically communicate them to all states. Both CMS and the states have a role in identifying promising program integrity practices. Absent further agency action, states may not have access to the range of promising state program integrity practices, which is inconsistent with federal internal control standards on the use and external communication of necessary quality information to achieve program objectives.
Why GAO Did This Study
Medicaid remains a high-risk program, partly due to concerns about improper payments. CMS oversees and supports states, in part, by reviewing their program integrity activities, hiring contractors to audit providers, and providing training. In recent years, CMS made changes to its Medicaid program integrity efforts, including a shift to collaborative audits.
GAO was asked to examine CMS's oversight and support of states' Medicaid program integrity efforts. GAO examined, among other issues, (1) how CMS tailors its reviews to states' circumstances; (2) states' experiences with collaborative audits; and (3) CMS's steps to share promising program integrity practices. GAO reviewed CMS documents, including state program integrity reports, and data on collaborative audits. GAO interviewed officials from CMS and eight states selected based on expenditures, managed care use, and number of collaborative audits, among other factors.
Recommendations
To further improve its support of states' Medicaid program integrity activities, CMS should identify opportunities to address barriers that limit states' participation in collaborative audits, and, in collaboration with states, take additional steps to collect and share promising program integrity practices. The Department of Health and Human Services concurred with GAO's recommendations.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Centers for Medicare & Medicaid Services |
Priority Rec.
To build upon CMS's collaborative audit efforts and help enhance future collaboration, CMS should identify opportunities to address barriers that limit states' participation in collaborative audits. Such opportunities could include improving communication with states before, during, and after audits are completed; and ensuring that audits align with states' program integrity needs, including the need for oversight of services provided in managed care delivery systems.
|
As of January 2019, CMS has taken steps to identify opportunities to improve state participation in collaborative audits. Notably, CMS has implemented contracts for five regional Unified Program Integrity Contractors (UPIC) with purposes that include coordinating provider investigations across Medicare and Medicaid, improving collaboration with states by providing a mutually beneficial service, and increasing contractor accountability through coordinated oversight. As part of this process, CMS has met with all states to discuss how operational audit issues will be handled moving forward, including planning for new collaborative audits. For example, at project initiation meetings for the Midwest region UPIC, which included 11 states, CMS provided information and further clarified roles and responsibilities related to the UPIC audits, information exchange, data sharing, data analysis project management, and appeals support, among other topics. CMS also held sessions at the Medicaid Integrity Institute in 2017 to work with states on potential topics for new collaborative audits, including personal care services and managed care delivery systems.
|
Centers for Medicare & Medicaid Services | To better support states' efforts to reduce improper payments and communicate effective program integrity practices across the states, CMS should collaborate with states to develop a systematic approach to collect promising state program integrity practices. |
As of February 2019, CMS's Center for Program Integrity (CPI) developed a template for collecting promising practices and has shared the template with states via email distribution lists and regular Fraud, Waste, and Abuse Technical Advisory Group meetings. Further, CMS CPI has begun collecting promising practices through a number of venues and interactions with states. CPI plans to continue to find opportunities to solicit and document promising practices from the states moving forward.
|
Centers for Medicare & Medicaid Services | To better support states' efforts to reduce improper payments and communicate effective program integrity practices across the states, CMS should collaborate with states to create and implement a communication strategy for sharing promising program integrity practices with states in an efficient and timely manner. |
As of May 2019, CMS has begun sharing promising program integrity practices with the states at meetings and by email. Using a structured template, CMS has distributed two iterations of the Medicaid Program Integrity Promising Practices with states, the first in May 2018 and the second in January 2019. Moving forward CMS plans to distribute the template with identified promising practices as soon as they have collected a sufficient number of practices, likely twice a year.
|