Skip to main content

Medicaid Managed Care: Improvements Needed to Better Oversee Payment Risks

GAO-18-528 Published: Jul 26, 2018. Publicly Released: Jul 26, 2018.
Jump To:

Fast Facts

Almost half—$171 billion—of Medicaid spending in 2017 went to managed care organizations (MCO). In Medicaid managed care, states pay a set periodic amount to MCOs for each enrollee, and MCOs pay health care providers for the services delivered to enrollees.

Used effectively, managed care can help states reduce Medicaid costs. However, managed care still is at risk of making incorrect payments, such as duplicate payments or payments for ineligible patients.

We identified 6 types of payment risks: 4 related to state payments to MCOs, and 2 related to MCO payments to providers.

We recommended ways to improve oversight of managed care payments.

State Medicaid agencies may pay providers directly for their services to patients or may pay managed care organizations a fixed monthly "capitated" payment for their services to patients.

This graphic shows the chain of payments under fee-for-service and managed care arrangements.

This graphic shows the chain of payments under fee-for-service and managed care arrangements.

Skip to Highlights

Highlights

What GAO Found

Under Medicaid managed care, managed care organizations (MCO) receive a periodic payment per beneficiary in order to provide health care services. Managed care has the potential to help states reduce Medicaid program costs and better manage the use of health care services. However, managed care payments also have the potential to create program integrity risks. GAO identified six types of payment risks associated with managed care, including four related to payments that state Medicaid agencies make to MCOs, and two related to payments that MCOs make to providers. Of the six payment risks GAO identified, state stakeholders responsible for ensuring Medicaid program integrity more often cited the following two as having a higher level of risk:

  1. incorrect fee-for-service payments from MCOs, where the MCO paid providers for improper claims, such as claims for services not provided; and

  2. inaccurate state payments to MCOs resulting from using data that are not accurate or including costs that should be excluded in setting payment rates.

GAO also identified multiple challenges to program integrity oversight for managed care programs. Stakeholders most frequently cited challenges related to (1) appropriate allocation of resources, (2) quality of the data and technology used, and (3) adequacy of state policies and practices. Some stakeholders offered strategies to address these challenges, including collaborating with other entities to identify problem providers and fraud schemes, as well as having effective data systems to better manage risks.

The Centers for Medicare & Medicaid Services (CMS), which oversees Medicaid, has initiated efforts to assist states with program integrity oversight for managed care. However, some of these efforts have been delayed, and there are also gaps in oversight.

  • CMS's planned Medicaid managed care guidance to states has been delayed due to the agency's internal review of the regulations; as of May 2018, no issuance date had been set for the guidance.

  • CMS established a new approach for conducting managed care audits beginning in 2016. However, only a few audits have been conducted, with none initiated in the past 2 years. In part, this is due to certain impediments identified by states, such as the lack of some provisions in MCO contracts.

  • CMS has updated standards for its periodic reviews of the state capitation rates set for MCOs. However, overpayments to providers by MCOs are not consistently accounted for in determining future state payments to MCOs, which can result in states' payments to MCOs being too high.

Lack of guidance and gaps in program integrity oversight are inconsistent with federal internal control standards, as well as with CMS's goals to (1) improve states' oversight of managed care; (2) use audits to investigate fraud, waste, and abuse of providers paid by MCOs; and (3) hold MCOs financially accountable. Without taking action to address these issues, CMS is missing an opportunity to develop more robust program integrity safeguards that will help mitigate payment risks in Medicaid managed care.

Why GAO Did This Study

Federal spending on services paid for under Medicaid managed care was $171 billion in 2017, almost half of the total federal Medicaid expenditures for that year. Federal and state program integrity efforts have largely focused on Medicaid fee-for-service delivery where the state pays providers directly, rather than managed care, where it pays MCOs. As a result, less is known about the types of payment risks under managed care.

GAO was asked to examine payment risks in Medicaid managed care. In this report, GAO (1) identified payment risks; (2) identified any challenges to state oversight and strategies to address them; and (3) assessed CMS efforts to help states address payment risks and oversight challenges. To do this work, GAO reviewed findings on managed care payment risks and oversight challenges from federal and state audits and other sources. GAO also interviewed 49 state program integrity stakeholders in 10 states selected based on size, the percent of population in managed care, and geography. Stakeholders included the state Medicaid managed care office, state Medicaid program integrity unit, state auditor, Medicaid Fraud Control Unit, and an MCO.




Recommendations

GAO recommends that CMS (1) expedite issuing planned guidance on Medicaid managed care program integrity, (2) address impediments to managed care audits, and (3) ensure states account for overpayments in setting future MCO payment rates. The Department of Health and Human Services concurred with these recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Centers for Medicare & Medicaid Services The Administrator of CMS should expedite the planned efforts to communicate guidance, such as its compendium on Medicaid managed care program integrity, to state stakeholders related to Medicaid managed care program integrity. (Recommendation 1)
Closed – Implemented
In March 2019 CMS issued the 2019-2020 Medicaid Managed Care Rate Development Guide for states, which implements GAO's July 2018 recommendation. The Guide requires that rate certification and supporting documentation must describe the development of projected benefit costs included in capitation rates including, among other things, the amount of overpayments to providers and a description of how the state accounted for these in rate development. States' are required to use the guide when setting rates for any managed care program subject to federal actuarial soundness requirements during rating periods starting between July 1, 2019 and June 30, 2020. As a result, CMS is in better position to ensure that states hold MCO financially accountable for making proper payments and overpayments do not result in increased capitation payments. GAO believes guides for future rate development time period need to include these provisions.
Centers for Medicare & Medicaid Services
Priority Rec.
The Administrator of CMS should eliminate impediments to collaborative audits in managed care conducted by audit contractors and states, by ensuring that managed care audits are conducted regardless of which entity--the state or the managed care organization--recoups any identified overpayments. (Recommendation 2)
Closed – Implemented
CMS agreed with this recommendation and has taken steps to address it, as recommended by GAO in July 2018. In September 2019, CMS reported that in July 2019 CMS held a meeting with states and collaborative audit contractors to discuss coordination of managed care audits, including a wide range of challenges with managed care audits. In addition, CMS communicated to states the need to increase audits in managed care and address identified issues. In September 2022, CMS provided GAO with a report of the number and percent of UPIC Medicaid Managed Care investigations of managed care network providers for the Fiscal Years 2016 through 2021. The percent of managed care investigations increased from 0 percent in 2016 to almost 50 percent in FY 2021. For FYs 2016-2018 audit contractors opened 16 investigations of managed care network providers. In FY 2019-2021, they opened 893 investigations.
Centers for Medicare & Medicaid Services
Priority Rec.
The Administrator of CMS should require states to report and document the amount of MCO overpayments to providers and how they are accounted for in capitation rate-setting. (Recommendation 3)
Closed – Implemented
In March 2019 CMS issued the 2019-2020 Medicaid Managed Care Rate Development Guide for states to use when setting rates with respect to any managed care program subject to federal actuarial soundness requirements during rating periods starting between July 1, 2019 and June 30, 2020. The Guide requires that rate certification and supporting documentation must describe the development of projected benefit costs included in capitation rates including, among other things, the amount of overpayments to providers and a description of how the state accounted for these in rate development.

Full Report

GAO Contacts

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

BeneficiariesErroneous paymentsHealth careHealth care programsHealth care providersHealth care servicesManaged health careMedicaidMedicaid paymentsMedicaid programMedicaid servicesProgram integrityRisk assessmentCapitationCompliance oversightImproper payments