Medicare: Actions Needed to Better Manage Fraud Risks, Jul 17, 2018

This post first appeared on GAO Reports. Read the original article.

What GAO Found

In its December 2017 report, GAO found that the Centers for Medicare & Medicaid Services’ (CMS) antifraud efforts for Medicare partially align with GAO’s 2015 A Framework for Managing Fraud Risks in Federal Programs (Framework). The Fraud Reduction and Data Analytics Act of 2015 required OMB to incorporate leading practices identified in this Framework in its guidance to agencies on addressing fraud risks.

Fraud Risk Framework’s Components

Consistent with the Framework, GAO determined that CMS had demonstrated commitment to combating fraud by creating a dedicated entity to lead antifraud efforts; the Center for Program Integrity (CPI) serves as this entity for fraud, waste, and abuse issues in Medicare. CMS also promoted an antifraud culture by, for example, coordinating with internal stakeholders to incorporate antifraud features into new program design. To increase awareness of fraud risks in Medicare, CMS offered and required training for stakeholder groups such as providers of medical services, but it did not offer or require similar fraud-awareness training for most of its workforce.

CMS took some steps to identify fraud risks in Medicare; however, it had not conducted a fraud risk assessment or designed and implemented a risk-based antifraud strategy for Medicare as defined in the Framework. CMS identified fraud risks through control activities that target areas the agency designated as higher risk within Medicare, including specific provider types, such as home health agencies. Building on earlier steps and conducting a fraud risk assessment, consistent with the Framework, would provide the detailed information and insights needed to create a fraud risk profile, which, in turn, is the basis for creating an antifraud strategy.

CMS established monitoring and evaluation mechanisms for its program-integrity control activities that, if aligned with an antifraud strategy, could enhance the effectiveness of fraud risk management in Medicare. For example, CMS used return-on-investment and savings estimates to measure the effectiveness of its Medicare program-integrity activities. In developing an antifraud strategy, consistent with the Framework, CMS could include plans for refining and building on existing methods such as return-on-investment, to evaluate the effectiveness of all of its antifraud efforts.

Why GAO Did This Study

Medicare covered over 58 million people in 2017 and has wide-ranging impact on the health-care sector and the overall U.S. economy. However, the billions of dollars in Medicare outlays as well as program complexity make it susceptible to improper payments, including fraud. Although there are no reliable estimates of fraud in Medicare, in fiscal year 2017 improper payments for Medicare were estimated at about $52 billion. Further, about $1.4 billion was returned to Medicare Trust Funds in fiscal year 2017 as a result of recoveries, fines, and asset forfeitures.

In December 2017, GAO issued a report examining how CMS managed its fraud risks overall and particularly the extent to which its efforts in the Medicare and Medicaid programs aligned with GAO’s Framework. This testimony, based on that report, discusses the extent to which CMS’s management of fraud risks in Medicare aligns with the Framework. For the report, GAO reviewed CMS policies and interviewed officials and external stakeholders.

What GAO Recommends

In its December 2017 report, GAO made three recommendations, namely that CMS (1) require and provide fraud-awareness training to its employees; (2) conduct fraud risk assessments; and (3) create an antifraud strategy for Medicare, including an approach for evaluation. The Department of Health and Human Services agreed with these recommendations and reportedly is evaluating options to implement them. Accordingly, the recommendations remain open.

For more information, contact Seto Bagdoyan at (202) 512-6722 or

Leave a Reply

Your email address will not be published. Required fields are marked *