GAO Report: CMS Needs to Improve Fraud Risk Efforts

The Centers for Medicare and Medicaid Services (CMS) need to more fully align its antifraud efforts with the Government Accountability Office’s (GAO) Fraud Risk Framework, GAO auditors said in a report released Dec. 5. CMS’s anti-fraud programs currently align only partially with the risk framework, GAO’s investigation revealed.

According to the report, CMS’s overall approach to managing fraud risks across its four principal programs is incorporated into a broader program administered through its Center for Program Integrity (CPI). While CMS has shown “commitment to combating fraud” by establishing CPI to lead its antifraud efforts, it has not conducted a fraud-risk assessment for Medicare or Medicaid and has not implemented risk-based antifraud strategies, such as those recommended in GAO’s Fraud Risk Framework.

The Fraud Risk Framework was published in July 2015 to help Federal managers combat fraud and preserve integrity in government agencies and programs. GAO identified leading practices for managing fraud risks and organized them into a conceptual framework that encompasses control activities to prevent, detect, and respond to fraud. It includes an emphasis on prevention, as well as on structures and environmental factors that help managers mitigate fraud risks. In addition, the framework highlights the importance of monitoring and incorporating feedback.

“A fraud-risk assessment allows managers to fully consider fraud risks to their programs, analyze their likelihood and impact and prioritize risks,” GAO said. “Managers can then design and implement a strategy with specific control activities to mitigate these risks.”

In their latest report, GAO auditors said that within its program-integrity activities, CMS has established several control procedures that are specific to managing fraud risks, while others serve broader program-integrity purposes.

According to CMS officials, the agency’s antifraud controls mainly focus on providers working within Medicare fee for service (FFS) activities. CMS officials told GAO that when CPI began operating, its primary focus was developing program integrity for Medicare FFS. As a result, it’s the most “mature” of all their programs.

CMS’s fraud control activities use the Fraud Prevention System (FPS), a predictive-analytics technology system that helps identify potentially fraudulent payments in Medicare. The analytics system has proved to be effective, according to GAO.

In an August 2017 report on the Fraud Prevention System, GAO said that investigations supported by FPS led to corrective actions against providers and generated savings. For example, in fiscal year 2016, CMS reported that 90 providers had their payments suspended because of investigations supported by FPS, which resulted in an estimated $6.7 million in savings. In fiscal year 2016, 22 percent of Medicare fraud investigations conducted by CMS program integrity contractors were based on leads generated by FPS analysis of Medicare claims data. CMS reported that FPS edits denied nearly 324,000 claims and saved more than $20.4 million in 2016.

Officials representing Medicare’s program-integrity contractors told GAO that FPS helps speed up certain investigation processes, such as identifying suspect providers for investigation. However, the officials said that once an investigation is initiated, FPS has generally not sped up the process for investigating and gathering evidence against suspect providers.

The Dec. 5 report also found shortcomings in CMS antifraud training programs. While CMS requires antifraud training for stakeholder groups such as providers, beneficiaries, and health-insurance plans, it doesn’t offer or require fraud-awareness training on a regular basis for its employees, a practice that the Fraud Risk Framework identifies as “a way that agencies can help create a culture of integrity and compliance,” GAO said.

To help CMS improve its antifraud programs, GAO recommended that CMS should:

  • Provide fraud-awareness training relevant to risks facing CMS programs.
  • Require new hires to undergo fraud risk training, with follow-up training for all employees.
  • Conduct fraud risk assessments for Medicare and Medicaid to include respective fraud risk profiles and plans for regularly updating the assessments and profiles.
  • Use the results of the fraud risk assessments for Medicare and Medicaid to create, document, implement, and communicate an antifraud strategy that is aligned with and responsive to regularly assessed fraud risks.
  1. Anonymous | - Reply
    My case 02-2704 showed $57 billion missing in Medicaid Drug Rebates that I reported state by state and Region to all 10 HHS Medicaid Drug Rebates Regional Dispute Coordinators. This amounted to $30 billion in CMS funds and $27 billion in rebates due states. Seems they can't do anything because both CMS and the states lost their records and can't use the ones I downloaded. Since the 1988 False Claims Act Amendment and the Healthcare conference of February 25, 2010, all our leaders have known hundreds of billions were lost to Fraud, while Justice Department Fraud Statistics show only $44 billion of the $74 trillion we spent was recovered in Fraud Cases.
  2. Anonymous | - Reply
    That's obscene. If they would wake up and smell the coffee, they would know that they are wasting our money. What is our deficit now? How much longer can we go on with such inefficiencies and waste? The House and Senate are arguing about a tax cut, and stuff like this gets ignored, while debt piles up and they want to raid 'entitlements' like Social Security and Medicare when they need to in the future. I wonder how much they spent on the 'solution' they mention to recoup the $20.4 million they "saved" in the article above. I will bet it is close to a wash, no value added.

Leave a Reply