Medicaid: Vulnerabilities Related to Provider Enrollment and Ownership Disclosure
WHY WE DID THIS STUDY
States can prevent inappropriate payments, protect beneficiaries, and reduce time-consuming and expensive "pay and chase" activities by ensuring that providers that intend to engage in fraudulent or abusive activities are not allowed to enroll in Medicaid. For States to identify potentially fraudulent providers, as well as those that may be associated with excluded individuals or entities, providers must disclose accurate and timely information about their owners (i.e., individuals or corporations with a 5 percent or more ownership or controlling interest; agents; or managing employees). According to CMS, the highest incidence of regulatory noncompliance among State Medicaid programs is in their collection of ownership information from providers.
HOW WE DID THIS STUDY
We determined the extent to which States requested and verified provider ownership information and checked exclusions databases. Additionally, for selected providers, we collected and compared three sets of owner names: (1) those on record with State Medicaid programs for Medicaid enrollment purposes, (2) those submitted by providers directly to OIG for this evaluation, and (3) those on record with CMS for Medicare enrollment purposes. We determined the extent to which owner names from these sources matched. When we compared names, if we found owner names that were not identical but were reasonably similar, we considered the names to match.
WHAT WE FOUND
Few State Medicaid programs requested that providers disclose all federally required ownership information. In addition, 14 State Medicaid programs reported that they did not verify the completeness or accuracy of provider ownership information. We also found that 14 State Medicaid programs reported that they did not check all required exclusions databases, which could allow providers with excluded owners to enroll in Medicaid. Additionally, we found that most providers in our review had names on record with State Medicaid programs that did not match the names that providers submitted to OIG. Further, nearly all providers in our review had names on record with State Medicaid programs that did not match those on record with CMS. The prevalence of nonmatching owner names raises concern about the completeness and accuracy of information about Medicaid providers' ownership. It also demonstrates that providers may not be complying with the requirement to report ownership changes to State Medicaid programs. Taken together, these findings reveal vulnerabilities that could allow potentially fraudulent providers to enroll in State Medicaid programs and that limit States' ability to provide adequate oversight.
WHAT WE RECOMMEND
We recommend that CMS (1) work with State Medicaid programs to identify and correct gaps in their collection of all required provider ownership information, (2) provide guidance to State Medicaid programs on how to verify the completeness and accuracy of provider ownership information, (3) require State Medicaid programs to verify the completeness and accuracy of provider ownership information, (4) ensure that State Medicaid programs check exclusions databases as required, (5) work with State Medicaid programs to educate providers on the requirement to report changes of ownership, (6) work with State Medicaid programs to review providers that submitted nonmatching owner names and take appropriate action, and (7) increase coordination with State Medicaid programs on collecting and verifying provider ownership information in Medicaid and Medicare. CMS concurred with all of our recommendations.