Medicaid Managed Care: Fraud and Abuse Concerns Remain Despite Safeguards

We found that although managed care entities (MCE) and States are taking steps to address fraud and abuse in managed care, they remain concerned about their prevalence.

States have increasingly adopted managed care in response to Medicaid expenditures, which have nearly doubled in the past decade. CMS requires MCEs to meet specific program integrity requirements as a condition for receiving payment. CMS also requires MCEs to disclose to States certain information, such as ownership and control. States are directly responsible for monitoring MCE operations. CMS's Medicaid Integrity Group (MIG) conducts program integrity reviews of States and MCEs. In 2000, CMS issued guidelines to States for addressing fraud and abuse in Medicaid managed care. The guidelines identified six areas of concern.

We surveyed a purposive sample of 46 MCEs and received responses from 45. We conducted structured telephone interviews with the 13 States that contracted with those MCEs. We also reviewed MIG's files from its program integrity reviews of those 13 States and 46 MCEs.

All MCEs in our sample reported taking steps to meet the Federal program integrity requirements. All 45 MCEs that responded to our questionnaire provided fraud and abuse safeguard training to their staffs in 2010. Most also reported offering such training to their providers. In 2009, 33 MCEs reported cases of suspected fraud and abuse to their State Medicaid agencies, and 20 MCEs recovered payments from providers that resulted from fraud and abuse.

The 13 States in our sample reported taking steps to oversee MCEs' fraud and abuse safeguards. All 13 States conduct desk reviews of MCEs' compliance plans, and 11 States conduct onsite MCE reviews. All 13 States reported requiring that MCEs disclose ownership and control information. Eleven States hold recurring meetings with MCEs and often provide training.

The primary concern about Medicaid managed care fraud and abuse-shared by MCEs and States-related to services billed but not received. The major concerns identified in our review largely fall under only one of the six areas included in CMS's 2000 guidelines.

Managed care presents challenges in addressing fraud that differ from those in fee-for-service Medicaid. As States increasingly use managed care to deliver Medicaid services, implementing safeguards to protect against fraud and abuse remains essential. We recommend that CMS require that State contracts with MCEs include a method to verify with beneficiaries whether they received services billed by providers. CMS could require States to implement one of several options, such as for MCEs to send explanations of medical benefits to beneficiaries. We also recommend that CMS update guidance to reflect concerns expressed by MCEs and States. CMS could also share best practices and innovative methods that States and MCEs have used to address fraud and abuse concerns and strengthen program integrity oversight. CMS concurred with both recommendations.