Medicare and Medicaid Managed Care Plans Should Prepare for Increased Anti-Fraud Efforts

4 Key Takeaways from GAO Report on Medicare and Medicaid Anti-Fraud Efforts

The Government Accountability Office (GAO) recently released a report to Congress related to the Centers for Medicare & Medicaid Services’ (CMS) efforts aimed at addressing Medicare, Medicaid, the Children’s Health Insurance Program, and the Affordable Care Act (ACA) anti-fraud efforts. CMS concurred with the GAO’s recommendations, which have important implications for Medicare and Medicaid managed care plans, as well as issuers in the marketplace.

Guidehouse provides major takeaways from the GAO report to Congress regarding Medicare and Medicaid anti-fraud efforts that plans can use now to plan for 2018

1. Per the GAO, CMS’ Efforts to Manage Anti-Fraud Risk Only Partially Align with GAO’s Fraud Risk Management Framework

The GAO published a Fraud Risk Management Framework in 2015 that described leading practices for managing fraud risk in federal programs such as Medicare and Medicaid.1 The framework describes a continuous cycle arranged into four components: commit, assess, design and implement, and evaluate and adapt. CMS’ strategy to address Medicare and Medicaid fraud has only partially aligned with the GAO’s framework. Although CMS has shown commitment by establishing the Center for Program Integrity to lead its anti-fraud efforts, the GAO points out that this more broad-based view can dilute the impact and ability of CMS to focus on fraudulent activities.

2. Culture and Commitment are Key
CMS requires health plans, providers, and other key stakeholders to take mandatory fraud awareness training, but it does not require the same of its contracting officers.2 While dedication of resources, among other things, point to CMS’ commitment, this enhanced step aimed at training to increase awareness of potentially fraudulent activity is important and one for plans to consider when assessing the effectiveness of their compliance with CMS’ Fraud, Waste, and Abuse (FWA) program requirements. The GAO recommendation underscores the importance in the government’s view of organizational culture and commitment.

The GAO stressed the commitment element of the framework, pointing out that CMS has openly and appropriately shown commitment to beneficiary access to care and reduction of administrative burden based on its mission. However, anti-fraud program activities as articulated in the GAO framework are meant to facilitate, not hinder, member access. Managed care plans can expect to see increased scrutiny of their FWA programs. CMS enhanced FWA specific components in the 2017 Program Audit Process and Protocols.

3. Fraud Risk Assessment Allows Proper Focus and Allocation of Resources
CMS has not performed a Medicare and Medicaid fraud-specific risk assessment even though the concept of risk assessment is well-established in the Medicare Managed Care Manual and CMS Compliance Program Effectiveness and Program Audit Protocols. CMS has focused most of its programming on provider and geographic profiling in Medicare and Medicaid Fee for Services (FFS), which has not truly addressed the critical likelihood and impact of inherent fraud risk in the rapidly growing Medicare Advantage and Medicaid managed care programs. These types of programs, according to GAO, may have multiple hard-to-detect fraud risks in their design. The GAO also cites a recent Medicare Part C risk adjustment case as an example of such risk.

CMS is in the process of conducting an ACA-based fraud risk assessment pursuant to 2016 GAO recommendations. CMS stated it will conduct a similar risk assessment for Medicare and Medicaid once that work is completed.

The completion of a Medicare Part C fraud risk assessment would allow CMS to determine whether proactive fraud controls would help mitigate residual risk in managed care government programs.

4. A Risk-Based Anti-Fraud Strategy Must be Well-Articulated

The GAO recommended that CMS take care in developing and documenting an anti-fraud strategy that is based on a fraud risk assessment to ensure that a broad view of fraud risks is then coordinated and resources given to the most significant fraud risk areas. This also means that lessons learned from FFS anti-fraud monitoring and data analytics efforts are important, but require careful consideration to fully apply and deploy them to Medicare and Medicaid managed care.

The point made by the GAO relates to an issue that we consistently see in our practice. Many health plans’ special investigations units are well-versed in looking for provider-based fraud but less experienced in terms of the more nuanced managed care schemes that extend to many different stakeholders and include alignment of different incentives.

The GAO report, revised CMS audit protocols, and high-profile court cases related to Medicare Advantage risk-adjusted payment all signal to managed care plans that they should make sure they have properly incorporated GAO’s anti-fraud framework in their own organizations and established clear strategies for assessing, monitoring, and evaluating anti-fraud activities in 2018.


1 GAO, A Framework for Managing Fraud Risks in Federal Programs, GAO-15-593SP (Washington, D.C.: July 2015).

2 According to the GAO Report to Congressional Addressees, Medicare and Medicaid, December 2017, only 10 percent of CMS’ contracting officers had taken fraud awareness training in 2016-2017, 28.

Back to top