Search Briefs


Sign up for Health Policy Brief Alerts


JULY 31, 2012

Eliminating Fraud and Abuse

New tools to reduce improper Medicare and Medicaid payments promise savings. But many implementation challenges remain.

What's the issue?

At a time of high federal budget deficits and unsustainable growth in health care costs, there is general agreement on the need to eliminate unnecessary spending in health care--and among the leading candidates are fraud and abuse. Despite ongoing, concerted efforts, making meaningful inroads has not been easy.

"Fraud" refers to illegal activities in which someone gets something of value without having to pay for it or earn it, such as kickbacks or billing for services that were not provided. "Abuse" occurs when a provider or supplier bends rules or doesn't follow good medical practices, resulting in unnecessary costs or improper payments. Examples include the over-use of services or the providing of unnecessary tests. (Another area, "waste," refers to health care that is not effective, and will be the subject of a separate Health Policy Brief.)

Endowed with new powers under the Affordable Care Act and the Small Business Jobs Act of 2010, the Centers for Medicare and Medicaid Services (CMS) has been adopting new tools to curb fraud and abuse in the Medicare and Medicaid programs. The new approach amounts to a paradigm shift from the earlier model, in which CMS paid providers first, then sought to chase down fraud and abuse after the fact--a process known as "pay and chase."

This policy brief focuses on eliminating fraud and abuse in Medicare and Medicaid and explores the challenges involved in putting the new tools into place.

What's the background?

The true annual cost of fraud and abuse in health care is not known. In fiscal year 2011 Medicare spent $565 billion on behalf of its 48.7 million beneficiaries, while federal and state Medicaid agencies served 70 million people at a combined cost of $428 billion. CMS estimated that in fiscal year 2010 these two programs made more than $65 billion in "improper federal payments," defined as payments that should not have been made or were made in an incorrect amount. Adding in improper payments made by state Medicaid programs boosts the total by about $10 billion annually.

UNDERSTANDING THE PROBLEM: CMS's estimate of improper payments, which relies on random samples of claims data, is widely thought to understate the true size of the problem of fraud and abuse. In an April 2012 study former CMS administrator Donald M. Berwick and RAND Corporation analyst Andrew D. Hackbarth estimated that fraud and abuse added as much as $98 billion to Medicare and Medicaid spending in 2011.

For many years, the Government Accountability Office (GAO), the investigative arm of Congress, has designated Medicare and Medicaid as being at "high risk" for fraud, abuse, and improper payments. Both programs were designed to enroll "any willing provider" and to reimburse claims quickly for services provided.

The programs today handle an enormous volume of transactions, making it easier for dubious claims to escape detection. Every business day, for example, Medicare administrative contractors process about 4.5 million claims from 1.5 million providers. Every month, they process 30,000 enrollment applications from health care providers and suppliers of medical equipment.

The emphasis on rapid payment, as opposed to identifying and rooting out false or inflated claims, makes both programs susceptible to fraud. Taking advantage of this weakness, for example, Eastern European crime syndicates have lately become prevalent players in Medicare fraud, specializing in stealing the identifies of Medicare and Medicaid beneficiaries, and then billing the programs for treatments that didn't take place at clinics that don't exist.

The magnitude of potential wrongdoing is such that resource-strapped federal prosecutors have adopted an unofficial threshold that requires that alleged crimes be worth at least $500,000 and be clear cut enough to make conviction a near certainty before they will take up a case. That leaves a lot of room for marginal operators to game the system for many multiples of much smaller sums.

What's in the law?

Statutory efforts to rein in fraud are long standing and have changed over time from relatively passive attempts to reclaim fraudulent payments to more aggressive actions to identify and prevent criminal activities.

EARLY EFFORTS: When Medicare and Medicaid were enacted in 1965, there was only one provision in the law prohibiting the making of false statements to obtain a reimbursement. The Medicare-Medicaid Anti-Fraud and Abuse Amendments of 1977 established Medicaid fraud control units, the use of which became mandatory for states after 1995. These units consisted of attorneys, auditors, and investigators who worked separately from the state Medicaid agency in each state to investigate and prosecute Medicaid fraud.

In 1986 Congress passed amendments to the False Claims Act, strengthening the government's ability to identify and recover improper Medicare payments. Specifically, the amendments allowed for penalties of up to $10,000 for a single fraudulent claim plus treble damages, substantially increasing the liabilities for those submitting many false claims even if the amount of each individual claim was relatively modest.

It wasn't until 1996, however, that health care fraud itself--and not just the making of false statements--was criminalized, when the federal Health Care Fraud and Abuse Control Program was enacted as part of the antifraud provisions of the Health Insurance Portability and Accountability Act (HIPAA). The crime carried a federal prison term of 10 years in addition to large financial penalties. The law also allowed federal budget dollars to be dedicated to address fraud, waste, and abuse.

RECOVERY AUDIT CONTRACTORS: In 2003 the Medicare Modernization Act directed CMS to conduct a demonstration of recovery audit contractors, whose job it was to review, audit, and recover questionable Medicare payments. Unlike other CMS contractors, recovery audit contractors are paid only on a contingent fee basis, which means they keep a percentage of the overpayments they collect, depending on the degree of collection difficulty. After the demonstration, which showed that this approach was cost effective, the Medicare audit recovery program was put in place nationwide in March 2009.

The recovery audit contractors, however, are not specifically focused on fraud, but instead seek to identify improper Medicare payments generally. Those who focus on fraud are called "zone program integrity contractors." (The word integrity is used broadly to describe efforts to keep public programs free from corruption or other illegal or abusive activity.) These contractors or companies are engaged by the government to detect fraud and abuse in Medicare. If the companies find potential fraud cases, they refer these to law enforcement. If they find any other instances of apparent federal overpayment, they refer those to claims processing contractors for collection.

The Deficit Reduction Act of 2005 established the Medicaid Integrity Program, which for the first time created a comprehensive federal effort to find fraud and abuse in Medicaid. The program hires contractors to look for fraudulent activities and to educate providers about the law, as well as to provide assistance to states with their own activities. The Medicaid Integrity Program also helps coordinate information sharing among Medicare, Medicaid, and the Children's Health Insurance Program in an attempt to reduce fraud and abuse in those programs.

When the Obama administration took office in 2009, it made attacking health care fraud a key element of its health reform agenda. In May 2009 the administration announced formation of the Health Care Fraud Prevention and Enforcement Action Team--an interagency task force from the Departments of Justice and Health and Human Services (HHS). The task force, which began work in two cities, has since expanded to nine.

AFFORDABLE CARE ACT CHANGES: In 2010 the Affordable Care Act gave HHS several new weapons to use in its battle against fraud and abuse. CMS now has greater authority to screen out questionable providers and suppliers before they enroll in Medicare. It can also suspend payments to those providers under investigation, and even temporarily halt enrollment of new providers or suppliers in certain parts of the country when fraud, waste, and abuse are suspected. Also in 2010 CMS consolidated the separate program integrity efforts in Medicare and Medicaid under a unified Center for Program Integrity. Bringing these activities under one umbrella has allowed officials to pursue a more strategic and coordinated set of policies and activities, such as describe below.

In fiscal year 2011 the combined efforts by CMS, the Department of Justice, and HHS's Office of Inspector General resulted in criminal health care fraud charges against 1,430 defendants; 743 criminal convictions; 977 new investigations of civil health care fraud; and the recovery of $4.1 billion, the highest annual amount recovered in a single year, though still woefully short of the estimated annual loss. CMS officials said that during the same period, the agency revoked the Medicare billing privileges of 4,850 providers and suppliers and deactivated an additional 56,733 billing numbers.

There have been numerous high-profile arrests. In May 2012 a strike force raid in seven US cities resulted in the arrests of 107 people, including doctors and nurses, for alleged involvement in Medicare fraud schemes involving some $452 million in false billings. These were for such services as home health care, mental health services, psychotherapy, physical and occupational therapy, durable medical equipment, and ambulance services. It is unclear whether the increase in arrests is due to an overall increase in fraud, or from improvements in detecting and prosecuting wrong doing, or both.

"TWIN-PILLAR" APPROACH: More significantly, CMS is seeking to catch fraud before payments are made through use of a so-called twin-pillar approach. One pillar is a fraud prevention system that uses advanced analytic techniques, including algorithms and historical data, to flag suspicious claims. This system is similar to fraud detection efforts used by major credit card companies to identify suspicious charges and flag them for closer examination. The second pillar is an automated provider screening program, which identifies ineligible providers or suppliers before they are enrolled or revalidated by the use of enhanced screening procedures.

For example, an automated provider screening program, which began in December 2011, creates three levels of risk for providers--high, moderate, and limited--with different screening procedures for each level. Suppliers of durable medical equipment, such as wheelchairs and walkers, and home health agencies are considered high risk providers because of their historically high incidences of fraud.

CMS's automated screening contractors are also developing individual risk scores for each provider, similar to an individual's credit score. Depending on the level of risk, screening may include licensure checks, ID verification, unannounced site visits, and cross-state database checks. The automated screening system also permits new data, such as the loss of a medical license or Social Security death information, to be integrated into the process automatically.

A new competitive bidding program for suppliers of durable medical equipment has also been put into effect to both reduce spending and impose a higher bar for entry into the program. Equipment suppliers who wish to participate must be licensed and accredited and submit financial documentation to CMS to demonstrate their legitimacy. In addition, since 2010 every patient deemed eligible for home health and hospice services must have a "face-to-face" encounter with a physician.

Fraud and abuse frequently occur under the eyes of patients, who are billed for services and equipment they never received. Patients often don't realize that the services and equipment constitute fraudulent activity because their provider statements are convoluted and complex. Because there are often no copayments, especially in Medicaid, patients may not scrutinize their bills. To address that situation, Medicare earlier this year redesigned its quarterly summary notices to patients in an attempt to make errors--intentional or otherwise--easier for patients to catch.

In late July 2012 the Obama administration announced formation of a voluntary public-private partnership involving federal and state governments, private insurance companies, and health care anti fraud groups. The goal of National Fraud Prevention Partnership is to stop losses to government and private health care plans before they occur by sharing information on specific schemes, utilized billing codes, and geographical fraud hotspots.

What are the issues?

Although everybody wants to cut down on fraud and abuse, some approaches are controversial, and others have been criticized for not achieving sufficient results, as follows.

  • Overzealous investigators. Some providers complain that overzealous contractors, motivated to find problems by their contingent fee arrangement with CMS, focus on technical mistakes rather than outright wrongdoing. There have also been complaints that contractors are too quick to determine that paid claims are improper, necessitating the spending of thousands of dollars in expensive provider appeals that can take up to two years to resolve. In response to these concerns, CMS is auditing the work of its contractors for accuracy and has also required the contractors to increase the medical credentials of their staff to improve the credibility of their actions.

  • Potential conflicts of interest. Private companies, known as Medicare administrative contractors, do most of the claims processing activities for CMS. This work can include screening and enrolling providers and suppliers, reviewing and paying claims, auditing claims for errors and fraud, and reviewing their own claims denials. In March 2011 three Senate committee chairmen asked the HHS inspector general to examine the potential for conflicts of interest among these contractors. They noted that several major companies that had been hired to make sure claims were paid correctly were subsidiaries of the same Medicare contractors whose activities they were supposed to oversee.

  • Overlap among antifraud programs. The Medicaid and CHIP Payment and Access Commission, which provides policy and data analysis to Congress, recommended in its March 2012 annual report that HHS take steps to eliminate antifraud programs that are redundant, outdated, or not cost-effective and find better ways to quantify efforts to ensure that payments are being made for legitimately provided services. Audits are often duplicative, the report said, noting that "[d]ifferent oversight agencies may conduct audits at the same time, sometimes on similar or identical topics."

    Similar issues were identified in a scathing March 2012 report by the National Association of Medicaid Directors, which complained about overlapping duties and a "massive coordination failure" among programs looking for the same wrongdoing. The group singled out Medicaid integrity contractors and recovery audit contractors, both of whom began investigating Medicaid claims this year.

  • Disincentives for states. Investigating Medicaid fraud can involve significant upfront costs in terms of state manpower and funding. Although states have a stake in recovering any of their own expenditures that are siphoned off through Medicaid fraud, they may have somewhat less incentive to foot the bill for antifraud measures than does the federal government, which pays a higher share of total Medicaid costs than do states (on average, 57 percent).

  • Efficacy of "advanced data analytics." CMS began its advanced data analytics program in July 2011, using fraud detection technology similar to that used by the credit card industry. These tools range from simple "rule-based" programs, which raise a red flag when any rule, even the simplest, is not followed on a claims form, to "anomaly-based" programs, which focus on providers who stand out from their peers by, for example, billing far more hours for the same procedure. Social networking is the most sophisticated new analytic. Currently in a pilot stage, social networking tools are designed to uncover fraudsters operating under the names of other people or businesses by tracking the real "chain of ownership" of providers.

Although CMS is optimistic about the potential of these new techniques, many consider the results thus far to be disappointing. As of January 6, 2012, only $7,591 in payments had been suspended as a consequence of use of advanced analytics. CMS officials have acknowledged a lag time between discovering violations and reporting them in public documents. But they also point out that every line in each of Medicare's daily 4.5 million fee-for-service claims is now examined through some form of analytics, and that new analytical models are introduced each quarter, which should lead to better results from use of this antifraud technology over time.

What's next?

An April 2012 GAO report noted that although CMS had made progress in implementing fraud prevention strategies, it had not completed other actions, some of which are required by the Affordable Care Act. For example, CMS was supposed to extend the requirement for surety bonds to other high-risk providers in addition to those currently obligated to do so, namely providers of durable medical equipment, orthotics, and supplies. (A surety bond allows CMS to recover money even if it turns out that fraud was involved in the submission of claims.) According to the GAO, CMS plans to fulfill this requirement by the end of 2012.

The agency has so far not moved ahead to implement fingerprint-based criminal background checks, as required under the Affordable Care Act. It has also not issued a final regulation clarifying what additional information providers would have to disclose upon enrollment, or established core elements of new programs to ensure that providers comply with all antifraud requirements, among other measures. GAO reports that by the end of 2012, CMS plans to contract with two Federal Bureau of Investigation-approved contractors to conduct fingerprint-based criminal background checks of high-risk providers and suppliers.

Proposed legislation has been introduced in Congress to help CMS continue identifying problem providers before they are paid, although none has so far passed. Various bills would require a range of measures, including reducing theft of Medicare beneficiaries' identities and moving to use even more sophisticated analytics and computer modeling when reviewing claims.

A bipartisan group of members of the Senate Finance Committee have also asked providers to suggest "overlooked or underutilized" ways to combat Medicare and Medicaid fraud. Those responses, due in June 2012, will be summarized and released by the committee later this year.

Under the administration's new National Fraud Prevention Partnership, Medicare and Medicaid claims data will be pooled with information provided by private insurance companies. A third-party contractor will examine the collected data using sophisticated data analytics to predict and detect health care fraud schemes. Potential fraud cases will be flagged for further investigation, and private insurers will be given the names of physicians, hospitals, and other parties involved in the suspected wrongdoing. The initiative has attracted the interest of the insurance industry, with the Blue Cross and Blue Shield Association, America's Health Insurance Plans, and such major insurers as Amerigroup, Humana, UnitedHealth Group, and WellPoint expected to participate.


Berwick, Donald M. and Andrew D. Hackbarth, "Eliminating Waste in US Health Care," JAMA 307, no. 14 (2012): 1513-6, doi:10.1001/jama.2012.362.

Government Accountability Office, "Medicare Program Integrity: CMS Continues to Strengthen the Screening of Providers and Suppliers," GAO-12-351, April 2012.

Iglehart, John K., "The Supercharged Federal Effort to Crack Down on Fraud and Abuse," Health Affairs 29, no. 6 (2010): 1093-5.

King, Kathleen M., "Medicare: Important Steps Have Been Taken, but More Could Be Done to Deter Fraud," Government Accountability Office, GAO-12-671T, April 24, 2012.

King, Kathleen M. and Kay L. Daly, "Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments," Government Accountability Office, GAO-11-409T, March 9, 2011.

Medicaid and CHIP Payment and Access Commission, "Report to the Congress on Medicaid and CHIP," March 2012.

National Association of Medicaid Directors, "Rethinking Medicaid Program Integrity: Eliminating Duplication and Investing in Effective, High-Value Tools," March, 2012.

About Health Policy Briefs

Written by
T.R. Goldman
(Goldman is a veteran legal affairs writer and editor in Washington, D.C.)

Editorial review by
Kathleen M. King
Director, Health Care
Government Accountability Office (GAO)
(Her review does not reflect the official view of the GAO.)

Malcolm K. Sparrow
Practice of Public Management
John F. Kennedy School of Government
Harvard University

Ted Agres
Senior Editor for Special Content
Health Affairs

Anne Schwartz
Deputy Editor
Health Affairs

Susan Dentzer
Health Affairs

Health Policy Briefs are produced under a partnership of Health Affairs and the Robert Wood Johnson Foundation.

Cite as:
"Health Policy Brief: Eliminating Fraud and Abuse," Health Affairs, July 31, 2011.

Sign up for free policy briefs at: