Medicaid programs in several states fail to fully vet providers at high risk for fraud, according to a new report from the Office of Inspector General (OIG).
Beginning in July 2018, the Centers for Medicare & Medicaid Services (CMS) required that states conduct criminal background checks on high-risk providers before allowing them to receive Medicaid payments. However, OIG found that 18 states failed to comply with the requirement by that date.
Of those 18 states, 13 were not in compliance as of Jan.1, according to the report.
“An effective provider enrollment screening process is an important tool for preventing Medicaid fraud,” OIG wrote. “It plays a vital role in identifying unscrupulous providers and preventing them from enrolling in Medicaid.”
RELATED: Medicaid wasted $37B on improper payments in 2017, CMS shrugs off GAO advice
OIG previously studied states’ ability to implement these background checks in 2016 and found many were struggling to do so. However, failing to use a fingerprint-based check for these providers leaves those Medicaid programs open to fraud and abuse, OIG said.
The report found that five states had not collected fingerprints for any high-risk providers as of January, and these states reported several central challenges to the effort:
-
A lack of authority: Three of these states said their Medicaid agencies did not have proper oversight power for these background checks and that legislative or executive action would be necessary.
-
A lack of resources: One state reported that it did not have the staff necessary to implement the background checks.
-
A lack of criteria to determine “high-risk providers”: One state said it was actively revising its criteria based on concerns from the provider community, delaying compliance.
RELATED: Patients treated by fraudulent providers often most vulnerable, study finds
There are two key loopholes that high-risk providers can abuse in Medicaid if a state isn’t vetting them effectively, according to the report. For one, some states enroll providers in Medicaid payments if they’re approved for Medicare payment—though Medicare may not have vetted them either.
In addition, some states rely on providers themselves to report relevant information, which can lead to inaccurate reporting, OIG said.
“States reported that even when they have fully implemented fingerprint-based criminal background checks, high-risk providers can enroll in Medicaid without undergoing the required criminal background checks,” OIG wrote.
The agency made three recommendations to CMS as a result of the findings: Ensure all states roll out the background check requirements; amend guidance to eliminate the loophole for Medicare enrollment; and compare Medicaid providers' self-reported data to Medicare data to identify potential discrepancies.
CMS agreed to the first recommendation but not to the second or third.