The Government Accountability Office (GAO) has released a report which concludes the Centers for Medicare and Medicaid Services (CMS) did little or nothing to prevent various types of Obamacare fraud throughout 2014.
According to the GAO analysis, billions of dollars in subsidies were paid out to individuals with “unresolved inconsistencies” in their files. For instance, there were 35,000 applications which had some form of inconsistency with their social security number. Despite this, CMS paid out subsidies worth $154 million to these individuals. Asked about their failure to correct these inconsistencies, CMS told the GAO they do not consider SSN inconsistencies a stand alone problem, despite regulations that specifically state CMS must attempt to resolve such inconsistencies.
The potential for fraud by incarcerated individuals was even worse. Prisoners are not eligible for Obamacare plans so CMS is required to check a database maintained by SSA, the only database of incarcerated individuals covering all 50 states, to insure an applicant is not incarcerated. The GAO identified 22,000 applications with incarceration inconsistencies. However, CMS independently determined the data in the SSA database (known as PUPS) was not up to date, claiming they’d received several complaints from people who assured CMS they were not in prison. As a result, CMS’ official policy in 2014 was to take the word of the applicant as to his or her incarceration status:
CMS officials told us the agency elected to rely on applicant attestations on incarceration status. Under this approach, CMS officials told us, the Marketplace continues to make an initial verification attempt using the PUPS data. If a consumer maintains he or she is not incarcerated, CMS will rely on that representation and not take adverse action, regardless of what PUPS indicates, officials told us
And when GAO reviewed documents that led to the decision not to use the PUPS database to verify incarceration, it could find no detailed explanation of why CMS decided it was unreliable in the first place. The report states, “the documentation did not provide specific details on why, or to what extent, people were misidentified as incarcerated; why CMS also judged inmate release information to be unreliable; any criteria or assessment employed to conclude that the PUPS data were not sufficiently current or accurate.” In other words, nothing to back up CMS’ decision to abandon the only database that could possibly provide this information. As a result, CMS paid $68 million in subsidies to people who claimed they were not in prison.
The most embarrassing part of the GAO report is how poorly CMS did detecting outright fraud. GAO created 12 fictitious applicants who filled out phone or online applications for subsidized health plans. It was able to secure $2,500 a month subsidies for 11 of those applicants. When CMS asked for documents to resolve inconsistencies in the files, GAO either sent fake documents or simply didn’t send anything. In both cases, CMS sent letters acknowledging receipt of documents and stating the matter had been resolved. Again, this was the case even when GAO had sent nothing in response to the initial CMS query. In the end, GAO was able to keep all 11 fictitious applicants on subsidies throughout 2014, each one directing about $30,000 in federal funds to an insurer under false pretenses. And it’s worth noting that, later on in the report, GAO makes clear it created this fake applicants with no prior or inside knowledge of any verification procedures that might be applied. This was something that anyone could have done.
The GAO report notes that there have been no reports of false applications sent to CMS, but there’s a very good reason for this:
CMS’s document-processing contractor has not identified any fraud cases to CMS. However, the contractor is not required to detect fraud, nor is it equipped to do so. Instead, CMS requires the contractor only to inspect for documents that have obviously been altered. Overall, according to CMS officials, the agency has limited ability to detect and respond to attempts at fraud. They told us CMS must balance consumers’ ability to “effectively and efficiently” select Marketplace coverage with “program-integrity concerns.”
So where did CMS actually come down on this delicate balancing act between efficiency and fraud detection? If you guessed “They did nothing at all to prevent fraud” then you’d be correct. When GAO asked CMS to provide records for any fraud detection efforts the agency had undertaken the response was zilch:
We asked CMS to provide us with any fraud risk assessment for the eligibility and enrollment process the agency may have conducted. Agency officials were unable to provide us with any such assessment. CMS officials did tell us the agency plans to conduct an assessment of the Marketplace’s eligibility determination process, including the application process and the inconsistency resolution process. CMS officials did not provide a firm date for completion.
The report concludes with 8 recommendations for CMS including re-evaluating their use of the prisoner database and conducting a thorough risk assessment of the potential for fraudulent applications. Based on this report, the program is ripe for exploitation.