In August Utah's Legislative Auditor General released the findings of its audit of the state's Medicaid program. What it found was a program which spends $1.7 billion a year, but has almost no oversight of where it's going.
Reading through the 100 page report, I was struck by the systemic failure exhibited by Medicaid. There is an appalling lack of oversight in basically every area the auditors looked at. From prior authorizations, to provider screening and enrollment, to fraud recovery, and internal policing - it all failed miserably. Each of these areas are critical points in keeping costs down and avoiding fraud and waste, yet the guidelines are either non-existent or so lazily enforced as to be worth less than the paper they're printed on.
For clarification, Medicaid is health insurance for low income people administered by the state of Utah, but funded with both state and federal money. Utah kicks in about $500 million of the total $1.7 billion spent.
There were a couple of things in the audit that stuck out at me. First is that 95% of that $1.7 billion is not reviewed for fraud at all. Organizationally, Medicaid is set up to ignore whether those payments to dentists, doctors, and hospitals are legit or not. There could be double billing, useless tests or exams, or out and out fraud, an no one will ever find out. Which in itself is concerning, but then it's coupled with the fact that Medicaid doesn't review its providers (the doctors, dentists, and hospitals) either. Anyone who wants to be a part of the Medicaid program is accepted, even if they have a history of fraud. So we accept any possible fraudster out there, and then we don't monitor their billings at all. Sounds like a recipe for disaster to me.
And disaster might be what we're getting. The auditors cite a national study which says that on average the low end of fraudulent cases is 3% of total billings. The auditors stress this is a conservative estimate. Well, Utah Medicaid finds and gets money back on about 1.7% of its total spending. But even that low number is misleading because most of that returned money comes not through our efforts, but because private insurance companies find out that Medicaid had paid for a service that was actually the private company's responsibility, and instead of pocketing the savings they fix the problem and pay for it themselves. So Medicaid on its own actually only finds and recovers a fraction of 1% of fraud. Again, this speaks to the total lack of oversight and due diligence by the program.
The most glaring deficiency in the audit is that, again because of poor guidelines and organization, Medicaid itself is never audited. There are no independent internal audits being conducted to ensure everything is on the up and up. So not only does Medicaid not audit providers or look for fraud, but no one is auditing Medicaid either.
The reason all of this is important really comes into focus through a specific, real life example written of in the audit. A provider bills medicaid for $370,000. Medicaid has to determine if the services were actually necessary before they pay for them, so they request medical history documentation. The requested documents never come, so Medicaid doesn't pay. The provider starts an appeal process so they can get their money, but even then they file the appeal late and still don't send the medical documents. Finally, they drop the appeal and go straight to the Medicaid director. Up to this point everything has been handled ok, despite the persistent lateness of the provider. Even going to the director is somewhat supported by written guidelines. At this point the director should have gotten the medical documents, reviewed them, and then made a decision. Instead, he unilaterally gave the provider $370,000 without even reviewing the case. Only after the auditors found this example two years later did Medicaid finally get the appropriate documentation. Medicaid's director's reason for handing over $370,000 without even reviewing the case? He said sometimes that's necessary in order to "maintain relationships with providers."
I can imagine the stress this audit must have created for everyone in the Medicaid office. As a controller of a large company, I get audited every year, and it's a stressful time. I have to justify every decision I've made over the course of the year, and provide documentation as part of the justification. If you're organized and prepared, audits can be relatively simple. If not, they can be a major source of heartburn.
This report is possibly the worst conceivable outcome of the audit. The only way it could have been worse is if the auditors caught Medicaid management stealing funds. The audit shows medicaid fits the stereotype of an inefficient, poorly managed, wasteful government program.