An official website of the United States Government -

Medicaid and CHIP Payment and Access Commission
MACPAC > Program Administration > Program integrity

Program integrity

Published On

March 30, 2018

Program integrity activities are meant to ensure that federal and state taxpayer dollars are spent appropriately on delivering quality, necessary care and preventing fraud, waste, and abuse from taking place. Because fraud is particularly difficult to detect, its precise magnitude is unknown, though analysis has shown that the great majority of Medicaid providers do not engage in such actions (Rosenbaum et al., 2009).

When designed and implemented well, program integrity initiatives help to ensure that:

  • eligibility decisions are made correctly;
  • prospective and enrolled providers meet federal and state participation requirements;
  • services provided to enrollees are medically necessary and appropriate; and
  • provider payments are made in the correct amount and for appropriate services.

Defining fraud, waste, and abuse

Fraud and abuse are both defined in Medicaid regulations (42 CFR 433.304 and 42 CFR 455.2). Fraud involves an intentional deception, such as billing for services that were never provided. Abuse includes taking advantage of loopholes or bending the rules, such as improper billing practices. Waste, which is not defined in federal Medicaid regulations, includes inappropriate utilization of services and misuse of resources. An example would duplication of tests that can occur when providers do not share information with each other. Waste is not a criminal or intentional act, but results in unnecessary expenditures to the Medicaid program that might be prevented.

Program integrity activities

Depending on their specific mission and scope, federal and state agencies may use a number of tools to identify and address fraud and abuse in the Medicaid program. Specific methods can include:

  • data mining to identify possible fraud and abuse for further examination;
  • audits to determine compliance with federal and state rules and regulations or to identify fraud and abuse;
  • investigations of suspected fraud and abuse;
  • enforcement actions (e.g., provider termination, provider exclusion) against those who have committed fraud;
  • technical assistance and education for state staff so they are able to prevent and identify fraud and abuse; and
  • outreach to and education of the provider and enrollee communities (e.g., how to report suspected fraud, explaining Medicaid rules and requirements).

Many oversight activities focus on identifying and recovering improper payments made to providers, such as payments that should not have been made or that were made in an incorrect amount. When an improper payment is identified, the state must return the federal share to the Centers for Medicare & Medicaid Services (CMS). States may use their share of the recovery in any manner otherwise lawful for the use of state funds.

Federal, state, and managed care organization program integrity responsibilities

Many federal and state agencies have oversight authority for the Medicaid program. Some of these activities relate directly to the administration of the Medicaid program (e.g., implementing Medicaid policy, addressing provider concerns, monitoring managed care plans), while others assess the administration of the program and identify areas where problems exist (e.g., federal and state audits and investigations). Some oversight programs focus on preventing fraud and abuse through effective program management, while others focus on addressing problems after they occur through investigations, recoveries, and enforcement actions.

At the federal level, the Deficit Reduction Act of 2005 (DRA, P.L. 109-107) gave CMS significant new funding and responsibility for Medicaid program integrity. Other federal agencies, including the U.S. Department of Health and Human Services (HHS), the HHS Office of Inspector General (OIG), the U.S. Department of Justice (DOJ), and the U.S. Government Accountability Office (GAO) are also involved in this work, albeit with different roles.

Similarly, at the state level, program integrity responsibilities may be shared by the state Medicaid agency and other state agencies. A state must have a Medicaid Fraud Control Unit (MFCU), which has certain responsibilities defined in law. (States may be exempt from this requirement under certain conditions). Other agencies that may be involved in Medicaid program integrity activities include the survey and certification agency, state OIG, the state’s attorney general, other law enforcement agencies, and the state auditor.

Managed care oversight consists of minimum contracting standards and oversight responsibilities placed on states that contract with managed care plans to provide Medicaid services on a per member per month basis (42 CFR part 438). States are responsible for exercising general oversight over their plans’ compliance with federal and state laws, regulations, and policies, including when fraud or abuse is suspected. States establish additional standards to oversee quality, access, and timeliness of care for managed care enrollees. Managed care oversight also focuses on administration and management, appeal and grievance systems, claims management, customer services, finance, information systems, marketing, medical management, provider networks, and quality improvement.

Click here to learn more about managed care.

Challenges in assuring program integrity

There are a number of challenges associated with implementation of an effective and efficient Medicaid program integrity strategy, including:

  • overlap between federal and state responsibilities;
  • insufficient collaboration and information sharing among federal agencies and states;
  • diffusion of authority among multiple federal and state agencies;
  • lack of information on the effectiveness of program integrity initiatives and appropriate performance measures;
  • lower federal matching rates for state activities not directly related to fraud control;
  • incomplete and outdated data; and
  • few program integrity resources for delivery system models other than fee-for-service (e.g., managed care).

Because program integrity initiatives have developed over time, they have not always been examined as a whole to evaluate which are duplicative, which could be improved, and which may place an unnecessary burden on states or providers. Read the timeline of legislative milestones and a list of the key statutory provisions in program integrity.

To learn more about program integrity activities in Medicaid and MACPAC’s recommendations, see:

Program Integrity in Medicaid Managed Care (June 2017)

Key Legislative Milestones and Statutory Provisions in Program Integrity (February 2018)

ACA Eligibility Changes: Program Integrity Issues (March 2014)

Update on Program Integrity in Medicaid  (June 2013)

Program Integrity in Medicaid (March 2012)