Congressional critics of Obamacare seized on the audits as further proof that the health-care reform law is not working as promised, and that the Obama administration was being lax in securing the insurance marketplaces against fraud.
"It's deja vu all over again as it seems the situation only continues to get worse, and we all are paying the price," said House Energy and Commerce Committee Chairman Fred Upton, R-Mich.
The investigations, conducted by the Government Accountability Office, looked at how well those exchanges did at verifying whether an applicant was eligible for Obamacare coverage. They also looked at whether people with dubious documentation could actually enroll in coverage, particularly for coverage that was subsidized by the federal government by virtue of applicants having low or moderate incomes.
For the 2015 coverage year, the federal exchange HealthCare.gov, which serves residents of 38 states, or the state-run exchanges of California and Kentucky, "approved each of 10 fictitious applications GAO made for subsidized health plans," the GAO said.
"Although 8 of these 10 fictitious applications failed the initial online identity-checking process, all 10 were subsequently approved," the agency said.
Four of the fictitious applications used Social Security numbers that had never been issued, according to the audit. "Other applications obtained duplicate enrollment or obtained coverage by claiming their employer did not provide insurance that met minimum essential coverage," the GAO said.
The agency's investigators also submitted another eight fictitious applications for coverage from Medicaid, the jointly run federal-state program that covers poor people.
For those applications, HealthCare.gov and the state-run exchanges approved three for Medicaid coverage, but did not approve Medicaid coverage for four of the applications. However, those other four applications were subsequently approved for subsidized Obamacare coverage. The eighth application was declined by California's exchange because the application did not provide a Social Security number as required.
GAO said that for both sets of testing for 2015, it "submitted fictitious documentation as part of the application and enrollment process."
"According to officials from the Centers for Medicaid & Medicare Services (CMS), California, Kentucky, and North Dakota, the marketplace or Medicaid office only inspect for supporting documentation that has obviously been altered," GAO said. "Thus, if the documentation submitted does not show such signs, it would not be questioned for authenticity."
For the 2016 coverage year, HealthCare.gov or the California exchange "initially approved coverage and subsidies for GAO's 15 fictitious applications."
Three applications, however, were unable to put their policies into effect because their first month's premium payments were not successfully processed.
GAO noted that four of the applications used fictitious identities that had been used to get subsidized coverage in 2014.
"Although none of the fictitious applications filed a 2014 tax return, all were approved for 2016 subsidies," GAO said.
Federal officials told GAO that "they allowed applicants to attest to filing taxes if information from the Internal Revenue Service ... indicated that the applicant did not file tax returns," according to the audit.
For eight other applications, GAO used new phony identities to test verification for identity or citizenship and immigration status.
"In each case," GAO said, the fake applicants "successfully obtained subsidized coverage."